org.springframework.security.web.context.HttpRequestResponseHolder Java Examples
The following examples show how to use
org.springframework.security.web.context.HttpRequestResponseHolder.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: LDSecurityContextRepository.java From document-management-software with GNU Lesser General Public License v3.0 | 6 votes |
@Override public SecurityContext loadContext(HttpRequestResponseHolder request) { String sid = SessionManager.get().getSessionId(request.getRequest()); if (sid == null || !SessionManager.get().isOpen(sid)) sid = null; if (sid == null) return SecurityContextHolder.createEmptyContext(); Session session = SessionManager.get().get(sid); LDAuthenticationToken token = new LDAuthenticationToken(session.getUsername(), "", null); token.setSid(sid); SecurityContextImpl context = new SecurityContextImpl(); context.setAuthentication(token); HttpSession servletSession = request.getRequest().getSession(false); if (servletSession != null) servletSessionMapping.put(sid, servletSession); return context; }
Example #2
Source File: RedisSecurityContextRepository.java From onetwo with Apache License 2.0 | 6 votes |
@Override public SecurityContext loadContext(HttpRequestResponseHolder requestResponseHolder) { HttpServletRequest request = requestResponseHolder.getRequest(); HttpServletResponse response = requestResponseHolder.getResponse(); HttpSession httpSession = request.getSession(false); String sid = this.getSessionId(request, true); SecurityContext context = readSecurityContextFromSession(request); if (context == null) { context = SecurityContextHolder.createEmptyContext(); } SaveToSessionResponseWrapper wrappedResponse = new SaveToSessionResponseWrapper( response, request, httpSession != null, context, sid); requestResponseHolder.setResponse(wrappedResponse); if (isServlet3) { requestResponseHolder.setRequest(new Servlet3SaveToSessionRequestWrapper(request, wrappedResponse)); } return context; }
Example #3
Source File: JwtSecurityContextRepository.java From onetwo with Apache License 2.0 | 6 votes |
@Override public SecurityContext loadContext(HttpRequestResponseHolder requestResponseHolder) { /*HttpServletRequest request = WebHolder.getRequest().get(); String url = request.getMethod() + "|" + request.getRequestURL(); System.out.println("url:" +url);*/ String token = authStore.getToken(requestResponseHolder.getRequest(), authHeaderName); if(logger.isDebugEnabled()){ logger.debug("load context user token : {}", token); } if(StringUtils.isBlank(token)){ return SecurityContextHolder.createEmptyContext(); } SecurityContext context = SecurityContextHolder.getContext(); Authentication authentication = null; try { authentication = jwtTokenService.createAuthentication(token); } catch(CredentialsExpiredException e){ cookieStorer.clear(requestResponseHolder.getRequest(), requestResponseHolder.getResponse(), authHeaderName); } if(authentication!=null){ context.setAuthentication(authentication); } return context; }
Example #4
Source File: TokenAwareSecurityContextRepositoryTest.java From molgenis with GNU Lesser General Public License v3.0 | 5 votes |
@Test void testLoadContextTokenRequest() { MockHttpServletRequest request = new MockHttpServletRequest(); request.setParameter("molgenis-token", "my_token"); MockHttpServletResponse response = new MockHttpServletResponse(); HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request, response); SecurityContext securityContext = mock(SecurityContext.class); when(tokenSecurityContextRepository.loadContext(holder)).thenReturn(securityContext); assertEquals(securityContext, tokenAwareSecurityContextRepository.loadContext(holder)); }
Example #5
Source File: TokenAwareSecurityContextRepositoryTest.java From molgenis with GNU Lesser General Public License v3.0 | 5 votes |
@Test void testLoadContext() { MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletResponse response = new MockHttpServletResponse(); HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request, response); SecurityContext securityContext = mock(SecurityContext.class); when(defaultSecurityContextRepository.loadContext(holder)).thenReturn(securityContext); assertEquals(securityContext, tokenAwareSecurityContextRepository.loadContext(holder)); }
Example #6
Source File: CachedSecurityContextRepository.java From lemon with Apache License 2.0 | 5 votes |
public SecurityContext loadContext( HttpRequestResponseHolder requestResponseHolder) { SecurityContext securityContext = super .loadContext(requestResponseHolder); if (securityContext == null) { logger.debug("securityContext is null"); return null; } if (debug) { return securityContext; } try { SpringSecurityUserAuth userAuthInSession = SpringSecurityUtils .getCurrentUser(securityContext); if (userAuthInSession == null) { logger.debug("userAuthInSession is null"); return securityContext; } UserAuthDTO userAuthInCache = authzClient.findById( userAuthInSession.getId(), userAuthInSession.getTenantId()); SpringSecurityUserAuth userAuthResult = new SpringSecurityUserAuth(); beanMapper.copy(userAuthInCache, userAuthResult); SpringSecurityUtils.saveUserDetailsToContext(userAuthResult, null, securityContext); } catch (Exception ex) { logger.error(ex.getMessage(), ex); } return securityContext; }
Example #7
Source File: LdapSecurityRequestPostProcessors.java From maven-framework-project with MIT License | 5 votes |
final void save(SecurityContext securityContext, HttpServletRequest request) { HttpServletResponse response = new MockHttpServletResponse(); HttpRequestResponseHolder requestResponseHolder = new HttpRequestResponseHolder(request, response); this.repository.loadContext(requestResponseHolder); request = requestResponseHolder.getRequest(); response = requestResponseHolder.getResponse(); this.repository.saveContext(securityContext, request, response); }
Example #8
Source File: SecurityRequestPostProcessors.java From maven-framework-project with MIT License | 5 votes |
final void save(SecurityContext securityContext, HttpServletRequest request) { HttpServletResponse response = new MockHttpServletResponse(); HttpRequestResponseHolder requestResponseHolder = new HttpRequestResponseHolder(request, response); this.repository.loadContext(requestResponseHolder); request = requestResponseHolder.getRequest(); response = requestResponseHolder.getResponse(); this.repository.saveContext(securityContext, request, response); }
Example #9
Source File: LoginController.java From microservices-event-sourcing with Apache License 2.0 | 5 votes |
@RequestMapping(value = "/login", method = RequestMethod.POST) public String login(HttpServletRequest request, HttpServletResponse response, Model model) { HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request, response); httpSessionSecurityContextRepository.loadContext(holder); try { // 使用提供的证书认证用户 List<GrantedAuthority> authorities = AuthorityUtils.createAuthorityList("ROLE_USER", "ROLE_ADMIN"); Authentication auth = new UsernamePasswordAuthenticationToken(request.getParameter("username"), request.getParameter("password"), authorities); SecurityContextHolder.getContext().setAuthentication(authenticationManager.authenticate(auth)); // 认证用户 if(!auth.isAuthenticated()) throw new CredentialException("用户不能够被认证"); } catch (Exception ex) { // 用户不能够被认证,重定向回登录页 logger.info(ex); return "login"; } // 从会话得到默认保存的请求 DefaultSavedRequest defaultSavedRequest = (DefaultSavedRequest) request.getSession().getAttribute("SPRING_SECURITY_SAVED_REQUEST"); // 为令牌请求生成认证参数Map Map<String, String> authParams = getAuthParameters(defaultSavedRequest); AuthorizationRequest authRequest = new DefaultOAuth2RequestFactory(clientDetailsService).createAuthorizationRequest(authParams); authRequest.setAuthorities(AuthorityUtils.createAuthorityList("ROLE_USER", "ROLE_ADMIN")); model.addAttribute("authorizationRequest", authRequest); httpSessionSecurityContextRepository.saveContext(SecurityContextHolder.getContext(), holder.getRequest(), holder.getResponse()); return "authorize"; }
Example #10
Source File: BearerSecurityContextRepositoryTest.java From auth0-spring-security-api with MIT License | 5 votes |
