Search in sources :

Example 16 with UserDetails

use of org.springframework.security.core.userdetails.UserDetails in project spring-security by spring-projects.

the class TokenBasedRememberMeServices method processAutoLoginCookie.

// ~ Methods
// ========================================================================================================
@Override
protected UserDetails processAutoLoginCookie(String[] cookieTokens, HttpServletRequest request, HttpServletResponse response) {
    if (cookieTokens.length != 3) {
        throw new InvalidCookieException("Cookie token did not contain 3" + " tokens, but contained '" + Arrays.asList(cookieTokens) + "'");
    }
    long tokenExpiryTime;
    try {
        tokenExpiryTime = new Long(cookieTokens[1]).longValue();
    } catch (NumberFormatException nfe) {
        throw new InvalidCookieException("Cookie token[1] did not contain a valid number (contained '" + cookieTokens[1] + "')");
    }
    if (isTokenExpired(tokenExpiryTime)) {
        throw new InvalidCookieException("Cookie token[1] has expired (expired on '" + new Date(tokenExpiryTime) + "'; current time is '" + new Date() + "')");
    }
    // Check the user exists.
    // Defer lookup until after expiry time checked, to possibly avoid expensive
    // database call.
    UserDetails userDetails = getUserDetailsService().loadUserByUsername(cookieTokens[0]);
    // Check signature of token matches remaining details.
    // Must do this after user lookup, as we need the DAO-derived password.
    // If efficiency was a major issue, just add in a UserCache implementation,
    // but recall that this method is usually only called once per HttpSession - if
    // the token is valid,
    // it will cause SecurityContextHolder population, whilst if invalid, will cause
    // the cookie to be cancelled.
    String expectedTokenSignature = makeTokenSignature(tokenExpiryTime, userDetails.getUsername(), userDetails.getPassword());
    if (!equals(expectedTokenSignature, cookieTokens[2])) {
        throw new InvalidCookieException("Cookie token[2] contained signature '" + cookieTokens[2] + "' but expected '" + expectedTokenSignature + "'");
    }
    return userDetails;
}
Also used : UserDetails(org.springframework.security.core.userdetails.UserDetails) Date(java.util.Date)

Example 17 with UserDetails

use of org.springframework.security.core.userdetails.UserDetails in project spring-security by spring-projects.

the class SwitchUserFilter method attemptExitUser.

/**
	 * Attempt to exit from an already switched user.
	 *
	 * @param request The http servlet request
	 *
	 * @return The original <code>Authentication</code> object or <code>null</code>
	 * otherwise.
	 *
	 * @throws AuthenticationCredentialsNotFoundException If no
	 * <code>Authentication</code> associated with this request.
	 */
protected Authentication attemptExitUser(HttpServletRequest request) throws AuthenticationCredentialsNotFoundException {
    // need to check to see if the current user has a SwitchUserGrantedAuthority
    Authentication current = SecurityContextHolder.getContext().getAuthentication();
    if (null == current) {
        throw new AuthenticationCredentialsNotFoundException(this.messages.getMessage("SwitchUserFilter.noCurrentUser", "No current user associated with this request"));
    }
    // check to see if the current user did actual switch to another user
    // if so, get the original source user so we can switch back
    Authentication original = getSourceAuthentication(current);
    if (original == null) {
        this.logger.debug("Could not find original user Authentication object!");
        throw new AuthenticationCredentialsNotFoundException(this.messages.getMessage("SwitchUserFilter.noOriginalAuthentication", "Could not find original Authentication object"));
    }
    // get the source user details
    UserDetails originalUser = null;
    Object obj = original.getPrincipal();
    if ((obj != null) && obj instanceof UserDetails) {
        originalUser = (UserDetails) obj;
    }
    // publish event
    if (this.eventPublisher != null) {
        this.eventPublisher.publishEvent(new AuthenticationSwitchUserEvent(current, originalUser));
    }
    return original;
}
Also used : AuthenticationCredentialsNotFoundException(org.springframework.security.authentication.AuthenticationCredentialsNotFoundException) UserDetails(org.springframework.security.core.userdetails.UserDetails) Authentication(org.springframework.security.core.Authentication)

Example 18 with UserDetails

use of org.springframework.security.core.userdetails.UserDetails in project spring-security by spring-projects.

the class LdapUserServiceBeanDefinitionParserTests method inetOrgContextMapperIsSupported.

