public UaaAuthenticationDetails(HttpServletRequest request, String clientId) { WebAuthenticationDetails webAuthenticationDetails = new WebAuthenticationDetails(request); this.origin = webAuthenticationDetails.getRemoteAddress(); this.sessionId = webAuthenticationDetails.getSessionId(); if (clientId == null) { this.clientId = request.getParameter("client_id"); if(!StringUtils.hasText(this.clientId)) { String authHeader = request.getHeader("Authorization"); if(StringUtils.hasText(authHeader) && authHeader.startsWith("Basic ")) { String decodedCredentials = new String(Base64.decode(authHeader.substring("Basic ".length()))); String[] split = decodedCredentials.split(":"); if (split == null || split.length == 0) throw new BadCredentialsException("Invalid basic authentication token"); this.clientId = split[0]; } } } else { this.clientId = clientId; } this.addNew = Boolean.parseBoolean(request.getParameter(ADD_NEW)); this.loginHint = UaaLoginHint.parseRequestParameter(request.getParameter("login_hint")); this.parameterMap = request.getParameterMap(); }
verify(validator, times(2)).validate(ticket, serviceUrl); token.setDetails(new WebAuthenticationDetails(new MockHttpServletRequest())); try { cap.authenticate(token);
/** * Builds the Spring Authentication object using the supplied user name and groups looked up from LDAP. Groups are currently * mapped directly to Spring roles by converting to upper case and prepending the name with "ROLE_". * @param userName The username to build the Authentication object with. * @param httpRequest HttpServletRequest * @return Authentication object for the given user. */ protected Authentication getAuthentication(String userName, HttpServletRequest httpRequest) { String ldapName = LdapNameBuilder.newInstance().add(userSearchBase).add("uid", userName).build().toString(); // Search ldap for a user's groups and convert to a Spring role List<GrantedAuthority> grantedAuths = ldapTemplate.search(query() .where("objectclass") .is("groupOfNames") .and("member") .is(ldapName), (AttributesMapper<String>) attrs -> (String) attrs.get("cn").get()) .stream() .map(group -> String.format("%s%s", SECURITY_ROLE_PREFIX, group.toUpperCase())) .map(SimpleGrantedAuthority::new).collect(Collectors.toList()); final UserDetails principal = new User(userName, "", grantedAuths); final UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken( principal, "", grantedAuths); WebAuthenticationDetails webDetails = new WebAuthenticationDetails(httpRequest); authentication.setDetails(webDetails); return authentication; }
/** * @param context the {@code HttpServletRequest} object. * @return the {@code WebAuthenticationDetails} containing information about the * current request */ public WebAuthenticationDetails buildDetails(HttpServletRequest context) { return new WebAuthenticationDetails(context); } }
private void authenticateUser(String username, String password, HttpServletRequest request) { UsernamePasswordAuthenticationToken authToken = new UsernamePasswordAuthenticationToken(username, password); HttpSession session = request.getSession(); authToken.setDetails(new WebAuthenticationDetails(request)); Authentication authentication = authenticationManager.authenticate(authToken); SecurityContextHolder.getContext().setAuthentication(authentication); // creates context for that session. session.setAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY, SecurityContextHolder.getContext()); //set necessary details in session session.setAttribute("username", username); session.setAttribute("authorities", authentication.getAuthorities()); }
final UserDetails principal = new User(userName, "", grantedAuths); final Authentication finalAuthentication = new UsernamePasswordAuthenticationToken(principal, "", grantedAuths); final WebAuthenticationDetails webDetails = new WebAuthenticationDetails(httpRequest);
final UserDetails principal = new User(userName, "", grantedAuths); final Authentication finalAuthentication = new UsernamePasswordAuthenticationToken(principal, "", grantedAuths); WebAuthenticationDetails webDetails = new WebAuthenticationDetails(httpRequest); ((AbstractAuthenticationToken) finalAuthentication).setDetails(webDetails); authenticationProvider.setSsoEnabled(ssoEnabled);
new UsernamePasswordAuthenticationToken(login.getUsername(), login.getPassword()); authToken.setDetails(new WebAuthenticationDetails(request));