@Test public void shouldLoadContextWithAuthentication() throws Exception { String token = JWT.create() .sign(Algorithm.HMAC256("secret")); BearerSecurityContextRepository repository = new BearerSecurityContextRepository(); HttpServletRequest request = mock(HttpServletRequest.class); HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request, null); when(request.getHeader("Authorization")).thenReturn("Bearer " + token); SecurityContext context = repository.loadContext(holder); assertThat(context, is(notNullValue())); assertThat(context.getAuthentication(), is(notNullValue())); assertThat(context.getAuthentication(), is(instanceOf(PreAuthenticatedAuthenticationJsonWebToken.class))); assertThat(context.getAuthentication().isAuthenticated(), is(false)); }
Example #11
Source File: BearerSecurityContextRepositoryTest.java From auth0-spring-security-api with MIT License | 5 votes |
@Test public void shouldLoadContextWithoutAuthenticationIfAuthorizationHeaderValueNotBearerToken() throws Exception { BearerSecurityContextRepository repository = new BearerSecurityContextRepository(); HttpServletRequest request = mock(HttpServletRequest.class); HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request, null); when(request.getHeader("Authorization")).thenReturn("Basic somevalue"); SecurityContext context = repository.loadContext(holder); assertThat(context, is(notNullValue())); assertThat(context.getAuthentication(), is(nullValue())); }
Example #12
Source File: BearerSecurityContextRepositoryTest.java From auth0-spring-security-api with MIT License | 5 votes |
@Test public void shouldLoadContextWithoutAuthenticationIfEmptyAuthorizationHeaderValue() throws Exception { BearerSecurityContextRepository repository = new BearerSecurityContextRepository(); HttpServletRequest request = mock(HttpServletRequest.class); HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request, null); when(request.getHeader("Authorization")).thenReturn("Bearer"); SecurityContext context = repository.loadContext(holder); assertThat(context, is(notNullValue())); assertThat(context.getAuthentication(), is(nullValue())); }
Example #13
Source File: BearerSecurityContextRepositoryTest.java From auth0-spring-security-api with MIT License | 5 votes |
@Test public void shouldLoadContextWithoutAuthenticationIfInvalidAuthorizationHeaderValue() throws Exception { BearerSecurityContextRepository repository = new BearerSecurityContextRepository(); HttpServletRequest request = mock(HttpServletRequest.class); HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request, null); when(request.getHeader("Authorization")).thenReturn("Bearer <Invalid>"); SecurityContext context = repository.loadContext(holder); assertThat(context, is(notNullValue())); assertThat(context.getAuthentication(), is(nullValue())); }
Example #14
Source File: BearerSecurityContextRepositoryTest.java From auth0-spring-security-api with MIT License | 5 votes |
@Test public void shouldLoadContextWithoutAuthenticationIfMissingAuthorizationHeader() throws Exception { BearerSecurityContextRepository repository = new BearerSecurityContextRepository(); HttpServletRequest request = mock(HttpServletRequest.class); HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request, null); SecurityContext context = repository.loadContext(holder); assertThat(context, is(notNullValue())); assertThat(context.getAuthentication(), is(nullValue())); }
Example #15
Source File: BearerSecurityContextRepository.java From auth0-spring-security-api with MIT License | 5 votes |
@Override public SecurityContext loadContext(HttpRequestResponseHolder requestResponseHolder) { SecurityContext context = SecurityContextHolder.createEmptyContext(); String token = tokenFromRequest(requestResponseHolder.getRequest()); Authentication authentication = PreAuthenticatedAuthenticationJsonWebToken.usingToken(token); if (authentication != null) { context.setAuthentication(authentication); logger.debug("Found bearer token in request. Saving it in SecurityContext"); } return context; }
Example #16
Source File: LoginController.java From cloud-native-microservice-strangler-example with GNU General Public License v3.0 | 4 votes |
