Search in sources :

Example 41 with AnonymousAuthenticationToken

use of org.springframework.security.authentication.AnonymousAuthenticationToken in project midpoint by Evolveum.

the class SecurityEnforcerImpl method runPrivileged.

@Override
public <T> T runPrivileged(Producer<T> producer) {
    LOGGER.debug("Running {} as privileged", producer);
    Authentication origAuthentication = SecurityContextHolder.getContext().getAuthentication();
    LOGGER.trace("ORIG auth {}", origAuthentication);
    // Try to reuse the original identity as much as possible. All we need to is add AUTZ_ALL
    // to the list of authorities
    Authorization privilegedAuthorization = createPrivilegedAuthorization();
    Object newPrincipal = null;
    if (origAuthentication != null) {
        Object origPrincipal = origAuthentication.getPrincipal();
        if (origAuthentication instanceof AnonymousAuthenticationToken) {
            newPrincipal = origPrincipal;
        } else {
            LOGGER.trace("ORIG principal {} ({})", origPrincipal, origPrincipal != null ? origPrincipal.getClass() : null);
            if (origPrincipal != null) {
                if (origPrincipal instanceof MidPointPrincipal) {
                    MidPointPrincipal newMidPointPrincipal = ((MidPointPrincipal) origPrincipal).clone();
                    newMidPointPrincipal.getAuthorities().add(privilegedAuthorization);
                    newPrincipal = newMidPointPrincipal;
                }
            }
        }
        Collection<GrantedAuthority> newAuthorities = new ArrayList<>();
        newAuthorities.addAll(origAuthentication.getAuthorities());
        newAuthorities.add(privilegedAuthorization);
        PreAuthenticatedAuthenticationToken newAuthorization = new PreAuthenticatedAuthenticationToken(newPrincipal, null, newAuthorities);
        LOGGER.trace("NEW auth {}", newAuthorization);
        SecurityContextHolder.getContext().setAuthentication(newAuthorization);
    } else {
        LOGGER.debug("No original authentication, do NOT setting any privileged security context");
    }
    try {
        return producer.run();
    } finally {
        SecurityContextHolder.getContext().setAuthentication(origAuthentication);
        LOGGER.debug("Finished running {} as privileged", producer);
        LOGGER.trace("Security context after privileged operation: {}", SecurityContextHolder.getContext());
    }
}
Also used : Authentication(org.springframework.security.core.Authentication) GrantedAuthority(org.springframework.security.core.GrantedAuthority) ArrayList(java.util.ArrayList) PreAuthenticatedAuthenticationToken(org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken) AnonymousAuthenticationToken(org.springframework.security.authentication.AnonymousAuthenticationToken)

Example 42 with AnonymousAuthenticationToken

use of org.springframework.security.authentication.AnonymousAuthenticationToken in project cxf by apache.

the class SpringOAuthAuthenticationFilter method doFilter.

public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
    HttpServletRequest req = (HttpServletRequest) request;
    HttpServletResponse resp = (HttpServletResponse) response;
    List<String> authorities = (List<String>) request.getAttribute(OAUTH_AUTHORITIES);
    List<GrantedAuthority> grantedAuthorities = new ArrayList<>();
    if (authorities != null) {
        for (String authority : authorities) {
            grantedAuthorities.add(new SimpleGrantedAuthority(authority));
        }
        Authentication auth = new AnonymousAuthenticationToken(UUID.randomUUID().toString(), req.getUserPrincipal(), grantedAuthorities);
        SecurityContextHolder.getContext().setAuthentication(auth);
    }
    chain.doFilter(req, resp);
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority) Authentication(org.springframework.security.core.Authentication) SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority) GrantedAuthority(org.springframework.security.core.GrantedAuthority) ArrayList(java.util.ArrayList) HttpServletResponse(javax.servlet.http.HttpServletResponse) ArrayList(java.util.ArrayList) List(java.util.List) AnonymousAuthenticationToken(org.springframework.security.authentication.AnonymousAuthenticationToken)

Aggregations

AnonymousAuthenticationToken (org.springframework.security.authentication.AnonymousAuthenticationToken)42 Test (org.junit.Test)20 Authentication (org.springframework.security.core.Authentication)15 GrantedAuthority (org.springframework.security.core.GrantedAuthority)8 ArrayList (java.util.ArrayList)7 SimpleGrantedAuthority (org.springframework.security.core.authority.SimpleGrantedAuthority)7 Before (org.junit.Before)6 MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)5 MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)5 SecurityContext (org.springframework.security.core.context.SecurityContext)4 PrepareForTest (org.powermock.core.classloader.annotations.PrepareForTest)3 TestingAuthenticationToken (org.springframework.security.authentication.TestingAuthenticationToken)3 HttpServletRequest (javax.servlet.http.HttpServletRequest)2 HttpServletResponse (javax.servlet.http.HttpServletResponse)2 AccessDeniedException (org.springframework.security.access.AccessDeniedException)2 AnonymousAuthenticationProvider (org.springframework.security.authentication.AnonymousAuthenticationProvider)2 User (org.springframework.security.core.userdetails.User)2 UserDetails (org.springframework.security.core.userdetails.UserDetails)2 DefaultOAuth2AccessToken (org.springframework.security.oauth2.common.DefaultOAuth2AccessToken)2 OAuth2AccessToken (org.springframework.security.oauth2.common.OAuth2AccessToken)2