Search in sources :

Example 36 with AnonymousAuthenticationToken

use of org.springframework.security.authentication.AnonymousAuthenticationToken in project ORCID-Source by ORCID.

the class IdentifierApiServiceDelegatorTest method init.

@Before
public void init() {
    // setup security context
    ArrayList<GrantedAuthority> roles = new ArrayList<GrantedAuthority>();
    roles.add(new SimpleGrantedAuthority("ROLE_ANONYMOUS"));
    Authentication auth = new AnonymousAuthenticationToken("anonymous", "anonymous", roles);
    SecurityContextHolder.getContext().setAuthentication(auth);
}
Also used : SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority) Authentication(org.springframework.security.core.Authentication) SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority) GrantedAuthority(org.springframework.security.core.GrantedAuthority) ArrayList(java.util.ArrayList) AnonymousAuthenticationToken(org.springframework.security.authentication.AnonymousAuthenticationToken) Before(org.junit.Before)

Example 37 with AnonymousAuthenticationToken

use of org.springframework.security.authentication.AnonymousAuthenticationToken in project ORCID-Source by ORCID.

the class PublicV2ApiServiceDelegatorTest method before.

@Before
public void before() {
    ArrayList<GrantedAuthority> roles = new ArrayList<GrantedAuthority>();
    roles.add(new SimpleGrantedAuthority("ROLE_ANONYMOUS"));
    Authentication auth = new AnonymousAuthenticationToken("anonymous", "anonymous", roles);
    SecurityContextHolder.getContext().setAuthentication(auth);
}
Also used : SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority) Authentication(org.springframework.security.core.Authentication) GrantedAuthority(org.springframework.security.core.GrantedAuthority) SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority) ArrayList(java.util.ArrayList) AnonymousAuthenticationToken(org.springframework.security.authentication.AnonymousAuthenticationToken) Before(org.junit.Before)

Example 38 with AnonymousAuthenticationToken

use of org.springframework.security.authentication.AnonymousAuthenticationToken in project motan by weibocom.

the class UserController method getUser.

/**
     * Retrieves the currently logged in user.
     *
     * @return A transfer containing the username and the roles.
     */
@RequestMapping(value = "", method = RequestMethod.GET)
public UserTransfer getUser() {
    Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
    if (authentication instanceof AnonymousAuthenticationToken) {
        throw new CustomException.UnauthorizedException();
    }
    UserDetails userDetails = (UserDetails) authentication.getPrincipal();
    return new UserTransfer(userDetails.getUsername(), createRoleMap(userDetails));
}
Also used : UserDetails(org.springframework.security.core.userdetails.UserDetails) Authentication(org.springframework.security.core.Authentication) UserTransfer(com.weibo.model.UserTransfer) AnonymousAuthenticationToken(org.springframework.security.authentication.AnonymousAuthenticationToken) RequestMapping(org.springframework.web.bind.annotation.RequestMapping)

Example 39 with AnonymousAuthenticationToken

use of org.springframework.security.authentication.AnonymousAuthenticationToken in project motan by weibocom.

the class LoggingAspect method getUsername.

private String getUsername() {
    Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
    if (authentication instanceof AnonymousAuthenticationToken) {
        throw new CustomException.UnauthorizedException();
    }
    UserDetails userDetails = (UserDetails) authentication.getPrincipal();
    return TokenUtils.getUserNameFromToken(userDetails.getUsername());
}
Also used : UserDetails(org.springframework.security.core.userdetails.UserDetails) Authentication(org.springframework.security.core.Authentication) AnonymousAuthenticationToken(org.springframework.security.authentication.AnonymousAuthenticationToken)

Example 40 with AnonymousAuthenticationToken

use of org.springframework.security.authentication.AnonymousAuthenticationToken in project midpoint by Evolveum.

the class SecurityEnforcerImpl method runPrivileged.

@Override
public <T> T runPrivileged(Producer<T> producer) {
    LOGGER.debug("Running {} as privileged", producer);
    Authentication origAuthentication = SecurityContextHolder.getContext().getAuthentication();
    LOGGER.trace("ORIG auth {}", origAuthentication);
    // Try to reuse the original identity as much as possible. All we need to is add AUTZ_ALL
    // to the list of authorities
    Authorization privilegedAuthorization = createPrivilegedAuthorization();
    Object newPrincipal = null;
    if (origAuthentication != null) {
        Object origPrincipal = origAuthentication.getPrincipal();
        if (origAuthentication instanceof AnonymousAuthenticationToken) {
            newPrincipal = origPrincipal;
        } else {
            LOGGER.trace("ORIG principal {} ({})", origPrincipal, origPrincipal != null ? origPrincipal.getClass() : null);
            if (origPrincipal != null) {
                if (origPrincipal instanceof MidPointPrincipal) {
                    MidPointPrincipal newMidPointPrincipal = ((MidPointPrincipal) origPrincipal).clone();
                    newMidPointPrincipal.getAuthorities().add(privilegedAuthorization);
                    newPrincipal = newMidPointPrincipal;
                }
            }
        }
        Collection<GrantedAuthority> newAuthorities = new ArrayList<>();
        newAuthorities.addAll(origAuthentication.getAuthorities());
        newAuthorities.add(privilegedAuthorization);
        PreAuthenticatedAuthenticationToken newAuthorization = new PreAuthenticatedAuthenticationToken(newPrincipal, null, newAuthorities);
        LOGGER.trace("NEW auth {}", newAuthorization);
        SecurityContextHolder.getContext().setAuthentication(newAuthorization);
    } else {
        LOGGER.debug("No original authentication, do NOT setting any privileged security context");
    }
    try {
        return producer.run();
    } finally {
        SecurityContextHolder.getContext().setAuthentication(origAuthentication);
        LOGGER.debug("Finished running {} as privileged", producer);
        LOGGER.trace("Security context after privileged operation: {}", SecurityContextHolder.getContext());
    }
}
Also used : Authentication(org.springframework.security.core.Authentication) GrantedAuthority(org.springframework.security.core.GrantedAuthority) ArrayList(java.util.ArrayList) PreAuthenticatedAuthenticationToken(org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken) AnonymousAuthenticationToken(org.springframework.security.authentication.AnonymousAuthenticationToken)

Aggregations

AnonymousAuthenticationToken (org.springframework.security.authentication.AnonymousAuthenticationToken)40 Test (org.junit.Test)20 Authentication (org.springframework.security.core.Authentication)13 GrantedAuthority (org.springframework.security.core.GrantedAuthority)7 ArrayList (java.util.ArrayList)6 Before (org.junit.Before)6 SimpleGrantedAuthority (org.springframework.security.core.authority.SimpleGrantedAuthority)6 MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)5 MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)5 PrepareForTest (org.powermock.core.classloader.annotations.PrepareForTest)3 TestingAuthenticationToken (org.springframework.security.authentication.TestingAuthenticationToken)3 SecurityContext (org.springframework.security.core.context.SecurityContext)3 AccessDeniedException (org.springframework.security.access.AccessDeniedException)2 AnonymousAuthenticationProvider (org.springframework.security.authentication.AnonymousAuthenticationProvider)2 User (org.springframework.security.core.userdetails.User)2 UserDetails (org.springframework.security.core.userdetails.UserDetails)2 DefaultOAuth2AccessToken (org.springframework.security.oauth2.common.DefaultOAuth2AccessToken)2 OAuth2AccessToken (org.springframework.security.oauth2.common.OAuth2AccessToken)2 SecurityQuestionsAuthenticationContext (com.evolveum.midpoint.model.api.context.SecurityQuestionsAuthenticationContext)1 PrismObject (com.evolveum.midpoint.prism.PrismObject)1