use of org.springframework.security.access.intercept.RunAsUserToken in project spring-security by spring-projects.
the class MethodSecurityInterceptorTests method runAsReplacementCleansAfterException.
// SEC-1967
@Test
public void runAsReplacementCleansAfterException() {
createTarget(true);
given(this.realTarget.makeUpperCase(anyString())).willThrow(new RuntimeException());
SecurityContext ctx = SecurityContextHolder.getContext();
ctx.setAuthentication(this.token);
this.token.setAuthenticated(true);
final RunAsManager runAs = mock(RunAsManager.class);
final RunAsUserToken runAsToken = new RunAsUserToken("key", "someone", "creds", this.token.getAuthorities(), TestingAuthenticationToken.class);
this.interceptor.setRunAsManager(runAs);
mdsReturnsUserRole();
given(runAs.buildRunAs(eq(this.token), any(MethodInvocation.class), any(List.class))).willReturn(runAsToken);
assertThatExceptionOfType(RuntimeException.class).isThrownBy(() -> this.advisedTarget.makeUpperCase("hello"));
// Check we've changed back
assertThat(SecurityContextHolder.getContext()).isSameAs(ctx);
assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(this.token);
}
use of org.springframework.security.access.intercept.RunAsUserToken in project molgenis by molgenis.
the class SortaJobFactory method create.
@RunAsSystem
public SortaJobImpl create(SortaJobExecution jobExecution) {
TransactionTemplate transactionTemplate = new TransactionTemplate(transactionManager);
ProgressImpl progress = new ProgressImpl(jobExecution, jobExecutionUpdater, mailSender);
String username = jobExecution.getUser();
RunAsUserToken runAsAuthentication = new RunAsUserToken("Job Execution", username, null, userDetailsService.loadUserByUsername(username).getAuthorities(), null);
SortaJobProcessor matchInputTermBatchService = new SortaJobProcessor(jobExecution.getOntologyIri(), jobExecution.getSourceEntityName(), jobExecution.getResultEntityName(), progress, dataService, sortaService, idGenerator, menuReaderService);
return new SortaJobImpl(matchInputTermBatchService, runAsAuthentication, progress, transactionTemplate);
}
use of org.springframework.security.access.intercept.RunAsUserToken in project molgenis by molgenis.
the class AuthenticationAuthoritiesUpdaterImpl method updateAuthentication.
@Override
public Authentication updateAuthentication(Authentication authentication, List<GrantedAuthority> updatedAuthorities) {
Authentication newAuthentication;
if (authentication instanceof TwoFactorAuthenticationToken) {
TwoFactorAuthenticationToken twoFactorAuthenticationToken = (TwoFactorAuthenticationToken) authentication;
newAuthentication = new TwoFactorAuthenticationToken(authentication.getPrincipal(), authentication.getCredentials(), updatedAuthorities, twoFactorAuthenticationToken.getVerificationCode(), twoFactorAuthenticationToken.getSecretKey());
} else if (authentication instanceof SystemSecurityToken) {
newAuthentication = authentication;
} else if (authentication instanceof RestAuthenticationToken) {
RestAuthenticationToken restAuthenticationToken = (RestAuthenticationToken) authentication;
newAuthentication = new RestAuthenticationToken(authentication.getPrincipal(), authentication.getCredentials(), updatedAuthorities, restAuthenticationToken.getToken());
} else if (authentication instanceof RecoveryAuthenticationToken) {
RecoveryAuthenticationToken recoveryAuthenticationToken = (RecoveryAuthenticationToken) authentication;
newAuthentication = new RecoveryAuthenticationToken(authentication.getPrincipal(), authentication.getCredentials(), updatedAuthorities, recoveryAuthenticationToken.getRecoveryCode());
} else if (authentication instanceof UsernamePasswordAuthenticationToken) {
newAuthentication = new UsernamePasswordAuthenticationToken(authentication.getPrincipal(), authentication.getCredentials(), updatedAuthorities);
} else if (authentication instanceof RunAsUserToken) {
RunAsUserToken runAsUserToken = (RunAsUserToken) authentication;
newAuthentication = new RunAsUserTokenDecorator(runAsUserToken, updatedAuthorities);
} else if (authentication instanceof AnonymousAuthenticationToken) {
AnonymousAuthenticationToken anonymousAuthenticationToken = (AnonymousAuthenticationToken) authentication;
newAuthentication = new AnonymousAuthenticationTokenDecorator(anonymousAuthenticationToken, updatedAuthorities);
} else {
throw new SessionAuthenticationException(format("Unknown authentication type '%s'", authentication.getClass().getSimpleName()));
}
return newAuthentication;
}
use of org.springframework.security.access.intercept.RunAsUserToken in project spring-security by spring-projects.
the class MethodSecurityInterceptorTests method runAsReplacementIsCorrectlySet.
@Test
public void runAsReplacementIsCorrectlySet() {
SecurityContext ctx = SecurityContextHolder.getContext();
ctx.setAuthentication(this.token);
this.token.setAuthenticated(true);
final RunAsManager runAs = mock(RunAsManager.class);
final RunAsUserToken runAsToken = new RunAsUserToken("key", "someone", "creds", this.token.getAuthorities(), TestingAuthenticationToken.class);
this.interceptor.setRunAsManager(runAs);
mdsReturnsUserRole();
given(runAs.buildRunAs(eq(this.token), any(MethodInvocation.class), any(List.class))).willReturn(runAsToken);
String result = this.advisedTarget.makeUpperCase("hello");
assertThat(result).isEqualTo("HELLO org.springframework.security.access.intercept.RunAsUserToken true");
// Check we've changed back
assertThat(SecurityContextHolder.getContext()).isSameAs(ctx);
assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(this.token);
}
use of org.springframework.security.access.intercept.RunAsUserToken in project spring-security by spring-projects.
the class FilterSecurityInterceptorTests method finallyInvocationIsInvokedIfExceptionThrown.
// SEC-1967
@Test
@SuppressWarnings("unchecked")
public void finallyInvocationIsInvokedIfExceptionThrown() throws Exception {
SecurityContext ctx = SecurityContextHolder.getContext();
Authentication token = new TestingAuthenticationToken("Test", "Password", "NOT_USED");
token.setAuthenticated(true);
ctx.setAuthentication(token);
RunAsManager runAsManager = mock(RunAsManager.class);
given(runAsManager.buildRunAs(eq(token), any(), anyCollection())).willReturn(new RunAsUserToken("key", "someone", "creds", token.getAuthorities(), token.getClass()));
this.interceptor.setRunAsManager(runAsManager);
FilterInvocation fi = createinvocation();
FilterChain chain = fi.getChain();
willThrow(new RuntimeException()).given(chain).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class));
given(this.ods.getAttributes(fi)).willReturn(SecurityConfig.createList("MOCK_OK"));
AfterInvocationManager aim = mock(AfterInvocationManager.class);
this.interceptor.setAfterInvocationManager(aim);
assertThatExceptionOfType(RuntimeException.class).isThrownBy(() -> this.interceptor.invoke(fi));
// Check we've changed back
assertThat(SecurityContextHolder.getContext()).isSameAs(ctx);
assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(token);
}
Aggregations