@Override public String getUsername() { return userDto.getUsername(); }
protected void addAuthHeader(ServerHttpResponse response, UserDto userDto, long expirationMillis) { log.debug("Adding auth header for " + userDto.getUsername()); response.getHeaders().add(LecUtils.TOKEN_RESPONSE_HEADER_NAME, LecUtils.TOKEN_PREFIX + blueTokenService.createToken(BlueTokenService.AUTH_AUDIENCE, userDto.getUsername(), expirationMillis)); }
/** * returns the current user and a new authorization token in the response */ public Mono<UserDto> userWithToken(Mono<UserDto> userDto, ServerHttpResponse response, long expirationMillis) { return userDto.doOnNext(user -> { log.debug("Adding auth header for " + user.getUsername()); addAuthHeader(response, user, expirationMillis); }); }
/** * returns the current user and a new authorization token in the response */ protected UserDto userWithToken(HttpServletResponse response) { UserDto currentUser = LecwUtils.currentUser(); lemonService.addAuthHeader(response, currentUser.getUsername(), jwtExpirationMillis); return currentUser; } }
@Override public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException { // Instead of handle(request, response, authentication), // the statements below are introduced response.setStatus(HttpServletResponse.SC_OK); response.setContentType(MediaType.APPLICATION_JSON_VALUE); String expirationMillisStr = request.getParameter("expirationMillis"); long expirationMillis = expirationMillisStr == null ? defaultExpirationMillis : Long.valueOf(expirationMillisStr); // get the current-user UserDto currentUser = LecwUtils.currentUser(); lemonService.addAuthHeader(response, currentUser.getUsername(), expirationMillis); // write current-user data to the response response.getOutputStream().print( objectMapper.writeValueAsString(currentUser)); // as done in the base class clearAuthenticationAttributes(request); log.debug("Authentication succeeded for user: " + currentUser); } }
/** * Fetches a new token - for session scrolling etc. * @return */ @PreAuthorize("isAuthenticated()") public String fetchNewToken(Optional<Long> expirationMillis, Optional<String> optionalUsername) { UserDto currentUser = LecwUtils.currentUser(); String username = optionalUsername.orElse(currentUser.getUsername()); LecUtils.ensureAuthority(currentUser.getUsername().equals(username) || currentUser.isGoodAdmin(), "com.naturalprogrammer.spring.notGoodAdminOrSameUser"); return LecUtils.TOKEN_PREFIX + blueTokenService.createToken(BlueTokenService.AUTH_AUDIENCE, username, expirationMillis.orElse(properties.getJwt().getExpirationMillis())); }
@PreAuthorize("isAuthenticated()") public Mono<Map<String, String>> fetchFullToken(String authHeader) { LecUtils.ensureCredentials(blueTokenService.parseClaim(authHeader.substring(LecUtils.TOKEN_PREFIX_LENGTH), BlueTokenService.USER_CLAIM) == null, "com.naturalprogrammer.spring.fullTokenNotAllowed"); return LecrUtils.currentUser().map(optionalUser -> { UserDto currentUser = optionalUser.get(); Map<String, Object> claimMap = Collections.singletonMap(BlueTokenService.USER_CLAIM, LecUtils.serialize(currentUser)); // Not serializing converts it to a JsonNode Map<String, String> tokenMap = Collections.singletonMap("token", LecUtils.TOKEN_PREFIX + blueTokenService.createToken(BlueTokenService.AUTH_AUDIENCE, currentUser.getUsername(), Long.valueOf(properties.getJwt().getShortLivedMillis()), claimMap)); return tokenMap; }); }
@PreAuthorize("isAuthenticated()") public Map<String, String> fetchFullToken(String authHeader) { LecUtils.ensureCredentials(blueTokenService.parseClaim(authHeader.substring(LecUtils.TOKEN_PREFIX_LENGTH), BlueTokenService.USER_CLAIM) == null, "com.naturalprogrammer.spring.fullTokenNotAllowed"); UserDto currentUser = LecwUtils.currentUser(); Map<String, Object> claimMap = Collections.singletonMap(BlueTokenService.USER_CLAIM, LecUtils.serialize(currentUser)); // Not serializing converts it to a JsonNode Map<String, String> tokenMap = Collections.singletonMap("token", LecUtils.TOKEN_PREFIX + blueTokenService.createToken(BlueTokenService.AUTH_AUDIENCE, currentUser.getUsername(), Long.valueOf(properties.getJwt().getShortLivedMillis()), claimMap)); return tokenMap; }
@PreAuthorize("isAuthenticated()") public Mono<Map<String, String>> fetchNewToken(ServerWebExchange exchange) { return Mono.zip(LecrUtils.currentUser(), exchange.getFormData()).map(tuple -> { UserDto currentUser = (UserDto) tuple.getT1().get(); String username = tuple.getT2().getFirst("username"); if (StringUtils.isBlank(username)) username = currentUser.getUsername(); long expirationMillis = getExpirationMillis(tuple.getT2()); LecUtils.ensureAuthority(currentUser.getUsername().equals(username) || currentUser.isGoodAdmin(), "com.naturalprogrammer.spring.notGoodAdminOrSameUser"); return Collections.singletonMap("token", LecUtils.TOKEN_PREFIX + blueTokenService.createToken(blueTokenService.AUTH_AUDIENCE, username, expirationMillis)); }); }
@Override protected String determineTargetUrl(HttpServletRequest request, HttpServletResponse response) { UserDto currentUser = LecwUtils.currentUser(); String shortLivedAuthToken = blueTokenService.createToken( BlueTokenService.AUTH_AUDIENCE, currentUser.getUsername(), (long) properties.getJwt().getShortLivedMillis()); String targetUrl = LecwUtils.fetchCookie(request, HttpCookieOAuth2AuthorizationRequestRepository.LEMON_REDIRECT_URI_COOKIE_PARAM_NAME) .map(Cookie::getValue) .orElse(properties.getOauth2AuthenticationSuccessUrl()); return targetUrl + shortLivedAuthToken; } }
addAuthHeader(response, currentUser.getUsername(), expirationMillis.orElse(properties.getJwt().getExpirationMillis()));
/** * Changes the password. */ @UserEditPermission @Transactional(propagation=Propagation.REQUIRED, readOnly=false) public String changePassword(U user, @Valid ChangePasswordForm changePasswordForm) { log.debug("Changing password for user: " + user); // Get the old password of the logged in user (logged in user may be an ADMIN) UserDto currentUser = LecwUtils.currentUser(); U loggedIn = userRepository.findById(toId(currentUser.getId())).get(); String oldPassword = loggedIn.getPassword(); // checks LexUtils.ensureFound(user); LexUtils.validateField("changePasswordForm.oldPassword", passwordEncoder.matches(changePasswordForm.getOldPassword(), oldPassword), "com.naturalprogrammer.spring.wrong.password").go(); // sets the password user.setPassword(passwordEncoder.encode(changePasswordForm.getPassword())); user.setCredentialsUpdatedMillis(System.currentTimeMillis()); userRepository.save(user); log.debug("Changed password for user: " + user); return user.toUserDto().getUsername(); }