Example 1 with ExpiringUsernameAuthenticationToken
use of org.springframework.security.providers.ExpiringUsernameAuthenticationToken in project pentaho-engineering-samples by pentaho.
the class PentahoSamlAuthenticationSuccessHandler method onAuthenticationSuccess.
@Override
public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws ServletException, IOException {
try {
if (authentication instanceof ExpiringUsernameAuthenticationToken) {
// since no expiration date is passed, this token's behaviour is the same as UsernamePasswordAuthenticationToken
// also, we would have a hard time supporting a supporting a saml-specific token like this
// ExpiringUsernameAuthenticationToken in ss2-proxies / ss4-proxies
//
// http://docs.spring.io/spring-security-saml/docs/current/api/org/springframework/security/providers/ExpiringUsernameAuthenticationToken.html
authentication = new UsernamePasswordAuthenticationToken(authentication.getPrincipal(), authentication.getCredentials(), authentication.getAuthorities());
SecurityContextHolder.getContext().setAuthentication(authentication);
}
// legacy spring ( i.e. non-osgi spring.framework ) SecurityContext storing
IProxyFactory factory = PentahoSystem.get(IProxyFactory.class);
Object securityContextProxy = null;
if (requireProxyWrapping) {
securityContextProxy = factory.createProxy(SecurityContextHolder.getContext());
request.setAttribute(SPRING_SECURITY_CONTEXT_KEY, securityContextProxy);
} else {
request.setAttribute(SPRING_SECURITY_CONTEXT_KEY, SecurityContextHolder.getContext());
}
// pentaho auth storing
// $NON-NLS-1$
logger.info("synchronizing current IPentahoSession with SecurityContext");
IPentahoSession pentahoSession = PentahoSessionHolder.getSession();
Assert.notNull(pentahoSession, "PentahoSessionHolder doesn't have a session");
pentahoSession.setAuthenticated(authentication.getName());
// Note: spring-security 2 expects an *array* of GrantedAuthorities ( ss4 uses a list )
pentahoSession.setAttribute(IPentahoSession.SESSION_ROLES, requireProxyWrapping ? proxyGrantedAuthorities(factory, authentication.getAuthorities()) : authentication.getAuthorities());
// time to create this user's home folder
createUserHomeFolder(authentication.getName());
super.onAuthenticationSuccess(request, new SamlOnRedirectUpdateSessionResponseWrapper(response, request, true, 0, requireProxyWrapping ? securityContextProxy : SecurityContextHolder.getContext(), authentication), authentication);
} catch (Exception e) {
logger.error(e.getLocalizedMessage(), e);
}
}
Also used :
IProxyFactory(org.pentaho.platform.proxy.api.IProxyFactory)
IPentahoSession(org.pentaho.platform.api.engine.IPentahoSession)
ExpiringUsernameAuthenticationToken(org.springframework.security.providers.ExpiringUsernameAuthenticationToken)
UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken)
SamlOnRedirectUpdateSessionResponseWrapper(org.pentaho.platform.spring.security.saml.responsewrapper.SamlOnRedirectUpdateSessionResponseWrapper)
ServletException(javax.servlet.ServletException)
ProxyException(org.pentaho.platform.proxy.impl.ProxyException)
IOException(java.io.IOException)
Example 2 with ExpiringUsernameAuthenticationToken
use of org.springframework.security.providers.ExpiringUsernameAuthenticationToken in project webcert by sklintyg.
the class FakeElegAuthenticationProvider method authenticate.
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
SAMLCredential credential = createSamlCredential(authentication);
Object details = elegWebCertUserDetailsService.loadUserBySAML(credential);
ExpiringUsernameAuthenticationToken result = new ExpiringUsernameAuthenticationToken(null, details, credential, new ArrayList<>());
result.setDetails(details);
return result;
}
Also used :
SAMLCredential(org.springframework.security.saml.SAMLCredential)
ExpiringUsernameAuthenticationToken(org.springframework.security.providers.ExpiringUsernameAuthenticationToken)
Example 3 with ExpiringUsernameAuthenticationToken
use of org.springframework.security.providers.ExpiringUsernameAuthenticationToken in project webcert by sklintyg.
the class CommonFakeAuthenticationProvider method authenticate.
@Override
public Authentication authenticate(Authentication token) throws AuthenticationException {
SAMLCredential credential = createSamlCredential(token);
Object details = userDetails.loadUserBySAML(credential);
addAbsentAttributesFromFakeCredentials(token, details);
selectVardenhetFromFakeCredentials(token, details);
overrideSekretessMarkeringFromFakeCredentials(token, details);
updateFeatures(details);
applyUserOrigin(token, details);
applyAuthenticationMethod(token, details);
applyPersonalNumberForBankID(token, details);
ExpiringUsernameAuthenticationToken result = new ExpiringUsernameAuthenticationToken(null, details, credential, new ArrayList<>());
result.setDetails(details);
return result;
}
Also used :
SAMLCredential(org.springframework.security.saml.SAMLCredential)
ExpiringUsernameAuthenticationToken(org.springframework.security.providers.ExpiringUsernameAuthenticationToken)
Aggregations
ExpiringUsernameAuthenticationToken (org.springframework.security.providers.ExpiringUsernameAuthenticationToken)3
SAMLCredential (org.springframework.security.saml.SAMLCredential)2
IOException (java.io.IOException)1
ServletException (javax.servlet.ServletException)1
IPentahoSession (org.pentaho.platform.api.engine.IPentahoSession)1
IProxyFactory (org.pentaho.platform.proxy.api.IProxyFactory)1
ProxyException (org.pentaho.platform.proxy.impl.ProxyException)1
SamlOnRedirectUpdateSessionResponseWrapper (org.pentaho.platform.spring.security.saml.responsewrapper.SamlOnRedirectUpdateSessionResponseWrapper)1
UsernamePasswordAuthenticationToken (org.springframework.security.authentication.UsernamePasswordAuthenticationToken)1