@RequestMapping(value = "/login", method = RequestMethod.POST) public String login(HttpServletRequest request, HttpServletResponse response, Model model) { HttpRequestResponseHolder responseHolder = new HttpRequestResponseHolder(request, response); sessionRepository.loadContext(responseHolder); try { // Authenticate the user with the supplied credentials List<GrantedAuthority> authorities = AuthorityUtils.createAuthorityList("ROLE_USER", "ROLE_ADMIN"); Authentication auth = new UsernamePasswordAuthenticationToken(request.getParameter("username"), request.getParameter("password"), authorities); SecurityContextHolder.getContext() .setAuthentication(authenticationManager.authenticate(auth)); // Authenticate the user if(!authenticationManager.authenticate(auth).isAuthenticated()) throw new CredentialException("User could not be authenticated"); } catch (Exception ex) { // The user couldn't be authenticated, redirect back to login ex.printStackTrace(); return "login"; } // Get the default saved request from session DefaultSavedRequest defaultSavedRequest = ((DefaultSavedRequest) request.getSession().getAttribute("SPRING_SECURITY_SAVED_REQUEST")); // Generate an authorization parameter map for the token request Map<String, String> authParams = getAuthParameters(defaultSavedRequest); // Create the authorization request and put it in the view model AuthorizationRequest authRequest = new DefaultOAuth2RequestFactory(clients).createAuthorizationRequest(authParams); authRequest.setAuthorities(AuthorityUtils.createAuthorityList("ROLE_USER", "ROLE_ADMIN")); sessionRepository.saveContext(SecurityContextHolder.getContext(), responseHolder.getRequest(), responseHolder.getResponse()); model.addAttribute("authorizationRequest", authRequest); // Return the token authorization view return "authorize"; }
Example #17
Source File: LoginController.java From spring-cloud-event-sourcing-example with GNU General Public License v3.0 | 4 votes |
@RequestMapping(value = "/login", method = RequestMethod.POST) public String login(HttpServletRequest request, HttpServletResponse response, Model model) { HttpRequestResponseHolder responseHolder = new HttpRequestResponseHolder(request, response); sessionRepository.loadContext(responseHolder); try { // Authenticate the user with the supplied credentials List<GrantedAuthority> authorities = AuthorityUtils.createAuthorityList("ROLE_USER", "ROLE_ADMIN"); Authentication auth = new UsernamePasswordAuthenticationToken(request.getParameter("username"), request.getParameter("password"), authorities); SecurityContextHolder.getContext() .setAuthentication(authenticationManager.authenticate(auth)); // Authenticate the user if(!authenticationManager.authenticate(auth).isAuthenticated()) throw new CredentialException("User could not be authenticated"); } catch (Exception ex) { // The user couldn't be authenticated, redirect back to login ex.printStackTrace(); return "login"; } // Get the default saved request from session DefaultSavedRequest defaultSavedRequest = ((DefaultSavedRequest) request.getSession().getAttribute("SPRING_SECURITY_SAVED_REQUEST")); // Generate an authorization parameter map for the token request Map<String, String> authParams = getAuthParameters(defaultSavedRequest); // Create the authorization request and put it in the view model AuthorizationRequest authRequest = new DefaultOAuth2RequestFactory(clients).createAuthorizationRequest(authParams); authRequest.setAuthorities(AuthorityUtils.createAuthorityList("ROLE_USER", "ROLE_ADMIN")); sessionRepository.saveContext(SecurityContextHolder.getContext(), responseHolder.getRequest(), responseHolder.getResponse()); model.addAttribute("authorizationRequest", authRequest); // Return the token authorization view return "authorize"; }
Example #18
Source File: TokenAwareSecurityContextRepository.java From molgenis with GNU Lesser General Public License v3.0 | 4 votes |
@Override public SecurityContext loadContext(HttpRequestResponseHolder requestResponseHolder) { HttpServletRequest request = requestResponseHolder.getRequest(); return getSecurityContextRepository(request).loadContext(requestResponseHolder); }
Example #19
Source File: JwtSsoBasedSecurityContextRepository.java From wecube-platform with Apache License 2.0 | 4 votes |
@Override public SecurityContext loadContext(HttpRequestResponseHolder requestResponseHolder) { return SecurityContextHolder.createEmptyContext(); }