Example 1 with PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails
use of org.springframework.security.web.authentication.preauth.PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails in project syndesis by syndesisio.
the class SecurityConfiguration method requestHeaderAuthenticationFilter.
@SuppressWarnings("PMD.SignatureDeclareThrowsException")
private RequestHeaderAuthenticationFilter requestHeaderAuthenticationFilter() throws Exception {
RequestHeaderAuthenticationFilter f = new RequestHeaderAuthenticationFilter();
f.setPrincipalRequestHeader("X-Forwarded-User");
f.setCredentialsRequestHeader("X-Forwarded-Access-Token");
f.setAuthenticationManager(authenticationManager());
f.setAuthenticationDetailsSource((AuthenticationDetailsSource<HttpServletRequest, PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails>) (request) -> new PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails(request, AuthorityUtils.createAuthorityList("ROLE_AUTHENTICATED")));
f.setAuthenticationFailureHandler(new SimpleUrlAuthenticationFailureHandler());
f.setExceptionIfHeaderMissing(false);
return f;
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
AnonymousAuthenticationFilter(org.springframework.security.web.authentication.AnonymousAuthenticationFilter)
PreAuthenticatedAuthenticationProvider(org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider)
AuthenticationManager(org.springframework.security.authentication.AuthenticationManager)
HttpMethod(org.springframework.http.HttpMethod)
AuthenticationProvider(org.springframework.security.authentication.AuthenticationProvider)
HttpSecurity(org.springframework.security.config.annotation.web.builders.HttpSecurity)
Profile(org.springframework.context.annotation.Profile)
PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails(org.springframework.security.web.authentication.preauth.PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails)
RequestHeaderAuthenticationFilter(org.springframework.security.web.authentication.preauth.RequestHeaderAuthenticationFilter)
Configuration(org.springframework.context.annotation.Configuration)
WebSecurityConfigurerAdapter(org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
AuthenticationManagerBuilder(org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder)
EnableWebSecurity(org.springframework.security.config.annotation.web.configuration.EnableWebSecurity)
AuthenticationDetailsSource(org.springframework.security.authentication.AuthenticationDetailsSource)
SessionCreationPolicy(org.springframework.security.config.http.SessionCreationPolicy)
SimpleUrlAuthenticationFailureHandler(org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler)
Bean(org.springframework.context.annotation.Bean)
AuthorityUtils(org.springframework.security.core.authority.AuthorityUtils)
PreAuthenticatedGrantedAuthoritiesUserDetailsService(org.springframework.security.web.authentication.preauth.PreAuthenticatedGrantedAuthoritiesUserDetailsService)
RequestHeaderAuthenticationFilter(org.springframework.security.web.authentication.preauth.RequestHeaderAuthenticationFilter)
PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails(org.springframework.security.web.authentication.preauth.PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails)
SimpleUrlAuthenticationFailureHandler(org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler)
Example 2 with PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails
use of org.springframework.security.web.authentication.preauth.PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails in project spring-security by spring-projects.
the class J2eeBasedPreAuthenticatedWebAuthenticationDetailsSourceTests method testDetails.
private void testDetails(String[] mappedRoles, String[] userRoles, String[] expectedRoles) {
J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource src = getJ2eeBasedPreAuthenticatedWebAuthenticationDetailsSource(mappedRoles);
Object o = src.buildDetails(getRequest("testUser", userRoles));
assertThat(o).isNotNull();
assertThat(o instanceof PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails).withFailMessage("Returned object not of type PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails, actual type: " + o.getClass()).isTrue();
PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails details = (PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails) o;
List<GrantedAuthority> gas = details.getGrantedAuthorities();
assertThat(gas).as("Granted authorities should not be null").isNotNull();
assertThat(gas).hasSize(expectedRoles.length);
Collection<String> expectedRolesColl = Arrays.asList(expectedRoles);
Collection<String> gasRolesSet = new HashSet<>();
for (GrantedAuthority grantedAuthority : gas) {
gasRolesSet.add(grantedAuthority.getAuthority());
}
assertThat(expectedRolesColl.containsAll(gasRolesSet) && gasRolesSet.containsAll(expectedRolesColl)).withFailMessage("Granted Authorities do not match expected roles").isTrue();
}
Also used :
PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails(org.springframework.security.web.authentication.preauth.PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails)
GrantedAuthority(org.springframework.security.core.GrantedAuthority)
HashSet(java.util.HashSet)
Example 3 with PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails
use of org.springframework.security.web.authentication.preauth.PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails in project cas by apereo.
the class PopulateSpringSecurityContextAction method doExecute.
@Override
protected Event doExecute(final RequestContext requestContext) {
val authn = WebUtils.getAuthentication(requestContext);
val principal = resolvePrincipal(authn.getPrincipal());
val request = WebUtils.getHttpServletRequestFromExternalWebflowContext(requestContext);
val authorities = principal.getAttributes().keySet().stream().map(SimpleGrantedAuthority::new).collect(Collectors.toList());
val secAuth = new PreAuthenticatedAuthenticationToken(principal, authn.getCredentials(), authorities);
secAuth.setAuthenticated(true);
secAuth.setDetails(new PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails(request, authorities));
val context = SecurityContextHolder.getContext();
context.setAuthentication(secAuth);
val session = request.getSession(true);
LOGGER.trace("Storing security context in session [{}] for [{}]", session.getId(), principal);
session.setAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY, context);
return null;
}
Also used :
lombok.val(lombok.val)
PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails(org.springframework.security.web.authentication.preauth.PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails)
PreAuthenticatedAuthenticationToken(org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken)
Example 4 with PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails
use of org.springframework.security.web.authentication.preauth.PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails in project spring-security by spring-projects.
the class J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource method buildDetails.
/**
* Builds the authentication details object.
*
* @see org.springframework.security.authentication.AuthenticationDetailsSource#buildDetails(Object)
*/
public PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails buildDetails(HttpServletRequest context) {
Collection<String> j2eeUserRoles = getUserRoles(context);
Collection<? extends GrantedAuthority> userGas = j2eeUserRoles2GrantedAuthoritiesMapper.getGrantedAuthorities(j2eeUserRoles);
if (logger.isDebugEnabled()) {
logger.debug("J2EE roles [" + j2eeUserRoles + "] mapped to Granted Authorities: [" + userGas + "]");
}
PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails result = new PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails(context, userGas);
return result;
}
Also used :
PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails(org.springframework.security.web.authentication.preauth.PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails)
Aggregations
PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails (org.springframework.security.web.authentication.preauth.PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails)4
HashSet (java.util.HashSet)1
HttpServletRequest (javax.servlet.http.HttpServletRequest)1
lombok.val (lombok.val)1
Bean (org.springframework.context.annotation.Bean)1
Configuration (org.springframework.context.annotation.Configuration)1
Profile (org.springframework.context.annotation.Profile)1
HttpMethod (org.springframework.http.HttpMethod)1
AuthenticationDetailsSource (org.springframework.security.authentication.AuthenticationDetailsSource)1
AuthenticationManager (org.springframework.security.authentication.AuthenticationManager)1
AuthenticationProvider (org.springframework.security.authentication.AuthenticationProvider)1
AuthenticationManagerBuilder (org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder)1
HttpSecurity (org.springframework.security.config.annotation.web.builders.HttpSecurity)1
EnableWebSecurity (org.springframework.security.config.annotation.web.configuration.EnableWebSecurity)1
WebSecurityConfigurerAdapter (org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter)1
SessionCreationPolicy (org.springframework.security.config.http.SessionCreationPolicy)1
GrantedAuthority (org.springframework.security.core.GrantedAuthority)1
AuthorityUtils (org.springframework.security.core.authority.AuthorityUtils)1
AnonymousAuthenticationFilter (org.springframework.security.web.authentication.AnonymousAuthenticationFilter)1
SimpleUrlAuthenticationFailureHandler (org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler)1
