public void authContext2() { // tag::authcontext2[] final Realm realm = Realm.builder().withDefaultAuthorizer().withAuthenticator(Account.authenticator(id -> { // <1> if ("usr".equals(id)) { return Optional.of(Account.builder(id).credentials(Credentials.builder().secret("pwd").build()) .withPermission("role1").build()); } return Optional.empty(); })).build(); AuthContext authContext = SpringSecurity.authContext(realm); // <2> authContext.authenticate(Account.accountCredentialsToken("usr", "pwd")); // <3> org.springframework.security.core.Authentication authc = SecurityContextHolder.getContext().getAuthentication(); // <4> String name = authc.getName(); // <5> Collection<? extends GrantedAuthority> authorities = authc.getAuthorities(); // <6> // end::authcontext2[] }
@Bean // <3> @VaadinSessionScope public AuthContext authContext() { AccountProvider ap = id -> { // Only a user with username 'username1' is available if ("username1".equals(id)) { // setup the user password and assign the role 'role1' return Optional.of(Account.builder(id).credentials(Credentials.builder().secret("s3cr3t").build()) .withPermission("role1").build()); } return Optional.empty(); }; return AuthContext.create(Realm.builder() // authenticator using the AccountProvider .withAuthenticator(Account.authenticator(ap)) // default authorizer .withDefaultAuthorizer().build()); }
@Bean // <3> @VaadinSessionScope public AuthContext authContext() { AccountProvider ap = id -> { // Only a user with username 'username1' is available if ("username1".equals(id)) { // setup the user password and assign the role 'role1' return Optional.of(Account.builder(id).credentials(Credentials.builder().secret("s3cr3t").build()) .withPermission("role1").build()); } return Optional.empty(); }; return AuthContext.create(Realm.builder() // authenticator using the AccountProvider .withAuthenticator(Account.authenticator(ap)) // default authorizer .withDefaultAuthorizer().build()); }
public void authenticator() throws IOException { // tag::authenticator[] JwtConfiguration configuration = JwtConfiguration.builder() // <1> .issuer("MyIssuer") // JWT token issuer .expireTime(10000) // expire time in milliseconds .includeDetails(true) // include the Authentication details in JWT token generation .includePermissions(true) // include the Authentication permissions in JWT token generation .signatureAlgorithm(JwtSignatureAlgorithm.HS256) // use HS256 as signature algorithm .sharedKey(new byte[] { 1, 2, 3 }) // shared key to use with the symmetric signing algorithm .build(); // JWT authenticator JwtAuthenticator jwtAuthenticator = JwtAuthenticator.builder().configuration(configuration) // <2> .issuer("allowedIssuer") // <3> .withRequiredClaim("myClaim") // <4> .build(); // Realm Realm realm = Realm.builder().withAuthenticator(jwtAuthenticator) // <5> .withDefaultAuthorizer().build(); Authentication authc = realm.authenticate(AuthenticationToken.bearer("TheJWTtokenHere...")); // <6> realm = Realm.builder().withAuthenticator(jwtAuthenticator) // .withResolver(AuthenticationToken.httpBearerResolver()) // <7> .withDefaultAuthorizer().build(); HttpRequest request = obtainHttpRequest(); authc = realm.authenticate(request); // <8> // end::authenticator[] }
/** * Create an {@link AuthContext} which uses the Spring Security {@link SecurityContext} as authentication holder. * The default {@link SecurityContextHolder#getContext()} method is used to obtain the Spring Security * {@link SecurityContext} reference. * <p> * A default {@link Realm} is created using the default authorizer and registering an {@link Authenticator} hich * supports {@link SpringSecurityAuthenticationToken} types and uses the Spring Security * {@link AuthenticationManager} to perform the authentication operations. * </p> * @param authenticationManager The Spring Security {@link AuthenticationManager} (not null) * @param accountCredentialsAuthenticator Whether to register in Realm an Authenticator for the default * {@link AccountCredentialsToken} which uses the Spring Security {@link AuthenticationManager} to perform * the authentication operations. * @return A new {@link AuthContext} instance * @see #authContext(Realm) */ static AuthContext authContext(AuthenticationManager authenticationManager, boolean accountCredentialsAuthenticator) { final Realm.Builder realm = Realm.builder().withDefaultAuthorizer() .withAuthenticator(authenticator(authenticationManager)); if (accountCredentialsAuthenticator) { realm.withAuthenticator(accountCredentialsAuthenticator(authenticationManager)); } return AuthContext.create(realm.build(), new SpringSecurityAuthenticationHolder()); }
public void configureJaxrsApplication() { AccountProvider provider = id -> { // <5> // a test provider wich always returns an Account with given id and s3cr3t as password return Optional.ofNullable(Account.builder(id).credentials(Credentials.builder().secret("s3cr3t").build()) .enabled(true).build()); }; Realm realm = Realm.builder() // <6> .withResolver(AuthenticationToken.httpBasicResolver()) // <7> .withAuthenticator(Account.authenticator(provider)) // <8> .withDefaultAuthorizer().build(); ContextResolver<Realm> realmContextResolver = new ContextResolver<Realm>() { // <9> @Override public Realm getContext(Class<?> type) { return realm; } }; register(realmContextResolver); // <10> } // end::auth[]
@SuppressWarnings("unused") public void authContext() { // tag::authctx[] AccountProvider provider = id -> Optional.of(Account.builder(id).enabled(true) .credentials(Credentials.builder().secret("pwd").base64Encoded().build()).withPermission("role1") .build()); // <1> Realm realm = Realm.builder().withAuthenticator(Account.authenticator(provider)).withDefaultAuthorizer() .build(); // <2> AuthContext context = AuthContext.create(realm); // <3> boolean notAlreadyAuthenticated = context.isAuthenticated(); // <4> context.authenticate(AuthenticationToken.accountCredentials("test", "pwd")); // <5> Authentication authc = context.requireAuthentication(); // <6> context.unauthenticate(); // <7> // end::authctx[] }
public void permissions() { // tag::permissions[] final Permission p1 = Permission.create("role1"); // <1> final Permission p2 = Permission.create("role2"); // <2> Authentication authc = Authentication.builder("test").withPermission(p1).withPermission(p2).build(); // <3> // Realm with default authorizer Realm realm = Realm.builder().withDefaultAuthorizer().build(); // <4> // permission checking boolean permitted = realm.isPermitted(authc, p1); // <5> permitted = realm.isPermitted(authc, "role1"); // <6> permitted = realm.isPermittedAny(authc, p1, p2); // <7> permitted = realm.isPermittedAny(authc, "role1", "role2"); // <8> boolean notPermitted = realm.isPermitted(authc, "other_role"); // <9> // end::permissions[] }
/** * Create an {@link AuthContext} which uses the Spring Security {@link SecurityContext} as authentication holder. * The default {@link SecurityContextHolder#getContext()} method is used to obtain the Spring Security * {@link SecurityContext} reference. * <p> * The {@link AuthContext} is bound to a default {@link Realm} instance, configured with the default * {@link Authorizer}. * </p> * @return A new {@link AuthContext} using the Spring Security {@link SecurityContext} as authentication holder * @see #authContext(Realm) */ static AuthContext authContext() { return authContext(Realm.builder().withDefaultAuthorizer().build()); }
public void auth() { // tag::auth[] AccountProvider provider = id -> Optional.of(Account.builder(id).enabled(true) .credentials(Credentials.builder().secret("pwd").base64Encoded().build()).withPermission("role1") .build()); // <1> Realm realm = Realm.builder() // .withAuthenticator(Account.authenticator(provider)) // <2> .withDefaultAuthorizer().build(); try { Authentication authc = realm.authenticate(AuthenticationToken.accountCredentials("test", "pwd")); // <3> } catch (AuthenticationException e) { // handle authentication failures } // end::auth[] }
@Override public Realm getContext(Class<?> type) { return Realm.builder() // .withResolver(AuthenticationToken.httpBasicResolver()) // <1> .withAuthenticator(Account.authenticator(getAccountProvider())) // <2> .withDefaultAuthorizer() // <3> .build(); }
public void contextResourceRealm() { // tag::realm2[] Context.get().classLoaderScope() // <1> .map(s -> s.put(Realm.CONTEXT_KEY, Realm.builder().withResolver(AuthenticationToken.httpBasicResolver()) .withAuthenticator(Account.authenticator(getAccountProvider())).withDefaultAuthorizer() .build())); // end::realm2[] }
public void authenticator2() { // tag::authenticator2[] AuthenticationManager authenticationManager = getAuthenticationManager(); // <1> Realm realm = Realm.builder().withDefaultAuthorizer() .withAuthenticator(SpringSecurity.authenticator(authenticationManager)) // <2> .build(); Authentication authc = realm.authenticate(SpringSecurityAuthenticationToken.account("user", "pwd1")); // <3> // end::authenticator2[] }
public void authorizer4() { // tag::authorizer4[] Authorizer<Permission> defaultAuthorizer = Authorizer.create(); // <1> Realm realm = Realm.builder().withDefaultAuthorizer() // <2> .build(); // end::authorizer4[] }