use of org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken in project spring-security-oauth by spring-projects.
the class OAuth2AuthenticationManagerTests method testDetailsEnhanced.
@Test
public void testDetailsEnhanced() throws Exception {
authentication.setDetails("DETAILS");
Mockito.when(tokenServices.loadAuthentication("FOO")).thenReturn(authentication);
PreAuthenticatedAuthenticationToken request = new PreAuthenticatedAuthenticationToken("FOO", "");
MockHttpServletRequest servletRequest = new MockHttpServletRequest();
servletRequest.setAttribute(OAuth2AuthenticationDetails.ACCESS_TOKEN_VALUE, "BAR");
OAuth2AuthenticationDetails details = new OAuth2AuthenticationDetails(servletRequest);
request.setDetails(details);
Authentication result = manager.authenticate(request);
assertEquals(authentication, result);
assertEquals("BAR", ((OAuth2AuthenticationDetails) result.getDetails()).getTokenValue());
assertEquals("DETAILS", ((OAuth2AuthenticationDetails) result.getDetails()).getDecodedDetails());
}
use of org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken in project midpoint by Evolveum.
the class SecurityEnforcerImpl method setupPreAuthenticatedSecurityContext.
@Override
public void setupPreAuthenticatedSecurityContext(PrismObject<UserType> user) throws SchemaException {
MidPointPrincipal principal;
if (userProfileService == null) {
LOGGER.warn("No user profile service set up in SecurityEnforcer. " + "This is OK in low-level tests but it is a serious problem in running system");
principal = new MidPointPrincipal(user.asObjectable());
} else {
principal = userProfileService.getPrincipal(user);
}
Authentication authentication = new PreAuthenticatedAuthenticationToken(principal, null);
setupPreAuthenticatedSecurityContext(authentication);
}
use of org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken in project midpoint by Evolveum.
the class SecurityEnforcerImpl method runPrivileged.
@Override
public <T> T runPrivileged(Producer<T> producer) {
LOGGER.debug("Running {} as privileged", producer);
Authentication origAuthentication = SecurityContextHolder.getContext().getAuthentication();
LOGGER.trace("ORIG auth {}", origAuthentication);
// Try to reuse the original identity as much as possible. All we need to is add AUTZ_ALL
// to the list of authorities
Authorization privilegedAuthorization = createPrivilegedAuthorization();
Object newPrincipal = null;
if (origAuthentication != null) {
Object origPrincipal = origAuthentication.getPrincipal();
if (origAuthentication instanceof AnonymousAuthenticationToken) {
newPrincipal = origPrincipal;
} else {
LOGGER.trace("ORIG principal {} ({})", origPrincipal, origPrincipal != null ? origPrincipal.getClass() : null);
if (origPrincipal != null) {
if (origPrincipal instanceof MidPointPrincipal) {
MidPointPrincipal newMidPointPrincipal = ((MidPointPrincipal) origPrincipal).clone();
newMidPointPrincipal.getAuthorities().add(privilegedAuthorization);
newPrincipal = newMidPointPrincipal;
}
}
}
Collection<GrantedAuthority> newAuthorities = new ArrayList<>();
newAuthorities.addAll(origAuthentication.getAuthorities());
newAuthorities.add(privilegedAuthorization);
PreAuthenticatedAuthenticationToken newAuthorization = new PreAuthenticatedAuthenticationToken(newPrincipal, null, newAuthorities);
LOGGER.trace("NEW auth {}", newAuthorization);
SecurityContextHolder.getContext().setAuthentication(newAuthorization);
} else {
LOGGER.debug("No original authentication, do NOT setting any privileged security context");
}
try {
return producer.run();
} finally {
SecurityContextHolder.getContext().setAuthentication(origAuthentication);
LOGGER.debug("Finished running {} as privileged", producer);
LOGGER.trace("Security context after privileged operation: {}", SecurityContextHolder.getContext());
}
}
use of org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken in project midpoint by Evolveum.
the class AuthenticationEvaluatorImpl method authenticateUserPreAuthenticated.
@Override
public PreAuthenticatedAuthenticationToken authenticateUserPreAuthenticated(ConnectionEnvironment connEnv, String enteredUsername) {
MidPointPrincipal principal = getAndCheckPrincipal(connEnv, enteredUsername, true);
// Authorizations
if (!hasAnyAuthorization(principal)) {
recordAuthenticationFailure(principal, connEnv, "no authorizations");
throw new AccessDeniedException("web.security.provider.access.denied");
}
PreAuthenticatedAuthenticationToken token = new PreAuthenticatedAuthenticationToken(principal, null, principal.getAuthorities());
recordAuthenticationSuccess(principal, connEnv);
return token;
}
use of org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken in project ORCID-Source by ORCID.
the class SocialController method signinHandler.
@RequestMapping(value = { "/access" }, method = RequestMethod.GET)
public ModelAndView signinHandler(HttpServletRequest request, HttpServletResponse response) {
SocialType connectionType = socialContext.isSignedIn(request, response);
if (connectionType != null) {
Map<String, String> userMap = retrieveUserDetails(connectionType);
String providerId = connectionType.value();
String userId = socialContext.getUserId();
UserconnectionEntity userConnectionEntity = userConnectionManager.findByProviderIdAndProviderUserId(userMap.get("providerUserId"), providerId);
if (userConnectionEntity != null) {
if (userConnectionEntity.isLinked()) {
ProfileEntity profile = profileEntityCacheManager.retrieve(userConnectionEntity.getOrcid());
if (profile.getUsing2FA()) {
return new ModelAndView("social_2FA");
}
UserconnectionPK pk = new UserconnectionPK(userId, providerId, userMap.get("providerUserId"));
String aCredentials = new StringBuffer(providerId).append(":").append(userMap.get("providerUserId")).toString();
PreAuthenticatedAuthenticationToken token = new PreAuthenticatedAuthenticationToken(userConnectionEntity.getOrcid(), aCredentials);
token.setDetails(getOrcidProfileUserDetails(userConnectionEntity.getOrcid()));
Authentication authentication = authenticationManager.authenticate(token);
userConnectionManager.updateLoginInformation(pk);
SecurityContextHolder.getContext().setAuthentication(authentication);
return new ModelAndView("redirect:" + calculateRedirectUrl(request, response));
} else {
ModelAndView mav = new ModelAndView();
mav.setViewName("social_link_signin");
mav.addObject("providerId", providerId);
mav.addObject("accountId", getAccountIdForDisplay(userMap));
mav.addObject("linkType", "social");
mav.addObject("emailId", (userMap.get("email") == null) ? "" : userMap.get("email"));
mav.addObject("firstName", (userMap.get("firstName") == null) ? "" : userMap.get("firstName"));
mav.addObject("lastName", (userMap.get("lastName") == null) ? "" : userMap.get("lastName"));
return mav;
}
} else {
throw new UsernameNotFoundException("Could not find an orcid account associated with the email id.");
}
} else {
throw new UsernameNotFoundException("Could not find an orcid account associated with the email id.");
}
}
Aggregations