Example 36 with AbstractAuthenticationToken
use of org.springframework.security.authentication.AbstractAuthenticationToken in project spring-security by spring-projects.
the class OpenSaml4AuthenticationProvider method authenticate.
/**
* @param authentication the authentication request object, must be of type
* {@link Saml2AuthenticationToken}
* @return {@link Saml2Authentication} if the assertion is valid
* @throws AuthenticationException if a validation exception occurs
*/
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
try {
Saml2AuthenticationToken token = (Saml2AuthenticationToken) authentication;
String serializedResponse = token.getSaml2Response();
Response response = parse(serializedResponse);
process(token, response);
AbstractAuthenticationToken authenticationResponse = this.responseAuthenticationConverter.convert(new ResponseToken(response, token));
if (authenticationResponse != null) {
authenticationResponse.setDetails(authentication.getDetails());
}
return authenticationResponse;
} catch (Saml2AuthenticationException ex) {
throw ex;
} catch (Exception ex) {
throw createAuthenticationException(Saml2ErrorCodes.INTERNAL_VALIDATION_ERROR, ex.getMessage(), ex);
}
}
Also used :
Response(org.opensaml.saml.saml2.core.Response)
AbstractAuthenticationToken(org.springframework.security.authentication.AbstractAuthenticationToken)
XSString(org.opensaml.core.xml.schema.XSString)
AuthenticationException(org.springframework.security.core.AuthenticationException)
Saml2Exception(org.springframework.security.saml2.Saml2Exception)
Example 37 with AbstractAuthenticationToken
use of org.springframework.security.authentication.AbstractAuthenticationToken in project ranger by apache.
the class RangerKRBAuthenticationFilter method doFilter.
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain filterChain) throws IOException, ServletException {
String authtype = PropertiesUtil.getProperty(RANGER_AUTH_TYPE);
HttpServletRequest httpRequest = (HttpServletRequest) request;
Authentication existingAuth = SecurityContextHolder.getContext().getAuthentication();
if (isSpnegoEnable(authtype) && (existingAuth == null || !existingAuth.isAuthenticated())) {
KerberosName.setRules(PropertiesUtil.getProperty(NAME_RULES, "DEFAULT"));
String userName = null;
Cookie[] cookie = httpRequest.getCookies();
if (cookie != null) {
for (Cookie c : cookie) {
String cname = c.getName();
if (cname != null && "u".equalsIgnoreCase(cname)) {
int ustr = cname.indexOf("u=");
if (ustr != -1) {
int andStr = cname.indexOf("&", ustr);
if (andStr != -1) {
userName = cname.substring(ustr + 2, andStr);
}
}
} else if (cname != null && AUTH_COOKIE_NAME.equalsIgnoreCase(cname)) {
int ustr = cname.indexOf("u=");
if (ustr != -1) {
int andStr = cname.indexOf("&", ustr);
if (andStr != -1) {
userName = cname.substring(ustr + 2, andStr);
}
}
}
}
}
if ((existingAuth == null || !existingAuth.isAuthenticated()) && (!StringUtils.isEmpty(userName))) {
// --------------------------- To Create Ranger Session --------------------------------------
String rangerLdapDefaultRole = PropertiesUtil.getProperty("ranger.ldap.default.role", "ROLE_USER");
// if we get the userName from the token then log into ranger using the same user
final List<GrantedAuthority> grantedAuths = new ArrayList<>();
grantedAuths.add(new SimpleGrantedAuthority(rangerLdapDefaultRole));
final UserDetails principal = new User(userName, "", grantedAuths);
final Authentication finalAuthentication = new UsernamePasswordAuthenticationToken(principal, "", grantedAuths);
WebAuthenticationDetails webDetails = new WebAuthenticationDetails(httpRequest);
((AbstractAuthenticationToken) finalAuthentication).setDetails(webDetails);
RangerAuthenticationProvider authenticationProvider = new RangerAuthenticationProvider();
Authentication authentication = authenticationProvider.authenticate(finalAuthentication);
authentication = getGrantedAuthority(authentication);
SecurityContextHolder.getContext().setAuthentication(authentication);
request.setAttribute("spnegoEnabled", true);
if (LOG.isDebugEnabled()) {
LOG.debug("Logged into Ranger as = " + userName);
}
} else {
try {
if (LOG.isDebugEnabled()) {
LOG.debug("isSpnegoEnable = " + isSpnegoEnable(authtype) + " userName = " + userName + " request URL = " + getRequestURL(httpRequest));
if (existingAuth != null) {
LOG.debug("isAuthenticated: " + existingAuth.isAuthenticated());
}
}
if (StringUtils.equals(httpRequest.getParameter("action"), RestUtil.TIMEOUT_ACTION)) {
handleTimeoutRequest(httpRequest, (HttpServletResponse) response);
} else {
super.doFilter(request, response, filterChain);
}
} catch (Exception e) {
throw restErrorUtil.createRESTException("RangerKRBAuthenticationFilter Failed : " + e.getMessage());
}
}
} else {
String action = httpRequest.getParameter("action");
String doAsUser = request.getParameter("doAs");
if (LOG.isDebugEnabled()) {
LOG.debug("RangerKRBAuthenticationFilter: request URL = " + httpRequest.getRequestURI());
}
boolean allowTrustedProxy = PropertiesUtil.getBooleanProperty(ALLOW_TRUSTED_PROXY, false);
if (allowTrustedProxy && StringUtils.isNotEmpty(doAsUser) && existingAuth.isAuthenticated() && StringUtils.equals(action, RestUtil.TIMEOUT_ACTION)) {
HttpServletResponse httpResponse = (HttpServletResponse) response;
handleTimeoutRequest(httpRequest, httpResponse);
} else {
filterChain.doFilter(request, response);
}
}
}
Also used :
Cookie(javax.servlet.http.Cookie)
User(org.springframework.security.core.userdetails.User)
GrantedAuthority(org.springframework.security.core.GrantedAuthority)
SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority)
ArrayList(java.util.ArrayList)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken)
ServletException(javax.servlet.ServletException)
AuthorizationException(org.apache.hadoop.security.authorize.AuthorizationException)
MalformedURLException(java.net.MalformedURLException)
IOException(java.io.IOException)
RangerAuthenticationProvider(org.apache.ranger.security.handler.RangerAuthenticationProvider)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority)
AbstractAuthenticationToken(org.springframework.security.authentication.AbstractAuthenticationToken)
UserDetails(org.springframework.security.core.userdetails.UserDetails)
Authentication(org.springframework.security.core.Authentication)
WebAuthenticationDetails(org.springframework.security.web.authentication.WebAuthenticationDetails)
Aggregations
AbstractAuthenticationToken (org.springframework.security.authentication.AbstractAuthenticationToken)37
GrantedAuthority (org.springframework.security.core.GrantedAuthority)19
SimpleGrantedAuthority (org.springframework.security.core.authority.SimpleGrantedAuthority)17
Jwt (org.springframework.security.oauth2.jwt.Jwt)16
Test (org.junit.jupiter.api.Test)15
Authentication (org.springframework.security.core.Authentication)13
UsernamePasswordAuthenticationToken (org.springframework.security.authentication.UsernamePasswordAuthenticationToken)12
WebAuthenticationDetails (org.springframework.security.web.authentication.WebAuthenticationDetails)10
User (org.springframework.security.core.userdetails.User)9
HttpServletRequest (javax.servlet.http.HttpServletRequest)7
HttpServletResponse (javax.servlet.http.HttpServletResponse)7
UserDetails (org.springframework.security.core.userdetails.UserDetails)7
SignedJWT (com.nimbusds.jwt.SignedJWT)3
ParseException (java.text.ParseException)3
ArrayList (java.util.ArrayList)3
RangerAuthenticationProvider (org.apache.ranger.security.handler.RangerAuthenticationProvider)3
BadCredentialsException (org.springframework.security.authentication.BadCredentialsException)3
IOException (java.io.IOException)2
MalformedURLException (java.net.MalformedURLException)2
Collection (java.util.Collection)2
