/** * Copies the authentication details from a source Authentication object to a * destination one, provided the latter does not already have one set. * * @param source source authentication * @param dest the destination authentication object */ private void copyDetails(Authentication source, Authentication dest) { if ((dest instanceof AbstractAuthenticationToken) && (dest.getDetails() == null)) { AbstractAuthenticationToken token = (AbstractAuthenticationToken) dest; token.setDetails(source.getDetails()); } }
/** * Copies the authentication details from a source Authentication object to a * destination one, provided the latter does not already have one set. * * @param source source authentication * @param dest the destination authentication object */ private void copyDetails(Authentication source, Authentication dest) { if ((dest instanceof AbstractAuthenticationToken) && (dest.getDetails() == null)) { AbstractAuthenticationToken token = (AbstractAuthenticationToken) dest; token.setDetails(source.getDetails()); } }
/** * Default implementation returns the user authentication associated with the auth token, if the token is provided. Otherwise, the consumer authentication * is returned. * * @param request The request that was successfully authenticated. * @param authentication The consumer authentication (details about how the request was authenticated). * @param authToken The OAuth token associated with the authentication. This token MAY be null if no authenticated token was needed to successfully * authenticate the request (for example, in the case of 2-legged OAuth). * @return The authentication. */ public Authentication createAuthentication(HttpServletRequest request, ConsumerAuthentication authentication, OAuthAccessProviderToken authToken) { if (authToken != null) { Authentication userAuthentication = authToken.getUserAuthentication(); if (userAuthentication instanceof AbstractAuthenticationToken) { //initialize the details with the consumer that is actually making the request on behalf of the user. ((AbstractAuthenticationToken) userAuthentication).setDetails(new OAuthAuthenticationDetails(request, authentication.getConsumerDetails())); } return userAuthentication; } return authentication; } }
@Override protected OAuth2Authentication getOAuth2Authentication(ClientDetails client, TokenRequest tokenRequest) { Map<String, String> parameters = new LinkedHashMap<String, String>(tokenRequest.getRequestParameters()); String username = parameters.get("username"); String password = parameters.get("password"); // Protect from downstream leaks of password parameters.remove("password"); Authentication userAuth = new UsernamePasswordAuthenticationToken(username, password); ((AbstractAuthenticationToken) userAuth).setDetails(parameters); try { userAuth = authenticationManager.authenticate(userAuth); } catch (AccountStatusException ase) { //covers expired, locked, disabled cases (mentioned in section 5.2, draft 31) throw new InvalidGrantException(ase.getMessage()); } catch (BadCredentialsException e) { // If the username/password are wrong the spec says we should send 400/invalid grant throw new InvalidGrantException(e.getMessage()); } if (userAuth == null || !userAuth.isAuthenticated()) { throw new InvalidGrantException("Could not authenticate user: " + username); } OAuth2Request storedOAuth2Request = getRequestFactory().createOAuth2Request(client, tokenRequest); return new OAuth2Authentication(storedOAuth2Request, userAuth); } }
if (authentication instanceof AbstractAuthenticationToken) { AbstractAuthenticationToken needsDetails = (AbstractAuthenticationToken) authentication; needsDetails.setDetails(authenticationDetailsSource.buildDetails(request));
/** * Decode and validate the * <a href="https://tools.ietf.org/html/rfc6750#section-1.2" target="_blank">Bearer Token</a>. * * @param authentication the authentication request object. * * @return A successful authentication * @throws AuthenticationException if authentication failed for some reason */ @Override public Authentication authenticate(Authentication authentication) throws AuthenticationException { BearerTokenAuthenticationToken bearer = (BearerTokenAuthenticationToken) authentication; Jwt jwt; try { jwt = this.jwtDecoder.decode(bearer.getToken()); } catch (JwtException failed) { OAuth2Error invalidToken = invalidToken(failed.getMessage()); throw new OAuth2AuthenticationException(invalidToken, invalidToken.getDescription(), failed); } AbstractAuthenticationToken token = this.jwtAuthenticationConverter.convert(jwt); token.setDetails(bearer.getDetails()); return token; }
((AbstractAuthenticationToken) authentication).setDetails(call.getAttributes());
/** * Set auth details if it possible * @param authentication * @param details * @return true if update details is success */ public static boolean setDetailsIfPossible(Authentication authentication, Object details) { if(authentication instanceof AbstractAuthenticationToken) { ((AbstractAuthenticationToken)authentication).setDetails(details); return true; } return false; }
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.springframework.security.authentication.AbstractAuthenticationToken; import org.springframework.security.core.context.SecurityContext; import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.stereotype.Component; import org.springframework.web.servlet.ModelAndView; import org.springframework.web.servlet.handler.HandlerInterceptorAdapter; @Component public class DomainInterceptor extends HandlerInterceptorAdapter { @Override public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) { String domain = null; // TODO extra domain from request here SecurityContext context = SecurityContextHolder.getContext(); AbstractAuthenticationToken authentication = (AbstractAuthenticationToken) context.getAuthentication(); authentication.setDetails(domain); return true; } }
@Override public void setDetails(Object details) { super.setDetails(details); this.setAuthenticated(true); }
protected Authentication convertToAuthentication(Subject subject) { AbstractAuthenticationToken authToken = null; Set<UsernamePasswordPrincipal> principalSet = subject.getPrincipals(UsernamePasswordPrincipal.class); if (principalSet.size() > 0) { UsernamePasswordPrincipal upp = principalSet.iterator().next(); authToken = new UsernamePasswordAuthenticationToken(upp.getName(), upp.getPassword()); } if (authToken != null) { Set<DomainPrincipal> auxset = subject.getPrincipals(DomainPrincipal.class); if (auxset.size() > 0) { String domain = auxset.iterator().next().getName(); authToken.setDetails(domain); } } return authToken; } }
