Example 11 with UserContext
use of com.epam.pipeline.security.UserContext in project cloud-pipeline by epam.
the class JwtAuthenticationProvider method authenticate.
@Override
public Authentication authenticate(Authentication authentication) {
JwtRawToken jwtRawToken = (JwtRawToken) authentication.getCredentials();
if (jwtRawToken == null) {
throw new AuthenticationServiceException("Authentication error: missing token");
}
JwtTokenClaims claims;
try {
claims = tokenVerifier.readClaims(jwtRawToken.getToken());
} catch (TokenVerificationException e) {
throw new AuthenticationServiceException("Authentication error", e);
}
UserContext context = new UserContext(jwtRawToken, claims);
return new JwtAuthenticationToken(context, context.getAuthorities());
}
Also used :
JwtTokenClaims(com.epam.pipeline.entity.security.JwtTokenClaims)
UserContext(com.epam.pipeline.security.UserContext)
JwtRawToken(com.epam.pipeline.entity.security.JwtRawToken)
AuthenticationServiceException(org.springframework.security.authentication.AuthenticationServiceException)
Example 12 with UserContext
use of com.epam.pipeline.security.UserContext in project cloud-pipeline by epam.
the class JwtFilterAuthenticationFilter method doFilterInternal.
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
JwtRawToken rawToken;
String authorizationHeader = extractAuthHeader(request);
try {
if (!StringUtils.isEmpty(authorizationHeader)) {
// attempt obtain JWT token from HTTP header
rawToken = JwtRawToken.fromHeader(authorizationHeader);
LOGGER.trace("Extracted JWT token from authorization HTTP header");
} else {
// else try to get token from cookies
Cookie authCookie = extractAuthCookie(request);
rawToken = JwtRawToken.fromCookie(authCookie);
LOGGER.trace("Extracted JWT token from authorization cookie");
}
JwtTokenClaims claims = tokenVerifier.readClaims(rawToken.getToken());
UserContext context = new UserContext(rawToken, claims);
JwtAuthenticationToken token = new JwtAuthenticationToken(context, context.getAuthorities());
token.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
SecurityContextHolder.getContext().setAuthentication(token);
} catch (AuthenticationServiceException | TokenVerificationException e) {
LOGGER.trace(e.getMessage(), e);
}
filterChain.doFilter(request, response);
}
Also used :
Cookie(javax.servlet.http.Cookie)
JwtTokenClaims(com.epam.pipeline.entity.security.JwtTokenClaims)
UserContext(com.epam.pipeline.security.UserContext)
JwtRawToken(com.epam.pipeline.entity.security.JwtRawToken)
WebAuthenticationDetailsSource(org.springframework.security.web.authentication.WebAuthenticationDetailsSource)
AuthenticationServiceException(org.springframework.security.authentication.AuthenticationServiceException)
Example 13 with UserContext
use of com.epam.pipeline.security.UserContext in project cloud-pipeline by epam.
the class SAMLUserDetailsServiceImpl method loadUserBySAML.
@Override
public UserContext loadUserBySAML(SAMLCredential credential) {
String userName = credential.getNameID().getValue().toUpperCase();
List<String> groups = readAuthorities(credential);
Map<String, String> attributes = readAttributes(credential);
PipelineUser loadedUser = userManager.loadUserByName(userName);
if (loadedUser == null) {
String message = messageHelper.getMessage(MessageConstants.ERROR_USER_NAME_NOT_FOUND, userName);
if (!autoCreateUsers) {
throw new UsernameNotFoundException(message);
}
LOGGER.debug(message);
List<Long> roles = roleManager.getDefaultRolesIds();
PipelineUser createdUser = userManager.createUser(userName, roles, groups, attributes, null);
UserContext userContext = new UserContext(createdUser.getId(), userName);
userContext.setGroups(createdUser.getGroups());
LOGGER.debug("Created user {} with groups {}", userName, groups);
userContext.setRoles(createdUser.getRoles());
return userContext;
} else {
LOGGER.debug("Found user by name {}", userName);
loadedUser.setUserName(userName);
List<Long> roles = loadedUser.getRoles().stream().map(Role::getId).collect(Collectors.toList());
if (userManager.needToUpdateUser(groups, attributes, loadedUser)) {
loadedUser = userManager.updateUserSAMLInfo(loadedUser.getId(), userName, roles, groups, attributes);
LOGGER.debug("Updated user groups {} ", groups);
}
return new UserContext(loadedUser);
}
}
Also used :
UsernameNotFoundException(org.springframework.security.core.userdetails.UsernameNotFoundException)
PipelineUser(com.epam.pipeline.entity.user.PipelineUser)
UserContext(com.epam.pipeline.security.UserContext)
Aggregations
UserContext (com.epam.pipeline.security.UserContext)13
JwtRawToken (com.epam.pipeline.entity.security.JwtRawToken)3
PipelineUser (com.epam.pipeline.entity.user.PipelineUser)3
AbstractSpringTest (com.epam.pipeline.AbstractSpringTest)2
JwtTokenClaims (com.epam.pipeline.entity.security.JwtTokenClaims)2
Test (org.junit.Test)2
AuthenticationServiceException (org.springframework.security.authentication.AuthenticationServiceException)2
UsernameNotFoundException (org.springframework.security.core.userdetails.UsernameNotFoundException)2
SamlResponse (com.coveo.saml.SamlResponse)1
AbstractSecuredEntity (com.epam.pipeline.entity.AbstractSecuredEntity)1
DockerRegistry (com.epam.pipeline.entity.pipeline.DockerRegistry)1
PipelineRun (com.epam.pipeline.entity.pipeline.PipelineRun)1
AclSecuredEntry (com.epam.pipeline.entity.security.acl.AclSecuredEntry)1
AclSid (com.epam.pipeline.entity.security.acl.AclSid)1
DockerAuthorizationException (com.epam.pipeline.exception.docker.DockerAuthorizationException)1
JwtAuthenticationToken (com.epam.pipeline.security.jwt.JwtAuthenticationToken)1
File (java.io.File)1
FileReader (java.io.FileReader)1
ArrayList (java.util.ArrayList)1
EnumMap (java.util.EnumMap)1
