@SuppressWarnings("unused") public void context() { // tag::context[] final AuthContext authContext = AuthContext.create(getRealm()); Context.get().classLoaderScope().map(scope -> scope.put(AuthContext.CONTEXT_KEY, authContext)); // <1> Optional<AuthContext> currentAuthContext = AuthContext.getCurrent(); // <2> AuthContext requiredAuthContext = AuthContext.require(); // <3> // end::context[] }
@Override public Authentication authenticate(Message<?, ?> message, String... schemes) throws AuthenticationException { return getAuthContext().authenticate(message, schemes); }
@Override public Optional<Authentication> getAuthentication() { return getAuthContext().getAuthentication(); }
public void authContext1() { // tag::authcontext1[] AuthContext authContext = SpringSecurity.authContext(); // <1> UsernamePasswordAuthenticationToken tkn = new UsernamePasswordAuthenticationToken("user", "pwd", Arrays.asList(new GrantedAuthority[] { new SimpleGrantedAuthority("role1") })); SecurityContextHolder.getContext().setAuthentication(tkn); // <2> Authentication authc = authContext.requireAuthentication(); // <3> String name = authc.getName(); // <4> boolean permitted = authContext.isPermitted("role1"); // <5> SecurityContextHolder.getContext().setAuthentication(null); // <6> boolean notAnymore = authContext.isAuthenticated(); // end::authcontext1[] }
@SuppressWarnings("unused") public void authContext() { // tag::authctx[] AccountProvider provider = id -> Optional.of(Account.builder(id).enabled(true) .credentials(Credentials.builder().secret("pwd").base64Encoded().build()).withPermission("role1") .build()); // <1> Realm realm = Realm.builder().withAuthenticator(Account.authenticator(provider)).withDefaultAuthorizer() .build(); // <2> AuthContext context = AuthContext.create(realm); // <3> boolean notAlreadyAuthenticated = context.isAuthenticated(); // <4> context.authenticate(AuthenticationToken.accountCredentials("test", "pwd")); // <5> Authentication authc = context.requireAuthentication(); // <6> context.unauthenticate(); // <7> // end::authctx[] }
@Override protected AuthContext getAuthContext(Realm realm) { return AuthContext.create(realm); }
final AuthContext authContext = AuthContext.getCurrent().orElseThrow(() -> new ViewNavigationException( navigationState, "No AuthContext available as Context resource: failed to process Authenticate annotation on View or UI")); if (!authContext.getAuthentication().isPresent()) { authContext.authenticate(VaadinHttpRequest.create(request));
final AuthContext authContext = AuthContext.getCurrent() .orElseThrow(() -> new IllegalStateException("No AuthContext available as Context resource: " + "failed to validate RolesAllowed security annotation on View bean name [" + beanName + "]")); if (!authContext.getAuthentication().isPresent()) { if (!authContext.isPermittedAny(ra.value())) {
@Override public void filter(ContainerRequestContext requestContext) throws IOException { // check SecurityContext type if (!AuthContext.class.isAssignableFrom(requestContext.getSecurityContext().getClass())) { throw new IOException("Invalid SecurityContext type: expecting an AuthContext but found [" + requestContext.getSecurityContext().getClass().getName() + "]"); } final AuthContext authContext = (AuthContext) requestContext.getSecurityContext(); // check authenticated if (!authContext.getAuthentication().isPresent()) { LOGGER.debug(() -> "Authenticate request using AuthContext"); // authenticate try { authContext.authenticate(new JaxrsContainerHttpRequest(requestContext), schemes); } catch (UnsupportedMessageException e) { LOGGER.debug(() -> "Authentication error: aborting request", e); requestContext.abortWith(ResponseUtils.buildAuthenticationErrorResponse(schemes, null, null, HttpStatus.UNAUTHORIZED.getCode(), null)); } catch (AuthenticationException e) { LOGGER.debug(() -> "Authentication error: aborting request", e); requestContext.abortWith(ResponseUtils.buildAuthenticationErrorResponse(e, null)); } } }
@Override public boolean isPermitted(Permission... permissions) { return getAuthContext().isPermitted(permissions); }
@Override public boolean isPermittedAny(Collection<? extends Permission> permissions) { return getAuthContext().isPermittedAny(permissions); }
@Override public Optional<Authentication> unauthenticate() { return getAuthContext().unauthenticate(); }
/** * Create an {@link AuthContext} which uses the Spring Security {@link SecurityContext} as authentication holder. * The default {@link SecurityContextHolder#getContext()} method is used to obtain the Spring Security * {@link SecurityContext} reference. * @param realm The {@link Realm} to which the auth context is bound (not null) * @return A new {@link AuthContext} bound to given realm and using the Spring Security {@link SecurityContext} as * authentication holder */ static AuthContext authContext(Realm realm) { return AuthContext.create(realm, new SpringSecurityAuthenticationHolder()); }
@Override public boolean isPermitted(String... permissions) { return getAuthContext().isPermitted(permissions); }
@Override public boolean isPermittedAny(Permission... permissions) { return getAuthContext().isPermittedAny(permissions); }
public void customAuthenticationHolder() { AuthContext.create(getRealm(), new ThreadLocalAuthenticationHolder()); // <2> } // end::holder[]
@Override public Authentication authenticate(AuthenticationToken authenticationToken) throws AuthenticationException { return getAuthContext().authenticate(authenticationToken); }
@Override public boolean isPermitted(Collection<? extends Permission> permissions) { return getAuthContext().isPermitted(permissions); }
@Override public boolean isPermittedAny(String... permissions) { return getAuthContext().isPermittedAny(permissions); }
@Bean // <3> @VaadinSessionScope public AuthContext authContext() { AccountProvider ap = id -> { // Only a user with username 'username1' is available if ("username1".equals(id)) { // setup the user password and assign the role 'role1' return Optional.of(Account.builder(id).credentials(Credentials.builder().secret("s3cr3t").build()) .withPermission("role1").build()); } return Optional.empty(); }; return AuthContext.create(Realm.builder() // authenticator using the AccountProvider .withAuthenticator(Account.authenticator(ap)) // default authorizer .withDefaultAuthorizer().build()); }