@Override protected void doFilterInternal(final HttpServletRequest request, final HttpServletResponse response, final FilterChain filterChain) throws ServletException, IOException { final Authentication currentAuthentication = SecurityContextHolder.getContext().getAuthentication(); // Pass through recorded credentials and details object final Object currentCredentials = currentAuthentication.getCredentials(); final Object currentDetails = currentAuthentication.getDetails(); // Change username to value retrieved from header final String decoratedUsername = request.getHeader(USERNAME); // Merge authorities granted via existing authentication with values in header final List<GrantedAuthority> decoratedRoles = AuthorityUtils.commaSeparatedStringToAuthorityList(request.getHeader(ROLES)); decoratedRoles.addAll(currentAuthentication.getAuthorities()); final AbstractAuthenticationToken decoratedAuthentication = new PreAuthenticatedAuthenticationToken(decoratedUsername, currentCredentials, decoratedRoles); decoratedAuthentication.setDetails(currentDetails); SecurityContextHolder.getContext().setAuthentication(decoratedAuthentication); filterChain.doFilter(request, response); }
@Override public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException { Authentication authentication = super.attemptAuthentication(request, response); if (authentication instanceof AbstractAuthenticationToken) { AbstractAuthenticationToken token = (AbstractAuthenticationToken)authentication; token.setDetails(authenticationDetailsSource.buildDetails(request)); } return authentication; } }
public DefaultUserAuthenticationToken(UserDetails details) { super(details.getAuthorities()); super.setDetails(details); _credentials = details.getPassword(); }
/** * Copies the authentication details from a source Authentication object to a destination one, provided the * latter does not already have one set. * * @param source source authentication * @param dest the destination authentication object */ private void copyDetails(Authentication source, Authentication dest) { if ((dest instanceof AbstractAuthenticationToken) && (dest.getDetails() == null)) { AbstractAuthenticationToken token = (AbstractAuthenticationToken) dest; token.setDetails(source.getDetails()); } }
/** * Copies the authentication details from a source Authentication object to a * destination one, provided the latter does not already have one set. * * @param source source authentication * @param dest the destination authentication object */ private void copyDetails(Authentication source, Authentication dest) { if ((dest instanceof AbstractAuthenticationToken) && (dest.getDetails() == null)) { AbstractAuthenticationToken token = (AbstractAuthenticationToken) dest; token.setDetails(source.getDetails()); } }
if (authentication instanceof AbstractAuthenticationToken) { AbstractAuthenticationToken needsDetails = (AbstractAuthenticationToken) authentication; needsDetails.setDetails(authenticationDetailsSource.buildDetails(request));
@Override protected OAuth2Authentication getOAuth2Authentication(ClientDetails client, TokenRequest tokenRequest) { Map<String, String> parameters = new LinkedHashMap<String, String>(tokenRequest.getRequestParameters()); String username = parameters.get("username"); String password = parameters.get("password"); // Protect from downstream leaks of password parameters.remove("password"); Authentication userAuth = new UsernamePasswordAuthenticationToken(username, password); ((AbstractAuthenticationToken) userAuth).setDetails(parameters); try { userAuth = authenticationManager.authenticate(userAuth); } catch (AccountStatusException ase) { //covers expired, locked, disabled cases (mentioned in section 5.2, draft 31) throw new InvalidGrantException(ase.getMessage()); } catch (BadCredentialsException e) { // If the username/password are wrong the spec says we should send 400/invalid grant throw new InvalidGrantException(e.getMessage()); } if (userAuth == null || !userAuth.isAuthenticated()) { throw new InvalidGrantException("Could not authenticate user: " + username); } OAuth2Request storedOAuth2Request = getRequestFactory().createOAuth2Request(client, tokenRequest); return new OAuth2Authentication(storedOAuth2Request, userAuth); } }
@Override public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException { Authentication authentication = super.attemptAuthentication(request, response); if (authentication.getCredentials() instanceof SAMLCredential) { SAMLCredential credential = (SAMLCredential)authentication.getCredentials(); //Note: EXTERNAL_AUTH_ID_ATTR_NAME value may differ from getExternalAuthenticatorIdAttrName() //analogously for ACCESS_TO_LICENSED_RESOURCES request.setAttribute(EXTERNAL_AUTH_ID_ATTR_NAME, credential.getAttributeAsString(getExternalAuthenticatorIdAttrName())); request.setAttribute(ACCESS_TO_LICENSED_RESOURCES, credential.getAttributeAsString(getAccessToLicensedResources())); } if (authentication instanceof AbstractAuthenticationToken) { AbstractAuthenticationToken token = (AbstractAuthenticationToken)authentication; token.setDetails(authenticationDetailsSource.buildDetails(request)); } return authentication; }
/** * Decode and validate the * <a href="https://tools.ietf.org/html/rfc6750#section-1.2" target="_blank">Bearer Token</a>. * * @param authentication the authentication request object. * * @return A successful authentication * @throws AuthenticationException if authentication failed for some reason */ @Override public Authentication authenticate(Authentication authentication) throws AuthenticationException { BearerTokenAuthenticationToken bearer = (BearerTokenAuthenticationToken) authentication; Jwt jwt; try { jwt = this.jwtDecoder.decode(bearer.getToken()); } catch (JwtException failed) { OAuth2Error invalidToken = invalidToken(failed.getMessage()); throw new OAuth2AuthenticationException(invalidToken, invalidToken.getDescription(), failed); } AbstractAuthenticationToken token = this.jwtAuthenticationConverter.convert(jwt); token.setDetails(bearer.getDetails()); return token; }