if (auth.getDetails() instanceof GeoServerWebAuthenticationDetails) { ((GeoServerWebAuthenticationDetails) auth.getDetails()) .setUserGroupServiceName(userGroupServiceName); new UsernamePasswordAuthenticationToken( auth.getPrincipal(), auth.getCredentials(), roles); newAuth.setDetails(auth.getDetails()); return newAuth;
/** * Creates the final {@code Authentication} object which will be returned from the * {@code authenticate} method. * * @param authentication the original authentication request token * @param user the <tt>UserDetails</tt> instance returned by the configured * <tt>UserDetailsContextMapper</tt>. * @return the Authentication object for the fully authenticated user. */ protected Authentication createSuccessfulAuthentication( UsernamePasswordAuthenticationToken authentication, UserDetails user) { Object password = this.useAuthenticationRequestCredentials ? authentication.getCredentials() : user.getPassword(); UsernamePasswordAuthenticationToken result = new UsernamePasswordAuthenticationToken( user, password, this.authoritiesMapper.mapAuthorities(user.getAuthorities())); result.setDetails(authentication.getDetails()); return result; }
@Override public Authentication authenticate(Authentication authentication, HttpServletRequest request) throws AuthenticationException { UsernamePasswordAuthenticationToken token = (UsernamePasswordAuthenticationToken) authentication; // check if name is root if (GeoServerUser.ROOT_USERNAME.equals(token.getPrincipal()) == false) return null; // check password if (token.getCredentials() != null) { if (getSecurityManager().checkMasterPassword(token.getCredentials().toString())) { Collection<GrantedAuthority> roles = new ArrayList<GrantedAuthority>(); roles.add(GeoServerRole.ADMIN_ROLE); UsernamePasswordAuthenticationToken result = new UsernamePasswordAuthenticationToken( GeoServerUser.ROOT_USERNAME, null, roles); result.setDetails(token.getDetails()); return result; } } // not BadCredentialException is thrown, maybe there is another user with // the same name log(new BadCredentialsException("Bad credentials for: " + token.getPrincipal())); return null; } }
@Test public void testAuthenticates() { UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken( "rod", "koala"); token.setDetails("192.168.0.1"); DaoAuthenticationProvider provider = createProvider(); provider.setUserDetailsService(new MockUserDetailsServiceUserRod()); provider.setUserCache(new MockUserCache()); Authentication result = provider.authenticate(token); if (!(result instanceof UsernamePasswordAuthenticationToken)) { fail("Should have returned instance of UsernamePasswordAuthenticationToken"); } UsernamePasswordAuthenticationToken castResult = (UsernamePasswordAuthenticationToken) result; assertThat(castResult.getPrincipal().getClass()).isEqualTo(User.class); assertThat(castResult.getCredentials()).isEqualTo("koala"); assertThat( AuthorityUtils.authorityListToSet(castResult.getAuthorities())).contains( "ROLE_ONE", "ROLE_TWO"); assertThat(castResult.getDetails()).isEqualTo("192.168.0.1"); }
public void authenticateSession(HttpSession session, UserDetails user) { UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken( user.getUsername(), user.getPassword()); UsernamePasswordAuthenticationToken result = new UsernamePasswordAuthenticationToken( user, authRequest.getCredentials(), user.getAuthorities()); result.setDetails(authRequest.getDetails()); SecurityContext ctx = SecurityContextHolder.createEmptyContext(); ctx.setAuthentication(result); session.setAttribute( UsernamePasswordAuthenticationFilter.SPRING_SECURITY_LAST_USERNAME_KEY, TextEscapeUtils.escapeEntities(user.getUsername())); session.setAttribute( HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY, ctx); AuthenticationSuccessEvent event = new AuthenticationSuccessEvent( result); applicationContext.publishEvent(event); }
/** * Creates the final <tt>Authentication</tt> object which will be returned from the <tt>authenticate</tt> method. * * @param authentication the original authentication request token * @param user the <tt>UserDetails</tt> instance returned by the configured <tt>UserDetailsContextMapper</tt>. * @return the Authentication object for the fully authenticated user. */ protected Authentication createSuccessfulAuthentication(UsernamePasswordAuthenticationToken authentication, UserDetails user) { Object password = useAuthenticationRequestCredentials ? authentication.getCredentials() : user.getPassword(); UsernamePasswordAuthenticationToken result = new UsernamePasswordAuthenticationToken(user, password, user.getAuthorities()); result.setDetails(authentication.getDetails()); return result; }
@Override protected void additionalAuthenticationChecks(UserDetails userDetails, UsernamePasswordAuthenticationToken authentication) throws AuthenticationException { super.additionalAuthenticationChecks(userDetails, authentication); if (authentication.getDetails() instanceof TotpWebAuthenticationDetails) { String secret = ((JpaUserDetails) userDetails).getSecret(); if (StringUtils.hasText(secret)) { Integer totpKey = ((TotpWebAuthenticationDetails) authentication .getDetails()).getTotpKey(); if (totpKey != null) { try { if (!TotpAuthenticatorUtil.verifyCode(secret, totpKey, 2)) { throw new BadCredentialsException( "Google Authenticator Code is not valid"); } } catch (InvalidKeyException | NoSuchAlgorithmException e) { throw new InternalAuthenticationServiceException( "Google Authenticator Code verify failed", e); } } else { throw new MissingTotpKeyAuthenticatorException( "Google Authenticator Code is mandatory"); } } } }
@Override protected UserDetails retrieveUser(String username, UsernamePasswordAuthenticationToken authentication) throws AuthenticationException { //添加额外处理,如验证码等 Object details = authentication.getDetails(); if (details instanceof CustomWebAuthenticationDetails) { CustomWebAuthenticationDetails customWebAuthenticationDetails = (CustomWebAuthenticationDetails) details; if (!StringUtils.equalsIgnoreCase(customWebAuthenticationDetails.getInputVerificationCode(), customWebAuthenticationDetails.getSessionVerificationCode())) { throw new VerificationCodeException("验证码错误!"); } } try { UserDetails loadedUser = userService.loadUserByUsername(username); if (loadedUser == null) { throw new InternalAuthenticationServiceException( "UserDetailsService returned null, which is an interface contract violation"); } return loadedUser; } catch (UsernameNotFoundException ex) { throw ex; } catch (InternalAuthenticationServiceException ex) { throw ex; } catch (Exception ex) { throw new InternalAuthenticationServiceException(ex.getMessage(), ex); } }
new UsernamePasswordAuthenticationToken( auth.getPrincipal(), auth.getCredentials(), roles); newAuth.setDetails(auth.getDetails()); return newAuth;
/** * Creates the final {@code Authentication} object which will be returned from the * {@code authenticate} method. * * @param authentication the original authentication request token * @param user the <tt>UserDetails</tt> instance returned by the configured * <tt>UserDetailsContextMapper</tt>. * @return the Authentication object for the fully authenticated user. */ protected Authentication createSuccessfulAuthentication( UsernamePasswordAuthenticationToken authentication, UserDetails user) { Object password = this.useAuthenticationRequestCredentials ? authentication.getCredentials() : user.getPassword(); UsernamePasswordAuthenticationToken result = new UsernamePasswordAuthenticationToken( user, password, this.authoritiesMapper.mapAuthorities(user.getAuthorities())); result.setDetails(authentication.getDetails()); return result; }
(WebAuthenticationDetails) authentication.getDetails(); String requestIp = details.getRemoteAddress();
(WebAuthenticationDetails) authentication.getDetails(); String requestIp = details.getRemoteAddress();
assertNull(result.getCredentials()); assertEquals(GeoServerUser.ROOT_USERNAME, result.getPrincipal()); assertEquals("hallo", result.getDetails());