Examples with Authentication org.springframework.security.Authentication used on opensource projects

Search in sources :

Example 11 with Authentication

use of org.springframework.security.Authentication in project gocd by gocd.

the class RemoveAdminPermissionFilterIntegrationTest method testShouldReAuthenticateOnlyOnceAfterAuthorizationPluginUnloaded.

@Test
public void testShouldReAuthenticateOnlyOnceAfterAuthorizationPluginUnloaded() throws IOException, ServletException {
    Authentication authentication = setupAuthentication();
    when(session.getAttribute(SECURITY_CONFIG_LAST_CHANGE)).thenReturn(0L).thenReturn(0L).thenReturn(100L);
    RemoveAdminPermissionFilter filter = new RemoveAdminPermissionFilter(goConfigService, timeProvider, pluginRoleService);
    filter.initialize();
    // good initial state
    assertThat(authentication.isAuthenticated(), is(true));
    filter.doFilterHttp(request, response, chain);
    turnOnSecurity("pavan");
    assertThat(authentication.isAuthenticated(), is(true));
    filter.doFilterHttp(request, response, chain);
    assertThat(authentication.isAuthenticated(), is(false));
    authentication.setAuthenticated(true);
    filter.doFilterHttp(request, response, chain);
    assertThat(authentication.isAuthenticated(), is(true));
}
Also used : Authentication(org.springframework.security.Authentication) Test(org.junit.Test)

Example 12 with Authentication

use of org.springframework.security.Authentication in project gocd by gocd.

the class OauthAuthenticationFilter method doFilterHttp.

protected void doFilterHttp(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException, ServletException {
    // Token token="ACCESS_TOKEN"
    String header = request.getHeader(AUTHORIZATION);
    if (header != null) {
        logger.debug("Oauth authorization header: " + header);
        Matcher matcher = OAUTH_TOKEN_PATTERN.matcher(header);
        if (matcher.matches()) {
            String token = matcher.group(1);
            OauthAuthenticationToken authenticationToken = new OauthAuthenticationToken(token);
            try {
                Authentication authResult = authenticationManager.authenticate(authenticationToken);
                SecurityContextHolder.getContext().setAuthentication(authResult);
            } catch (AuthenticationException e) {
                logger.debug("Oauth authentication request for token: " + token, e);
                SecurityContextHolder.getContext().setAuthentication(null);
            }
        }
    }
    chain.doFilter(request, response);
}
Also used : Matcher(java.util.regex.Matcher) AuthenticationException(org.springframework.security.AuthenticationException) Authentication(org.springframework.security.Authentication)

Example 13 with Authentication

use of org.springframework.security.Authentication in project gocd by gocd.

the class PreAuthenticatedRequestsProcessingFilter method attemptAuthentication.

@Override
public Authentication attemptAuthentication(HttpServletRequest request) throws AuthenticationException {
    PreAuthenticatedAuthenticationToken authRequest = new PreAuthenticatedAuthenticationToken(null, fetchAuthorizationServerAccessToken(request), pluginId(request));
    Authentication authResult = this.getAuthenticationManager().authenticate(authRequest);
    return authResult;
}
Also used : Authentication(org.springframework.security.Authentication) PreAuthenticatedAuthenticationToken(com.thoughtworks.go.server.security.tokens.PreAuthenticatedAuthenticationToken)

Example 14 with Authentication

use of org.springframework.security.Authentication in project gocd by gocd.

the class ReAuthenticationFilter method doFilterHttp.

@Override
protected void doFilterHttp(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException, ServletException {
    Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
    if (!systemEnvironment.isReAuthenticationEnabled() || authentication == null) {
        chain.doFilter(request, response);
        return;
    }
    synchronized (request.getSession().getId().intern()) {
        Long lastAuthenticationTime = (Long) request.getSession().getAttribute(LAST_REAUTHENICATION_CHECK_TIME);
        if (lastAuthenticationTime == null) {
            request.getSession().setAttribute(LAST_REAUTHENICATION_CHECK_TIME, timeProvider.currentTimeMillis());
        } else if (forceReAuthentication(lastAuthenticationTime)) {
            request.getSession().setAttribute(LAST_REAUTHENICATION_CHECK_TIME, timeProvider.currentTimeMillis());
            authentication.setAuthenticated(false);
        }
    }
    chain.doFilter(request, response);
}
Also used : Authentication(org.springframework.security.Authentication)

Example 15 with Authentication

use of org.springframework.security.Authentication in project gocd by gocd.

the class RemoveAdminPermissionFilter method doFilterHttp.

public void doFilterHttp(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException, ServletException {
    Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
    if (authentication == null) {
        chain.doFilter(request, response);
        return;
    }
    synchronized (request.getRequestedSessionId().intern()) {
        // This is so that the volatile variable is accessed only once.
        long localCopyOfLastChangedTime = lastChangedTime;
        Long previousLastChangedTime = (Long) request.getSession().getAttribute(SECURITY_CONFIG_LAST_CHANGE);
        if (previousLastChangedTime == null) {
            request.getSession().setAttribute(SECURITY_CONFIG_LAST_CHANGE, localCopyOfLastChangedTime);
        } else if (previousLastChangedTime < localCopyOfLastChangedTime) {
            request.getSession().setAttribute(SECURITY_CONFIG_LAST_CHANGE, localCopyOfLastChangedTime);
            authentication.setAuthenticated(false);
        }
    }
    chain.doFilter(request, response);
}
Also used : Authentication(org.springframework.security.Authentication)

Aggregations

Authentication (org.springframework.security.Authentication)31 Test (org.junit.Test)16 UsernamePasswordAuthenticationToken (org.springframework.security.providers.UsernamePasswordAuthenticationToken)5 NullUser (com.thoughtworks.go.domain.NullUser)4 GrantedAuthority (org.springframework.security.GrantedAuthority)4 TestingAuthenticationToken (org.springframework.security.providers.TestingAuthenticationToken)4 User (com.thoughtworks.go.domain.User)3 MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)3 PreAuthenticatedAuthenticationToken (com.thoughtworks.go.server.security.tokens.PreAuthenticatedAuthenticationToken)2 GoUserPrinciple (com.thoughtworks.go.server.security.userdetail.GoUserPrinciple)2 Expectations (org.jmock.Expectations)2 AuthenticationException (org.springframework.security.AuthenticationException)2 User (org.springframework.security.userdetails.User)2 SecurityAuthConfig (com.thoughtworks.go.config.SecurityAuthConfig)1 User (com.thoughtworks.go.plugin.access.authentication.models.User)1 DefaultGoApiResponse (com.thoughtworks.go.plugin.api.response.DefaultGoApiResponse)1 Username (com.thoughtworks.go.server.domain.Username)1 HttpLocalizedOperationResult (com.thoughtworks.go.server.service.result.HttpLocalizedOperationResult)1 IOException (java.io.IOException)1 HashMap (java.util.HashMap)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial