Search in sources :

Example 1 with UserRepository

use of io.jmix.core.security.UserRepository in project jmix by jmix-framework.

the class AnonymousConfigurer method initAnonymous.

protected void initAnonymous(HttpSecurity http) {
    try {
        ApplicationContext applicationContext = http.getSharedObject(ApplicationContext.class);
        CoreProperties coreProperties = applicationContext.getBean(CoreProperties.class);
        UserRepository userRepository = applicationContext.getBean(UserRepository.class);
        http.anonymous(anonymousConfigurer -> {
            anonymousConfigurer.key(coreProperties.getAnonymousAuthenticationTokenKey());
            anonymousConfigurer.principal(userRepository.getAnonymousUser());
            Collection<? extends GrantedAuthority> anonymousAuthorities = userRepository.getAnonymousUser().getAuthorities();
            if (!anonymousAuthorities.isEmpty()) {
                anonymousConfigurer.authorities(new ArrayList<>(userRepository.getAnonymousUser().getAuthorities()));
            }
        });
    } catch (Exception e) {
        throw new RuntimeException("Error while init security", e);
    }
}
Also used : ApplicationContext(org.springframework.context.ApplicationContext) CoreProperties(io.jmix.core.CoreProperties) UserRepository(io.jmix.core.security.UserRepository)

Example 2 with UserRepository

use of io.jmix.core.security.UserRepository in project jmix by jmix-framework.

the class UserSessionSourceImpl method updateUserSessionFromAuthentication.

protected void updateUserSessionFromAuthentication(Authentication authentication, UserSession session) {
    UserRepository userRepository = beanFactory.getBean(UserRepository.class);
    if (authentication instanceof UsernamePasswordAuthenticationToken || authentication instanceof RememberMeAuthenticationToken) {
        session.setUser((UserDetails) authentication.getPrincipal());
        if (authentication.getDetails() instanceof ClientDetails) {
            ClientDetails clientDetails = (ClientDetails) authentication.getDetails();
            session.setLocale(clientDetails.getLocale());
        } else {
            session.setLocale(Locale.getDefault());
        }
    } else if (authentication instanceof AnonymousAuthenticationToken || authentication instanceof SystemAuthenticationToken) {
        Object principal = authentication.getPrincipal();
        if (principal instanceof UserDetails) {
            session.setUser((UserDetails) authentication.getPrincipal());
            session.setLocale(Locale.getDefault());
        } else {
            session.setUser(userRepository.getSystemUser());
            session.setLocale(Locale.getDefault());
        }
    } else if (authentication instanceof OAuth2Authentication) {
        Authentication userAuthentication = ((OAuth2Authentication) authentication).getUserAuthentication();
        if (userAuthentication != authentication) {
            updateUserSessionFromAuthentication(userAuthentication, session);
        }
    } else if (authentication == null) {
        // todo MG should null authentication be possible?
        // todo MG what user to return?
        session.setUser(userRepository.getSystemUser());
        session.setLocale(Locale.getDefault());
    } else {
        throw new RuntimeException("Authentication type is not supported: " + authentication.getClass().getCanonicalName());
    }
}
Also used : UserRepository(io.jmix.core.security.UserRepository) ClientDetails(io.jmix.core.security.ClientDetails) UserDetails(org.springframework.security.core.userdetails.UserDetails) OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication) Authentication(org.springframework.security.core.Authentication) OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication) UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken) RememberMeAuthenticationToken(org.springframework.security.authentication.RememberMeAuthenticationToken) SystemAuthenticationToken(io.jmix.core.security.SystemAuthenticationToken) AnonymousAuthenticationToken(org.springframework.security.authentication.AnonymousAuthenticationToken)

Aggregations

UserRepository (io.jmix.core.security.UserRepository)2 CoreProperties (io.jmix.core.CoreProperties)1 ClientDetails (io.jmix.core.security.ClientDetails)1 SystemAuthenticationToken (io.jmix.core.security.SystemAuthenticationToken)1 ApplicationContext (org.springframework.context.ApplicationContext)1 AnonymousAuthenticationToken (org.springframework.security.authentication.AnonymousAuthenticationToken)1 RememberMeAuthenticationToken (org.springframework.security.authentication.RememberMeAuthenticationToken)1 UsernamePasswordAuthenticationToken (org.springframework.security.authentication.UsernamePasswordAuthenticationToken)1 Authentication (org.springframework.security.core.Authentication)1 UserDetails (org.springframework.security.core.userdetails.UserDetails)1 OAuth2Authentication (org.springframework.security.oauth2.provider.OAuth2Authentication)1