Example 16 with PreAuthenticatedAuthenticationToken
use of org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken in project ORCID-Source by ORCID.
the class SocialController method signinHandler.
@RequestMapping(value = { "/access" }, method = RequestMethod.GET)
public ModelAndView signinHandler(HttpServletRequest request, HttpServletResponse response) {
SocialType connectionType = socialContext.isSignedIn(request, response);
if (connectionType != null) {
Map<String, String> userMap = retrieveUserDetails(connectionType);
String providerId = connectionType.value();
String userId = socialContext.getUserId();
UserconnectionEntity userConnectionEntity = userConnectionManager.findByProviderIdAndProviderUserId(userMap.get("providerUserId"), providerId);
if (userConnectionEntity != null) {
if (userConnectionEntity.isLinked()) {
UserconnectionPK pk = new UserconnectionPK(userId, providerId, userMap.get("providerUserId"));
userConnectionManager.updateLoginInformation(pk);
String aCredentials = new StringBuffer(providerId).append(":").append(userMap.get("providerUserId")).toString();
PreAuthenticatedAuthenticationToken token = new PreAuthenticatedAuthenticationToken(userConnectionEntity.getOrcid(), aCredentials);
token.setDetails(new WebAuthenticationDetails(request));
Authentication authentication = authenticationManager.authenticate(token);
SecurityContextHolder.getContext().setAuthentication(authentication);
return new ModelAndView("redirect:" + calculateRedirectUrl(request, response));
} else {
ModelAndView mav = new ModelAndView();
mav.setViewName("social_link_signin");
mav.addObject("providerId", providerId);
mav.addObject("accountId", getAccountIdForDisplay(userMap));
mav.addObject("linkType", "social");
mav.addObject("emailId", (userMap.get("email") == null) ? "" : userMap.get("email"));
mav.addObject("firstName", (userMap.get("firstName") == null) ? "" : userMap.get("firstName"));
mav.addObject("lastName", (userMap.get("lastName") == null) ? "" : userMap.get("lastName"));
return mav;
}
} else {
throw new UsernameNotFoundException("Could not find an orcid account associated with the email id.");
}
} else {
throw new UsernameNotFoundException("Could not find an orcid account associated with the email id.");
}
}
Also used :
UsernameNotFoundException(org.springframework.security.core.userdetails.UsernameNotFoundException)
WebAuthenticationDetails(org.springframework.security.web.authentication.WebAuthenticationDetails)
Authentication(org.springframework.security.core.Authentication)
ModelAndView(org.springframework.web.servlet.ModelAndView)
SocialType(org.orcid.frontend.spring.web.social.config.SocialType)
PreAuthenticatedAuthenticationToken(org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken)
UserconnectionEntity(org.orcid.persistence.jpa.entities.UserconnectionEntity)
UserconnectionPK(org.orcid.persistence.jpa.entities.UserconnectionPK)
RequestMapping(org.springframework.web.bind.annotation.RequestMapping)
Example 17 with PreAuthenticatedAuthenticationToken
use of org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken in project midpoint by Evolveum.
the class SecurityEnforcerImpl method setupPreAuthenticatedSecurityContext.
@Override
public void setupPreAuthenticatedSecurityContext(PrismObject<UserType> user) throws SchemaException {
MidPointPrincipal principal;
if (userProfileService == null) {
LOGGER.warn("No user profile service set up in SecurityEnforcer. " + "This is OK in low-level tests but it is a serious problem in running system");
principal = new MidPointPrincipal(user.asObjectable());
} else {
principal = userProfileService.getPrincipal(user);
}
Authentication authentication = new PreAuthenticatedAuthenticationToken(principal, null);
setupPreAuthenticatedSecurityContext(authentication);
}
Also used :
Authentication(org.springframework.security.core.Authentication)
PreAuthenticatedAuthenticationToken(org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken)
Example 18 with PreAuthenticatedAuthenticationToken
use of org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken in project midpoint by Evolveum.
the class SecurityEnforcerImpl method runPrivileged.
@Override
public <T> T runPrivileged(Producer<T> producer) {
LOGGER.debug("Running {} as privileged", producer);
Authentication origAuthentication = SecurityContextHolder.getContext().getAuthentication();
LOGGER.trace("ORIG auth {}", origAuthentication);
// Try to reuse the original identity as much as possible. All we need to is add AUTZ_ALL
// to the list of authorities
Authorization privilegedAuthorization = createPrivilegedAuthorization();
Object newPrincipal = null;
if (origAuthentication != null) {
Object origPrincipal = origAuthentication.getPrincipal();
if (origAuthentication instanceof AnonymousAuthenticationToken) {
newPrincipal = origPrincipal;
} else {
LOGGER.trace("ORIG principal {} ({})", origPrincipal, origPrincipal != null ? origPrincipal.getClass() : null);
if (origPrincipal != null) {
if (origPrincipal instanceof MidPointPrincipal) {
MidPointPrincipal newMidPointPrincipal = ((MidPointPrincipal) origPrincipal).clone();
newMidPointPrincipal.getAuthorities().add(privilegedAuthorization);
newPrincipal = newMidPointPrincipal;
}
}
}
Collection<GrantedAuthority> newAuthorities = new ArrayList<>();
newAuthorities.addAll(origAuthentication.getAuthorities());
newAuthorities.add(privilegedAuthorization);
PreAuthenticatedAuthenticationToken newAuthorization = new PreAuthenticatedAuthenticationToken(newPrincipal, null, newAuthorities);
LOGGER.trace("NEW auth {}", newAuthorization);
SecurityContextHolder.getContext().setAuthentication(newAuthorization);
} else {
LOGGER.debug("No original authentication, do NOT setting any privileged security context");
}
try {
return producer.run();
} finally {
SecurityContextHolder.getContext().setAuthentication(origAuthentication);
LOGGER.debug("Finished running {} as privileged", producer);
LOGGER.trace("Security context after privileged operation: {}", SecurityContextHolder.getContext());
}
}
Also used :
Authentication(org.springframework.security.core.Authentication)
GrantedAuthority(org.springframework.security.core.GrantedAuthority)
ArrayList(java.util.ArrayList)
PreAuthenticatedAuthenticationToken(org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken)
AnonymousAuthenticationToken(org.springframework.security.authentication.AnonymousAuthenticationToken)
Example 19 with PreAuthenticatedAuthenticationToken
use of org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken in project midpoint by Evolveum.
the class AuthenticationEvaluatorImpl method authenticateUserPreAuthenticated.
@Override
public PreAuthenticatedAuthenticationToken authenticateUserPreAuthenticated(ConnectionEnvironment connEnv, String enteredUsername) {
MidPointPrincipal principal = getAndCheckPrincipal(connEnv, enteredUsername, true);
// Authorizations
if (!hasAnyAuthorization(principal)) {
recordAuthenticationFailure(principal, connEnv, "no authorizations");
throw new AccessDeniedException("web.security.provider.access.denied");
}
PreAuthenticatedAuthenticationToken token = new PreAuthenticatedAuthenticationToken(principal, null, principal.getAuthorities());
recordAuthenticationSuccess(principal, connEnv);
return token;
}
Also used :
AccessDeniedException(org.springframework.security.access.AccessDeniedException)
PreAuthenticatedAuthenticationToken(org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken)
Aggregations
PreAuthenticatedAuthenticationToken (org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken)19
Authentication (org.springframework.security.core.Authentication)13
OAuth2Authentication (org.springframework.security.oauth2.provider.OAuth2Authentication)6
Test (org.junit.Test)4
GrantedAuthority (org.springframework.security.core.GrantedAuthority)4
SecurityContext (org.springframework.security.core.context.SecurityContext)3
MidPointPrincipal (com.evolveum.midpoint.security.api.MidPointPrincipal)2
HttpServletRequest (javax.servlet.http.HttpServletRequest)2
HttpServletResponse (javax.servlet.http.HttpServletResponse)2
OrcidProfileUserDetails (org.orcid.core.oauth.OrcidProfileUserDetails)2
UserconnectionEntity (org.orcid.persistence.jpa.entities.UserconnectionEntity)2
MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)2
UsernamePasswordAuthenticationToken (org.springframework.security.authentication.UsernamePasswordAuthenticationToken)2
AuthenticationException (org.springframework.security.core.AuthenticationException)2
WebAuthenticationDetails (org.springframework.security.web.authentication.WebAuthenticationDetails)2
RequestMapping (org.springframework.web.bind.annotation.RequestMapping)2
ModelAndView (org.springframework.web.servlet.ModelAndView)2
PasswordAuthenticationContext (com.evolveum.midpoint.model.api.context.PasswordAuthenticationContext)1
PrismObject (com.evolveum.midpoint.prism.PrismObject)1
ItemPath (com.evolveum.midpoint.prism.path.ItemPath)1
