Search in sources :

Example 6 with RunAsUserToken

use of org.springframework.security.access.intercept.RunAsUserToken in project spring-security by spring-projects.

the class MethodSecurityInterceptorTests method runAsReplacementCleansAfterException.

// SEC-1967
@Test
public void runAsReplacementCleansAfterException() {
    createTarget(true);
    given(this.realTarget.makeUpperCase(anyString())).willThrow(new RuntimeException());
    SecurityContext ctx = SecurityContextHolder.getContext();
    ctx.setAuthentication(this.token);
    this.token.setAuthenticated(true);
    final RunAsManager runAs = mock(RunAsManager.class);
    final RunAsUserToken runAsToken = new RunAsUserToken("key", "someone", "creds", this.token.getAuthorities(), TestingAuthenticationToken.class);
    this.interceptor.setRunAsManager(runAs);
    mdsReturnsUserRole();
    given(runAs.buildRunAs(eq(this.token), any(MethodInvocation.class), any(List.class))).willReturn(runAsToken);
    assertThatExceptionOfType(RuntimeException.class).isThrownBy(() -> this.advisedTarget.makeUpperCase("hello"));
    // Check we've changed back
    assertThat(SecurityContextHolder.getContext()).isSameAs(ctx);
    assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(this.token);
}
Also used : RunAsUserToken(org.springframework.security.access.intercept.RunAsUserToken) RunAsManager(org.springframework.security.access.intercept.RunAsManager) SecurityContext(org.springframework.security.core.context.SecurityContext) MethodInvocation(org.aopalliance.intercept.MethodInvocation) List(java.util.List) Test(org.junit.jupiter.api.Test)

Example 7 with RunAsUserToken

use of org.springframework.security.access.intercept.RunAsUserToken in project molgenis by molgenis.

the class SortaJobFactory method create.

@RunAsSystem
public SortaJobImpl create(SortaJobExecution jobExecution) {
    TransactionTemplate transactionTemplate = new TransactionTemplate(transactionManager);
    ProgressImpl progress = new ProgressImpl(jobExecution, jobExecutionUpdater, mailSender);
    String username = jobExecution.getUser();
    RunAsUserToken runAsAuthentication = new RunAsUserToken("Job Execution", username, null, userDetailsService.loadUserByUsername(username).getAuthorities(), null);
    SortaJobProcessor matchInputTermBatchService = new SortaJobProcessor(jobExecution.getOntologyIri(), jobExecution.getSourceEntityName(), jobExecution.getResultEntityName(), progress, dataService, sortaService, idGenerator, menuReaderService);
    return new SortaJobImpl(matchInputTermBatchService, runAsAuthentication, progress, transactionTemplate);
}
Also used : ProgressImpl(org.molgenis.jobs.ProgressImpl) RunAsUserToken(org.springframework.security.access.intercept.RunAsUserToken) TransactionTemplate(org.springframework.transaction.support.TransactionTemplate) RunAsSystem(org.molgenis.security.core.runas.RunAsSystem)

Example 8 with RunAsUserToken

use of org.springframework.security.access.intercept.RunAsUserToken in project molgenis by molgenis.

the class AuthenticationAuthoritiesUpdaterImpl method updateAuthentication.

