org.springframework.security.web.context.HttpRequestResponseHolder Java Examples

The following examples show how to use org.springframework.security.web.context.HttpRequestResponseHolder. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: LDSecurityContextRepository.java    From document-management-software with GNU Lesser General Public License v3.0 6 votes vote down vote up
@Override
public SecurityContext loadContext(HttpRequestResponseHolder request) {
	String sid = SessionManager.get().getSessionId(request.getRequest());
	if (sid == null || !SessionManager.get().isOpen(sid))
		sid = null;

	if (sid == null)
		return SecurityContextHolder.createEmptyContext();

	Session session = SessionManager.get().get(sid);

	LDAuthenticationToken token = new LDAuthenticationToken(session.getUsername(), "", null);
	token.setSid(sid);

	SecurityContextImpl context = new SecurityContextImpl();
	context.setAuthentication(token);

	HttpSession servletSession = request.getRequest().getSession(false);
	if (servletSession != null)
		servletSessionMapping.put(sid, servletSession);

	return context;
}
 
Example #2
Source File: RedisSecurityContextRepository.java    From onetwo with Apache License 2.0 6 votes vote down vote up
@Override
public SecurityContext loadContext(HttpRequestResponseHolder requestResponseHolder) {
	HttpServletRequest request = requestResponseHolder.getRequest();
	HttpServletResponse response = requestResponseHolder.getResponse();
	HttpSession httpSession = request.getSession(false);
	
	String sid = this.getSessionId(request, true);
	SecurityContext context = readSecurityContextFromSession(request);
	if (context == null) {
		context = SecurityContextHolder.createEmptyContext();
	}

	SaveToSessionResponseWrapper wrappedResponse = new SaveToSessionResponseWrapper(
			response, request, httpSession != null, context, sid);
	requestResponseHolder.setResponse(wrappedResponse);

	if (isServlet3) {
		requestResponseHolder.setRequest(new Servlet3SaveToSessionRequestWrapper(request, wrappedResponse));
	}
	
	return context;
}
 
Example #3
Source File: JwtSecurityContextRepository.java    From onetwo with Apache License 2.0 6 votes vote down vote up
@Override
public SecurityContext loadContext(HttpRequestResponseHolder requestResponseHolder) {
	/*HttpServletRequest request = WebHolder.getRequest().get();
	String url = request.getMethod() + "|" + request.getRequestURL();
	System.out.println("url:" +url);*/
	String token = authStore.getToken(requestResponseHolder.getRequest(), authHeaderName);

	if(logger.isDebugEnabled()){
		logger.debug("load context user token : {}", token);
	}
	
	if(StringUtils.isBlank(token)){
		return SecurityContextHolder.createEmptyContext();
	}
	
	SecurityContext context = SecurityContextHolder.getContext();
	Authentication authentication = null;
	try {
		authentication = jwtTokenService.createAuthentication(token);
	} catch(CredentialsExpiredException e){
		cookieStorer.clear(requestResponseHolder.getRequest(), requestResponseHolder.getResponse(), authHeaderName);
	}
	if(authentication!=null){
		context.setAuthentication(authentication);
	}
	
	return context;
}
 
Example #4
Source File: TokenAwareSecurityContextRepositoryTest.java    From molgenis with GNU Lesser General Public License v3.0 5 votes vote down vote up
@Test
void testLoadContextTokenRequest() {
  MockHttpServletRequest request = new MockHttpServletRequest();
  request.setParameter("molgenis-token", "my_token");
  MockHttpServletResponse response = new MockHttpServletResponse();
  HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request, response);
  SecurityContext securityContext = mock(SecurityContext.class);
  when(tokenSecurityContextRepository.loadContext(holder)).thenReturn(securityContext);
  assertEquals(securityContext, tokenAwareSecurityContextRepository.loadContext(holder));
}
 
Example #5
Source File: TokenAwareSecurityContextRepositoryTest.java    From molgenis with GNU Lesser General Public License v3.0 5 votes vote down vote up
@Test
void testLoadContext() {
  MockHttpServletRequest request = new MockHttpServletRequest();
  MockHttpServletResponse response = new MockHttpServletResponse();
  HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request, response);
  SecurityContext securityContext = mock(SecurityContext.class);
  when(defaultSecurityContextRepository.loadContext(holder)).thenReturn(securityContext);
  assertEquals(securityContext, tokenAwareSecurityContextRepository.loadContext(holder));
}
 
Example #6
Source File: CachedSecurityContextRepository.java    From lemon with Apache License 2.0 5 votes vote down vote up
public SecurityContext loadContext(
        HttpRequestResponseHolder requestResponseHolder) {
    SecurityContext securityContext = super
            .loadContext(requestResponseHolder);

    if (securityContext == null) {
        logger.debug("securityContext is null");

        return null;
    }

    if (debug) {
        return securityContext;
    }

    try {
        SpringSecurityUserAuth userAuthInSession = SpringSecurityUtils
                .getCurrentUser(securityContext);

        if (userAuthInSession == null) {
            logger.debug("userAuthInSession is null");

            return securityContext;
        }

        UserAuthDTO userAuthInCache = authzClient.findById(
                userAuthInSession.getId(), userAuthInSession.getTenantId());

        SpringSecurityUserAuth userAuthResult = new SpringSecurityUserAuth();
        beanMapper.copy(userAuthInCache, userAuthResult);

        SpringSecurityUtils.saveUserDetailsToContext(userAuthResult, null,
                securityContext);
    } catch (Exception ex) {
        logger.error(ex.getMessage(), ex);
    }

    return securityContext;
}
 
Example #7
Source File: LdapSecurityRequestPostProcessors.java    From maven-framework-project with MIT License 5 votes vote down vote up
final void save(SecurityContext securityContext, HttpServletRequest request) {
	HttpServletResponse response = new MockHttpServletResponse();

	HttpRequestResponseHolder requestResponseHolder = new HttpRequestResponseHolder(request, response);
	this.repository.loadContext(requestResponseHolder);

	request = requestResponseHolder.getRequest();
	response = requestResponseHolder.getResponse();

	this.repository.saveContext(securityContext, request, response);
}
 
Example #8
Source File: SecurityRequestPostProcessors.java    From maven-framework-project with MIT License 5 votes vote down vote up
final void save(SecurityContext securityContext, HttpServletRequest request) {
	HttpServletResponse response = new MockHttpServletResponse();

	HttpRequestResponseHolder requestResponseHolder = new HttpRequestResponseHolder(request, response);
	this.repository.loadContext(requestResponseHolder);

	request = requestResponseHolder.getRequest();
	response = requestResponseHolder.getResponse();

	this.repository.saveContext(securityContext, request, response);
}
 
Example #9
Source File: LoginController.java    From microservices-event-sourcing with Apache License 2.0 5 votes vote down vote up
@RequestMapping(value = "/login", method = RequestMethod.POST)
public String login(HttpServletRequest request, HttpServletResponse response, Model model) {
    HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request, response);
    httpSessionSecurityContextRepository.loadContext(holder);

    try {
        // 使用提供的证书认证用户
        List<GrantedAuthority> authorities = AuthorityUtils.createAuthorityList("ROLE_USER", "ROLE_ADMIN");
        Authentication auth = new UsernamePasswordAuthenticationToken(request.getParameter("username"), request.getParameter("password"), authorities);
        SecurityContextHolder.getContext().setAuthentication(authenticationManager.authenticate(auth));

        // 认证用户
        if(!auth.isAuthenticated())
            throw new CredentialException("用户不能够被认证");
    } catch (Exception ex) {
        // 用户不能够被认证,重定向回登录页
        logger.info(ex);
        return "login";
    }

    // 从会话得到默认保存的请求
    DefaultSavedRequest defaultSavedRequest = (DefaultSavedRequest) request.getSession().getAttribute("SPRING_SECURITY_SAVED_REQUEST");
    // 为令牌请求生成认证参数Map
    Map<String, String> authParams = getAuthParameters(defaultSavedRequest);
    AuthorizationRequest authRequest = new DefaultOAuth2RequestFactory(clientDetailsService).createAuthorizationRequest(authParams);
    authRequest.setAuthorities(AuthorityUtils.createAuthorityList("ROLE_USER", "ROLE_ADMIN"));
    model.addAttribute("authorizationRequest", authRequest);

    httpSessionSecurityContextRepository.saveContext(SecurityContextHolder.getContext(), holder.getRequest(), holder.getResponse());
    return "authorize";
}
 
