Examples with AuthenticationEntryPoint org.springframework.security.web.AuthenticationEntryPoint used on opensource projects

Search in sources :

Example 11 with AuthenticationEntryPoint

use of org.springframework.security.web.AuthenticationEntryPoint in project incubator-atlas by apache.

the class AtlasSecurityConfig method getDelegatingAuthenticationEntryPoint.

public DelegatingAuthenticationEntryPoint getDelegatingAuthenticationEntryPoint() {
    LinkedHashMap<RequestMatcher, AuthenticationEntryPoint> entryPointMap = new LinkedHashMap<>();
    entryPointMap.put(new RequestHeaderRequestMatcher("User-Agent", "Mozilla"), atlasAuthenticationEntryPoint);
    DelegatingAuthenticationEntryPoint entryPoint = new DelegatingAuthenticationEntryPoint(entryPointMap);
    entryPoint.setDefaultEntryPoint(getAuthenticationEntryPoint());
    return entryPoint;
}
Also used : RequestHeaderRequestMatcher(org.springframework.security.web.util.matcher.RequestHeaderRequestMatcher) RequestMatcher(org.springframework.security.web.util.matcher.RequestMatcher) AtlasAuthenticationEntryPoint(org.apache.atlas.web.filters.AtlasAuthenticationEntryPoint) DelegatingAuthenticationEntryPoint(org.springframework.security.web.authentication.DelegatingAuthenticationEntryPoint) BasicAuthenticationEntryPoint(org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint) AuthenticationEntryPoint(org.springframework.security.web.AuthenticationEntryPoint) RequestHeaderRequestMatcher(org.springframework.security.web.util.matcher.RequestHeaderRequestMatcher) DelegatingAuthenticationEntryPoint(org.springframework.security.web.authentication.DelegatingAuthenticationEntryPoint) LinkedHashMap(java.util.LinkedHashMap)

Example 12 with AuthenticationEntryPoint

use of org.springframework.security.web.AuthenticationEntryPoint in project nifi-registry by apache.

the class NiFiRegistrySecurityConfig method http401AuthenticationEntryPoint.

private AuthenticationEntryPoint http401AuthenticationEntryPoint() {
    // For secured, this will cause attempt to access any API endpoint (except those explicitly ignored) without providing credentials to return a 401 Unauthorized challenge
    return new AuthenticationEntryPoint() {

        @Override
        public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authenticationException) throws IOException, ServletException {
            final int status;
            // See X509IdentityAuthenticationProvider.buildAuthenticatedToken(...)
            if (authenticationException instanceof UntrustedProxyException) {
                // return a 403 response
                status = HttpServletResponse.SC_FORBIDDEN;
                logger.info("Identity in proxy chain not trusted to act as a proxy: {} Returning 403 response.", authenticationException.toString());
            } else {
                // return a 401 response
                status = HttpServletResponse.SC_UNAUTHORIZED;
                logger.info("Client could not be authenticated due to: {} Returning 401 response.", authenticationException.toString());
            }
            logger.debug("", authenticationException);
            if (!response.isCommitted()) {
                response.setStatus(status);
                response.setContentType("text/plain");
                response.getWriter().println(String.format("%s Contact the system administrator.", authenticationException.getLocalizedMessage()));
            }
        }
    };
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) UntrustedProxyException(org.apache.nifi.registry.web.security.authentication.exception.UntrustedProxyException) AuthenticationException(org.springframework.security.core.AuthenticationException) AuthenticationEntryPoint(org.springframework.security.web.AuthenticationEntryPoint) HttpServletResponse(javax.servlet.http.HttpServletResponse) AuthenticationEntryPoint(org.springframework.security.web.AuthenticationEntryPoint)

Example 13 with AuthenticationEntryPoint

use of org.springframework.security.web.AuthenticationEntryPoint in project spring-security by spring-projects.

the class OAuth2LoginConfigurer method getLoginEntryPoint.

private AuthenticationEntryPoint getLoginEntryPoint(B http, String providerLoginPage) {
    RequestMatcher loginPageMatcher = new AntPathRequestMatcher(this.getLoginPage());
    RequestMatcher faviconMatcher = new AntPathRequestMatcher("/favicon.ico");
    RequestMatcher defaultEntryPointMatcher = this.getAuthenticationEntryPointMatcher(http);
    RequestMatcher defaultLoginPageMatcher = new AndRequestMatcher(new OrRequestMatcher(loginPageMatcher, faviconMatcher), defaultEntryPointMatcher);
    RequestMatcher notXRequestedWith = new NegatedRequestMatcher(new RequestHeaderRequestMatcher("X-Requested-With", "XMLHttpRequest"));
    LinkedHashMap<RequestMatcher, AuthenticationEntryPoint> entryPoints = new LinkedHashMap<>();
    entryPoints.put(new AndRequestMatcher(notXRequestedWith, new NegatedRequestMatcher(defaultLoginPageMatcher)), new LoginUrlAuthenticationEntryPoint(providerLoginPage));
    DelegatingAuthenticationEntryPoint loginEntryPoint = new DelegatingAuthenticationEntryPoint(entryPoints);
    loginEntryPoint.setDefaultEntryPoint(this.getAuthenticationEntryPoint());
    return loginEntryPoint;
}
Also used : NegatedRequestMatcher(org.springframework.security.web.util.matcher.NegatedRequestMatcher) RequestHeaderRequestMatcher(org.springframework.security.web.util.matcher.RequestHeaderRequestMatcher) RequestMatcher(org.springframework.security.web.util.matcher.RequestMatcher) OrRequestMatcher(org.springframework.security.web.util.matcher.OrRequestMatcher) AndRequestMatcher(org.springframework.security.web.util.matcher.AndRequestMatcher) NegatedRequestMatcher(org.springframework.security.web.util.matcher.NegatedRequestMatcher) AntPathRequestMatcher(org.springframework.security.web.util.matcher.AntPathRequestMatcher) AntPathRequestMatcher(org.springframework.security.web.util.matcher.AntPathRequestMatcher) LoginUrlAuthenticationEntryPoint(org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint) DelegatingAuthenticationEntryPoint(org.springframework.security.web.authentication.DelegatingAuthenticationEntryPoint) AuthenticationEntryPoint(org.springframework.security.web.AuthenticationEntryPoint) RequestHeaderRequestMatcher(org.springframework.security.web.util.matcher.RequestHeaderRequestMatcher) DelegatingAuthenticationEntryPoint(org.springframework.security.web.authentication.DelegatingAuthenticationEntryPoint) AndRequestMatcher(org.springframework.security.web.util.matcher.AndRequestMatcher) OrRequestMatcher(org.springframework.security.web.util.matcher.OrRequestMatcher) LoginUrlAuthenticationEntryPoint(org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint) LinkedHashMap(java.util.LinkedHashMap)

Example 14 with AuthenticationEntryPoint

use of org.springframework.security.web.AuthenticationEntryPoint in project spring-security by spring-projects.

the class ServletApiConfigurer method configure.

@Override
@SuppressWarnings("unchecked")
public void configure(H http) {
    this.securityContextRequestFilter.setAuthenticationManager(http.getSharedObject(AuthenticationManager.class));
    ExceptionHandlingConfigurer<H> exceptionConf = http.getConfigurer(ExceptionHandlingConfigurer.class);
    AuthenticationEntryPoint authenticationEntryPoint = (exceptionConf != null) ? exceptionConf.getAuthenticationEntryPoint(http) : null;
    this.securityContextRequestFilter.setAuthenticationEntryPoint(authenticationEntryPoint);
    LogoutConfigurer<H> logoutConf = http.getConfigurer(LogoutConfigurer.class);
    List<LogoutHandler> logoutHandlers = (logoutConf != null) ? logoutConf.getLogoutHandlers() : null;
    this.securityContextRequestFilter.setLogoutHandlers(logoutHandlers);
    AuthenticationTrustResolver trustResolver = http.getSharedObject(AuthenticationTrustResolver.class);
    if (trustResolver != null) {
        this.securityContextRequestFilter.setTrustResolver(trustResolver);
    }
    ApplicationContext context = http.getSharedObject(ApplicationContext.class);
    if (context != null) {
        String[] grantedAuthorityDefaultsBeanNames = context.getBeanNamesForType(GrantedAuthorityDefaults.class);
        if (grantedAuthorityDefaultsBeanNames.length == 1) {
            GrantedAuthorityDefaults grantedAuthorityDefaults = context.getBean(grantedAuthorityDefaultsBeanNames[0], GrantedAuthorityDefaults.class);
            this.securityContextRequestFilter.setRolePrefix(grantedAuthorityDefaults.getRolePrefix());
        }
    }
    this.securityContextRequestFilter = postProcess(this.securityContextRequestFilter);
    http.addFilter(this.securityContextRequestFilter);
}
Also used : AuthenticationManager(org.springframework.security.authentication.AuthenticationManager) ApplicationContext(org.springframework.context.ApplicationContext) GrantedAuthorityDefaults(org.springframework.security.config.core.GrantedAuthorityDefaults) AuthenticationEntryPoint(org.springframework.security.web.AuthenticationEntryPoint) LogoutHandler(org.springframework.security.web.authentication.logout.LogoutHandler) AuthenticationTrustResolver(org.springframework.security.authentication.AuthenticationTrustResolver)

Example 15 with AuthenticationEntryPoint

use of org.springframework.security.web.AuthenticationEntryPoint in project spring-security by spring-projects.

the class OAuth2LoginBeanDefinitionParser method parse.

@Override
public BeanDefinition parse(Element element, ParserContext parserContext) {
    // register magic bean
    BeanDefinition oauth2LoginBeanConfig = BeanDefinitionBuilder.rootBeanDefinition(OAuth2LoginBeanConfig.class).getBeanDefinition();
    String oauth2LoginBeanConfigId = parserContext.getReaderContext().generateBeanName(oauth2LoginBeanConfig);
    parserContext.registerBeanComponent(new BeanComponentDefinition(oauth2LoginBeanConfig, oauth2LoginBeanConfigId));
    // configure filter
    BeanMetadataElement clientRegistrationRepository = OAuth2ClientBeanDefinitionParserUtils.getClientRegistrationRepository(element);
    BeanMetadataElement authorizedClientRepository = OAuth2ClientBeanDefinitionParserUtils.getAuthorizedClientRepository(element);
    if (authorizedClientRepository == null) {
        BeanMetadataElement authorizedClientService = OAuth2ClientBeanDefinitionParserUtils.getAuthorizedClientService(element);
        this.defaultAuthorizedClientRepository = OAuth2ClientBeanDefinitionParserUtils.createDefaultAuthorizedClientRepository(clientRegistrationRepository, authorizedClientService);
        authorizedClientRepository = new RuntimeBeanReference(OAuth2AuthorizedClientRepository.class);
    }
    BeanMetadataElement accessTokenResponseClient = getAccessTokenResponseClient(element);
    BeanMetadataElement oauth2UserService = getOAuth2UserService(element);
    BeanMetadataElement authorizationRequestRepository = getAuthorizationRequestRepository(element);
    BeanDefinitionBuilder oauth2LoginAuthenticationFilterBuilder = BeanDefinitionBuilder.rootBeanDefinition(OAuth2LoginAuthenticationFilter.class).addConstructorArgValue(clientRegistrationRepository).addConstructorArgValue(authorizedClientRepository).addPropertyValue("authorizationRequestRepository", authorizationRequestRepository);
    if (this.sessionStrategy != null) {
        oauth2LoginAuthenticationFilterBuilder.addPropertyValue("sessionAuthenticationStrategy", this.sessionStrategy);
    }
    Object source = parserContext.extractSource(element);
    String loginProcessingUrl = element.getAttribute(ATT_LOGIN_PROCESSING_URL);
    if (!StringUtils.isEmpty(loginProcessingUrl)) {
        WebConfigUtils.validateHttpRedirect(loginProcessingUrl, parserContext, source);
        oauth2LoginAuthenticationFilterBuilder.addConstructorArgValue(loginProcessingUrl);
    } else {
        oauth2LoginAuthenticationFilterBuilder.addConstructorArgValue(OAuth2LoginAuthenticationFilter.DEFAULT_FILTER_PROCESSES_URI);
    }
    BeanDefinitionBuilder oauth2LoginAuthenticationProviderBuilder = BeanDefinitionBuilder.rootBeanDefinition(OAuth2LoginAuthenticationProvider.class).addConstructorArgValue(accessTokenResponseClient).addConstructorArgValue(oauth2UserService);
    String userAuthoritiesMapperRef = element.getAttribute(ATT_USER_AUTHORITIES_MAPPER_REF);
    if (!StringUtils.isEmpty(userAuthoritiesMapperRef)) {
        oauth2LoginAuthenticationProviderBuilder.addPropertyReference("authoritiesMapper", userAuthoritiesMapperRef);
    }
    this.oauth2LoginAuthenticationProvider = oauth2LoginAuthenticationProviderBuilder.getBeanDefinition();
    this.oauth2LoginOidcAuthenticationProvider = getOidcAuthProvider(element, accessTokenResponseClient, userAuthoritiesMapperRef);
    BeanDefinitionBuilder oauth2AuthorizationRequestRedirectFilterBuilder = BeanDefinitionBuilder.rootBeanDefinition(OAuth2AuthorizationRequestRedirectFilter.class);
    String authorizationRequestResolverRef = element.getAttribute(ATT_AUTHORIZATION_REQUEST_RESOLVER_REF);
    if (!StringUtils.isEmpty(authorizationRequestResolverRef)) {
        oauth2AuthorizationRequestRedirectFilterBuilder.addConstructorArgReference(authorizationRequestResolverRef);
    } else {
        oauth2AuthorizationRequestRedirectFilterBuilder.addConstructorArgValue(clientRegistrationRepository);
    }
    oauth2AuthorizationRequestRedirectFilterBuilder.addPropertyValue("authorizationRequestRepository", authorizationRequestRepository).addPropertyValue("requestCache", this.requestCache);
    this.oauth2AuthorizationRequestRedirectFilter = oauth2AuthorizationRequestRedirectFilterBuilder.getBeanDefinition();
    String authenticationSuccessHandlerRef = element.getAttribute(ATT_AUTHENTICATION_SUCCESS_HANDLER_REF);
    if (!StringUtils.isEmpty(authenticationSuccessHandlerRef)) {
        oauth2LoginAuthenticationFilterBuilder.addPropertyReference("authenticationSuccessHandler", authenticationSuccessHandlerRef);
    } else {
        BeanDefinitionBuilder successHandlerBuilder = BeanDefinitionBuilder.rootBeanDefinition("org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler").addPropertyValue("requestCache", this.requestCache);
        oauth2LoginAuthenticationFilterBuilder.addPropertyValue("authenticationSuccessHandler", successHandlerBuilder.getBeanDefinition());
    }
    String loginPage = element.getAttribute(ATT_LOGIN_PAGE);
    if (!StringUtils.isEmpty(loginPage)) {
        WebConfigUtils.validateHttpRedirect(loginPage, parserContext, source);
        this.oauth2LoginAuthenticationEntryPoint = BeanDefinitionBuilder.rootBeanDefinition(LoginUrlAuthenticationEntryPoint.class).addConstructorArgValue(loginPage).addPropertyValue("portMapper", this.portMapper).addPropertyValue("portResolver", this.portResolver).getBeanDefinition();
    } else {
        Map<RequestMatcher, AuthenticationEntryPoint> entryPoint = getLoginEntryPoint(element);
        if (entryPoint != null) {
            this.oauth2LoginAuthenticationEntryPoint = BeanDefinitionBuilder.rootBeanDefinition(DelegatingAuthenticationEntryPoint.class).addConstructorArgValue(entryPoint).addPropertyValue("defaultEntryPoint", new LoginUrlAuthenticationEntryPoint(DEFAULT_LOGIN_URI)).getBeanDefinition();
        }
    }
    String authenticationFailureHandlerRef = element.getAttribute(ATT_AUTHENTICATION_FAILURE_HANDLER_REF);
    if (!StringUtils.isEmpty(authenticationFailureHandlerRef)) {
        oauth2LoginAuthenticationFilterBuilder.addPropertyReference("authenticationFailureHandler", authenticationFailureHandlerRef);
    } else {
        BeanDefinitionBuilder failureHandlerBuilder = BeanDefinitionBuilder.rootBeanDefinition("org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler");
        failureHandlerBuilder.addConstructorArgValue(DEFAULT_LOGIN_URI + "?" + DefaultLoginPageGeneratingFilter.ERROR_PARAMETER_NAME);
        failureHandlerBuilder.addPropertyValue("allowSessionCreation", this.allowSessionCreation);
        oauth2LoginAuthenticationFilterBuilder.addPropertyValue("authenticationFailureHandler", failureHandlerBuilder.getBeanDefinition());
    }
    // prepare loginlinks
    this.oauth2LoginLinks = BeanDefinitionBuilder.rootBeanDefinition(Map.class).setFactoryMethodOnBean("getLoginLinks", oauth2LoginBeanConfigId).getBeanDefinition();
    return oauth2LoginAuthenticationFilterBuilder.getBeanDefinition();
}
Also used : RequestHeaderRequestMatcher(org.springframework.security.web.util.matcher.RequestHeaderRequestMatcher) RequestMatcher(org.springframework.security.web.util.matcher.RequestMatcher) OrRequestMatcher(org.springframework.security.web.util.matcher.OrRequestMatcher) AndRequestMatcher(org.springframework.security.web.util.matcher.AndRequestMatcher) NegatedRequestMatcher(org.springframework.security.web.util.matcher.NegatedRequestMatcher) MediaTypeRequestMatcher(org.springframework.security.web.util.matcher.MediaTypeRequestMatcher) AntPathRequestMatcher(org.springframework.security.web.util.matcher.AntPathRequestMatcher) BeanDefinition(org.springframework.beans.factory.config.BeanDefinition) LoginUrlAuthenticationEntryPoint(org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint) OAuth2AuthorizedClientRepository(org.springframework.security.oauth2.client.web.OAuth2AuthorizedClientRepository) BeanMetadataElement(org.springframework.beans.BeanMetadataElement) BeanDefinitionBuilder(org.springframework.beans.factory.support.BeanDefinitionBuilder) OAuth2LoginAuthenticationFilter(org.springframework.security.oauth2.client.web.OAuth2LoginAuthenticationFilter) LoginUrlAuthenticationEntryPoint(org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint) DelegatingAuthenticationEntryPoint(org.springframework.security.web.authentication.DelegatingAuthenticationEntryPoint) AuthenticationEntryPoint(org.springframework.security.web.AuthenticationEntryPoint) BeanComponentDefinition(org.springframework.beans.factory.parsing.BeanComponentDefinition) RuntimeBeanReference(org.springframework.beans.factory.config.RuntimeBeanReference) Map(java.util.Map) HashMap(java.util.HashMap) LinkedHashMap(java.util.LinkedHashMap)

Aggregations

AuthenticationEntryPoint (org.springframework.security.web.AuthenticationEntryPoint)20 RequestMatcher (org.springframework.security.web.util.matcher.RequestMatcher)11 DelegatingAuthenticationEntryPoint (org.springframework.security.web.authentication.DelegatingAuthenticationEntryPoint)9 LinkedHashMap (java.util.LinkedHashMap)6 Test (org.junit.jupiter.api.Test)5 AntPathRequestMatcher (org.springframework.security.web.util.matcher.AntPathRequestMatcher)5 RequestHeaderRequestMatcher (org.springframework.security.web.util.matcher.RequestHeaderRequestMatcher)5 LoginUrlAuthenticationEntryPoint (org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint)4 BasicAuthenticationEntryPoint (org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint)4 InsufficientAuthenticationException (org.springframework.security.authentication.InsufficientAuthenticationException)3 AuthenticationException (org.springframework.security.core.AuthenticationException)3 ExceptionTranslationFilter (org.springframework.security.web.access.ExceptionTranslationFilter)3 AndRequestMatcher (org.springframework.security.web.util.matcher.AndRequestMatcher)3 NegatedRequestMatcher (org.springframework.security.web.util.matcher.NegatedRequestMatcher)3 OrRequestMatcher (org.springframework.security.web.util.matcher.OrRequestMatcher)3 GitHubAuthenticationEntryPoint (io.pivotal.cla.security.GitHubAuthenticationEntryPoint)2 HttpServletRequest (jakarta.servlet.http.HttpServletRequest)2 HttpServletResponse (jakarta.servlet.http.HttpServletResponse)2 HttpServletRequest (javax.servlet.http.HttpServletRequest)2 HttpServletResponse (javax.servlet.http.HttpServletResponse)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial