• Home
• com.sap.cloud.security.ams.client
• spring-ams
• 2.0.0
• source code
• ResourceServerWebSecurityExpressionHandler.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

com.sap.cloud.security.ams.spring.handler.resourceserver.ResourceServerWebSecurityExpressionHandler Maven / Gradle / Ivy

/************************************************************************
* © 2019-2023 SAP SE or an SAP affiliate company. All rights reserved. *
************************************************************************/
package com.sap.cloud.security.ams.spring.handler.resourceserver;

import com.sap.cloud.security.ams.dcl.client.pdp.PolicyDecisionPoint;
import com.sap.cloud.security.ams.spring.adapter.PolicyDecisionPointSecurityExpression;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.access.expression.SecurityExpressionOperations;
import org.springframework.security.authentication.AnonymousAuthenticationToken;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.core.Authentication;
import org.springframework.security.oauth2.jwt.Jwt;
import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken;
import org.springframework.security.web.FilterInvocation;
import org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler;
import org.springframework.security.web.access.expression.WebSecurityExpressionRoot;

/**
 * Http Security Expression Handler extension for AMS Policy Decision Point Security Expressions
 * 

 * Supports AMS Policy Decision Point Security Expressions handling for {@link HttpSecurity#authorizeRequests()}
 *
 * @deprecated in favor of {@link ResourceServerHttpSecurityExpressionHandler}
 */
@Deprecated(forRemoval = true)
public class ResourceServerWebSecurityExpressionHandler extends DefaultWebSecurityExpressionHandler {
	private PolicyDecisionPoint policyDecisionPoint;
	private final Logger logger = LoggerFactory.getLogger(getClass());

	private ResourceServerWebSecurityExpressionHandler() {
		// use factory methods instead
	}

	public static ResourceServerWebSecurityExpressionHandler getInstance(PolicyDecisionPoint policyDecisionPoint) {
		ResourceServerWebSecurityExpressionHandler instance = new ResourceServerWebSecurityExpressionHandler();
		instance.policyDecisionPoint = policyDecisionPoint;
		return instance;
	}

	@Override
	protected SecurityExpressionOperations createSecurityExpressionRoot(
			Authentication authentication, FilterInvocation invocation) {
		logger.debug("Creating SPEL Web Expressions for Authentication of type {}.", authentication.getClass());

		PolicyDecisionPointSecurityExpression expression;
		if (authentication instanceof Jwt) {
			expression = new PolicyDecisionPointSecurityExpression(authentication, ((Jwt) authentication).getClaims());
		} else if (authentication instanceof JwtAuthenticationToken) {
			expression = new PolicyDecisionPointSecurityExpression(authentication,
					((JwtAuthenticationToken) authentication).getTokenAttributes());
		} else if (authentication instanceof AnonymousAuthenticationToken) {
			logger.debug("Creating SPEL Web Expressions for AnonymousAuthenticationToken.");
			expression = new PolicyDecisionPointSecurityExpression(authentication);
		} else {
			logger.error("Error creating SPEL Web Expressions: authentication {} is not supported.",
					authentication.getPrincipal());
			return new WebSecurityExpressionRoot(authentication, invocation);
		}
		return expression.policyDecisionPoint(policyDecisionPoint);
	}
}