@Override
public Authentication updateAuthentication(Authentication authentication, List<GrantedAuthority> updatedAuthorities) {
    Authentication newAuthentication;
    if (authentication instanceof TwoFactorAuthenticationToken) {
        TwoFactorAuthenticationToken twoFactorAuthenticationToken = (TwoFactorAuthenticationToken) authentication;
        newAuthentication = new TwoFactorAuthenticationToken(authentication.getPrincipal(), authentication.getCredentials(), updatedAuthorities, twoFactorAuthenticationToken.getVerificationCode(), twoFactorAuthenticationToken.getSecretKey());
    } else if (authentication instanceof SystemSecurityToken) {
        newAuthentication = authentication;
    } else if (authentication instanceof RestAuthenticationToken) {
        RestAuthenticationToken restAuthenticationToken = (RestAuthenticationToken) authentication;
        newAuthentication = new RestAuthenticationToken(authentication.getPrincipal(), authentication.getCredentials(), updatedAuthorities, restAuthenticationToken.getToken());
    } else if (authentication instanceof RecoveryAuthenticationToken) {
        RecoveryAuthenticationToken recoveryAuthenticationToken = (RecoveryAuthenticationToken) authentication;
        newAuthentication = new RecoveryAuthenticationToken(authentication.getPrincipal(), authentication.getCredentials(), updatedAuthorities, recoveryAuthenticationToken.getRecoveryCode());
    } else if (authentication instanceof UsernamePasswordAuthenticationToken) {
        newAuthentication = new UsernamePasswordAuthenticationToken(authentication.getPrincipal(), authentication.getCredentials(), updatedAuthorities);
    } else if (authentication instanceof RunAsUserToken) {
        RunAsUserToken runAsUserToken = (RunAsUserToken) authentication;
        newAuthentication = new RunAsUserTokenDecorator(runAsUserToken, updatedAuthorities);
    } else if (authentication instanceof AnonymousAuthenticationToken) {
        AnonymousAuthenticationToken anonymousAuthenticationToken = (AnonymousAuthenticationToken) authentication;
        newAuthentication = new AnonymousAuthenticationTokenDecorator(anonymousAuthenticationToken, updatedAuthorities);
    } else {
        throw new SessionAuthenticationException(format("Unknown authentication type '%s'", authentication.getClass().getSimpleName()));
    }
    return newAuthentication;
}
Also used : RecoveryAuthenticationToken(org.molgenis.security.twofactor.auth.RecoveryAuthenticationToken) SessionAuthenticationException(org.springframework.security.web.authentication.session.SessionAuthenticationException) RunAsUserToken(org.springframework.security.access.intercept.RunAsUserToken) Authentication(org.springframework.security.core.Authentication) UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken) SystemSecurityToken(org.molgenis.security.core.runas.SystemSecurityToken) AnonymousAuthenticationToken(org.springframework.security.authentication.AnonymousAuthenticationToken) RestAuthenticationToken(org.molgenis.security.token.RestAuthenticationToken) TwoFactorAuthenticationToken(org.molgenis.security.twofactor.auth.TwoFactorAuthenticationToken)

Example 9 with RunAsUserToken

use of org.springframework.security.access.intercept.RunAsUserToken in project spring-security by spring-projects.

the class MethodSecurityInterceptorTests method runAsReplacementIsCorrectlySet.

@Test
public void runAsReplacementIsCorrectlySet() {
    SecurityContext ctx = SecurityContextHolder.getContext();
    ctx.setAuthentication(this.token);
    this.token.setAuthenticated(true);
    final RunAsManager runAs = mock(RunAsManager.class);
    final RunAsUserToken runAsToken = new RunAsUserToken("key", "someone", "creds", this.token.getAuthorities(), TestingAuthenticationToken.class);
    this.interceptor.setRunAsManager(runAs);
    mdsReturnsUserRole();
    given(runAs.buildRunAs(eq(this.token), any(MethodInvocation.class), any(List.class))).willReturn(runAsToken);
    String result = this.advisedTarget.makeUpperCase("hello");
    assertThat(result).isEqualTo("HELLO org.springframework.security.access.intercept.RunAsUserToken true");
    // Check we've changed back
    assertThat(SecurityContextHolder.getContext()).isSameAs(ctx);
    assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(this.token);
}
Also used : RunAsUserToken(org.springframework.security.access.intercept.RunAsUserToken) RunAsManager(org.springframework.security.access.intercept.RunAsManager) SecurityContext(org.springframework.security.core.context.SecurityContext) MethodInvocation(org.aopalliance.intercept.MethodInvocation) List(java.util.List) ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString) Test(org.junit.jupiter.api.Test)

Example 10 with RunAsUserToken

use of org.springframework.security.access.intercept.RunAsUserToken in project spring-security by spring-projects.

the class FilterSecurityInterceptorTests method finallyInvocationIsInvokedIfExceptionThrown.

