Examples with SessionAuthenticationStrategy org.springframework.security.web.authentication.session.SessionAuthenticationStrategy used on opensource projects

Search in sources :

Example 1 with SessionAuthenticationStrategy

use of org.springframework.security.web.authentication.session.SessionAuthenticationStrategy in project ma-core-public by infiniteautomation.

the class JsonLoginConfigurer method configure.

@Override
public void configure(HttpSecurity http) throws Exception {
    authFilter.setAuthenticationManager(http.getSharedObject(AuthenticationManager.class));
    authFilter.setAuthenticationSuccessHandler(successHandler);
    authFilter.setAuthenticationFailureHandler(failureHandler);
    if (authenticationDetailsSource != null) {
        authFilter.setAuthenticationDetailsSource(authenticationDetailsSource);
    }
    SessionAuthenticationStrategy sessionAuthenticationStrategy = http.getSharedObject(SessionAuthenticationStrategy.class);
    if (sessionAuthenticationStrategy != null) {
        authFilter.setSessionAuthenticationStrategy(sessionAuthenticationStrategy);
    }
    RememberMeServices rememberMeServices = http.getSharedObject(RememberMeServices.class);
    if (rememberMeServices != null) {
        authFilter.setRememberMeServices(rememberMeServices);
    }
    JsonUsernamePasswordAuthenticationFilter filter = postProcess(authFilter);
    http.addFilterBefore(filter, UsernamePasswordAuthenticationFilter.class);
}
Also used : AuthenticationManager(org.springframework.security.authentication.AuthenticationManager) SessionAuthenticationStrategy(org.springframework.security.web.authentication.session.SessionAuthenticationStrategy) RememberMeServices(org.springframework.security.web.authentication.RememberMeServices)

Example 2 with SessionAuthenticationStrategy

use of org.springframework.security.web.authentication.session.SessionAuthenticationStrategy in project spring-security by spring-projects.

the class SessionManagementConfigTests method extractSessionRegistry.

private SessionRegistry extractSessionRegistry(UsernamePasswordAuthenticationFilter filter) {
    SessionAuthenticationStrategy strategy = getFieldValue(filter, "sessionStrategy");
    List<SessionAuthenticationStrategy> strategies = getFieldValue(strategy, "delegateStrategies");
    return getFieldValue(strategies.get(0), "sessionRegistry");
}
Also used : SessionAuthenticationStrategy(org.springframework.security.web.authentication.session.SessionAuthenticationStrategy)

Example 3 with SessionAuthenticationStrategy

use of org.springframework.security.web.authentication.session.SessionAuthenticationStrategy in project spring-security by spring-projects.

the class SessionManagementFilterTests method strategyIsInvokedIfUserIsNewlyAuthenticated.

@Test
public void strategyIsInvokedIfUserIsNewlyAuthenticated() throws Exception {
    SecurityContextRepository repo = mock(SecurityContextRepository.class);
    // repo will return false to containsContext()
    SessionAuthenticationStrategy strategy = mock(SessionAuthenticationStrategy.class);
    SessionManagementFilter filter = new SessionManagementFilter(repo, strategy);
    HttpServletRequest request = new MockHttpServletRequest();
    authenticateUser();
    filter.doFilter(request, new MockHttpServletResponse(), new MockFilterChain());
    verify(strategy).onAuthentication(any(Authentication.class), any(HttpServletRequest.class), any(HttpServletResponse.class));
    // Check that it is only applied once to the request
    filter.doFilter(request, new MockHttpServletResponse(), new MockFilterChain());
    verifyNoMoreInteractions(strategy);
}
Also used : HttpServletRequest(jakarta.servlet.http.HttpServletRequest) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) SessionAuthenticationStrategy(org.springframework.security.web.authentication.session.SessionAuthenticationStrategy) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) Authentication(org.springframework.security.core.Authentication) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) HttpServletResponse(jakarta.servlet.http.HttpServletResponse) SecurityContextRepository(org.springframework.security.web.context.SecurityContextRepository) MockFilterChain(org.springframework.mock.web.MockFilterChain) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) Test(org.junit.jupiter.api.Test)

Example 4 with SessionAuthenticationStrategy

use of org.springframework.security.web.authentication.session.SessionAuthenticationStrategy in project spring-security by spring-projects.

the class SessionManagementFilterTests method strategyIsNotInvokedIfSecurityContextAlreadyExistsForRequest.

@Test
public void strategyIsNotInvokedIfSecurityContextAlreadyExistsForRequest() throws Exception {
    SecurityContextRepository repo = mock(SecurityContextRepository.class);
    SessionAuthenticationStrategy strategy = mock(SessionAuthenticationStrategy.class);
    // mock that repo contains a security context
    given(repo.containsContext(any(HttpServletRequest.class))).willReturn(true);
    SessionManagementFilter filter = new SessionManagementFilter(repo, strategy);
    HttpServletRequest request = new MockHttpServletRequest();
    authenticateUser();
    filter.doFilter(request, new MockHttpServletResponse(), new MockFilterChain());
    verifyZeroInteractions(strategy);
}
Also used : HttpServletRequest(jakarta.servlet.http.HttpServletRequest) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) SessionAuthenticationStrategy(org.springframework.security.web.authentication.session.SessionAuthenticationStrategy) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) SecurityContextRepository(org.springframework.security.web.context.SecurityContextRepository) MockFilterChain(org.springframework.mock.web.MockFilterChain) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) Test(org.junit.jupiter.api.Test)

Example 5 with SessionAuthenticationStrategy

use of org.springframework.security.web.authentication.session.SessionAuthenticationStrategy in project spring-security by spring-projects.

the class SessionManagementFilterTests method strategyFailureInvokesFailureHandler.

@Test
public void strategyFailureInvokesFailureHandler() throws Exception {
    SecurityContextRepository repo = mock(SecurityContextRepository.class);
    // repo will return false to containsContext()
    SessionAuthenticationStrategy strategy = mock(SessionAuthenticationStrategy.class);
    AuthenticationFailureHandler failureHandler = mock(AuthenticationFailureHandler.class);
    SessionManagementFilter filter = new SessionManagementFilter(repo, strategy);
    filter.setAuthenticationFailureHandler(failureHandler);
    HttpServletRequest request = new MockHttpServletRequest();
    HttpServletResponse response = new MockHttpServletResponse();
    FilterChain fc = mock(FilterChain.class);
    authenticateUser();
    SessionAuthenticationException exception = new SessionAuthenticationException("Failure");
    willThrow(exception).given(strategy).onAuthentication(SecurityContextHolder.getContext().getAuthentication(), request, response);
    filter.doFilter(request, response, fc);
    verifyZeroInteractions(fc);
    verify(failureHandler).onAuthenticationFailure(request, response, exception);
}
Also used : HttpServletRequest(jakarta.servlet.http.HttpServletRequest) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) SessionAuthenticationException(org.springframework.security.web.authentication.session.SessionAuthenticationException) SessionAuthenticationStrategy(org.springframework.security.web.authentication.session.SessionAuthenticationStrategy) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) MockFilterChain(org.springframework.mock.web.MockFilterChain) FilterChain(jakarta.servlet.FilterChain) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) HttpServletResponse(jakarta.servlet.http.HttpServletResponse) SecurityContextRepository(org.springframework.security.web.context.SecurityContextRepository) AuthenticationFailureHandler(org.springframework.security.web.authentication.AuthenticationFailureHandler) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) Test(org.junit.jupiter.api.Test)

Aggregations

SessionAuthenticationStrategy (org.springframework.security.web.authentication.session.SessionAuthenticationStrategy)11 Test (org.junit.jupiter.api.Test)6 MockFilterChain (org.springframework.mock.web.MockFilterChain)6 MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)6 MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)6 SecurityContextRepository (org.springframework.security.web.context.SecurityContextRepository)6 HttpServletRequest (jakarta.servlet.http.HttpServletRequest)4 FilterChain (jakarta.servlet.FilterChain)3 HttpServletResponse (jakarta.servlet.http.HttpServletResponse)2 AuthenticationManager (org.springframework.security.authentication.AuthenticationManager)2 RememberMeServices (org.springframework.security.web.authentication.RememberMeServices)2 Authentication (org.springframework.security.core.Authentication)1 SessionRegistry (org.springframework.security.core.session.SessionRegistry)1 PortMapper (org.springframework.security.web.PortMapper)1 AuthenticationFailureHandler (org.springframework.security.web.authentication.AuthenticationFailureHandler)1 CompositeSessionAuthenticationStrategy (org.springframework.security.web.authentication.session.CompositeSessionAuthenticationStrategy)1 ConcurrentSessionControlAuthenticationStrategy (org.springframework.security.web.authentication.session.ConcurrentSessionControlAuthenticationStrategy)1 RegisterSessionAuthenticationStrategy (org.springframework.security.web.authentication.session.RegisterSessionAuthenticationStrategy)1 SessionAuthenticationException (org.springframework.security.web.authentication.session.SessionAuthenticationException)1 RequestCache (org.springframework.security.web.savedrequest.RequestCache)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial