Examples with AuthorizedEvent org.springframework.security.access.event.AuthorizedEvent used on opensource projects

Example 1 with AuthorizedEvent

use of org.springframework.security.access.event.AuthorizedEvent in project camel by apache.

the class SpringSecurityAuthorizationPolicy method beforeProcess.

protected void beforeProcess(Exchange exchange) throws Exception {
    List<ConfigAttribute> attributes = accessPolicy.getConfigAttributes();
    try {
        Authentication authToken = getAuthentication(exchange.getIn());
        if (authToken == null) {
            CamelAuthorizationException authorizationException = new CamelAuthorizationException("Cannot find the Authentication instance.", exchange);
            throw authorizationException;
        }
        Authentication authenticated = authenticateIfRequired(authToken);
        // Attempt authorization with exchange
        try {
            this.accessDecisionManager.decide(authenticated, exchange, attributes);
        } catch (AccessDeniedException accessDeniedException) {
            exchange.getIn().setHeader(Exchange.AUTHENTICATION_FAILURE_POLICY_ID, getId());
            AuthorizationFailureEvent event = new AuthorizationFailureEvent(exchange, attributes, authenticated, accessDeniedException);
            publishEvent(event);
            throw accessDeniedException;
        }
        publishEvent(new AuthorizedEvent(exchange, attributes, authenticated));
    } catch (RuntimeException exception) {
        exchange.getIn().setHeader(Exchange.AUTHENTICATION_FAILURE_POLICY_ID, getId());
        CamelAuthorizationException authorizationException = new CamelAuthorizationException("Cannot access the processor which has been protected.", exchange, exception);
        throw authorizationException;
    }
}

Example 2 with AuthorizedEvent

use of org.springframework.security.access.event.AuthorizedEvent in project opennms by OpenNMS.

the class SecurityAuthenticationEventOnmsEventBuilder method onApplicationEvent.

/**
 * {@inheritDoc}
 */
@Override
public void onApplicationEvent(ApplicationEvent event) {
    LOG.debug("Received ApplicationEvent {}", event.getClass());
    if (event instanceof AuthenticationSuccessEvent) {
        AuthenticationSuccessEvent authEvent = (AuthenticationSuccessEvent) event;
        EventBuilder builder = createEvent(SUCCESS_UEI, authEvent);
        // Sync the timestamp
        builder.setTime(new Date(event.getTimestamp()));
        if (!"true".equalsIgnoreCase(System.getProperty("org.opennms.security.disableLoginSuccessEvent"))) {
            sendEvent(builder.getEvent());
        }
    }
    if (event instanceof AbstractAuthenticationFailureEvent) {
        AbstractAuthenticationFailureEvent authEvent = (AbstractAuthenticationFailureEvent) event;
        LOG.debug("AbstractAuthenticationFailureEvent was received, exception message - {}", authEvent.getException().getMessage());
        EventBuilder builder = createEvent(FAILURE_UEI, authEvent);
        // Sync the timestamp
        builder.setTime(new Date(event.getTimestamp()));
        builder.addParam("exceptionName", authEvent.getException().getClass().getSimpleName());
        builder.addParam("exceptionMessage", authEvent.getException().getMessage());
        sendEvent(builder.getEvent());
    }
    if (event instanceof AuthorizedEvent) {
        AuthorizedEvent authEvent = (AuthorizedEvent) event;
        LOG.debug("AuthorizedEvent received - \n  Details - {}\n  Principal - {}", authEvent.getAuthentication().getDetails(), authEvent.getAuthentication().getPrincipal());
    }
    if (event instanceof AuthorizationFailureEvent) {
        AuthorizationFailureEvent authEvent = (AuthorizationFailureEvent) event;
        LOG.debug("AuthorizationFailureEvent received  -\n   Details - {}\n  Principal - {}", authEvent.getAuthentication().getDetails(), authEvent.getAuthentication().getPrincipal());
    }
    if (event instanceof InteractiveAuthenticationSuccessEvent) {
        InteractiveAuthenticationSuccessEvent authEvent = (InteractiveAuthenticationSuccessEvent) event;
        LOG.debug("InteractiveAuthenticationSuccessEvent received - \n  Details - {}\n  Principal - {}", authEvent.getAuthentication().getDetails(), authEvent.getAuthentication().getPrincipal());
    }
    if (event instanceof ServletRequestHandledEvent) {
        ServletRequestHandledEvent authEvent = (ServletRequestHandledEvent) event;
        LOG.debug("ServletRequestHandledEvent received - {}\n  Servlet - {}\n  URL - {}", authEvent.getDescription(), authEvent.getServletName(), authEvent.getRequestUrl());
        LOG.info("{} requested from {} by user {}", authEvent.getRequestUrl(), authEvent.getClientAddress(), authEvent.getUserName());
    }
}

