Examples with WebAuthenticationDetails org.springframework.security.web.authentication.WebAuthenticationDetails used on opensource projects

Search in sources :

Example 16 with WebAuthenticationDetails

use of org.springframework.security.web.authentication.WebAuthenticationDetails in project opennms by OpenNMS.

the class SecurityAuthenticationEventOnmsEventBuilderTest method testAuthenticationFailureEvent.

public void testAuthenticationFailureEvent() throws Exception {
    String userName = "bar";
    String ip = "1.2.3.4";
    String sessionId = "it tastes just like our regular coffee";
    HttpServletRequest request = createMock(HttpServletRequest.class);
    HttpSession session = createMock(HttpSession.class);
    expect(request.getRemoteAddr()).andReturn(ip);
    expect(request.getSession(false)).andReturn(session);
    expect(session.getId()).andReturn(sessionId);
    replay(request, session);
    WebAuthenticationDetails details = new WebAuthenticationDetails(request);
    verify(request, session);
    org.springframework.security.core.Authentication authentication = new TestingDetailsAuthenticationToken(userName, "cheesiness", new GrantedAuthority[0], details);
    AuthenticationFailureBadCredentialsEvent authEvent = new AuthenticationFailureBadCredentialsEvent(authentication, new BadCredentialsException("you are bad!"));
    SecurityAuthenticationEventOnmsEventBuilder builder = new SecurityAuthenticationEventOnmsEventBuilder();
    builder.setEventProxy(m_eventProxy);
    builder.afterPropertiesSet();
    EventBuilder eventBuilder = new EventBuilder(SecurityAuthenticationEventOnmsEventBuilder.FAILURE_UEI, "OpenNMS.WebUI");
    eventBuilder.addParam("user", userName);
    eventBuilder.addParam("ip", ip);
    eventBuilder.addParam("exceptionName", authEvent.getException().getClass().getSimpleName());
    eventBuilder.addParam("exceptionMessage", authEvent.getException().getMessage());
    m_eventProxy.send(EventEquals.eqEvent(eventBuilder.getEvent()));
    m_mocks.replayAll();
    builder.onApplicationEvent(authEvent);
    m_mocks.verifyAll();
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) EventBuilder(org.opennms.netmgt.model.events.EventBuilder) HttpSession(javax.servlet.http.HttpSession) WebAuthenticationDetails(org.springframework.security.web.authentication.WebAuthenticationDetails) AuthenticationFailureBadCredentialsEvent(org.springframework.security.authentication.event.AuthenticationFailureBadCredentialsEvent) BadCredentialsException(org.springframework.security.authentication.BadCredentialsException)

Example 17 with WebAuthenticationDetails

use of org.springframework.security.web.authentication.WebAuthenticationDetails in project opennms by OpenNMS.

the class SecurityAuthenticationEventOnmsEventBuilderTest method testAuthenticationSuccessEventWithEverything.

public void testAuthenticationSuccessEventWithEverything() throws Exception {
    String userName = "bar";
    String ip = "1.2.3.4";
    String sessionId = "it tastes just like our regular coffee";
    HttpServletRequest request = createMock(HttpServletRequest.class);
    HttpSession session = createMock(HttpSession.class);
    expect(request.getRemoteAddr()).andReturn(ip);
    expect(request.getSession(false)).andReturn(session);
    expect(session.getId()).andReturn(sessionId);
    replay(request, session);
    WebAuthenticationDetails details = new WebAuthenticationDetails(request);
    verify(request, session);
    org.springframework.security.core.Authentication authentication = new TestingDetailsAuthenticationToken(userName, "cheesiness", new GrantedAuthority[0], details);
    AuthenticationSuccessEvent authEvent = new AuthenticationSuccessEvent(authentication);
    SecurityAuthenticationEventOnmsEventBuilder builder = new SecurityAuthenticationEventOnmsEventBuilder();
    builder.setEventProxy(m_eventProxy);
    builder.afterPropertiesSet();
    EventBuilder eventBuilder = new EventBuilder(SecurityAuthenticationEventOnmsEventBuilder.SUCCESS_UEI, "OpenNMS.WebUI");
    eventBuilder.addParam("user", userName);
    eventBuilder.addParam("ip", ip);
    Event expectedEvent = eventBuilder.getEvent();
    // Make sure the timestamps are synchronized
    expectedEvent.setTime(new Date(authEvent.getTimestamp()));
    m_eventProxy.send(EventEquals.eqEvent(eventBuilder.getEvent()));
    m_mocks.replayAll();
    builder.onApplicationEvent(authEvent);
    m_mocks.verifyAll();
}
Also used : HttpSession(javax.servlet.http.HttpSession) AuthenticationSuccessEvent(org.springframework.security.authentication.event.AuthenticationSuccessEvent) Date(java.util.Date) HttpServletRequest(javax.servlet.http.HttpServletRequest) EventBuilder(org.opennms.netmgt.model.events.EventBuilder) WebAuthenticationDetails(org.springframework.security.web.authentication.WebAuthenticationDetails) AuthenticationSuccessEvent(org.springframework.security.authentication.event.AuthenticationSuccessEvent) ApplicationEvent(org.springframework.context.ApplicationEvent) Event(org.opennms.netmgt.xml.event.Event) AuthenticationFailureBadCredentialsEvent(org.springframework.security.authentication.event.AuthenticationFailureBadCredentialsEvent)

Example 18 with WebAuthenticationDetails

use of org.springframework.security.web.authentication.WebAuthenticationDetails in project incubator-atlas by apache.

the class AtlasAuthenticationFilter method doFilter.

