Examples of org.springframework.security.web.FilterInvocation

• org.springframework.security.web.FilterInvocation
  Holds objects associated with a HTTP filter.

  Guarantees the request and response are instances of HttpServletRequest and HttpServletResponse, and that there are no null objects.

  Required so that security system classes can obtain access to the filter environment, as well as the request and response. @author Ben Alex @author colin sampaleanu @author Luke Taylor @author Rob Winch

    return this.securityMetadataSource;
  }

  public void doFilter(ServletRequest request, ServletResponse response,
      FilterChain chain) throws IOException, ServletException {
    FilterInvocation fi = new FilterInvocation(request, response, chain);
    invoke(fi);
  }

            throw new TemplateProcessingException(
                    "An error happened trying to parse Spring Security access expression \"" +
                    expr + "\"", e);
        }

        final FilterInvocation filterInvocation = new FilterInvocation(request, response, DUMMY_CHAIN);

        final EvaluationContext evaluationContext = handler.createEvaluationContext(authentication, filterInvocation);

        /*
         * Initialize the context variables map.

        request.setRequestURI(null);
        request.setMethod(method);

        request.setServletPath(path);

        return new FilterInvocation(request, new MockHttpServletResponse(), new MockFilterChain());
    }

     * @return true if access is allowed, false if denied
     */
    public boolean isAllowed(String contextPath, String uri, String method, Authentication authentication) {
        Assert.notNull(uri, "uri parameter is required");

        FilterInvocation fi = new FilterInvocation(contextPath, uri, method);
        Collection<ConfigAttribute> attrs = securityInterceptor.obtainSecurityMetadataSource().getAttributes(fi);

        if (attrs == null) {
            if (securityInterceptor.isRejectPublicInvocations()) {
                return false;
            }

            return true;
        }

        if (authentication == null) {
            return false;
        }

        try {
            securityInterceptor.getAccessDecisionManager().decide(authentication, fi, attrs);
        } catch (AccessDeniedException unauthorized) {
            if (logger.isDebugEnabled()) {
                logger.debug(fi.toString() + " denied for " + authentication.toString(), unauthorized);
            }

            return false;
        }

            return;
        }

        String loginPage = ((LoginUrlAuthenticationEntryPoint)etf.getAuthenticationEntryPoint()).getLoginFormUrl();
        logger.info("Checking whether login URL '" + loginPage + "' is accessible with your configuration");
        FilterInvocation loginRequest = new FilterInvocation(loginPage, "POST");
        List<Filter> filters = null;

        try {
            filters = fcp.getFilters(loginPage);
        } catch (Exception e) {

        request.setScheme("https");
        request.setSecure(true);
        request.setServerPort(8443);

        MockHttpServletResponse response = new MockHttpServletResponse();
        FilterInvocation fi = new FilterInvocation(request, response, mock(FilterChain.class));

        SecureChannelProcessor processor = new SecureChannelProcessor();
        processor.decide(fi, SecurityConfig.createList("SOME_IGNORED_ATTRIBUTE", "REQUIRES_SECURE_CHANNEL"));

        assertFalse(fi.getResponse().isCommitted());
    }

        request.setServletPath("/servlet");
        request.setScheme("http");
        request.setServerPort(8080);

        MockHttpServletResponse response = new MockHttpServletResponse();
        FilterInvocation fi = new FilterInvocation(request, response, mock(FilterChain.class));

        SecureChannelProcessor processor = new SecureChannelProcessor();
        processor.decide(fi, SecurityConfig.createList(new String[]{"SOME_IGNORED_ATTRIBUTE", "REQUIRES_SECURE_CHANNEL"}));

        assertTrue(fi.getResponse().isCommitted());
    }

    /**
     * Allows the {@code EvaluationContext} to be customized for variable lookup etc.
     */
    protected EvaluationContext createExpressionEvaluationContext(SecurityExpressionHandler<FilterInvocation> handler) {
        FilterInvocation f = new FilterInvocation(getRequest(), getResponse(), new FilterChain() {
            public void doFilter(ServletRequest request, ServletResponse response) throws IOException, ServletException {
                throw new UnsupportedOperationException();
            }
        });

        LinkedHashMap<RequestMatcher, Collection<ConfigAttribute>> requestMap = new LinkedHashMap<RequestMatcher, Collection<ConfigAttribute>>();
        requestMap.put(AnyRequestMatcher.INSTANCE, SecurityConfig.createList(expression));
        ExpressionBasedFilterInvocationSecurityMetadataSource mds =
                new ExpressionBasedFilterInvocationSecurityMetadataSource(requestMap, new DefaultWebSecurityExpressionHandler());
        assertEquals(1, mds.getAllConfigAttributes().size());
        Collection<ConfigAttribute> attrs = mds.getAttributes(new FilterInvocation("/path", "GET"));
        assertEquals(1, attrs.size());
        WebExpressionConfigAttribute attribute = (WebExpressionConfigAttribute) attrs.toArray()[0];
        assertNull(attribute.getAttribute());
        assertEquals(expression, attribute.getAuthorizeExpression().getExpressionString());
        assertEquals(expression, attribute.toString());

            this.provideIterator = provideIterator;
        }

        public Collection<ConfigAttribute> getAttributes(Object object)
            throws IllegalArgumentException {
            FilterInvocation fi = (FilterInvocation) object;

            if (servletPath.equals(fi.getHttpRequest().getServletPath())) {
                return toReturn;
            } else {
                return null;
            }
        }