// SEC-1967
@Test
@SuppressWarnings("unchecked")
public void finallyInvocationIsInvokedIfExceptionThrown() throws Exception {
    SecurityContext ctx = SecurityContextHolder.getContext();
    Authentication token = new TestingAuthenticationToken("Test", "Password", "NOT_USED");
    token.setAuthenticated(true);
    ctx.setAuthentication(token);
    RunAsManager runAsManager = mock(RunAsManager.class);
    given(runAsManager.buildRunAs(eq(token), any(), anyCollection())).willReturn(new RunAsUserToken("key", "someone", "creds", token.getAuthorities(), token.getClass()));
    this.interceptor.setRunAsManager(runAsManager);
    FilterInvocation fi = createinvocation();
    FilterChain chain = fi.getChain();
    willThrow(new RuntimeException()).given(chain).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class));
    given(this.ods.getAttributes(fi)).willReturn(SecurityConfig.createList("MOCK_OK"));
    AfterInvocationManager aim = mock(AfterInvocationManager.class);
    this.interceptor.setAfterInvocationManager(aim);
    assertThatExceptionOfType(RuntimeException.class).isThrownBy(() -> this.interceptor.invoke(fi));
    // Check we've changed back
    assertThat(SecurityContextHolder.getContext()).isSameAs(ctx);
    assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(token);
}
Also used : HttpServletRequest(jakarta.servlet.http.HttpServletRequest) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) AfterInvocationManager(org.springframework.security.access.intercept.AfterInvocationManager) RunAsUserToken(org.springframework.security.access.intercept.RunAsUserToken) RunAsManager(org.springframework.security.access.intercept.RunAsManager) Authentication(org.springframework.security.core.Authentication) MockFilterChain(org.springframework.mock.web.MockFilterChain) FilterChain(jakarta.servlet.FilterChain) SecurityContext(org.springframework.security.core.context.SecurityContext) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) HttpServletResponse(jakarta.servlet.http.HttpServletResponse) FilterInvocation(org.springframework.security.web.FilterInvocation) TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken) Test(org.junit.jupiter.api.Test)

Aggregations

RunAsUserToken (org.springframework.security.access.intercept.RunAsUserToken)10 Test (org.junit.jupiter.api.Test)5 RunAsManager (org.springframework.security.access.intercept.RunAsManager)5 SecurityContext (org.springframework.security.core.context.SecurityContext)5 List (java.util.List)4 MethodInvocation (org.aopalliance.intercept.MethodInvocation)4 ProgressImpl (org.molgenis.jobs.ProgressImpl)3 RunAsSystem (org.molgenis.security.core.runas.RunAsSystem)3 Authentication (org.springframework.security.core.Authentication)3 TransactionTemplate (org.springframework.transaction.support.TransactionTemplate)3 FilterChain (jakarta.servlet.FilterChain)1 HttpServletRequest (jakarta.servlet.http.HttpServletRequest)1 HttpServletResponse (jakarta.servlet.http.HttpServletResponse)1 ArgumentMatchers.anyString (org.mockito.ArgumentMatchers.anyString)1 Entity (org.molgenis.data.Entity)1 RepositoryAnnotator (org.molgenis.data.annotation.core.RepositoryAnnotator)1 AnnotatorDependencyOrderResolver (org.molgenis.data.annotation.core.utils.AnnotatorDependencyOrderResolver)1 CrudRepositoryAnnotator (org.molgenis.data.annotation.web.CrudRepositoryAnnotator)1 SystemSecurityToken (org.molgenis.security.core.runas.SystemSecurityToken)1 RestAuthenticationToken (org.molgenis.security.token.RestAuthenticationToken)1