Search in sources :

Example 1 with SystemAuthenticationToken

use of io.jmix.core.security.SystemAuthenticationToken in project jmix by jmix-framework.

the class SystemAuthenticationProvider method authenticate.

@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
    if (!(authentication instanceof SystemAuthenticationToken)) {
        throw new IllegalArgumentException(String.format("%s does not support %s", getClass().getSimpleName(), authentication.getClass()));
    }
    UserDetails userDetails;
    String username = authentication.getName();
    // todo MG check null or 'system'
    if (Strings.isNullOrEmpty(username)) {
        userDetails = userRepository.getSystemUser();
    } else {
        userDetails = userRepository.loadUserByUsername(username);
    }
    return new SystemAuthenticationToken(userDetails, userDetails.getAuthorities());
}
Also used : UserDetails(org.springframework.security.core.userdetails.UserDetails) SystemAuthenticationToken(io.jmix.core.security.SystemAuthenticationToken)

Example 2 with SystemAuthenticationToken

use of io.jmix.core.security.SystemAuthenticationToken in project jmix by jmix-framework.

the class SystemAuthenticatorImpl method begin.

@Override
public Authentication begin(@Nullable String login) {
    if (authenticationManager == null) {
        throw new IllegalStateException("AuthenticationManager is not defined");
    }
    pushAuthentication(SecurityContextHelper.getAuthentication());
    try {
        Authentication authentication;
        if (!Strings.isNullOrEmpty(login)) {
            log.trace("Authenticating as {}", login);
            Authentication authToken = new SystemAuthenticationToken(login);
            authentication = authenticationManager.authenticate(authToken);
        } else {
            log.trace("Authenticating as system");
            Authentication authToken = new SystemAuthenticationToken(null);
            authentication = authenticationManager.authenticate(authToken);
        }
        SecurityContextHelper.setAuthentication(authentication);
        return authentication;
    } catch (AuthenticationException e) {
        pollAuthentication();
        throw e;
    }
}
Also used : AuthenticationException(org.springframework.security.core.AuthenticationException) Authentication(org.springframework.security.core.Authentication) SystemAuthenticationToken(io.jmix.core.security.SystemAuthenticationToken)

Example 3 with SystemAuthenticationToken

use of io.jmix.core.security.SystemAuthenticationToken in project jmix by jmix-framework.

the class UserSessionSourceImpl method updateUserSessionFromAuthentication.

protected void updateUserSessionFromAuthentication(Authentication authentication, UserSession session) {
    UserRepository userRepository = beanFactory.getBean(UserRepository.class);
    if (authentication instanceof UsernamePasswordAuthenticationToken || authentication instanceof RememberMeAuthenticationToken) {
        session.setUser((UserDetails) authentication.getPrincipal());
        if (authentication.getDetails() instanceof ClientDetails) {
            ClientDetails clientDetails = (ClientDetails) authentication.getDetails();
            session.setLocale(clientDetails.getLocale());
        } else {
            session.setLocale(Locale.getDefault());
        }
    } else if (authentication instanceof AnonymousAuthenticationToken || authentication instanceof SystemAuthenticationToken) {
        Object principal = authentication.getPrincipal();
        if (principal instanceof UserDetails) {
            session.setUser((UserDetails) authentication.getPrincipal());
            session.setLocale(Locale.getDefault());
        } else {
            session.setUser(userRepository.getSystemUser());
            session.setLocale(Locale.getDefault());
        }
    } else if (authentication instanceof OAuth2Authentication) {
        Authentication userAuthentication = ((OAuth2Authentication) authentication).getUserAuthentication();
        if (userAuthentication != authentication) {
            updateUserSessionFromAuthentication(userAuthentication, session);
        }
    } else if (authentication == null) {
        // todo MG should null authentication be possible?
        // todo MG what user to return?
        session.setUser(userRepository.getSystemUser());
        session.setLocale(Locale.getDefault());
    } else {
        throw new RuntimeException("Authentication type is not supported: " + authentication.getClass().getCanonicalName());
    }
}
Also used : UserRepository(io.jmix.core.security.UserRepository) ClientDetails(io.jmix.core.security.ClientDetails) UserDetails(org.springframework.security.core.userdetails.UserDetails) OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication) Authentication(org.springframework.security.core.Authentication) OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication) UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken) RememberMeAuthenticationToken(org.springframework.security.authentication.RememberMeAuthenticationToken) SystemAuthenticationToken(io.jmix.core.security.SystemAuthenticationToken) AnonymousAuthenticationToken(org.springframework.security.authentication.AnonymousAuthenticationToken)

Aggregations

SystemAuthenticationToken (io.jmix.core.security.SystemAuthenticationToken)3 Authentication (org.springframework.security.core.Authentication)2 UserDetails (org.springframework.security.core.userdetails.UserDetails)2 ClientDetails (io.jmix.core.security.ClientDetails)1 UserRepository (io.jmix.core.security.UserRepository)1 AnonymousAuthenticationToken (org.springframework.security.authentication.AnonymousAuthenticationToken)1 RememberMeAuthenticationToken (org.springframework.security.authentication.RememberMeAuthenticationToken)1 UsernamePasswordAuthenticationToken (org.springframework.security.authentication.UsernamePasswordAuthenticationToken)1 AuthenticationException (org.springframework.security.core.AuthenticationException)1 OAuth2Authentication (org.springframework.security.oauth2.provider.OAuth2Authentication)1