Example 31 with PreAuthenticatedAuthenticationToken
use of org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken in project midpoint by Evolveum.
the class OidcClientLogoutSuccessHandler method determineTargetUrl.
protected String determineTargetUrl(HttpServletRequest request, HttpServletResponse response, Authentication authentication) {
String targetUrl = null;
if (authentication instanceof MidpointAuthentication) {
MidpointAuthentication mPAuthentication = (MidpointAuthentication) authentication;
ModuleAuthentication moduleAuthentication = mPAuthentication.getProcessingModuleAuthentication();
if (moduleAuthentication instanceof OidcClientModuleAuthenticationImpl) {
Authentication internalAuthentication = moduleAuthentication.getAuthentication();
if (internalAuthentication instanceof PreAuthenticatedAuthenticationToken || internalAuthentication instanceof AnonymousAuthenticationToken) {
Object details = internalAuthentication.getDetails();
if (details instanceof OAuth2LoginAuthenticationToken && ((OAuth2LoginAuthenticationToken) details).getDetails() instanceof OidcUser) {
OAuth2LoginAuthenticationToken oidcAuthentication = (OAuth2LoginAuthenticationToken) details;
String registrationId = oidcAuthentication.getClientRegistration().getRegistrationId();
ClientRegistration clientRegistration = this.clientRegistrationRepository.findByRegistrationId(registrationId);
URI endSessionEndpoint = this.endSessionEndpoint(clientRegistration);
if (endSessionEndpoint != null) {
String idToken = this.idToken(oidcAuthentication);
String postLogoutRedirectUri = this.postLogoutRedirectUri(request);
targetUrl = this.endpointUri(endSessionEndpoint, idToken, postLogoutRedirectUri);
}
}
}
}
}
return targetUrl != null ? targetUrl : super.determineTargetUrl(request, response);
}
Also used :
ModuleAuthentication(com.evolveum.midpoint.authentication.api.config.ModuleAuthentication)
ClientRegistration(org.springframework.security.oauth2.client.registration.ClientRegistration)
ModuleAuthentication(com.evolveum.midpoint.authentication.api.config.ModuleAuthentication)
MidpointAuthentication(com.evolveum.midpoint.authentication.api.config.MidpointAuthentication)
Authentication(org.springframework.security.core.Authentication)
OidcClientModuleAuthenticationImpl(com.evolveum.midpoint.authentication.impl.module.authentication.OidcClientModuleAuthenticationImpl)
PreAuthenticatedAuthenticationToken(org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken)
AnonymousAuthenticationToken(org.springframework.security.authentication.AnonymousAuthenticationToken)
MidpointAuthentication(com.evolveum.midpoint.authentication.api.config.MidpointAuthentication)
URI(java.net.URI)
OAuth2LoginAuthenticationToken(org.springframework.security.oauth2.client.authentication.OAuth2LoginAuthenticationToken)
OidcUser(org.springframework.security.oauth2.core.oidc.user.OidcUser)
Example 32 with PreAuthenticatedAuthenticationToken
use of org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken in project engine by craftercms.
the class SecurityContextAwareProviderLoginSupport method complete.
@Override
public Authentication complete(final String tenant, final String providerId, final HttpServletRequest request, final Set<String> newUserRoles, final Map<String, Object> newUserAttributes, final ConnectSupport connectSupport) throws AuthenticationException {
Authentication auth = super.complete(tenant, providerId, request, newUserRoles, newUserAttributes, connectSupport);
SecurityContext securityContext = SecurityContextHolder.getContext();
if (securityContext == null) {
securityContext = new SecurityContextImpl();
}
ProfileUser principal = new ProfileUser(auth);
securityContext.setAuthentication(new PreAuthenticatedAuthenticationToken(principal, "N/A", principal.getAuthorities()));
SecurityContextHolder.setContext(securityContext);
return auth;
}
Also used :
SecurityContextImpl(org.springframework.security.core.context.SecurityContextImpl)
Authentication(org.craftercms.security.authentication.Authentication)
SecurityContext(org.springframework.security.core.context.SecurityContext)
PreAuthenticatedAuthenticationToken(org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken)
Example 33 with PreAuthenticatedAuthenticationToken
use of org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken in project cas by apereo.
the class PopulateSpringSecurityContextAction method doExecute.
@Override
protected Event doExecute(final RequestContext requestContext) {
val authn = WebUtils.getAuthentication(requestContext);
val principal = resolvePrincipal(authn.getPrincipal());
val request = WebUtils.getHttpServletRequestFromExternalWebflowContext(requestContext);
val authorities = principal.getAttributes().keySet().stream().map(SimpleGrantedAuthority::new).collect(Collectors.toList());
val secAuth = new PreAuthenticatedAuthenticationToken(principal, authn.getCredentials(), authorities);
secAuth.setAuthenticated(true);
secAuth.setDetails(new PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails(request, authorities));
val context = SecurityContextHolder.getContext();
context.setAuthentication(secAuth);
val session = request.getSession(true);
LOGGER.trace("Storing security context in session [{}] for [{}]", session.getId(), principal);
session.setAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY, context);
return null;
}
Also used :
lombok.val(lombok.val)
PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails(org.springframework.security.web.authentication.preauth.PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails)
PreAuthenticatedAuthenticationToken(org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken)
Example 34 with PreAuthenticatedAuthenticationToken
use of org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken in project spring-security-oauth by spring-projects.
the class AuthorizationServerEndpointsConfigurer method addUserDetailsService.
private void addUserDetailsService(DefaultTokenServices tokenServices, UserDetailsService userDetailsService) {
if (userDetailsService != null) {
PreAuthenticatedAuthenticationProvider provider = new PreAuthenticatedAuthenticationProvider();
provider.setPreAuthenticatedUserDetailsService(new UserDetailsByNameServiceWrapper<PreAuthenticatedAuthenticationToken>(userDetailsService));
tokenServices.setAuthenticationManager(new ProviderManager(Arrays.<AuthenticationProvider>asList(provider)));
}
}
Also used :
PreAuthenticatedAuthenticationProvider(org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider)
ProviderManager(org.springframework.security.authentication.ProviderManager)
AuthenticationProvider(org.springframework.security.authentication.AuthenticationProvider)
PreAuthenticatedAuthenticationProvider(org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider)
PreAuthenticatedAuthenticationToken(org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken)
Example 35 with PreAuthenticatedAuthenticationToken
use of org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken in project spring-security-oauth by spring-projects.
the class OAuth2AuthenticationProcessingFilter method doFilter.
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
final boolean debug = logger.isDebugEnabled();
final HttpServletRequest request = (HttpServletRequest) req;
final HttpServletResponse response = (HttpServletResponse) res;
try {
Authentication authentication = tokenExtractor.extract(request);
if (authentication == null) {
if (stateless && isAuthenticated()) {
if (debug) {
logger.debug("Clearing security context.");
}
SecurityContextHolder.clearContext();
}
if (debug) {
logger.debug("No token in request, will continue chain.");
}
} else {
request.setAttribute(OAuth2AuthenticationDetails.ACCESS_TOKEN_VALUE, authentication.getPrincipal());
if (authentication instanceof AbstractAuthenticationToken) {
AbstractAuthenticationToken needsDetails = (AbstractAuthenticationToken) authentication;
needsDetails.setDetails(authenticationDetailsSource.buildDetails(request));
}
Authentication authResult = authenticationManager.authenticate(authentication);
if (debug) {
logger.debug("Authentication success: " + authResult);
}
eventPublisher.publishAuthenticationSuccess(authResult);
SecurityContextHolder.getContext().setAuthentication(authResult);
}
} catch (OAuth2Exception failed) {
SecurityContextHolder.clearContext();
if (debug) {
logger.debug("Authentication request failed: " + failed);
}
eventPublisher.publishAuthenticationFailure(new BadCredentialsException(failed.getMessage(), failed), new PreAuthenticatedAuthenticationToken("access-token", "N/A"));
authenticationEntryPoint.commence(request, response, new InsufficientAuthenticationException(failed.getMessage(), failed));
return;
}
chain.doFilter(request, response);
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
AbstractAuthenticationToken(org.springframework.security.authentication.AbstractAuthenticationToken)
OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication)
Authentication(org.springframework.security.core.Authentication)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
PreAuthenticatedAuthenticationToken(org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken)
BadCredentialsException(org.springframework.security.authentication.BadCredentialsException)
InsufficientAuthenticationException(org.springframework.security.authentication.InsufficientAuthenticationException)
OAuth2Exception(org.springframework.security.oauth2.common.exceptions.OAuth2Exception)
Aggregations
PreAuthenticatedAuthenticationToken (org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken)64
Authentication (org.springframework.security.core.Authentication)36
Test (org.junit.Test)14
SecurityContext (org.springframework.security.core.context.SecurityContext)11
OAuth2Authentication (org.springframework.security.oauth2.provider.OAuth2Authentication)7
User (ca.corefacility.bioinformatics.irida.model.user.User)6
AuthenticationException (org.springframework.security.core.AuthenticationException)6
GrantedAuthority (org.springframework.security.core.GrantedAuthority)6
MidPointPrincipal (com.evolveum.midpoint.security.api.MidPointPrincipal)5
AnonymousAuthenticationToken (org.springframework.security.authentication.AnonymousAuthenticationToken)4
MidpointAuthentication (com.evolveum.midpoint.authentication.api.config.MidpointAuthentication)3
ModuleAuthentication (com.evolveum.midpoint.authentication.api.config.ModuleAuthentication)3
X509Certificate (java.security.cert.X509Certificate)3
ArrayList (java.util.ArrayList)3
KeycloakRole (org.keycloak.adapters.springsecurity.account.KeycloakRole)3
OrcidProfileUserDetails (org.orcid.core.oauth.OrcidProfileUserDetails)3
BadCredentialsException (org.springframework.security.authentication.BadCredentialsException)3
UsernamePasswordAuthenticationToken (org.springframework.security.authentication.UsernamePasswordAuthenticationToken)3
UsernameNotFoundException (org.springframework.security.core.userdetails.UsernameNotFoundException)3
PasswordAuthenticationContext (com.evolveum.midpoint.model.api.context.PasswordAuthenticationContext)2
