Search in sources :

Example 6 with PreAuthenticatedAuthenticationToken

use of org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken in project midpoint by Evolveum.

the class InitialDataImport method init.

public void init() throws SchemaException {
    LOGGER.info("Starting initial object import (if necessary).");
    OperationResult mainResult = new OperationResult(OPERATION_INITIAL_OBJECTS_IMPORT);
    Task task = taskManager.createTaskInstance(OPERATION_INITIAL_OBJECTS_IMPORT);
    task.setChannel(SchemaConstants.CHANNEL_GUI_INIT_URI);
    int count = 0;
    int errors = 0;
    File[] files = getInitialImportObjects();
    LOGGER.debug("Files to be imported: {}.", Arrays.toString(files));
    // We need to provide a fake Spring security context here.
    // We have to fake it because we do not have anything in the repository yet. And to get
    // something to the repository we need a context. Chicken and egg. So we fake the egg.
    SecurityContext securityContext = SecurityContextHolder.getContext();
    UserType userAdministrator = new UserType();
    prismContext.adopt(userAdministrator);
    userAdministrator.setName(new PolyStringType(new PolyString("initAdmin", "initAdmin")));
    MidPointPrincipal principal = new MidPointPrincipal(userAdministrator);
    AuthorizationType superAutzType = new AuthorizationType();
    prismContext.adopt(superAutzType, RoleType.class, new ItemPath(RoleType.F_AUTHORIZATION));
    superAutzType.getAction().add(AuthorizationConstants.AUTZ_ALL_URL);
    Authorization superAutz = new Authorization(superAutzType);
    Collection<Authorization> authorities = principal.getAuthorities();
    authorities.add(superAutz);
    Authentication authentication = new PreAuthenticatedAuthenticationToken(principal, null);
    securityContext.setAuthentication(authentication);
    for (File file : files) {
        try {
            LOGGER.debug("Considering initial import of file {}.", file.getName());
            PrismObject object = prismContext.parseObject(file);
            if (ReportType.class.equals(object.getCompileTimeClass())) {
                ReportTypeUtil.applyDefinition(object, prismContext);
            }
            Boolean importObject = importObject(object, file, task, mainResult);
            if (importObject == null) {
                continue;
            }
            if (importObject) {
                count++;
            } else {
                errors++;
            }
        } catch (Exception ex) {
            LoggingUtils.logUnexpectedException(LOGGER, "Couldn't import file {}", ex, file.getName());
            mainResult.recordFatalError("Couldn't import file '" + file.getName() + "'", ex);
        }
    }
    securityContext.setAuthentication(null);
    mainResult.recomputeStatus("Couldn't import objects.");
    LOGGER.info("Initial object import finished ({} objects imported, {} errors)", count, errors);
    if (LOGGER.isTraceEnabled()) {
        LOGGER.trace("Initialization status:\n" + mainResult.debugDump());
    }
}
Also used : PolyStringType(com.evolveum.prism.xml.ns._public.types_3.PolyStringType) Task(com.evolveum.midpoint.task.api.Task) PreAuthenticatedAuthenticationToken(org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken) OperationResult(com.evolveum.midpoint.schema.result.OperationResult) URISyntaxException(java.net.URISyntaxException) SchemaException(com.evolveum.midpoint.util.exception.SchemaException) ObjectNotFoundException(com.evolveum.midpoint.util.exception.ObjectNotFoundException) IOException(java.io.IOException) Authorization(com.evolveum.midpoint.security.api.Authorization) PrismObject(com.evolveum.midpoint.prism.PrismObject) Authentication(org.springframework.security.core.Authentication) PolyString(com.evolveum.midpoint.prism.polystring.PolyString) SecurityContext(org.springframework.security.core.context.SecurityContext) AuthorizationType(com.evolveum.midpoint.xml.ns._public.common.common_3.AuthorizationType) File(java.io.File) UserType(com.evolveum.midpoint.xml.ns._public.common.common_3.UserType) MidPointPrincipal(com.evolveum.midpoint.security.api.MidPointPrincipal) ItemPath(com.evolveum.midpoint.prism.path.ItemPath)

Example 7 with PreAuthenticatedAuthenticationToken

use of org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken in project midpoint by Evolveum.

the class MidPointAuthenticationProvider method authenticate.

@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
    String enteredUsername = (String) authentication.getPrincipal();
    LOGGER.trace("Authenticating username '{}'", enteredUsername);
    ConnectionEnvironment connEnv = ConnectionEnvironment.create(SchemaConstants.CHANNEL_GUI_USER_URI);
    Authentication token;
    if (authentication instanceof UsernamePasswordAuthenticationToken) {
        String enteredPassword = (String) authentication.getCredentials();
        token = passwordAuthenticationEvaluator.authenticate(connEnv, new PasswordAuthenticationContext(enteredUsername, enteredPassword));
    } else if (authentication instanceof PreAuthenticatedAuthenticationToken) {
        token = passwordAuthenticationEvaluator.authenticateUserPreAuthenticated(connEnv, enteredUsername);
    } else {
        LOGGER.error("Unsupported authentication {}", authentication);
        throw new AuthenticationServiceException("web.security.provider.unavailable");
    }
    MidPointPrincipal principal = (MidPointPrincipal) token.getPrincipal();
    LOGGER.debug("User '{}' authenticated ({}), authorities: {}", authentication.getPrincipal(), authentication.getClass().getSimpleName(), principal.getAuthorities());
    return token;
}
Also used : PasswordAuthenticationContext(com.evolveum.midpoint.model.api.context.PasswordAuthenticationContext) Authentication(org.springframework.security.core.Authentication) PreAuthenticatedAuthenticationToken(org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken) UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken) AuthenticationServiceException(org.springframework.security.authentication.AuthenticationServiceException) ConnectionEnvironment(com.evolveum.midpoint.security.api.ConnectionEnvironment) MidPointPrincipal(com.evolveum.midpoint.security.api.MidPointPrincipal)

Example 8 with PreAuthenticatedAuthenticationToken

use of org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken in project ORCID-Source by ORCID.

the class SourceManagerImpl method getRealUserIfInDelegationMode.

private String getRealUserIfInDelegationMode(Authentication authentication) {
    if (authentication != null) {
        Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities();
        if (authorities != null) {
            for (GrantedAuthority authority : authorities) {
                if (authority instanceof SwitchUserGrantedAuthority) {
                    SwitchUserGrantedAuthority suga = (SwitchUserGrantedAuthority) authority;
                    Authentication sourceAuthentication = suga.getSource();
                    if ((sourceAuthentication instanceof UsernamePasswordAuthenticationToken || sourceAuthentication instanceof PreAuthenticatedAuthenticationToken) && sourceAuthentication.getPrincipal() instanceof OrcidProfileUserDetails) {
                        return ((OrcidProfileUserDetails) sourceAuthentication.getPrincipal()).getOrcid();
                    }
                }
            }
        }
    }
    return null;
}
Also used : OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication) Authentication(org.springframework.security.core.Authentication) GrantedAuthority(org.springframework.security.core.GrantedAuthority) SwitchUserGrantedAuthority(org.springframework.security.web.authentication.switchuser.SwitchUserGrantedAuthority) OrcidProfileUserDetails(org.orcid.core.oauth.OrcidProfileUserDetails) PreAuthenticatedAuthenticationToken(org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken) UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken) SwitchUserGrantedAuthority(org.springframework.security.web.authentication.switchuser.SwitchUserGrantedAuthority)

Example 9 with PreAuthenticatedAuthenticationToken

use of org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken in project ORCID-Source by ORCID.

the class BaseControllerUtilTest method getCurrentUserPreAuthenticatedAuthenticationToken.

@Test
public void getCurrentUserPreAuthenticatedAuthenticationToken() {
    SecurityContext context = mock(SecurityContext.class);
    PreAuthenticatedAuthenticationToken usernamePasswordAuthenticationToken = mock(PreAuthenticatedAuthenticationToken.class);
    OrcidProfileUserDetails orcidProfileUserDetails = mock(OrcidProfileUserDetails.class);
    when(context.getAuthentication()).thenReturn(usernamePasswordAuthenticationToken);
    when(usernamePasswordAuthenticationToken.getPrincipal()).thenReturn(orcidProfileUserDetails);
    assertNotNull(baseControllerUtil.getCurrentUser(context));
}
Also used : SecurityContext(org.springframework.security.core.context.SecurityContext) OrcidProfileUserDetails(org.orcid.core.oauth.OrcidProfileUserDetails) PreAuthenticatedAuthenticationToken(org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken)

Example 10 with PreAuthenticatedAuthenticationToken

use of org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken in project opennms by OpenNMS.

the class SpringSecurityContextServiceTest method setUp.

@Before
public void setUp() throws Exception {
    SecurityContext context = new SecurityContextImpl();
    User principal = new User(USERNAME, PASS, true, true, true, true, Arrays.asList(new GrantedAuthority[] { ROLE_ADMIN, ROLE_PROVISION }));
    org.springframework.security.core.Authentication auth = new PreAuthenticatedAuthenticationToken(principal, new Object());
    context.setAuthentication(auth);
    SecurityContextHolder.setContext(context);
    this.m_securityContextService = new SpringSecurityContextService();
}
Also used : SecurityContextImpl(org.springframework.security.core.context.SecurityContextImpl) User(org.springframework.security.core.userdetails.User) SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority) GrantedAuthority(org.springframework.security.core.GrantedAuthority) SecurityContext(org.springframework.security.core.context.SecurityContext) PreAuthenticatedAuthenticationToken(org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken) Before(org.junit.Before)

Aggregations

PreAuthenticatedAuthenticationToken (org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken)19 Authentication (org.springframework.security.core.Authentication)13 OAuth2Authentication (org.springframework.security.oauth2.provider.OAuth2Authentication)6 Test (org.junit.Test)4 GrantedAuthority (org.springframework.security.core.GrantedAuthority)4 SecurityContext (org.springframework.security.core.context.SecurityContext)3 MidPointPrincipal (com.evolveum.midpoint.security.api.MidPointPrincipal)2 HttpServletRequest (javax.servlet.http.HttpServletRequest)2 HttpServletResponse (javax.servlet.http.HttpServletResponse)2 OrcidProfileUserDetails (org.orcid.core.oauth.OrcidProfileUserDetails)2 UserconnectionEntity (org.orcid.persistence.jpa.entities.UserconnectionEntity)2 MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)2 UsernamePasswordAuthenticationToken (org.springframework.security.authentication.UsernamePasswordAuthenticationToken)2 AuthenticationException (org.springframework.security.core.AuthenticationException)2 WebAuthenticationDetails (org.springframework.security.web.authentication.WebAuthenticationDetails)2 RequestMapping (org.springframework.web.bind.annotation.RequestMapping)2 ModelAndView (org.springframework.web.servlet.ModelAndView)2 PasswordAuthenticationContext (com.evolveum.midpoint.model.api.context.PasswordAuthenticationContext)1 PrismObject (com.evolveum.midpoint.prism.PrismObject)1 ItemPath (com.evolveum.midpoint.prism.path.ItemPath)1