Example 21 with Authentication
use of org.springframework.security.core.Authentication in project spring-security by spring-projects.
the class WithMockCustomUserSecurityContextFactory method createSecurityContext.
public SecurityContext createSecurityContext(WithMockCustomUser customUser) {
SecurityContext context = SecurityContextHolder.createEmptyContext();
CustomUserDetails principal = new CustomUserDetails(customUser.name(), customUser.username());
Authentication auth = new UsernamePasswordAuthenticationToken(principal, "password", principal.getAuthorities());
context.setAuthentication(auth);
return context;
}
Also used :
Authentication(org.springframework.security.core.Authentication)
SecurityContext(org.springframework.security.core.context.SecurityContext)
UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken)
Example 22 with Authentication
use of org.springframework.security.core.Authentication in project spring-security by spring-projects.
the class AuthenticationTag method doEndTag.
public int doEndTag() throws JspException {
Object result = null;
// determine the value by...
if (property != null) {
if ((SecurityContextHolder.getContext() == null) || !(SecurityContextHolder.getContext() instanceof SecurityContext) || (SecurityContextHolder.getContext().getAuthentication() == null)) {
return Tag.EVAL_PAGE;
}
Authentication auth = SecurityContextHolder.getContext().getAuthentication();
if (auth.getPrincipal() == null) {
return Tag.EVAL_PAGE;
}
try {
BeanWrapperImpl wrapper = new BeanWrapperImpl(auth);
result = wrapper.getPropertyValue(property);
} catch (BeansException e) {
throw new JspException(e);
}
}
if (var != null) {
/*
* Store the result, letting an IllegalArgumentException propagate back if the
* scope is invalid (e.g., if an attempt is made to store something in the
* session without any HttpSession existing).
*/
if (result != null) {
pageContext.setAttribute(var, result, scope);
} else {
if (scopeSpecified) {
pageContext.removeAttribute(var, scope);
} else {
pageContext.removeAttribute(var);
}
}
} else {
if (htmlEscape) {
writeMessage(TextEscapeUtils.escapeEntities(String.valueOf(result)));
} else {
writeMessage(String.valueOf(result));
}
}
return EVAL_PAGE;
}
Also used :
JspException(javax.servlet.jsp.JspException)
BeanWrapperImpl(org.springframework.beans.BeanWrapperImpl)
Authentication(org.springframework.security.core.Authentication)
SecurityContext(org.springframework.security.core.context.SecurityContext)
BeansException(org.springframework.beans.BeansException)
Example 23 with Authentication
use of org.springframework.security.core.Authentication in project spring-security by spring-projects.
the class GaeAuthenticationFilter method doFilter.
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
User googleUser = UserServiceFactory.getUserService().getCurrentUser();
if (authentication != null && !loggedInUserMatchesGaeUser(authentication, googleUser)) {
SecurityContextHolder.clearContext();
authentication = null;
((HttpServletRequest) request).getSession().invalidate();
}
if (authentication == null) {
if (googleUser != null) {
logger.debug("Currently logged on to GAE as user " + googleUser);
logger.debug("Authenticating to Spring Security");
// User has returned after authenticating via GAE. Need to authenticate
// through Spring Security.
PreAuthenticatedAuthenticationToken token = new PreAuthenticatedAuthenticationToken(googleUser, null);
token.setDetails(ads.buildDetails((HttpServletRequest) request));
try {
authentication = authenticationManager.authenticate(token);
SecurityContextHolder.getContext().setAuthentication(authentication);
if (authentication.getAuthorities().contains(AppRole.NEW_USER)) {
logger.debug("New user authenticated. Redirecting to registration page");
((HttpServletResponse) response).sendRedirect(REGISTRATION_URL);
return;
}
} catch (AuthenticationException e) {
failureHandler.onAuthenticationFailure((HttpServletRequest) request, (HttpServletResponse) response, e);
return;
}
}
}
chain.doFilter(request, response);
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
User(com.google.appengine.api.users.User)
GaeUser(samples.gae.users.GaeUser)
AuthenticationException(org.springframework.security.core.AuthenticationException)
Authentication(org.springframework.security.core.Authentication)
PreAuthenticatedAuthenticationToken(org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
Example 24 with Authentication
use of org.springframework.security.core.Authentication in project spring-security by spring-projects.
the class RegistrationController method register.
@RequestMapping(method = RequestMethod.POST)
public String register(@Valid RegistrationForm form, BindingResult result) {
if (result.hasErrors()) {
return null;
}
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
GaeUser currentUser = (GaeUser) authentication.getPrincipal();
Set<AppRole> roles = EnumSet.of(AppRole.USER);
if (UserServiceFactory.getUserService().isUserAdmin()) {
roles.add(AppRole.ADMIN);
}
GaeUser user = new GaeUser(currentUser.getUserId(), currentUser.getNickname(), currentUser.getEmail(), form.getForename(), form.getSurname(), roles, true);
registry.registerUser(user);
// Update the context with the full authentication
SecurityContextHolder.getContext().setAuthentication(new GaeUserAuthentication(user, authentication.getDetails()));
return "redirect:/home.htm";
}
Also used :
AppRole(samples.gae.security.AppRole)
GaeUserAuthentication(samples.gae.security.GaeUserAuthentication)
Authentication(org.springframework.security.core.Authentication)
GaeUserAuthentication(samples.gae.security.GaeUserAuthentication)
GaeUser(samples.gae.users.GaeUser)
RequestMapping(org.springframework.web.bind.annotation.RequestMapping)
Example 25 with Authentication
use of org.springframework.security.core.Authentication in project spring-security by spring-projects.
the class ContactManagerTests method makeActiveUser.
private void makeActiveUser(String username) {
String password = "";
if ("rod".equals(username)) {
password = "koala";
} else if ("dianne".equals(username)) {
password = "emu";
} else if ("scott".equals(username)) {
password = "wombat";
} else if ("peter".equals(username)) {
password = "opal";
}
Authentication authRequest = new UsernamePasswordAuthenticationToken(username, password);
SecurityContextHolder.getContext().setAuthentication(authRequest);
}
Also used :
Authentication(org.springframework.security.core.Authentication)
UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken)
Aggregations
Authentication (org.springframework.security.core.Authentication)454
Test (org.junit.Test)188
UsernamePasswordAuthenticationToken (org.springframework.security.authentication.UsernamePasswordAuthenticationToken)110
OAuth2Authentication (org.springframework.security.oauth2.provider.OAuth2Authentication)97
TestingAuthenticationToken (org.springframework.security.authentication.TestingAuthenticationToken)75
SecurityContext (org.springframework.security.core.context.SecurityContext)60
OAuth2Request (org.springframework.security.oauth2.provider.OAuth2Request)57
MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)47
GrantedAuthority (org.springframework.security.core.GrantedAuthority)46
SecurityContextImpl (org.springframework.security.core.context.SecurityContextImpl)42
MifosUser (org.mifos.security.MifosUser)38
MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)34
HttpServletRequest (javax.servlet.http.HttpServletRequest)30
MifosUserBuilder (org.mifos.builders.MifosUserBuilder)29
UserDetails (org.springframework.security.core.userdetails.UserDetails)29
AuthenticationException (org.springframework.security.core.AuthenticationException)28
SimpleGrantedAuthority (org.springframework.security.core.authority.SimpleGrantedAuthority)27
HttpServletResponse (javax.servlet.http.HttpServletResponse)26
HashMap (java.util.HashMap)25
OAuth2AccessToken (org.springframework.security.oauth2.common.OAuth2AccessToken)25
