Example 26 with PreAuthenticatedAuthenticationToken
use of org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken in project spring-security by spring-projects.
the class ReactivePreAuthenticatedAuthenticationManager method authenticate.
@Override
public Mono<Authentication> authenticate(Authentication authentication) {
return Mono.just(authentication).filter(this::supports).map(Authentication::getName).flatMap(this.userDetailsService::findByUsername).switchIfEmpty(Mono.error(() -> new UsernameNotFoundException("User not found"))).doOnNext(this.userDetailsChecker::check).map((userDetails) -> {
PreAuthenticatedAuthenticationToken result = new PreAuthenticatedAuthenticationToken(userDetails, authentication.getCredentials(), userDetails.getAuthorities());
result.setDetails(authentication.getDetails());
return result;
});
}
Also used :
UsernameNotFoundException(org.springframework.security.core.userdetails.UsernameNotFoundException)
Authentication(org.springframework.security.core.Authentication)
PreAuthenticatedAuthenticationToken(org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken)
Example 27 with PreAuthenticatedAuthenticationToken
use of org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken in project spring-security by spring-projects.
the class ServerX509AuthenticationConverter method convert.
@Override
public Mono<Authentication> convert(ServerWebExchange exchange) {
SslInfo sslInfo = exchange.getRequest().getSslInfo();
if (sslInfo == null) {
this.logger.debug("No SslInfo provided with a request, skipping x509 authentication");
return Mono.empty();
}
if (sslInfo.getPeerCertificates() == null || sslInfo.getPeerCertificates().length == 0) {
this.logger.debug("No peer certificates found in SslInfo, skipping x509 authentication");
return Mono.empty();
}
X509Certificate clientCertificate = sslInfo.getPeerCertificates()[0];
Object principal = this.principalExtractor.extractPrincipal(clientCertificate);
return Mono.just(new PreAuthenticatedAuthenticationToken(principal, clientCertificate));
}
Also used :
PreAuthenticatedAuthenticationToken(org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken)
SslInfo(org.springframework.http.server.reactive.SslInfo)
X509Certificate(java.security.cert.X509Certificate)
Example 28 with PreAuthenticatedAuthenticationToken
use of org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken in project spring-security by spring-projects.
the class PreAuthenticatedAuthenticationTokenDeserializer method deserialize.
/**
* This method construct {@link PreAuthenticatedAuthenticationToken} object from
* serialized json.
* @param jp the JsonParser
* @param ctxt the DeserializationContext
* @return the user
* @throws IOException if a exception during IO occurs
* @throws JsonProcessingException if an error during JSON processing occurs
*/
@Override
public PreAuthenticatedAuthenticationToken deserialize(JsonParser jp, DeserializationContext ctxt) throws IOException, JsonProcessingException {
ObjectMapper mapper = (ObjectMapper) jp.getCodec();
JsonNode jsonNode = mapper.readTree(jp);
Boolean authenticated = readJsonNode(jsonNode, "authenticated").asBoolean();
JsonNode principalNode = readJsonNode(jsonNode, "principal");
Object principal = (!principalNode.isObject()) ? principalNode.asText() : mapper.readValue(principalNode.traverse(mapper), Object.class);
Object credentials = readJsonNode(jsonNode, "credentials").asText();
List<GrantedAuthority> authorities = mapper.readValue(readJsonNode(jsonNode, "authorities").traverse(mapper), GRANTED_AUTHORITY_LIST);
PreAuthenticatedAuthenticationToken token = (!authenticated) ? new PreAuthenticatedAuthenticationToken(principal, credentials) : new PreAuthenticatedAuthenticationToken(principal, credentials, authorities);
token.setDetails(readJsonNode(jsonNode, "details"));
return token;
}
Also used :
GrantedAuthority(org.springframework.security.core.GrantedAuthority)
PreAuthenticatedAuthenticationToken(org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken)
JsonNode(com.fasterxml.jackson.databind.JsonNode)
ObjectMapper(com.fasterxml.jackson.databind.ObjectMapper)
Example 29 with PreAuthenticatedAuthenticationToken
use of org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken in project fastjson by alibaba.
the class DefaultSavedRequestTest method test_PreAuthenticatedAuthenticationToken.
public void test_PreAuthenticatedAuthenticationToken() throws Exception {
PreAuthenticatedAuthenticationToken token = new PreAuthenticatedAuthenticationToken("ppp", "cccc");
String json = JSON.toJSONString(token);
System.out.println(json);
PreAuthenticatedAuthenticationToken token1 = JSON.parseObject(json, PreAuthenticatedAuthenticationToken.class);
assertEquals("ppp", token1.getPrincipal());
assertEquals("cccc", token1.getCredentials());
}
Also used :
PreAuthenticatedAuthenticationToken(org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken)
Example 30 with PreAuthenticatedAuthenticationToken
use of org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken in project midpoint by Evolveum.
the class SecurityContextManagerImpl method runPrivileged.
