Examples of org.springframework.security.core.Authentication

Package org.springframework.security.core

Examples of org.springframework.security.core.Authentication

org.springframework.security.core.Authentication
Represents the token for an authentication request or for an authenticated principal once the request has been processed by the {@link AuthenticationManager#authenticate(Authentication)} method.
Once the request has been authenticated, the Authentication will usually be stored in a thread-local SecurityContext managed by the {@link SecurityContextHolder} by the authentication mechanism which isbeing used. An explicit authentication can be achieved, without using one of Spring Security's authentication mechanisms, by creating an Authentication instance and using the code:
```
 SecurityContextHolder.getContext().setAuthentication(anAuthentication); 
```
Note that unless the Authentication has the authenticated property set to true, it will still be authenticated by any security interceptor (for method or web invocations) which encounters it.
In most cases, the framework transparently takes care of managing the security context and authentication objects for you. @author Ben Alex

     * @return the result of the authorization decision
     * @throws IOException
     */
    public boolean authorizeUsingUrlCheck() throws IOException {
        String contextPath = ((HttpServletRequest) getRequest()).getContextPath();
        Authentication currentUser = SecurityContextHolder.getContext().getAuthentication();
        return getPrivilegeEvaluator().isAllowed(contextPath, getUrl(), getMethod(), currentUser);
    }

View Full Code Here

    }


    /*------------- Private helper methods  -----------------*/


    private Collection<? extends GrantedAuthority> getPrincipalAuthorities() {
        Authentication currentUser = SecurityContextHolder.getContext().getAuthentication();
        if (null == currentUser) {
            return Collections.emptyList();
        }
        return currentUser.getAuthorities();
    }

View Full Code Here

@Component
public class HelloMessageService implements MessageService {


  @PreAuthorize("authenticated")
  public String getMessage() {
    Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
    return "Hello " + authentication;
  }

View Full Code Here

     * @throws IOException if thrown by HttpURLConnection methods
     */
    protected void prepareConnection(HttpURLConnection con, int contentLength) throws IOException {
        super.prepareConnection(con, contentLength);


        Authentication auth = SecurityContextHolder.getContext().getAuthentication();


        if ((auth != null) && (auth.getName() != null) && (auth.getCredentials() != null) && !trustResolver.isAnonymous(auth)) {
            String base64 = auth.getName() + ":" + auth.getCredentials().toString();
            con.setRequestProperty("Authorization", "Basic " + new String(Base64.encode(base64.getBytes())));


            if (logger.isDebugEnabled()) {
                logger.debug("HttpInvocation now presenting via BASIC authentication SecurityContextHolder-derived: "
                    + auth.toString());
            }
        } else {
            if (logger.isDebugEnabled()) {
                logger.debug("Unable to set BASIC authentication header as SecurityContext did not provide "
                        + "valid Authentication: " + auth);

View Full Code Here

     *
     * @param methodInvocation the method to invoke
     */
    public ContextPropagatingRemoteInvocation(MethodInvocation methodInvocation) {
        super(methodInvocation);
        Authentication currentUser = SecurityContextHolder.getContext().getAuthentication();


        if (currentUser != null) {
            principal = currentUser.getName();
            Object userCredentials = currentUser.getCredentials();
            credentials = userCredentials == null ? null : userCredentials.toString();
        } else {
            principal = credentials = null;
        }

View Full Code Here

     */
    public Object invoke(Object targetObject)
            throws NoSuchMethodException, IllegalAccessException, InvocationTargetException {


        if (principal != null) {
            Authentication request = createAuthenticationRequest(principal, credentials);
            request.setAuthenticated(false);
            SecurityContextHolder.getContext().setAuthentication(request);


            if (logger.isDebugEnabled()) {
                logger.debug("Set SecurityContextHolder to contain: " + request);
            }

View Full Code Here

            || (SecurityContextHolder.getContext().getAuthentication() == null)
            || !SecurityContextHolder.getContext().getAuthentication().isAuthenticated()) {
            throw new AccessDeniedException("Authenticated principal required to operate with ACLs");
        }


        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();


        // Check if authorized by virtue of ACL ownership
        Sid currentUser = new PrincipalSid(authentication);


        if (currentUser.equals(acl.getOwner())
                && ((changeType == CHANGE_GENERAL) || (changeType == CHANGE_OWNERSHIP))) {
            return;
        }


        // Not authorized by ACL ownership; try via adminstrative permissions
        GrantedAuthority requiredAuthority;


        if (changeType == CHANGE_AUDITING) {
            requiredAuthority = this.gaModifyAuditing;
        } else if (changeType == CHANGE_GENERAL) {
            requiredAuthority = this.gaGeneralChanges;
        } else if (changeType == CHANGE_OWNERSHIP) {
            requiredAuthority = this.gaTakeOwnership;
        } else {
            throw new IllegalArgumentException("Unknown change type");
        }


        // Iterate this principal's authorities to determine right
        if (authentication.getAuthorities().contains(requiredAuthority)) {
            return;
        }


        // Try to get permission via ACEs within the ACL
        List<Sid> sids = sidRetrievalStrategy.getSids(authentication);

View Full Code Here

        if (retrieveObjectIdentityPrimaryKey(objectIdentity) != null) {
            throw new AlreadyExistsException("Object identity '" + objectIdentity + "' already exists");
        }


        // Need to retrieve the current principal, in order to know who "owns" this ACL (can be changed later on)
        Authentication auth = SecurityContextHolder.getContext().getAuthentication();
        PrincipalSid sid = new PrincipalSid(auth);


        // Create the acl_object_identity row
        createObjectIdentity(objectIdentity, sid);

View Full Code Here

        }


        request.setAttribute(FILTER_APPLIED, Boolean.TRUE);


        if (!securityContextRepository.containsContext(request)) {
            Authentication authentication = SecurityContextHolder.getContext().getAuthentication();


            if (authentication != null && !trustResolver.isAnonymous(authentication)) {
             // The user has been authenticated during the current request, so call the session strategy
                try {
                    sessionAuthenticationStrategy.onAuthentication(authentication, request, response);

View Full Code Here

    public void testAuthenticateCancel() {
        OpenIDAuthenticationProvider provider = new OpenIDAuthenticationProvider();
        provider.setUserDetailsService(new MockUserDetailsService());
        provider.setAuthoritiesMapper(new NullAuthoritiesMapper());


        Authentication preAuth = new OpenIDAuthenticationToken(OpenIDAuthenticationStatus.CANCELLED, USERNAME, "" ,null);


        assertFalse(preAuth.isAuthenticated());


        try {
            provider.authenticate(preAuth);
            fail("Should throw an AuthenticationException");
        } catch (AuthenticationCancelledException expected) {

View Full Code Here

0 1 2 3 4 5 6 7 8 9

TOP

Related Classes of org.springframework.security.core.Authentication

br.net.woodstock.rockframework.domain.spring.SecurityContextHelper

ch.inftec.ju.util.AuthUtil

com.mobius.controllers.LiveCycleDoc

com.mobius.controllers.LiveCycleTask

com.mossle.security.util.SpringSecurityUtils

com.pe.pgn.clubpgn.service.UserSecurityAdvice

com.pe.pgn.clubpgn.webapp.listener.UserCounterListener

com.sparc.knappsack.components.entities.BaseEntity

com.springsource.insight.plugin.spring.security.AuthenticationManagerCollectionAspectTest

com.springsource.insight.plugin.spring.security.AuthenticationProviderCollectionAspectTest

All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.