Examples with WebAuthenticationDetails org.springframework.security.web.authentication.WebAuthenticationDetails used on opensource projects

Example 6 with WebAuthenticationDetails

use of org.springframework.security.web.authentication.WebAuthenticationDetails in project Asqatasun by Asqatasun.

the class LoginController method doGuestAutoLogin.

private void doGuestAutoLogin(HttpServletRequest request, String guestUser) {
    try {
        // Must be called from request filtered by Spring Security, otherwise SecurityContextHolder is not updated
        UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(guestUser, guestPassword);
        token.setDetails(new WebAuthenticationDetails(request));
        Authentication guest = authenticationManager.authenticate(token);
        Logger.getLogger(this.getClass()).debug("Logging in with [{}]" + guest.getPrincipal());
        SecurityContextHolder.getContext().setAuthentication(guest);
    } catch (Exception e) {
        SecurityContextHolder.getContext().setAuthentication(null);
        Logger.getLogger(this.getClass()).debug("Failure in autoLogin", e);
    }
}

Example 7 with WebAuthenticationDetails

use of org.springframework.security.web.authentication.WebAuthenticationDetails in project ORCID-Source by ORCID.

the class OauthControllerBase method authenticateUser.

/*****************************
     * Authenticate user methods
     ****************************/
protected Authentication authenticateUser(HttpServletRequest request, String email, String password) {
    UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(email, password);
    token.setDetails(new WebAuthenticationDetails(request));
    Authentication authentication = authenticationManager.authenticate(token);
    SecurityContextHolder.getContext().setAuthentication(authentication);
    return authentication;
}

Example 8 with WebAuthenticationDetails

use of org.springframework.security.web.authentication.WebAuthenticationDetails in project ORCID-Source by ORCID.

the class RegistrationController method logUserIn.

public void logUserIn(HttpServletRequest request, HttpServletResponse response, String orcidId, String password) {
    UsernamePasswordAuthenticationToken token = null;
    try {
        token = new UsernamePasswordAuthenticationToken(orcidId, password);
        token.setDetails(new WebAuthenticationDetails(request));
        Authentication authentication = authenticationManager.authenticate(token);
        SecurityContextHolder.getContext().setAuthentication(authentication);
        if (internalSSOManager.enableCookie()) {
            // Set user cookie
            internalSSOManager.writeCookie(orcidId, request, response);
        }
    } catch (AuthenticationException e) {
        // this should never happen
        SecurityContextHolder.getContext().setAuthentication(null);
        LOGGER.warn("User {0} should have been logged-in, but we unable to due to a problem", e, (token != null ? token.getPrincipal() : "empty principle"));
    }
}

Example 9 with WebAuthenticationDetails

use of org.springframework.security.web.authentication.WebAuthenticationDetails in project ORCID-Source by ORCID.

the class OrcidAuthorizationCodeServiceImpl method getDetailFromAuthorization.

private OrcidOauth2AuthoriziationCodeDetail getDetailFromAuthorization(String code, OAuth2Authentication authentication) {
    OAuth2Request oAuth2Request = authentication.getOAuth2Request();
    OrcidOauth2AuthoriziationCodeDetail detail = new OrcidOauth2AuthoriziationCodeDetail();
    Map<String, String> requestParameters = oAuth2Request.getRequestParameters();
    if (requestParameters != null && !requestParameters.isEmpty()) {
        String clientId = (String) requestParameters.get(CLIENT_ID);
        ClientDetailsEntity clientDetails = getClientDetails(clientId);
        if (clientDetails == null) {
            return null;
        }
        detail.setScopes(OAuth2Utils.parseParameterList((String) requestParameters.get(SCOPE)));
        detail.setState((String) requestParameters.get(STATE));
        detail.setRedirectUri((String) requestParameters.get(REDIRECT_URI));
        detail.setResponseType((String) requestParameters.get(RESPONSE_TYPE));
        detail.setClientDetailsEntity(clientDetails);
        //persist the openID params if present
        if (requestParameters.get(OrcidOauth2Constants.NONCE) != null)
            detail.setNonce((String) requestParameters.get(OrcidOauth2Constants.NONCE));
    }
    detail.setId(code);
    detail.setApproved(authentication.getOAuth2Request().isApproved());
    Authentication userAuthentication = authentication.getUserAuthentication();
    Object principal = userAuthentication.getPrincipal();
    ProfileEntity entity = null;
    if (principal instanceof OrcidProfileUserDetails) {
        OrcidProfileUserDetails userDetails = (OrcidProfileUserDetails) principal;
        String effectiveOrcid = userDetails.getOrcid();
        if (effectiveOrcid != null) {
            entity = profileEntityCacheManager.retrieve(effectiveOrcid);
        }
    }
    if (entity == null) {
        return null;
    }
    detail.setProfileEntity(entity);
    detail.setAuthenticated(userAuthentication.isAuthenticated());
    Set<String> authorities = getStringSetFromGrantedAuthorities(authentication.getAuthorities());
    detail.setAuthorities(authorities);
    Object authenticationDetails = userAuthentication.getDetails();
    if (authenticationDetails instanceof WebAuthenticationDetails) {
        detail.setSessionId(((WebAuthenticationDetails) authenticationDetails).getSessionId());
    }
    boolean isPersistentTokenEnabledByUser = false;
    //Set token version to persistent token
    //TODO: As of Jan 2015 all tokens will be new tokens, so, we will have to remove the token version code and 
    //treat all tokens as new tokens
    detail.setVersion(Long.valueOf(OrcidOauth2Constants.PERSISTENT_TOKEN));
    if (requestParameters.containsKey(OrcidOauth2Constants.GRANT_PERSISTENT_TOKEN)) {
        String grantPersitentToken = (String) requestParameters.get(OrcidOauth2Constants.GRANT_PERSISTENT_TOKEN);
        if (Boolean.parseBoolean(grantPersitentToken)) {
            isPersistentTokenEnabledByUser = true;
        }
    }
    detail.setPersistent(isPersistentTokenEnabledByUser);
    return detail;
}

Example 10 with WebAuthenticationDetails

use of org.springframework.security.web.authentication.WebAuthenticationDetails in project ORCID-Source by ORCID.

the class ClaimController method automaticallyLogin.

private void automaticallyLogin(HttpServletRequest request, String password, String orcid) {
    UsernamePasswordAuthenticationToken token = null;
    try {
        token = new UsernamePasswordAuthenticationToken(orcid, password);
        token.setDetails(new WebAuthenticationDetails(request));
        Authentication authentication = authenticationManager.authenticate(token);
        SecurityContextHolder.getContext().setAuthentication(authentication);
    } catch (AuthenticationException e) {
        // this should never happen
        SecurityContextHolder.getContext().setAuthentication(null);
        LOGGER.warn("User {0} should have been logged-in, but we unable to due to a problem", e, (token != null ? token.getPrincipal() : "empty principle"));
    }
}