Example 16 with Authentication
use of org.springframework.security.core.Authentication in project camel by apache.
the class SpringSecurityAuthorizationPolicyTest method createAuthenticationToken.
private Authentication createAuthenticationToken(String username, String password, String... roles) {
Authentication authToken;
if (roles != null && roles.length > 0) {
List<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>(roles.length);
for (String role : roles) {
authorities.add(new SimpleGrantedAuthority(role));
}
authToken = new UsernamePasswordAuthenticationToken(username, password, authorities);
} else {
authToken = new UsernamePasswordAuthenticationToken(username, password);
}
return authToken;
}
Also used :
SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority)
Authentication(org.springframework.security.core.Authentication)
SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority)
GrantedAuthority(org.springframework.security.core.GrantedAuthority)
ArrayList(java.util.ArrayList)
UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken)
Example 17 with Authentication
use of org.springframework.security.core.Authentication in project camel by apache.
the class SpringSecurityAuthorizationPolicyTest method sendMessageWithAuthentication.
private void sendMessageWithAuthentication(String username, String password, String... roles) {
Authentication authToken = createAuthenticationToken(username, password, roles);
Subject subject = new Subject();
subject.getPrincipals().add(authToken);
template.sendBodyAndHeader("direct:start", "hello world", Exchange.AUTHENTICATION, subject);
}
Also used :
Authentication(org.springframework.security.core.Authentication)
Subject(javax.security.auth.Subject)
Example 18 with Authentication
use of org.springframework.security.core.Authentication in project camel by apache.
the class SpringSecurityAuthorizationPolicy method beforeProcess.
protected void beforeProcess(Exchange exchange) throws Exception {
List<ConfigAttribute> attributes = accessPolicy.getConfigAttributes();
try {
Authentication authToken = getAuthentication(exchange.getIn());
if (authToken == null) {
CamelAuthorizationException authorizationException = new CamelAuthorizationException("Cannot find the Authentication instance.", exchange);
throw authorizationException;
}
Authentication authenticated = authenticateIfRequired(authToken);
// Attempt authorization with exchange
try {
this.accessDecisionManager.decide(authenticated, exchange, attributes);
} catch (AccessDeniedException accessDeniedException) {
exchange.getIn().setHeader(Exchange.AUTHENTICATION_FAILURE_POLICY_ID, getId());
AuthorizationFailureEvent event = new AuthorizationFailureEvent(exchange, attributes, authenticated, accessDeniedException);
publishEvent(event);
throw accessDeniedException;
}
publishEvent(new AuthorizedEvent(exchange, attributes, authenticated));
} catch (RuntimeException exception) {
exchange.getIn().setHeader(Exchange.AUTHENTICATION_FAILURE_POLICY_ID, getId());
CamelAuthorizationException authorizationException = new CamelAuthorizationException("Cannot access the processor which has been protected.", exchange, exception);
throw authorizationException;
}
}
Also used :
CamelAuthorizationException(org.apache.camel.CamelAuthorizationException)
AccessDeniedException(org.springframework.security.access.AccessDeniedException)
ConfigAttribute(org.springframework.security.access.ConfigAttribute)
Authentication(org.springframework.security.core.Authentication)
AuthorizedEvent(org.springframework.security.access.event.AuthorizedEvent)
AuthorizationFailureEvent(org.springframework.security.access.event.AuthorizationFailureEvent)
Example 19 with Authentication
use of org.springframework.security.core.Authentication in project spring-security by spring-projects.
the class AbstractSecurityInterceptor method authenticateIfRequired.
/**
* Checks the current authentication token and passes it to the AuthenticationManager
* if {@link org.springframework.security.core.Authentication#isAuthenticated()}
* returns false or the property <tt>alwaysReauthenticate</tt> has been set to true.
*
* @return an authenticated <tt>Authentication</tt> object.
*/
private Authentication authenticateIfRequired() {
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
if (authentication.isAuthenticated() && !alwaysReauthenticate) {
if (logger.isDebugEnabled()) {
logger.debug("Previously Authenticated: " + authentication);
}
return authentication;
}
authentication = authenticationManager.authenticate(authentication);
// that
if (logger.isDebugEnabled()) {
logger.debug("Successfully Authenticated: " + authentication);
}
SecurityContextHolder.getContext().setAuthentication(authentication);
return authentication;
}
Also used :
Authentication(org.springframework.security.core.Authentication)
Example 20 with Authentication
use of org.springframework.security.core.Authentication in project spring-security by spring-projects.
the class WithUserDetailsSecurityContextFactory method createSecurityContext.
public SecurityContext createSecurityContext(WithUserDetails withUser) {
String beanName = withUser.userDetailsServiceBeanName();
UserDetailsService userDetailsService = StringUtils.hasLength(beanName) ? this.beans.getBean(beanName, UserDetailsService.class) : this.beans.getBean(UserDetailsService.class);
String username = withUser.value();
Assert.hasLength(username, "value() must be non empty String");
UserDetails principal = userDetailsService.loadUserByUsername(username);
Authentication authentication = new UsernamePasswordAuthenticationToken(principal, principal.getPassword(), principal.getAuthorities());
SecurityContext context = SecurityContextHolder.createEmptyContext();
context.setAuthentication(authentication);
return context;
}
Also used :
UserDetails(org.springframework.security.core.userdetails.UserDetails)
Authentication(org.springframework.security.core.Authentication)
SecurityContext(org.springframework.security.core.context.SecurityContext)
UserDetailsService(org.springframework.security.core.userdetails.UserDetailsService)
UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken)
Aggregations
Authentication (org.springframework.security.core.Authentication)454
Test (org.junit.Test)188
UsernamePasswordAuthenticationToken (org.springframework.security.authentication.UsernamePasswordAuthenticationToken)110
OAuth2Authentication (org.springframework.security.oauth2.provider.OAuth2Authentication)97
TestingAuthenticationToken (org.springframework.security.authentication.TestingAuthenticationToken)75
SecurityContext (org.springframework.security.core.context.SecurityContext)60
OAuth2Request (org.springframework.security.oauth2.provider.OAuth2Request)57
MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)47
GrantedAuthority (org.springframework.security.core.GrantedAuthority)46
SecurityContextImpl (org.springframework.security.core.context.SecurityContextImpl)42
MifosUser (org.mifos.security.MifosUser)38
MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)34
HttpServletRequest (javax.servlet.http.HttpServletRequest)30
MifosUserBuilder (org.mifos.builders.MifosUserBuilder)29
UserDetails (org.springframework.security.core.userdetails.UserDetails)29
AuthenticationException (org.springframework.security.core.AuthenticationException)28
SimpleGrantedAuthority (org.springframework.security.core.authority.SimpleGrantedAuthority)27
HttpServletResponse (javax.servlet.http.HttpServletResponse)26
HashMap (java.util.HashMap)25
OAuth2AccessToken (org.springframework.security.oauth2.common.OAuth2AccessToken)25