@Test
public void inetOrgContextMapperIsSupported() {
    setContext("<ldap-server id='someServer' ldif='classpath:test-server.ldif'/>" + "<ldap-user-service id='ldapUDS' user-search-filter='(uid={0})' user-details-class='inetOrgPerson'/>");
    UserDetailsService uds = (UserDetailsService) appCtx.getBean("ldapUDS");
    UserDetails ben = uds.loadUserByUsername("ben");
    assertThat(ben instanceof InetOrgPerson).isTrue();
}
Also used : UserDetails(org.springframework.security.core.userdetails.UserDetails) InetOrgPerson(org.springframework.security.ldap.userdetails.InetOrgPerson) UserDetailsService(org.springframework.security.core.userdetails.UserDetailsService) LdapUserDetailsService(org.springframework.security.ldap.userdetails.LdapUserDetailsService) Test(org.junit.Test)

Example 19 with UserDetails

use of org.springframework.security.core.userdetails.UserDetails in project spring-security by spring-projects.

the class LdapUserServiceBeanDefinitionParserTests method differentGroupRoleAttributeWorksAsExpected.

@Test
public void differentGroupRoleAttributeWorksAsExpected() throws Exception {
    setContext("<ldap-user-service id='ldapUDS' user-search-filter='(uid={0})' group-role-attribute='ou' group-search-filter='member={0}' /><ldap-server ldif='classpath:test-server.ldif'/>");
    UserDetailsService uds = (UserDetailsService) appCtx.getBean("ldapUDS");
    UserDetails ben = uds.loadUserByUsername("ben");
    Set<String> authorities = AuthorityUtils.authorityListToSet(ben.getAuthorities());
    assertThat(authorities).hasSize(3);
    assertThat(authorities.contains("ROLE_DEVELOPER")).isTrue();
}
Also used : UserDetails(org.springframework.security.core.userdetails.UserDetails) UserDetailsService(org.springframework.security.core.userdetails.UserDetailsService) LdapUserDetailsService(org.springframework.security.ldap.userdetails.LdapUserDetailsService) Test(org.junit.Test)

Example 20 with UserDetails

use of org.springframework.security.core.userdetails.UserDetails in project spring-security by spring-projects.

the class LdapUserServiceBeanDefinitionParserTests method differentUserSearchBaseWorksAsExpected.

@Test
public void differentUserSearchBaseWorksAsExpected() throws Exception {
    setContext("<ldap-user-service id='ldapUDS' " + "       user-search-base='ou=otherpeople' " + "       user-search-filter='(cn={0})' " + "       group-search-filter='member={0}' /><ldap-server ldif='classpath:test-server.ldif'/>");
    UserDetailsService uds = (UserDetailsService) appCtx.getBean("ldapUDS");
    UserDetails joe = uds.loadUserByUsername("Joe Smeth");
    assertThat(joe.getUsername()).isEqualTo("Joe Smeth");
}
Also used : UserDetails(org.springframework.security.core.userdetails.UserDetails) UserDetailsService(org.springframework.security.core.userdetails.UserDetailsService) LdapUserDetailsService(org.springframework.security.ldap.userdetails.LdapUserDetailsService) Test(org.junit.Test)

Aggregations

UserDetails (org.springframework.security.core.userdetails.UserDetails)97 Test (org.junit.Test)37 UsernamePasswordAuthenticationToken (org.springframework.security.authentication.UsernamePasswordAuthenticationToken)32 Authentication (org.springframework.security.core.Authentication)30 GrantedAuthority (org.springframework.security.core.GrantedAuthority)16 User (org.springframework.security.core.userdetails.User)14 UserDetailsService (org.springframework.security.core.userdetails.UserDetailsService)14 SimpleGrantedAuthority (org.springframework.security.core.authority.SimpleGrantedAuthority)9 BadCredentialsException (org.springframework.security.authentication.BadCredentialsException)8 LdapUserDetailsService (org.springframework.security.ldap.userdetails.LdapUserDetailsService)7 HttpServletRequest (javax.servlet.http.HttpServletRequest)6 UserAccountBean (org.akaza.openclinica.bean.login.UserAccountBean)6 UserAccountDAO (org.akaza.openclinica.dao.login.UserAccountDAO)6 UsernameNotFoundException (org.springframework.security.core.userdetails.UsernameNotFoundException)6 User (org.apache.atlas.web.model.User)4 User (org.hisp.dhis.user.User)4 IOException (java.io.IOException)3 Date (java.util.Date)3 HttpServletResponse (javax.servlet.http.HttpServletResponse)3 DirContextAdapter (org.springframework.ldap.core.DirContextAdapter)3