@Override
public void doFilter(final ServletRequest request, final ServletResponse response, final FilterChain filterChain) throws IOException, ServletException {
    final HttpServletRequest httpRequest = (HttpServletRequest) request;
    FilterChain filterChainWrapper = new FilterChain() {

        @Override
        public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse) throws IOException, ServletException {
            final HttpServletRequest httpRequest = (HttpServletRequest) servletRequest;
            final HttpServletResponse httpResponse = (HttpServletResponse) servletResponse;
            if (isKerberos) {
                Authentication existingAuth = SecurityContextHolder.getContext().getAuthentication();
                String userName = readUserFromCookie(httpResponse);
                if (StringUtils.isEmpty(userName) && !StringUtils.isEmpty(httpRequest.getRemoteUser())) {
                    userName = httpRequest.getRemoteUser();
                }
                if ((existingAuth == null || !existingAuth.isAuthenticated()) && (!StringUtils.isEmpty(userName))) {
                    List<GrantedAuthority> grantedAuths = AtlasAuthenticationProvider.getAuthoritiesFromUGI(userName);
                    final UserDetails principal = new User(userName, "", grantedAuths);
                    final Authentication finalAuthentication = new UsernamePasswordAuthenticationToken(principal, "", grantedAuths);
                    WebAuthenticationDetails webDetails = new WebAuthenticationDetails(httpRequest);
                    ((AbstractAuthenticationToken) finalAuthentication).setDetails(webDetails);
                    SecurityContextHolder.getContext().setAuthentication(finalAuthentication);
                    request.setAttribute("atlas.http.authentication.type", true);
                    LOG.info("Logged into Atlas as = {}", userName);
                }
            }
            // OPTIONS method is sent from quick start jersey atlas client
            if (httpRequest.getMethod().equals("OPTIONS")) {
                optionsServlet.service(request, response);
            } else {
                try {
                    String requestUser = httpRequest.getRemoteUser();
                    NDC.push(requestUser + ":" + httpRequest.getMethod() + httpRequest.getRequestURI());
                    RequestContext requestContext = RequestContext.get();
                    if (requestContext != null) {
                        requestContext.setUser(requestUser);
                    }
                    LOG.info("Request from authenticated user: {}, URL={}", requestUser, Servlets.getRequestURI(httpRequest));
                    filterChain.doFilter(servletRequest, servletResponse);
                } finally {
                    NDC.pop();
                }
            }
        }
    };
    try {
        Authentication existingAuth = SecurityContextHolder.getContext().getAuthentication();
        HttpServletResponse httpResponse = (HttpServletResponse) response;
        AtlasResponseRequestWrapper responseWrapper = new AtlasResponseRequestWrapper(httpResponse);
        responseWrapper.setHeader("X-Frame-Options", "DENY");
        if (existingAuth == null) {
            String authHeader = httpRequest.getHeader("Authorization");
            if (authHeader != null && authHeader.startsWith("Basic")) {
                filterChain.doFilter(request, response);
            } else if (isKerberos) {
                doKerberosAuth(request, response, filterChainWrapper, filterChain);
            } else {
                filterChain.doFilter(request, response);
            }
        } else {
            filterChain.doFilter(request, response);
        }
    } catch (NullPointerException e) {
        LOG.error("Exception in AtlasAuthenticationFilter ", e);
        //PseudoAuthenticationHandler.getUserName() from hadoop-auth throws NPE if user name is not specified
        ((HttpServletResponse) response).sendError(Response.Status.BAD_REQUEST.getStatusCode(), "Authentication is enabled and user is not specified. Specify user.name parameter");
    }
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) ServletRequest(javax.servlet.ServletRequest) ServletResponse(javax.servlet.ServletResponse) HttpServletResponse(javax.servlet.http.HttpServletResponse) User(org.springframework.security.core.userdetails.User) FilterChain(javax.servlet.FilterChain) GrantedAuthority(org.springframework.security.core.GrantedAuthority) SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority) HttpServletResponse(javax.servlet.http.HttpServletResponse) UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken) HttpServletRequest(javax.servlet.http.HttpServletRequest) AbstractAuthenticationToken(org.springframework.security.authentication.AbstractAuthenticationToken) UserDetails(org.springframework.security.core.userdetails.UserDetails) Authentication(org.springframework.security.core.Authentication) WebAuthenticationDetails(org.springframework.security.web.authentication.WebAuthenticationDetails) RequestContext(org.apache.atlas.RequestContext)

Aggregations

WebAuthenticationDetails (org.springframework.security.web.authentication.WebAuthenticationDetails)18 Authentication (org.springframework.security.core.Authentication)11 UsernamePasswordAuthenticationToken (org.springframework.security.authentication.UsernamePasswordAuthenticationToken)8 HttpServletRequest (javax.servlet.http.HttpServletRequest)4 MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)4 Date (java.util.Date)3 Test (org.junit.Test)3 EventBuilder (org.opennms.netmgt.model.events.EventBuilder)3 AbstractAuthenticationToken (org.springframework.security.authentication.AbstractAuthenticationToken)3 AuthenticationException (org.springframework.security.core.AuthenticationException)3 HttpServletResponse (javax.servlet.http.HttpServletResponse)2 HttpSession (javax.servlet.http.HttpSession)2 UserconnectionEntity (org.orcid.persistence.jpa.entities.UserconnectionEntity)2 MockHttpSession (org.springframework.mock.web.MockHttpSession)2 BadCredentialsException (org.springframework.security.authentication.BadCredentialsException)2 AuthenticationFailureBadCredentialsEvent (org.springframework.security.authentication.event.AuthenticationFailureBadCredentialsEvent)2 GrantedAuthority (org.springframework.security.core.GrantedAuthority)2 User (org.springframework.security.core.userdetails.User)2 UserDetails (org.springframework.security.core.userdetails.UserDetails)2 UsernameNotFoundException (org.springframework.security.core.userdetails.UsernameNotFoundException)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial