Search in sources :

Example 6 with AnonymousAuthenticationFilter

use of org.springframework.security.web.authentication.AnonymousAuthenticationFilter in project midpoint by Evolveum.

the class RemoteModuleWebSecurityConfigurer method createAnonymousFilter.

@Override
protected AnonymousAuthenticationFilter createAnonymousFilter() {
    AnonymousAuthenticationFilter filter = new MidpointAnonymousAuthenticationFilter(authRegistry, authChannelRegistry, PrismContext.get(), UUID.randomUUID().toString(), "anonymousUser", AuthorityUtils.createAuthorityList("ROLE_ANONYMOUS")) {

        @Override
        protected void processAuthentication(ServletRequest req) {
            if (SecurityContextHolder.getContext().getAuthentication() instanceof MidpointAuthentication) {
                MidpointAuthentication mpAuthentication = (MidpointAuthentication) SecurityContextHolder.getContext().getAuthentication();
                ModuleAuthenticationImpl moduleAuthentication = (ModuleAuthenticationImpl) mpAuthentication.getProcessingModuleAuthentication();
                if (moduleAuthentication != null && (moduleAuthentication.getAuthentication() == null || getAuthTokenClass().isAssignableFrom(moduleAuthentication.getAuthentication().getClass()))) {
                    Authentication authentication = createBasicAuthentication((HttpServletRequest) req);
                    moduleAuthentication.setAuthentication(authentication);
                    mpAuthentication.setPrincipal(authentication.getPrincipal());
                }
            }
        }
    };
    filter.setAuthenticationDetailsSource(new RemoteAuthenticationDetailsSource(getAuthTokenClass()));
    return filter;
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) ServletRequest(javax.servlet.ServletRequest) ModuleAuthenticationImpl(com.evolveum.midpoint.authentication.impl.module.authentication.ModuleAuthenticationImpl) MidpointAnonymousAuthenticationFilter(com.evolveum.midpoint.authentication.impl.filter.MidpointAnonymousAuthenticationFilter) AnonymousAuthenticationFilter(org.springframework.security.web.authentication.AnonymousAuthenticationFilter) ModuleAuthentication(com.evolveum.midpoint.authentication.api.config.ModuleAuthentication) MidpointAuthentication(com.evolveum.midpoint.authentication.api.config.MidpointAuthentication) Authentication(org.springframework.security.core.Authentication) MidpointAnonymousAuthenticationFilter(com.evolveum.midpoint.authentication.impl.filter.MidpointAnonymousAuthenticationFilter) MidpointAuthentication(com.evolveum.midpoint.authentication.api.config.MidpointAuthentication)

Aggregations

AnonymousAuthenticationFilter (org.springframework.security.web.authentication.AnonymousAuthenticationFilter)6 ExceptionTranslationFilter (org.springframework.security.web.access.ExceptionTranslationFilter)2 FilterSecurityInterceptor (org.springframework.security.web.access.intercept.FilterSecurityInterceptor)2 LoginUrlAuthenticationEntryPoint (org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint)2 MidpointAuthentication (com.evolveum.midpoint.authentication.api.config.MidpointAuthentication)1 ModuleAuthentication (com.evolveum.midpoint.authentication.api.config.ModuleAuthentication)1 MidpointAnonymousAuthenticationFilter (com.evolveum.midpoint.authentication.impl.filter.MidpointAnonymousAuthenticationFilter)1 ModuleAuthenticationImpl (com.evolveum.midpoint.authentication.impl.module.authentication.ModuleAuthenticationImpl)1 Filter (jakarta.servlet.Filter)1 SecureRandom (java.security.SecureRandom)1 ServletRequest (javax.servlet.ServletRequest)1 HttpServletRequest (javax.servlet.http.HttpServletRequest)1 Test (org.junit.Test)1 BeforeEach (org.junit.jupiter.api.BeforeEach)1 MockFilterChain (org.springframework.mock.web.MockFilterChain)1 MockFilterConfig (org.springframework.mock.web.MockFilterConfig)1 MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)1 MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)1 AccessDeniedException (org.springframework.security.access.AccessDeniedException)1 ConfigAttribute (org.springframework.security.access.ConfigAttribute)1