protected Authentication createAnonymousAuthentication(Request request,Response response,AuthenticationContext context) { return new SimpleAuthentication(createAnonymous(request, response, context)); }
@Override public void forgetRememberedUser(Request request, Response response) { removeCookie(request, response); }
@Override public void onLogoutSuccess(Request request, Response response) { setCookie(request, response, getLogoutToken()); }
Authentication authc = null; if(State.isContinue(tokenAuthenticationManager.preResolveAuthentication(request, response, context))) { authc = context.getAuthentication(); Result<Authentication> r = h.resolveAuthentication(request, response, context); if(null == r || r.isEmpty()) { continue; authc = Result.value(tokenAuthenticationManager.resolveAuthentication(request, response, context)); if(null == authc) { authc = Result.value(rememberMeManager.resolveAuthentication(request, response, context)); authc = new WrappedAuthentication(authc,createAnonymous(request, response, context)); loginImmediately(request, response, authc); return null == authc ? createAnonymousAuthentication(request, response, context) : authc;
@Override public Authentication authenticate(CredentialsAuthenticationContext context, Credentials credentials) { Out<UserPrincipal> user = new Out<>(); State s = beforeAuthenticate(context,credentials,user); if(State.isIntercepted(s)){ if(null != user.getValue()) { return new SimpleAuthentication(user.getValue(), credentials); }else { return null; } } Authentication authentication = authentication(context,credentials,user); return afterAuthenticate(context,credentials,authentication); }
protected void handleAuthzServerLogoutNotification(Request request, Response response) throws Throwable { log.debug("Logout by oauth2 authorization server"); am.logoutImmediately(request, response); }
protected Authentication authentication(CredentialsAuthenticationContext context, Credentials credentials,Out<UserPrincipal> user){ for(CredentialsAuthenticator a : credentialsAuthenticators) { if(a.authenticate(context, credentials, user)) { break; } } Authentication authentication = null; if(null != user.getValue()) { authentication = new SimpleAuthentication(user.getValue(), credentials); } return authentication; }
@Override public void loginImmediately(Request request, Response response, Authentication authc) { log.debug("User {} logged in", authc.getUser().getLoginName()); saveAuthentication(request, response, authc); if(securityConfig.isAuthenticationTokenEnabled()) { tokenAuthenticationManager.onLoginSuccess(request, response, authc); } if(securityConfig.isRememberMeEnabled() && !authc.isRememberMe()) { rememberMeManager.onLoginSuccess(request, response, authc); } for(AuthenticationResolver h : resolvers) { h.onLoginSuccess(request, response, authc); } }
@Override public State handleLoginAuthentication(Request request, Response response, LoginContext context) throws Throwable { if(!context.isError()) { Credentials credentials = context.getCredentials(); if(null != credentials){ try { Authentication authc = authenticationManager.authenticate(context, credentials); if(null != authc){ context.setUser(authc.getUser()); } } catch (AuthenticationException e) { //TODO : handle authentication exception log.error(e.getMessage(), e); } } } return State.CONTINUE; }
protected void login(Request request, Response response, Authentication authc) throws Throwable { am.loginImmediately(request, response, authc); sm.handleLoginSuccess(request, response, authc); } }
protected void setRememberMeCookie(Request request,Response response,String username,String password) { int maxAge = getCookieMaxAge(request); long expires = System.currentTimeMillis() + maxAge * 1000L; String tokens = encodeRememberMeTokens(username, password, expires); setCookie(request, response, tokens, maxAge); }
@Override public State preResolveAuthentication(Request request, Response response, AuthenticationContext context) throws Throwable { if(!securityConfig.isAuthenticationTokenEnabled()) { return State.CONTINUE; } String token = getToken(request); if(getLogoutToken().equals(token)){ sessionManager.removeAuthentication(request); } context.setAuthenticationToken(token); return State.CONTINUE; }
@Override public void logoutImmediately(Request request, Response response) { //TODO : handle exception. sessionManager.removeAuthentication(request); if(securityConfig.isAuthenticationTokenEnabled()) { tokenAuthenticationManager.onLogoutSuccess(request, response); } if(securityConfig.isRememberMeEnabled()) { rememberMeManager.onLogoutSuccess(request, response); } for (AuthenticationResolver h : resolvers) { h.onLogoutSuccess(request, response); } }
@Override public void onLoginSuccess(Request request, Response response, Authentication authc) { if(authc instanceof TokenAuthentication) { return; } if(null == authc.getToken()){ String token = tokenAuthenticator.generateAuthenticationToken(request, response, authc); authc.setToken(token); } setCookie(request, response, authc.getToken()); }
protected String encodeRememberMeTokens(String username,String password,long expires) { String key = securityConfig.getRememberMeSecret(); if(Strings.isEmpty(key)) { throw new RememberMeException("Cannot sign the remember-me tokens, secret must be provided"); } String signed = sign(username, password, expires); String data = username + ":" + String.valueOf(expires) + ":" + signed; //removes all the '=' characters StringBuilder sb = new StringBuilder(Base64.encode(data)); while (sb.charAt(sb.length() - 1) == '=') { sb.deleteCharAt(sb.length() - 1); } return sb.toString(); }
@Override public String toString() { UserPrincipal user = getUser(); ClientPrincipal client = getClient(); StringBuilder s = new StringBuilder(); s.append("Authc[user=") .append(null == user ? "n/a" : user.getLoginName()) .append(",client=") .append(null == client ? "n/a" : client.getIdAsString()) .append("]") ; return s.toString(); } }
@Override public Authentication resolveAuthentication(Request request, Response response,SecurityContextHolder context) throws Throwable { return authcManager.resolveAuthentication(request, response, context); }
@Override public void onLogoutSuccess(Request request, Response response) { forgetRememberedUser(request, response); }
@Override public void onLogoutSuccess(Request request, Response response) { removeCookie(request, response); }
protected void login(Request request, Response response, Authentication authc) throws Throwable { am.loginImmediately(request, response, authc); lm.handleLoginSuccess(request, response, authc); }