Examples of org.springframework.security.core.Authentication

Package org.springframework.security.core

Examples of org.springframework.security.core.Authentication

org.springframework.security.core.Authentication
Represents the token for an authentication request or for an authenticated principal once the request has been processed by the {@link AuthenticationManager#authenticate(Authentication)} method.
Once the request has been authenticated, the Authentication will usually be stored in a thread-local SecurityContext managed by the {@link SecurityContextHolder} by the authentication mechanism which isbeing used. An explicit authentication can be achieved, without using one of Spring Security's authentication mechanisms, by creating an Authentication instance and using the code:
```
 SecurityContextHolder.getContext().setAuthentication(anAuthentication); 
```
Note that unless the Authentication has the authenticated property set to true, it will still be authenticated by any security interceptor (for method or web invocations) which encounters it.
In most cases, the framework transparently takes care of managing the security context and authentication objects for you. @author Ben Alex


    @Test
    public void testDoFilterAuthenticateAll() throws Exception {
        AuthenticationSuccessHandler successHandler = mock(AuthenticationSuccessHandler.class);
        AuthenticationManager manager = mock(AuthenticationManager.class);
        Authentication authentication = new TestingAuthenticationToken("un", "pwd","ROLE_USER");
        when(manager.authenticate(any(Authentication.class))).thenReturn(authentication);
        ServiceProperties serviceProperties = new ServiceProperties();
        serviceProperties.setAuthenticateAllArtifacts(true);
        MockHttpServletRequest request = new MockHttpServletRequest();
        request.setParameter("ticket", "ST-1-123");

View Full Code Here

            throws IOException, ServletException {
        HttpServletRequest request = (HttpServletRequest) req;
        HttpServletResponse response = (HttpServletResponse) res;


        if (requiresLogout(request, response)) {
            Authentication auth = SecurityContextHolder.getContext().getAuthentication();


            if (logger.isDebugEnabled()) {
                logger.debug("Logging out user '" + auth + "' and transferring to logout destination");
            }

View Full Code Here


        // check for switch or exit request
        if (requiresSwitchUser(request)) {
            // if set, attempt switch and store original
            try {
                Authentication targetUser = attemptSwitchUser(request);


                // update the current context to the new target user
                SecurityContextHolder.getContext().setAuthentication(targetUser);


                // redirect to target url
                successHandler.onAuthenticationSuccess(request, response, targetUser);
            } catch (AuthenticationException e) {
                logger.debug("Switch User failed", e);
                failureHandler.onAuthenticationFailure(request, response, e);
            }


            return;
        } else if (requiresExitUser(request)) {
            // get the original authentication object (if exists)
            Authentication originalUser = attemptExitUser(request);


            // update the current context back to the original user
            SecurityContextHolder.getContext().setAuthentication(originalUser);


            // redirect to target url

View Full Code Here

     *         request.
     */
    protected Authentication attemptExitUser(HttpServletRequest request)
            throws AuthenticationCredentialsNotFoundException {
        // need to check to see if the current user has a SwitchUserGrantedAuthority
        Authentication current = SecurityContextHolder.getContext().getAuthentication();


        if (null == current) {
            throw new AuthenticationCredentialsNotFoundException(messages.getMessage(
                    "SwitchUserFilter.noCurrentUser", "No current user associated with this request"));
        }


        // check to see if the current user did actual switch to another user
        // if so, get the original source user so we can switch back
        Authentication original = getSourceAuthentication(current);


        if (original == null) {
            logger.debug("Could not find original user Authentication object!");
            throw new AuthenticationCredentialsNotFoundException(messages.getMessage(
                    "SwitchUserFilter.noOriginalAuthentication",
                    "Could not find original Authentication object"));
        }


        // get the source user details
        UserDetails originalUser = null;
        Object obj = original.getPrincipal();


        if ((obj != null) && obj instanceof UserDetails) {
            originalUser = (UserDetails) obj;
        }

View Full Code Here

        UsernamePasswordAuthenticationToken targetUserRequest;


        // grant an additional authority that contains the original Authentication object
        // which will be used to 'exit' from the current switched user.


        Authentication currentAuth;


        try {
            // SEC-1763. Check first if we are already switched.
            currentAuth = attemptExitUser(request);
        } catch (AuthenticationCredentialsNotFoundException e) {

View Full Code Here

     * @param current The current  <code>Authentication</code> object
     *
     * @return The source user <code>Authentication</code> object or <code>null</code> otherwise.
     */
    private Authentication getSourceAuthentication(Authentication current) {
        Authentication original = null;


        // iterate over granted authorities and find the 'switch user' authority
        Collection<? extends GrantedAuthority> authorities = current.getAuthorities();


        for (GrantedAuthority auth : authorities) {

View Full Code Here

     */
    private void createSampleData(String username, String password) {
        Assert.notNull(documentDao, "DocumentDao required");
        Assert.hasText(username, "Username required");


        Authentication auth = new UsernamePasswordAuthenticationToken(username, password);


        try {
            // Set the SecurityContextHolder ThreadLocal so any subclasses
            // automatically know which user is operating
            SecurityContextHolder.getContext().setAuthentication(auth);

View Full Code Here

        String userName = wasHelper.getCurrentUserName();
        if (logger.isDebugEnabled()) { logger.debug("Creating authentication request for user "+userName); }
        PreAuthenticatedAuthenticationToken authRequest = new PreAuthenticatedAuthenticationToken(userName, "N/A");
        authRequest.setDetails(authenticationDetailsSource.buildDetails(null));
        if (logger.isDebugEnabled()) { logger.debug("Authentication request for user "+userName+": "+authRequest); }
        Authentication authResponse = authenticationManager.authenticate(authRequest);
        if (logger.isDebugEnabled()) { logger.debug("Authentication response for user "+userName+": "+authResponse); }
        SecurityContextHolder.getContext().setAuthentication(authResponse);
    }

View Full Code Here


            // Of course they have access to a null object!
            return evalBody();
        }


        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        if (authentication == null) {
            if (logger.isDebugEnabled()) {
                logger.debug(
                    "SecurityContextHolder did not return a non-null Authentication object, so skipping tag body");
            }

View Full Code Here

    private final static class UserDetailsRequestPostProcessor implements
            RequestPostProcessor {
        private final RequestPostProcessor delegate;


        public UserDetailsRequestPostProcessor(UserDetails user) {
            Authentication token = new UsernamePasswordAuthenticationToken(user, user.getPassword(), user.getAuthorities());


            delegate = new AuthenticationRequestPostProcessor(token);
        }

View Full Code Here

0 1 2 3 4 5 6 7 8 9

TOP

Related Classes of org.springframework.security.core.Authentication

br.net.woodstock.rockframework.domain.spring.SecurityContextHelper

ch.inftec.ju.util.AuthUtil

com.mobius.controllers.LiveCycleDoc

com.mobius.controllers.LiveCycleTask

com.mossle.security.util.SpringSecurityUtils

com.pe.pgn.clubpgn.service.UserSecurityAdvice

com.pe.pgn.clubpgn.webapp.listener.UserCounterListener

com.sparc.knappsack.components.entities.BaseEntity

com.springsource.insight.plugin.spring.security.AuthenticationManagerCollectionAspectTest

com.springsource.insight.plugin.spring.security.AuthenticationProviderCollectionAspectTest

All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.