protected Profile getProfile(String tenant, Profile userData) { try { return profileService.getProfileByUsername(tenant, userData.getUsername()); } catch (ProfileException e) { throw new AuthenticationException("Unable to retrieve current profile for user '" + userData.getUsername() + "' of tenant '" + tenant + "'", e); } }
protected void onLoginSuccess(RequestContext context, Authentication authentication) throws Exception { logger.info("Login successful for user '" + authentication.getProfile().getUsername() + "'"); HttpServletRequest request = context.getRequest(); clearSession(request); SecurityUtils.setAuthentication(request, authentication); loginSuccessHandler.handle(context, authentication); }
protected Profile createProfile(String tenant, Connection<?> connection, Profile userData) { try { ConnectionUtils.addConnectionData(userData, connection.createData(), textEncryptor); return profileService.createProfile(tenant, userData.getUsername(), null, userData.getEmail(), true, userData.getRoles(), userData.getAttributes(), null); } catch (CryptoException | ProfileException e) { throw new AuthenticationException("Unable to create profile of user '" + userData.getUsername() + "' in tenant '" + tenant + "'", e); } }
protected void onLogoutSuccess(RequestContext context, Authentication authentication) throws IOException { if (authentication != null) { logger.debug("Logout for user '" + authentication.getProfile().getUsername() + "' successful"); if (authentication.isRemembered()) { rememberMeManager.disableRememberMe(context); } SecurityUtils.removeAuthentication(context.getRequest()); final HttpSession session = context.getRequest().getSession(); if (session != null) { try { session.invalidate(); context.getRequest().getSession(true);//New Session after old stuff is killed } catch (IllegalStateException ex) { // DO noting logger.debug("Http Session was already invalidated"); } } } else { logger.debug("No logout done: user wasn't authenticated"); } logoutSuccessHandler.handle(context); }
/** * Handles the specified {@link AccessDeniedException}, by calling the {@link AccessDeniedHandler}. */ protected void handleAccessDeniedException(RequestContext context, AccessDeniedException e) throws SecurityProviderException, IOException { Authentication auth = SecurityUtils.getAuthentication(context.getRequest()); // If user is anonymous, authentication is required if (auth == null) { try { // Throw ex just to initialize stack trace throw new AuthenticationRequiredException("Authentication required to access the resource", e); } catch (AuthenticationRequiredException ae) { logger.debug("Authentication is required", ae); authenticationRequiredHandler.handle(context, ae); } } else { logger.debug("Access denied to user '" + auth.getProfile().getUsername() + "'", e); accessDeniedHandler.handle(context, e); } }
@Override public void processRequest(RequestContext context, RequestSecurityProcessorChain processorChain) throws Exception { HttpServletRequest request = context.getRequest(); String username = request.getHeader(usernameHeaderName); Authentication auth = SecurityUtils.getAuthentication(request); if (StringUtils.isNotEmpty(username) && (auth == null || !auth.getProfile().getUsername().equals(username))) { String[] tenantNames = tenantsResolver.getTenants(); Tenant tenant = getSsoEnabledTenant(tenantNames); if (tenant != null) { Profile profile = profileService.getProfileByUsername(tenant.getName(), username); if (profile == null) { profile = createProfileWithSsoInfo(username, tenant, request); } SecurityUtils.setAuthentication(request, authenticationManager.authenticateUser(profile)); } else { logger.warn("An SSO login was attempted, but none of the tenants [{}] is enabled for SSO", tenantNames); } } processorChain.processRequest(context); }
protected Profile updateProfileConnectionData(String tenant, Connection<?> connection, Profile profile) { try { ConnectionUtils.addConnectionData(profile, connection.createData(), textEncryptor); return profileService.updateAttributes(profile.getId().toString(), profile.getAttributes()); } catch (CryptoException | ProfileException e) { throw new AuthenticationException("Unable to update connection data of user '" + profile.getUsername() + "' of tenant '" + tenant + "'", e); } }