Examples with AbstractAuthenticationToken org.springframework.security.authentication.AbstractAuthenticationToken used on opensource projects

Example 1 with AbstractAuthenticationToken

use of org.springframework.security.authentication.AbstractAuthenticationToken in project libresonic by Libresonic.

the class LibresonicApplicationEventListener method onApplicationEvent.

@Override
public void onApplicationEvent(ApplicationEvent event) {
    if (event instanceof AbstractAuthenticationFailureEvent) {
        if (event.getSource() instanceof AbstractAuthenticationToken) {
            AbstractAuthenticationToken token = (AbstractAuthenticationToken) event.getSource();
            Object details = token.getDetails();
            if (details instanceof WebAuthenticationDetails) {
                loginFailureLogger.log(((WebAuthenticationDetails) details).getRemoteAddress(), String.valueOf(token.getPrincipal()));
            }
        }
    }
}

Example 2 with AbstractAuthenticationToken

use of org.springframework.security.authentication.AbstractAuthenticationToken in project spring-security-oauth by spring-projects.

the class ResourceOwnerPasswordTokenGranter method getOAuth2Authentication.

@Override
protected OAuth2Authentication getOAuth2Authentication(ClientDetails client, TokenRequest tokenRequest) {
    Map<String, String> parameters = new LinkedHashMap<String, String>(tokenRequest.getRequestParameters());
    String username = parameters.get("username");
    String password = parameters.get("password");
    // Protect from downstream leaks of password
    parameters.remove("password");
    Authentication userAuth = new UsernamePasswordAuthenticationToken(username, password);
    ((AbstractAuthenticationToken) userAuth).setDetails(parameters);
    try {
        userAuth = authenticationManager.authenticate(userAuth);
    } catch (AccountStatusException ase) {
        // covers expired, locked, disabled cases (mentioned in section 5.2, draft 31)
        throw new InvalidGrantException(ase.getMessage());
    } catch (BadCredentialsException e) {
        // If the username/password are wrong the spec says we should send 400/invalid grant
        throw new InvalidGrantException(e.getMessage());
    }
    if (userAuth == null || !userAuth.isAuthenticated()) {
        throw new InvalidGrantException("Could not authenticate user: " + username);
    }
    OAuth2Request storedOAuth2Request = getRequestFactory().createOAuth2Request(client, tokenRequest);
    return new OAuth2Authentication(storedOAuth2Request, userAuth);
}

Example 3 with AbstractAuthenticationToken

use of org.springframework.security.authentication.AbstractAuthenticationToken in project tutorials by eugenp.

the class RegistrationController method authenticate.

private void authenticate(String username, String password, HttpServletRequest request, HttpServletResponse response) throws BadCredentialsException {
    logger.debug("attempting to authenticated, manually ... ");
    // create and populate the token
    AbstractAuthenticationToken authToken = new UsernamePasswordAuthenticationToken(username, password);
    authToken.setDetails(new WebAuthenticationDetails(request));
    // This call returns an authentication object, which holds principle and user credentials
    Authentication authentication = this.authenticationManager.authenticate(authToken);
    // The security context holds the authentication object, and is stored
    // in thread local scope.
    SecurityContextHolder.getContext().setAuthentication(authentication);
    logger.debug("User should now be authenticated.");
}

Example 4 with AbstractAuthenticationToken

use of org.springframework.security.authentication.AbstractAuthenticationToken in project motech by motech.

the class UserContextServiceImpl method refreshAllUsersContextIfActive.

@Override
@Transactional
public void refreshAllUsersContextIfActive() {
    Collection<HttpSession> sessions = sessionHandler.getAllSessions();
    MotechUser user;
    LOGGER.info("Refreshing context for all active users, number of sessions: {}", sessions.size());
    for (HttpSession session : sessions) {
        SecurityContext context = (SecurityContext) session.getAttribute("SPRING_SECURITY_CONTEXT");
        if (context != null) {
            Authentication authentication = context.getAuthentication();
            AbstractAuthenticationToken token;
            User userInSession = (User) authentication.getPrincipal();
            user = motechUsersDao.findByUserName(userInSession.getUsername());
            if (user == null) {
                LOGGER.warn("User {} has a session, but does not exist", userInSession.getUsername());
            } else {
                LOGGER.debug("Refreshing context for user {}", user.getUserName());
                token = getToken(authentication, user);
                context.setAuthentication(token);
            }
        }
    }
    LOGGER.info("Refreshed context for all active users");
}

Example 5 with AbstractAuthenticationToken

use of org.springframework.security.authentication.AbstractAuthenticationToken in project motech by motech.

the class UserContextServiceImpl method refreshUserContextIfActive.

@Override
@Transactional
public void refreshUserContextIfActive(String userName) {
    LOGGER.info("Refreshing context for user: {}", userName);
    MotechUser user = motechUsersDao.findByUserName(userName);
    Collection<HttpSession> sessions = sessionHandler.getAllSessions();
    for (HttpSession session : sessions) {
        SecurityContext context = (SecurityContext) session.getAttribute("SPRING_SECURITY_CONTEXT");
        if (context != null) {
            Authentication authentication = context.getAuthentication();
            AbstractAuthenticationToken token;
            User userInSession = (User) authentication.getPrincipal();
            if (userInSession.getUsername().equals(userName)) {
                token = getToken(authentication, user);
                context.setAuthentication(token);
            }
        }
    }
    LOGGER.info("Refreshed context for user: {}", userName);
}