Example 1 with AccessTokenCredential
use of com.thoughtworks.go.server.newsecurity.models.AccessTokenCredential in project gocd by gocd.
the class AccessTokenAuthenticationFilter method filterWhenSecurityEnabled.
private void filterWhenSecurityEnabled(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain, AccessTokenCredential accessTokenCredential) throws IOException, ServletException {
if (accessTokenCredential == null) {
LOGGER.debug("Bearer auth credentials are not provided in request.");
filterChain.doFilter(request, response);
} else {
accessTokenService.updateLastUsedCacheWith(accessTokenCredential.getAccessToken());
ACCESS_TOKEN_LOGGER.debug("[Bearer Token Authentication] Authenticating bearer token for: " + "GoCD User: '{}'. " + "GoCD API endpoint: '{}', " + "API Client: '{}', " + "Is Admin Scoped Token: '{}', " + "Current Time: '{}'.", accessTokenCredential.getAccessToken().getUsername(), request.getRequestURI(), request.getHeader("User-Agent"), securityService.isUserAdmin(new Username(accessTokenCredential.getAccessToken().getUsername())), new Timestamp(System.currentTimeMillis()));
try {
String authConfigId = accessTokenCredential.getAccessToken().getAuthConfigId();
SecurityAuthConfig authConfig = securityAuthConfigService.findProfile(authConfigId);
if (authConfig == null) {
String errorMessage = String.format("Can not find authorization configuration \"%s\" to which the requested personal access token belongs. Authorization Configuration \"%s\" might have been renamed or deleted. Please revoke the existing token and create a new one for the same.", authConfigId, authConfigId);
onAuthenticationFailure(request, response, errorMessage);
return;
}
final AuthenticationToken<AccessTokenCredential> authenticationToken = authenticationProvider.authenticateUser(accessTokenCredential, authConfig);
if (authenticationToken == null) {
onAuthenticationFailure(request, response, BAD_CREDENTIALS_MSG);
} else {
SessionUtils.setAuthenticationTokenAfterRecreatingSession(authenticationToken, request);
filterChain.doFilter(request, response);
}
} catch (AuthenticationException e) {
LOGGER.debug("Failed to authenticate user.", e);
onAuthenticationFailure(request, response, e.getMessage());
}
}
}
Also used :
SecurityAuthConfig(com.thoughtworks.go.config.SecurityAuthConfig)
Username(com.thoughtworks.go.server.domain.Username)
AuthenticationException(org.springframework.security.core.AuthenticationException)
Timestamp(java.sql.Timestamp)
AccessTokenCredential(com.thoughtworks.go.server.newsecurity.models.AccessTokenCredential)
Example 2 with AccessTokenCredential
use of com.thoughtworks.go.server.newsecurity.models.AccessTokenCredential in project gocd by gocd.
the class AccessTokenAuthenticationFilter method extractAuthTokenCredential.
private AccessTokenCredential extractAuthTokenCredential(String authorizationHeader) {
final Pattern BEARER_AUTH_EXTRACTOR_PATTERN = Pattern.compile("bearer (.*)", Pattern.CASE_INSENSITIVE);
if (isBlank(authorizationHeader)) {
return null;
}
final Matcher matcher = BEARER_AUTH_EXTRACTOR_PATTERN.matcher(authorizationHeader);
if (matcher.matches()) {
String token = matcher.group(1);
AccessToken accessToken = accessTokenService.findByAccessToken(token);
return new AccessTokenCredential(accessToken);
}
return null;
}
Also used :
Pattern(java.util.regex.Pattern)
Matcher(java.util.regex.Matcher)
AccessToken(com.thoughtworks.go.domain.AccessToken)
AccessTokenCredential(com.thoughtworks.go.server.newsecurity.models.AccessTokenCredential)
Example 3 with AccessTokenCredential
use of com.thoughtworks.go.server.newsecurity.models.AccessTokenCredential in project gocd by gocd.
the class AccessTokenAuthenticationFilter method doFilterInternal.
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws IOException, ServletException {
if (isPreviouslyAuthenticated(request)) {
LOGGER.debug("Request is already authenticated.");
filterChain.doFilter(request, response);
return;
}
AccessTokenCredential credential;
try {
credential = extractAuthTokenCredential(request.getHeader("Authorization"));
} catch (Exception e) {
onAuthenticationFailure(request, response, e.getMessage());
return;
}
if (credential != null) {
LOGGER.debug("[Bearer Authentication] Authorization header found for user '{}'", credential.getAccessToken().getUsername());
}
LOGGER.debug("Security Enabled: " + securityService.isSecurityEnabled());
if (securityService.isSecurityEnabled()) {
filterWhenSecurityEnabled(request, response, filterChain, credential);
} else {
filterWhenSecurityDisabled(request, response, filterChain, credential);
}
}
Also used :
AccessTokenCredential(com.thoughtworks.go.server.newsecurity.models.AccessTokenCredential)
ServletException(javax.servlet.ServletException)
AuthenticationException(org.springframework.security.core.AuthenticationException)
IOException(java.io.IOException)
Aggregations
AccessTokenCredential (com.thoughtworks.go.server.newsecurity.models.AccessTokenCredential)3
AuthenticationException (org.springframework.security.core.AuthenticationException)2
SecurityAuthConfig (com.thoughtworks.go.config.SecurityAuthConfig)1
AccessToken (com.thoughtworks.go.domain.AccessToken)1
Username (com.thoughtworks.go.server.domain.Username)1
IOException (java.io.IOException)1
Timestamp (java.sql.Timestamp)1
Matcher (java.util.regex.Matcher)1
Pattern (java.util.regex.Pattern)1
ServletException (javax.servlet.ServletException)1
