Examples with HttpSessionSecurityContextRepository org.springframework.security.web.context.HttpSessionSecurityContextRepository used on opensource projects

Search in sources :

Example 6 with HttpSessionSecurityContextRepository

use of org.springframework.security.web.context.HttpSessionSecurityContextRepository in project motech by motech.

the class SecurityRuleBuilder method addFilters.

private List<Filter> addFilters(MotechURLSecurityRule securityRule) throws ServletException {
    List<Filter> filters = new ArrayList<>();
    SecurityContextRepository contextRepository = new HttpSessionSecurityContextRepository();
    RequestCache requestCache = new HttpSessionRequestCache();
    addSecureChannel(filters, securityRule.getProtocol());
    addSecurityContextPersistenceFilter(filters, contextRepository);
    addLogoutFilter(filters, securityRule);
    addAuthenticationFilters(filters, securityRule);
    addRequestCacheFilter(filters, requestCache);
    addSecurityContextHolderAwareRequestFilter(filters);
    addAnonymousAuthenticationFilter(filters);
    addSessionManagementFilter(filters, contextRepository);
    addExceptionTranslationFilter(filters, requestCache, securityRule.isRest());
    addFilterSecurityInterceptor(filters, securityRule);
    return filters;
}
Also used : HttpSessionSecurityContextRepository(org.springframework.security.web.context.HttpSessionSecurityContextRepository) OpenIDAuthenticationFilter(org.springframework.security.openid.OpenIDAuthenticationFilter) SessionManagementFilter(org.springframework.security.web.session.SessionManagementFilter) Filter(javax.servlet.Filter) ChannelProcessingFilter(org.springframework.security.web.access.channel.ChannelProcessingFilter) ExceptionTranslationFilter(org.springframework.security.web.access.ExceptionTranslationFilter) UsernamePasswordAuthenticationFilter(org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter) SecurityContextPersistenceFilter(org.springframework.security.web.context.SecurityContextPersistenceFilter) LogoutFilter(org.springframework.security.web.authentication.logout.LogoutFilter) AnonymousAuthenticationFilter(org.springframework.security.web.authentication.AnonymousAuthenticationFilter) BasicAuthenticationFilter(org.springframework.security.web.authentication.www.BasicAuthenticationFilter) SecurityContextHolderAwareRequestFilter(org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter) RequestCacheAwareFilter(org.springframework.security.web.savedrequest.RequestCacheAwareFilter) HttpSessionRequestCache(org.springframework.security.web.savedrequest.HttpSessionRequestCache) RequestCache(org.springframework.security.web.savedrequest.RequestCache) HttpSessionRequestCache(org.springframework.security.web.savedrequest.HttpSessionRequestCache) ArrayList(java.util.ArrayList) HttpSessionSecurityContextRepository(org.springframework.security.web.context.HttpSessionSecurityContextRepository) SecurityContextRepository(org.springframework.security.web.context.SecurityContextRepository)

Example 7 with HttpSessionSecurityContextRepository

use of org.springframework.security.web.context.HttpSessionSecurityContextRepository in project jenkins by jenkinsci.

the class SecurityRealm method createFilter.