Example #10
Source File: BearerSecurityContextRepositoryTest.java    From auth0-spring-security-api with MIT License 5 votes vote down vote up
@Test
public void shouldLoadContextWithAuthentication() throws Exception {
    String token = JWT.create()
            .sign(Algorithm.HMAC256("secret"));
    BearerSecurityContextRepository repository = new BearerSecurityContextRepository();
    HttpServletRequest request = mock(HttpServletRequest.class);
    HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request, null);
    when(request.getHeader("Authorization")).thenReturn("Bearer " + token);

    SecurityContext context = repository.loadContext(holder);
    assertThat(context, is(notNullValue()));
    assertThat(context.getAuthentication(), is(notNullValue()));
    assertThat(context.getAuthentication(), is(instanceOf(PreAuthenticatedAuthenticationJsonWebToken.class)));
    assertThat(context.getAuthentication().isAuthenticated(), is(false));
}
 
Example #11
Source File: BearerSecurityContextRepositoryTest.java    From auth0-spring-security-api with MIT License 5 votes vote down vote up
@Test
public void shouldLoadContextWithoutAuthenticationIfAuthorizationHeaderValueNotBearerToken() throws Exception {
    BearerSecurityContextRepository repository = new BearerSecurityContextRepository();
    HttpServletRequest request = mock(HttpServletRequest.class);
    HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request, null);
    when(request.getHeader("Authorization")).thenReturn("Basic somevalue");

    SecurityContext context = repository.loadContext(holder);
    assertThat(context, is(notNullValue()));
    assertThat(context.getAuthentication(), is(nullValue()));
}
 
Example #12
Source File: BearerSecurityContextRepositoryTest.java    From auth0-spring-security-api with MIT License 5 votes vote down vote up
@Test
public void shouldLoadContextWithoutAuthenticationIfEmptyAuthorizationHeaderValue() throws Exception {
    BearerSecurityContextRepository repository = new BearerSecurityContextRepository();
    HttpServletRequest request = mock(HttpServletRequest.class);
    HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request, null);
    when(request.getHeader("Authorization")).thenReturn("Bearer");

    SecurityContext context = repository.loadContext(holder);
    assertThat(context, is(notNullValue()));
    assertThat(context.getAuthentication(), is(nullValue()));
}
 
Example #13
Source File: BearerSecurityContextRepositoryTest.java    From auth0-spring-security-api with MIT License 5 votes vote down vote up
@Test
public void shouldLoadContextWithoutAuthenticationIfInvalidAuthorizationHeaderValue() throws Exception {
    BearerSecurityContextRepository repository = new BearerSecurityContextRepository();
    HttpServletRequest request = mock(HttpServletRequest.class);
    HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request, null);
    when(request.getHeader("Authorization")).thenReturn("Bearer  <Invalid>");

    SecurityContext context = repository.loadContext(holder);
    assertThat(context, is(notNullValue()));
    assertThat(context.getAuthentication(), is(nullValue()));
}
 
Example #14
Source File: BearerSecurityContextRepositoryTest.java    From auth0-spring-security-api with MIT License 5 votes vote down vote up
@Test
public void shouldLoadContextWithoutAuthenticationIfMissingAuthorizationHeader() throws Exception {
    BearerSecurityContextRepository repository = new BearerSecurityContextRepository();
    HttpServletRequest request = mock(HttpServletRequest.class);
    HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request, null);

    SecurityContext context = repository.loadContext(holder);
    assertThat(context, is(notNullValue()));
    assertThat(context.getAuthentication(), is(nullValue()));
}
 
Example #15
Source File: BearerSecurityContextRepository.java    From auth0-spring-security-api with MIT License 5 votes vote down vote up
@Override
public SecurityContext loadContext(HttpRequestResponseHolder requestResponseHolder) {
    SecurityContext context = SecurityContextHolder.createEmptyContext();
    String token = tokenFromRequest(requestResponseHolder.getRequest());
    Authentication authentication = PreAuthenticatedAuthenticationJsonWebToken.usingToken(token);
    if (authentication != null) {
        context.setAuthentication(authentication);
        logger.debug("Found bearer token in request. Saving it in SecurityContext");
    }
    return context;
}
 
Example #16
Source File: LoginController.java    From cloud-native-microservice-strangler-example with GNU General Public License v3.0 4 votes vote down vote up
@RequestMapping(value = "/login", method = RequestMethod.POST)
public String login(HttpServletRequest request, HttpServletResponse response, Model model) {

    HttpRequestResponseHolder responseHolder = new HttpRequestResponseHolder(request, response);
    sessionRepository.loadContext(responseHolder);

    try {
        // Authenticate the user with the supplied credentials
        List<GrantedAuthority> authorities = AuthorityUtils.createAuthorityList("ROLE_USER", "ROLE_ADMIN");

        Authentication auth =
                new UsernamePasswordAuthenticationToken(request.getParameter("username"),
                        request.getParameter("password"), authorities);

        SecurityContextHolder.getContext()
                .setAuthentication(authenticationManager.authenticate(auth));

        // Authenticate the user
        if(!authenticationManager.authenticate(auth).isAuthenticated())
            throw new CredentialException("User could not be authenticated");

    } catch (Exception ex) {
        // The user couldn't be authenticated, redirect back to login
        ex.printStackTrace();
        return "login";
    }

    // Get the default saved request from session
    DefaultSavedRequest defaultSavedRequest = ((DefaultSavedRequest) request.getSession().getAttribute("SPRING_SECURITY_SAVED_REQUEST"));

    // Generate an authorization parameter map for the token request
    Map<String, String> authParams = getAuthParameters(defaultSavedRequest);

    // Create the authorization request and put it in the view model
    AuthorizationRequest authRequest = new DefaultOAuth2RequestFactory(clients).createAuthorizationRequest(authParams);
    authRequest.setAuthorities(AuthorityUtils.createAuthorityList("ROLE_USER", "ROLE_ADMIN"));
    sessionRepository.saveContext(SecurityContextHolder.getContext(), responseHolder.getRequest(), responseHolder.getResponse());
    model.addAttribute("authorizationRequest", authRequest);

    // Return the token authorization view
    return "authorize";
}
 
Example #17
Source File: LoginController.java    From spring-cloud-event-sourcing-example with GNU General Public License v3.0 4 votes vote down vote up
@RequestMapping(value = "/login", method = RequestMethod.POST)
public String login(HttpServletRequest request, HttpServletResponse response, Model model) {

    HttpRequestResponseHolder responseHolder = new HttpRequestResponseHolder(request, response);
    sessionRepository.loadContext(responseHolder);

    try {
        // Authenticate the user with the supplied credentials
        List<GrantedAuthority> authorities = AuthorityUtils.createAuthorityList("ROLE_USER", "ROLE_ADMIN");

        Authentication auth =
                new UsernamePasswordAuthenticationToken(request.getParameter("username"),
                        request.getParameter("password"), authorities);

        SecurityContextHolder.getContext()
                .setAuthentication(authenticationManager.authenticate(auth));

        // Authenticate the user
        if(!authenticationManager.authenticate(auth).isAuthenticated())
            throw new CredentialException("User could not be authenticated");

    } catch (Exception ex) {
        // The user couldn't be authenticated, redirect back to login
        ex.printStackTrace();
        return "login";
    }

    // Get the default saved request from session
    DefaultSavedRequest defaultSavedRequest = ((DefaultSavedRequest) request.getSession().getAttribute("SPRING_SECURITY_SAVED_REQUEST"));

    // Generate an authorization parameter map for the token request
    Map<String, String> authParams = getAuthParameters(defaultSavedRequest);

    // Create the authorization request and put it in the view model
    AuthorizationRequest authRequest = new DefaultOAuth2RequestFactory(clients).createAuthorizationRequest(authParams);
    authRequest.setAuthorities(AuthorityUtils.createAuthorityList("ROLE_USER", "ROLE_ADMIN"));
    sessionRepository.saveContext(SecurityContextHolder.getContext(), responseHolder.getRequest(), responseHolder.getResponse());
    model.addAttribute("authorizationRequest", authRequest);

    // Return the token authorization view
    return "authorize";
}
 
Example #18
Source File: TokenAwareSecurityContextRepository.java    From molgenis with GNU Lesser General Public License v3.0 4 votes vote down vote up
@Override
public SecurityContext loadContext(HttpRequestResponseHolder requestResponseHolder) {
  HttpServletRequest request = requestResponseHolder.getRequest();
  return getSecurityContextRepository(request).loadContext(requestResponseHolder);
}
 
Example #19
Source File: JwtSsoBasedSecurityContextRepository.java    From wecube-platform with Apache License 2.0 4 votes vote down vote up
@Override
public SecurityContext loadContext(HttpRequestResponseHolder requestResponseHolder) {
    return SecurityContextHolder.createEmptyContext();
}