@Override
public <T> T runPrivileged(Producer<T> producer) {
LOGGER.debug("Running {} as privileged", producer);
Authentication origAuthentication = SecurityContextHolder.getContext().getAuthentication();
LOGGER.trace("ORIG auth {}", origAuthentication);
// Try to reuse the original identity as much as possible. All we need to is add AUTZ_ALL
// to the list of authorities
Authorization privilegedAuthorization = createPrivilegedAuthorization();
Object newPrincipal = null;
if (origAuthentication != null) {
Object origPrincipal = origAuthentication.getPrincipal();
if (isAnonymous(origAuthentication)) {
newPrincipal = origPrincipal;
} else {
LOGGER.trace("ORIG principal {} ({})", origPrincipal, origPrincipal != null ? origPrincipal.getClass() : null);
if (origPrincipal != null) {
if (origPrincipal instanceof MidPointPrincipal) {
MidPointPrincipal newMidPointPrincipal = ((MidPointPrincipal) origPrincipal).clone();
newMidPointPrincipal.getAuthorities().add(privilegedAuthorization);
newPrincipal = newMidPointPrincipal;
}
}
}
Collection<GrantedAuthority> newAuthorities = new ArrayList<>();
newAuthorities.addAll(origAuthentication.getAuthorities());
newAuthorities.add(privilegedAuthorization);
PreAuthenticatedAuthenticationToken newAuthorization = new PreAuthenticatedAuthenticationToken(newPrincipal, null, newAuthorities);
LOGGER.trace("NEW auth {}", newAuthorization);
SecurityContextHolder.getContext().setAuthentication(newAuthorization);
} else {
LOGGER.debug("No original authentication, do NOT setting any privileged security context");
}
try {
return producer.run();
} finally {
SecurityContextHolder.getContext().setAuthentication(origAuthentication);
LOGGER.debug("Finished running {} as privileged", producer);
LOGGER.trace("Security context after privileged operation: {}", SecurityContextHolder.getContext());
}
}
Also used :
Authentication(org.springframework.security.core.Authentication)
GrantedAuthority(org.springframework.security.core.GrantedAuthority)
ArrayList(java.util.ArrayList)
PreAuthenticatedAuthenticationToken(org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken)
PrismObject(com.evolveum.midpoint.prism.PrismObject)
Aggregations
PreAuthenticatedAuthenticationToken (org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken)64
Authentication (org.springframework.security.core.Authentication)36
Test (org.junit.Test)14
SecurityContext (org.springframework.security.core.context.SecurityContext)11
OAuth2Authentication (org.springframework.security.oauth2.provider.OAuth2Authentication)7
User (ca.corefacility.bioinformatics.irida.model.user.User)6
AuthenticationException (org.springframework.security.core.AuthenticationException)6
GrantedAuthority (org.springframework.security.core.GrantedAuthority)6
MidPointPrincipal (com.evolveum.midpoint.security.api.MidPointPrincipal)5
AnonymousAuthenticationToken (org.springframework.security.authentication.AnonymousAuthenticationToken)4
MidpointAuthentication (com.evolveum.midpoint.authentication.api.config.MidpointAuthentication)3
ModuleAuthentication (com.evolveum.midpoint.authentication.api.config.ModuleAuthentication)3
X509Certificate (java.security.cert.X509Certificate)3
ArrayList (java.util.ArrayList)3
KeycloakRole (org.keycloak.adapters.springsecurity.account.KeycloakRole)3
OrcidProfileUserDetails (org.orcid.core.oauth.OrcidProfileUserDetails)3
BadCredentialsException (org.springframework.security.authentication.BadCredentialsException)3
UsernamePasswordAuthenticationToken (org.springframework.security.authentication.UsernamePasswordAuthenticationToken)3
UsernameNotFoundException (org.springframework.security.core.userdetails.UsernameNotFoundException)3
PasswordAuthenticationContext (com.evolveum.midpoint.model.api.context.PasswordAuthenticationContext)2