Example 3 with AuthorizedEvent

use of org.springframework.security.access.event.AuthorizedEvent in project spring-security by spring-projects.

the class AbstractSecurityInterceptor method beforeInvocation.

protected InterceptorStatusToken beforeInvocation(Object object) {
    Assert.notNull(object, "Object was null");
    if (!getSecureObjectClass().isAssignableFrom(object.getClass())) {
        throw new IllegalArgumentException("Security invocation attempted for object " + object.getClass().getName() + " but AbstractSecurityInterceptor only configured to support secure objects of type: " + getSecureObjectClass());
    }
    Collection<ConfigAttribute> attributes = this.obtainSecurityMetadataSource().getAttributes(object);
    if (CollectionUtils.isEmpty(attributes)) {
        Assert.isTrue(!this.rejectPublicInvocations, () -> "Secure object invocation " + object + " was denied as public invocations are not allowed via this interceptor. " + "This indicates a configuration error because the " + "rejectPublicInvocations property is set to 'true'");
        if (this.logger.isDebugEnabled()) {
            this.logger.debug(LogMessage.format("Authorized public object %s", object));
        }
        publishEvent(new PublicInvocationEvent(object));
        // no further work post-invocation
        return null;
    }
    if (SecurityContextHolder.getContext().getAuthentication() == null) {
        credentialsNotFound(this.messages.getMessage("AbstractSecurityInterceptor.authenticationNotFound", "An Authentication object was not found in the SecurityContext"), object, attributes);
    }
    Authentication authenticated = authenticateIfRequired();
    if (this.logger.isTraceEnabled()) {
        this.logger.trace(LogMessage.format("Authorizing %s with attributes %s", object, attributes));
    }
    // Attempt authorization
    attemptAuthorization(object, attributes, authenticated);
    if (this.logger.isDebugEnabled()) {
        this.logger.debug(LogMessage.format("Authorized %s with attributes %s", object, attributes));
    }
    if (this.publishAuthorizationSuccess) {
        publishEvent(new AuthorizedEvent(object, attributes, authenticated));
    }
    // Attempt to run as a different user
    Authentication runAs = this.runAsManager.buildRunAs(authenticated, object, attributes);
    if (runAs != null) {
        SecurityContext origCtx = SecurityContextHolder.getContext();
        SecurityContext newCtx = SecurityContextHolder.createEmptyContext();
        newCtx.setAuthentication(runAs);
        SecurityContextHolder.setContext(newCtx);
        if (this.logger.isDebugEnabled()) {
            this.logger.debug(LogMessage.format("Switched to RunAs authentication %s", runAs));
        }
        // need to revert to token.Authenticated post-invocation
        return new InterceptorStatusToken(origCtx, true, attributes, object);
    }
    this.logger.trace("Did not switch RunAs authentication since RunAsManager returned null");
    // no further work post-invocation
    return new InterceptorStatusToken(SecurityContextHolder.getContext(), false, attributes, object);
}