/**
 * Creates {@link Filter} that all the incoming HTTP requests will go through
 * for authentication.
 *
 * <p>
 * The default implementation uses {@link #getSecurityComponents()} and builds
 * a standard filter chain.
 * But subclasses can override this to completely change the filter sequence.
 *
 * <p>
 * For other plugins that want to contribute {@link Filter}, see
 * {@link PluginServletFilter}.
 *
 * @since 1.271
 */
public Filter createFilter(FilterConfig filterConfig) {
    LOGGER.entering(SecurityRealm.class.getName(), "createFilter");
    SecurityComponents sc = getSecurityComponents();
    List<Filter> filters = new ArrayList<>();
    {
        HttpSessionSecurityContextRepository httpSessionSecurityContextRepository = new HttpSessionSecurityContextRepository();
        httpSessionSecurityContextRepository.setAllowSessionCreation(false);
        filters.add(new HttpSessionContextIntegrationFilter2(httpSessionSecurityContextRepository));
    }
    {
        // if any "Authorization: Basic xxx:yyy" is sent this is the filter that processes it
        BasicHeaderProcessor bhp = new BasicHeaderProcessor();
        // if basic authentication fails (which only happens incorrect basic auth credential is sent),
        // respond with 401 with basic auth request, instead of redirecting the user to the login page,
        // since users of basic auth tends to be a program and won't see the redirection to the form
        // page as a failure
        BasicAuthenticationEntryPoint basicAuthenticationEntryPoint = new BasicAuthenticationEntryPoint();
        basicAuthenticationEntryPoint.setRealmName("Jenkins");
        bhp.setAuthenticationEntryPoint(basicAuthenticationEntryPoint);
        bhp.setRememberMeServices(sc.rememberMe2);
        filters.add(bhp);
    }
    {
        AuthenticationProcessingFilter2 apf = new AuthenticationProcessingFilter2(getAuthenticationGatewayUrl());
        apf.setAuthenticationManager(sc.manager2);
        if (SystemProperties.getInteger(SecurityRealm.class.getName() + ".sessionFixationProtectionMode", 1) == 1) {
            // By default, use the 'canonical' protection from Spring Security; see AuthenticationProcessingFilter2#successfulAuthentication for alternative
            apf.setSessionAuthenticationStrategy(new SessionFixationProtectionStrategy());
        }
        apf.setRememberMeServices(sc.rememberMe2);
        final AuthenticationSuccessHandler successHandler = new AuthenticationSuccessHandler();
        successHandler.setTargetUrlParameter("from");
        apf.setAuthenticationSuccessHandler(successHandler);
        apf.setAuthenticationFailureHandler(new SimpleUrlAuthenticationFailureHandler("/loginError"));
        filters.add(apf);
    }
    filters.add(new RememberMeAuthenticationFilter(sc.manager2, sc.rememberMe2));
    filters.addAll(commonFilters());
    return new ChainedServletFilter(filters);
}
Also used : AuthenticationSuccessHandler(jenkins.security.AuthenticationSuccessHandler) RememberMeAuthenticationFilter(org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter) ArrayList(java.util.ArrayList) BasicHeaderProcessor(jenkins.security.BasicHeaderProcessor) BasicAuthenticationEntryPoint(org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint) HttpSessionSecurityContextRepository(org.springframework.security.web.context.HttpSessionSecurityContextRepository) Filter(javax.servlet.Filter) AcegiSecurityExceptionFilter(jenkins.security.AcegiSecurityExceptionFilter) RememberMeAuthenticationFilter(org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter) ExceptionTranslationFilter(org.springframework.security.web.access.ExceptionTranslationFilter) PluginServletFilter(hudson.util.PluginServletFilter) AnonymousAuthenticationFilter(org.springframework.security.web.authentication.AnonymousAuthenticationFilter) SessionFixationProtectionStrategy(org.springframework.security.web.authentication.session.SessionFixationProtectionStrategy) SimpleUrlAuthenticationFailureHandler(org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler)

Example 8 with HttpSessionSecurityContextRepository

use of org.springframework.security.web.context.HttpSessionSecurityContextRepository in project midpoint by Evolveum.

the class MidpointWebSecurityConfigurerAdapter method createSessionContextRepository.

private void createSessionContextRepository(HttpSecurity http) {
    HttpSessionSecurityContextRepository httpSecurityRepository = new HttpSessionSecurityContextRepository() {

        @Override
        public void saveContext(SecurityContext context, HttpServletRequest request, HttpServletResponse response) {
            if (!AuthSequenceUtil.isRecordSessionLessAccessChannel(request)) {
                super.saveContext(context, request, response);
            }
        }

        @Override
        protected SecurityContext generateNewContext() {
            return new MidpointSecurityContext(super.generateNewContext());
        }
    };
    httpSecurityRepository.setDisableUrlRewriting(true);
    AuthenticationTrustResolver trustResolver = http.getSharedObject(AuthenticationTrustResolver.class);
    if (trustResolver != null) {
        httpSecurityRepository.setTrustResolver(trustResolver);
    }
    http.setSharedObject(SecurityContextRepository.class, httpSecurityRepository);
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) MidpointSecurityContext(com.evolveum.midpoint.authentication.impl.MidpointSecurityContext) HttpSessionSecurityContextRepository(org.springframework.security.web.context.HttpSessionSecurityContextRepository) MidpointSecurityContext(com.evolveum.midpoint.authentication.impl.MidpointSecurityContext) SecurityContext(org.springframework.security.core.context.SecurityContext) HttpServletResponse(javax.servlet.http.HttpServletResponse) AuthenticationTrustResolver(org.springframework.security.authentication.AuthenticationTrustResolver)

Example 9 with HttpSessionSecurityContextRepository

use of org.springframework.security.web.context.HttpSessionSecurityContextRepository in project spring-authorization-server by spring-projects.

the class OAuth2AuthorizationCodeGrantTests method init.

@BeforeClass
public static void init() {
    JWKSet jwkSet = new JWKSet(TestJwks.DEFAULT_RSA_JWK);
    jwkSource = (jwkSelector, securityContext) -> jwkSelector.select(jwkSet);
    jwtEncoder = new NimbusJwsEncoder(jwkSource);
    providerSettings = ProviderSettings.builder().authorizationEndpoint("/test/authorize").tokenEndpoint("/test/token").build();
    authorizationRequestConverter = mock(AuthenticationConverter.class);
    authorizationRequestAuthenticationProvider = mock(AuthenticationProvider.class);
    authorizationResponseHandler = mock(AuthenticationSuccessHandler.class);
    authorizationErrorResponseHandler = mock(AuthenticationFailureHandler.class);
    securityContextRepository = spy(new HttpSessionSecurityContextRepository());
    db = new EmbeddedDatabaseBuilder().generateUniqueName(true).setType(EmbeddedDatabaseType.HSQL).setScriptEncoding("UTF-8").addScript("org/springframework/security/oauth2/server/authorization/oauth2-authorization-schema.sql").addScript("org/springframework/security/oauth2/server/authorization/oauth2-authorization-consent-schema.sql").addScript("org/springframework/security/oauth2/server/authorization/client/oauth2-registered-client-schema.sql").build();
}
Also used : AuthenticationConverter(org.springframework.security.web.authentication.AuthenticationConverter) AuthenticationSuccessHandler(org.springframework.security.web.authentication.AuthenticationSuccessHandler) HttpSessionSecurityContextRepository(org.springframework.security.web.context.HttpSessionSecurityContextRepository) JWKSet(com.nimbusds.jose.jwk.JWKSet) EmbeddedDatabaseBuilder(org.springframework.jdbc.datasource.embedded.EmbeddedDatabaseBuilder) OAuth2AuthorizationCodeRequestAuthenticationProvider(org.springframework.security.oauth2.server.authorization.authentication.OAuth2AuthorizationCodeRequestAuthenticationProvider) AuthenticationProvider(org.springframework.security.authentication.AuthenticationProvider) NimbusJwsEncoder(org.springframework.security.oauth2.jwt.NimbusJwsEncoder) AuthenticationFailureHandler(org.springframework.security.web.authentication.AuthenticationFailureHandler) BeforeClass(org.junit.BeforeClass)

Example 10 with HttpSessionSecurityContextRepository

use of org.springframework.security.web.context.HttpSessionSecurityContextRepository in project spring-security by spring-projects.

the class WebTestUtils method getSecurityContextRepository.

/**
 * Gets the {@link SecurityContextRepository} for the specified
 * {@link HttpServletRequest}. If one is not found, a default
 * {@link HttpSessionSecurityContextRepository} is used.
 * @param request the {@link HttpServletRequest} to obtain the
 * {@link SecurityContextRepository}
 * @return the {@link SecurityContextRepository} for the specified
 * {@link HttpServletRequest}
 */
public static SecurityContextRepository getSecurityContextRepository(HttpServletRequest request) {
    SecurityContextPersistenceFilter filter = findFilter(request, SecurityContextPersistenceFilter.class);
    if (filter != null) {
        return (SecurityContextRepository) ReflectionTestUtils.getField(filter, "repo");
    }
    SecurityContextHolderFilter holderFilter = findFilter(request, SecurityContextHolderFilter.class);
    if (holderFilter != null) {
        return (SecurityContextRepository) ReflectionTestUtils.getField(holderFilter, "securityContextRepository");
    }
    return DEFAULT_CONTEXT_REPO;
}
Also used : HttpSessionSecurityContextRepository(org.springframework.security.web.context.HttpSessionSecurityContextRepository) SecurityContextRepository(org.springframework.security.web.context.SecurityContextRepository) SecurityContextHolderFilter(org.springframework.security.web.context.SecurityContextHolderFilter) SecurityContextPersistenceFilter(org.springframework.security.web.context.SecurityContextPersistenceFilter)

Aggregations

HttpSessionSecurityContextRepository (org.springframework.security.web.context.HttpSessionSecurityContextRepository)11 HttpRequestResponseHolder (org.springframework.security.web.context.HttpRequestResponseHolder)4 SecurityContextRepository (org.springframework.security.web.context.SecurityContextRepository)4 HttpServletRequest (javax.servlet.http.HttpServletRequest)3 SecurityContext (org.springframework.security.core.context.SecurityContext)3 SecurityContextPersistenceFilter (org.springframework.security.web.context.SecurityContextPersistenceFilter)3 ArrayList (java.util.ArrayList)2 Filter (javax.servlet.Filter)2 HttpServletResponse (javax.servlet.http.HttpServletResponse)2 AuthenticationTrustResolver (org.springframework.security.authentication.AuthenticationTrustResolver)2 SecurityContextImpl (org.springframework.security.core.context.SecurityContextImpl)2 ExceptionTranslationFilter (org.springframework.security.web.access.ExceptionTranslationFilter)2 AnonymousAuthenticationFilter (org.springframework.security.web.authentication.AnonymousAuthenticationFilter)2 SecurityContextHolderFilter (org.springframework.security.web.context.SecurityContextHolderFilter)2 RequestCache (org.springframework.security.web.savedrequest.RequestCache)2 MidpointSecurityContext (com.evolveum.midpoint.authentication.impl.MidpointSecurityContext)1 JWKSet (com.nimbusds.jose.jwk.JWKSet)1 PluginServletFilter (hudson.util.PluginServletFilter)1 Filter (jakarta.servlet.Filter)1 ServletRequest (javax.servlet.ServletRequest)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial