org.springframework.security.core.context.SecurityContextHolder Java Examples
The following examples show how to use
org.springframework.security.core.context.SecurityContextHolder.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: JWTFilterTest.java From jhipster-microservices-example with Apache License 2.0 | 7 votes |
|
@Test
public void testJWTFilter() throws Exception {
UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(
"test-user",
"test-password",
Collections.singletonList(new SimpleGrantedAuthority(AuthoritiesConstants.USER))
);
String jwt = tokenProvider.createToken(authentication, false);
MockHttpServletRequest request = new MockHttpServletRequest();
request.addHeader(JWTConfigurer.AUTHORIZATION_HEADER, "Bearer " + jwt);
request.setRequestURI("/api/test");
MockHttpServletResponse response = new MockHttpServletResponse();
MockFilterChain filterChain = new MockFilterChain();
jwtFilter.doFilter(request, response, filterChain);
assertThat(response.getStatus()).isEqualTo(HttpStatus.OK.value());
assertThat(SecurityContextHolder.getContext().getAuthentication().getName()).isEqualTo("test-user");
assertThat(SecurityContextHolder.getContext().getAuthentication().getCredentials().toString()).isEqualTo(jwt);
}
Example #2
| Source File: JWTFilterTest.java From e-commerce-microservice with Apache License 2.0 | 6 votes |
|
@Test
public void testJWTFilter() throws Exception {
UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(
"test-user",
"test-password",
Collections.singletonList(new SimpleGrantedAuthority(AuthoritiesConstants.USER))
);
String jwt = tokenProvider.createToken(authentication, false);
MockHttpServletRequest request = new MockHttpServletRequest();
request.addHeader(JWTFilter.AUTHORIZATION_HEADER, "Bearer " + jwt);
request.setRequestURI("/api/test");
MockHttpServletResponse response = new MockHttpServletResponse();
MockFilterChain filterChain = new MockFilterChain();
jwtFilter.doFilter(request, response, filterChain);
assertThat(response.getStatus()).isEqualTo(HttpStatus.OK.value());
assertThat(SecurityContextHolder.getContext().getAuthentication().getName()).isEqualTo("test-user");
assertThat(SecurityContextHolder.getContext().getAuthentication().getCredentials().toString()).isEqualTo(jwt);
}
Example #3
| Source File: _CustomSignInAdapter.java From jhipster-ribbon-hystrix with GNU General Public License v3.0 | 6 votes |
|
@Override
public String signIn(String userId, Connection<?> connection, NativeWebRequest request){
try {
UserDetails user = userDetailsService.loadUserByUsername(userId);
UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken(
user,
null,
user.getAuthorities());
SecurityContextHolder.getContext().setAuthentication(authenticationToken);
String jwt = tokenProvider.createToken(authenticationToken, false);
ServletWebRequest servletWebRequest = (ServletWebRequest) request;
servletWebRequest.getResponse().addCookie(getSocialAuthenticationCookie(jwt));
} catch (AuthenticationException exception) {
log.error("Social authentication error");
}
return jHipsterProperties.getSocial().getRedirectAfterSignIn();
}
Example #4
| Source File: JwtAuthenticationFilter.java From Spring-Boot-Blog-REST-API with GNU Affero General Public License v3.0 | 6 votes |
|
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
try{
String jwt = getJwtFromRequest(request);
if (StringUtils.hasText(jwt) && tokenProvider.validateToken(jwt)){
Long userId = tokenProvider.getUserIdFromJWT(jwt);
UserDetails userDetails = customUserDetailsService.loadUserById(userId);
UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken(userDetails, null, userDetails.getAuthorities());
authenticationToken.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
SecurityContextHolder.getContext().setAuthentication(authenticationToken);
}
} catch (Exception ex){
LOGGER.error("Could not set user authentication in security context", ex);
}
filterChain.doFilter(request, response);
}
Example #5
| Source File: JwtTokenFilter.java From spring-boot-jwt with MIT License | 6 votes |
|
@Override
protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException {
String token = jwtTokenProvider.resolveToken(httpServletRequest);
try {
if (token != null && jwtTokenProvider.validateToken(token)) {
Authentication auth = jwtTokenProvider.getAuthentication(token);
SecurityContextHolder.getContext().setAuthentication(auth);
}
} catch (CustomException ex) {
//this is very important, since it guarantees the user is not authenticated at all
SecurityContextHolder.clearContext();
httpServletResponse.sendError(ex.getHttpStatus().value(), ex.getMessage());
return;
}
filterChain.doFilter(httpServletRequest, httpServletResponse);
}
Example #6
| Source File: FrontendSmokeTest.java From devicehive-java-server with Apache License 2.0 | 6 votes |
|
@Test
public void should_delete_network() throws Exception {
UserVO user = new UserVO();
user.setLogin(RandomStringUtils.randomAlphabetic(10));
user.setRole(UserRole.ADMIN);
user = userService.createUser(user, VALID_PASSWORD);
String namePrefix = RandomStringUtils.randomAlphabetic(10);
NetworkVO network = new NetworkVO();
network.setName(namePrefix + randomUUID());
network.setDescription("network description_" + randomUUID());
NetworkVO created = networkService.create(network);
assertThat(created.getId(), notNullValue());
userService.assignNetwork(user.getId(), network.getId());
final HivePrincipal principal = new HivePrincipal(user);
SecurityContextHolder.getContext().setAuthentication(new HiveAuthentication(principal));
boolean deleted = networkService.delete(created.getId(), true);
assertTrue(deleted);
created = networkDao.find(created.getId());
assertThat(created, Matchers.nullValue());
}
Example #7
| Source File: SpringSecurityCookieTokenStore.java From keycloak with Apache License 2.0 | 6 votes |
|
@Override
public void checkCurrentToken() {
final KeycloakPrincipal<RefreshableKeycloakSecurityContext> principal =
checkPrincipalFromCookie();
if (principal != null) {
final RefreshableKeycloakSecurityContext securityContext =
principal.getKeycloakSecurityContext();
KeycloakSecurityContext current = ((OIDCHttpFacade) facade).getSecurityContext();
if (current != null) {
securityContext.setAuthorizationContext(current.getAuthorizationContext());
}
final Set<String> roles = AdapterUtils.getRolesFromSecurityContext(securityContext);
final OidcKeycloakAccount account =
new SimpleKeycloakAccount(principal, roles, securityContext);
SecurityContextHolder.getContext()
.setAuthentication(new KeycloakAuthenticationToken(account, false));
} else {
super.checkCurrentToken();
}
cookieChecked = true;
}
Example #8
| Source File: QuestionAction.java From ExamStack with GNU General Public License v2.0 | 6 votes |
|
/**
* 添加试题
*
* @param question
* @return
*/
@RequestMapping(value = "/secure/question/question-add", method = RequestMethod.POST)
public @ResponseBody Message addQuestion(@RequestBody Question question) {
UserDetails userDetails = (UserDetails) SecurityContextHolder.getContext().getAuthentication().getPrincipal();
Message message = new Message();
Gson gson = new Gson();
question.setContent(gson.toJson(question.getQuestionContent()));
question.setCreate_time(new Date());
question.setCreator(userDetails.getUsername());
try {
questionService.addQuestion(question);
} catch (Exception e) {
// TODO Auto-generated catch block
message.setResult("error");
message.setMessageInfo(e.getClass().getName());
e.printStackTrace();
}
return message;
}
Example #9
| Source File: FeedbackControllerTest.java From molgenis with GNU Lesser General Public License v3.0 | 6 votes |
|
@Test
void initFeedbackAnonymous() throws Exception {
SecurityContextHolder.getContext()
.setAuthentication(new TestingAuthenticationToken("anonymous", null));
List<String> adminEmails = Collections.singletonList("[email protected]");
when(userService.getSuEmailAddresses()).thenReturn(adminEmails);
verify(userService, never()).getUser("anonymous");
mockMvcFeedback
.perform(get(FeedbackController.URI))
.andExpect(status().isOk())
.andExpect(view().name("view-feedback"))
.andExpect(model().attribute("adminEmails", adminEmails))
.andExpect(model().attributeDoesNotExist("userName"))
.andExpect(model().attributeDoesNotExist("userEmail"));
}
Example #10
| Source File: UserJWTController.java From jhipster-ribbon-hystrix with GNU General Public License v3.0 | 6 votes |
|
@RequestMapping(value = "/authenticate", method = RequestMethod.POST)
@Timed
public ResponseEntity<?> authorize(@Valid @RequestBody LoginDTO loginDTO, HttpServletResponse response) {
UsernamePasswordAuthenticationToken authenticationToken =
new UsernamePasswordAuthenticationToken(loginDTO.getUsername(), loginDTO.getPassword());
try {
Authentication authentication = this.authenticationManager.authenticate(authenticationToken);
SecurityContextHolder.getContext().setAuthentication(authentication);
boolean rememberMe = (loginDTO.isRememberMe() == null) ? false : loginDTO.isRememberMe();
String jwt = tokenProvider.createToken(authentication, rememberMe);
response.addHeader(JWTConfigurer.AUTHORIZATION_HEADER, "Bearer " + jwt);
return ResponseEntity.ok(new JWTToken(jwt));
} catch (AuthenticationException exception) {
return new ResponseEntity<>(exception.getLocalizedMessage(), HttpStatus.UNAUTHORIZED);
}
}
Example #11
| Source File: LdapAuthFilter.java From para with Apache License 2.0 | 6 votes |
|
/**
* Calls an external API to get the user profile using a given access token.
* @param app the app where the user will be created, use null for root app
* @param accessToken access token - in the case of LDAP this is should be "uid:password"
* @return {@link UserAuthentication} object or null if something went wrong
* @throws IOException ex
*/
public UserAuthentication getOrCreateUser(App app, String accessToken) throws IOException {
UserAuthentication userAuth = null;
if (accessToken != null && accessToken.contains(Config.SEPARATOR)) {
String[] parts = accessToken.split(Config.SEPARATOR, 2);
String username = parts[0];
String password = parts[1];
try {
Authentication auth = new LDAPAuthentication(username, password).withApp(app);
// set authentication in context to avoid warning message from SpringSecurityAuthenticationSource
SecurityContextHolder.getContext().setAuthentication(new AnonymousAuthenticationToken("key",
"anonymous", AuthorityUtils.createAuthorityList("ROLE_ANONYMOUS")));
Authentication ldapAuth = getAuthenticationManager().authenticate(auth);
if (ldapAuth != null) {
//success!
userAuth = getOrCreateUser(app, ldapAuth);
}
} catch (Exception ex) {
LOG.info("Failed to authenticate '{}' with LDAP server: {}", username, ex.getMessage());
}
}
return SecurityUtils.checkIfActive(userAuth, SecurityUtils.getAuthenticatedUser(userAuth), false);
}
Example #12
| Source File: AccessTokenUtils.java From spring-boot with Apache License 2.0 | 6 votes |
|
public static Optional<String> getAccessTokenFromSecurityContext() {
SecurityContext securityContext = SecurityContextHolder.getContext();
Authentication authentication = securityContext.getAuthentication();
if (authentication instanceof OAuth2Authentication) {
Object userDetails = ((OAuth2Authentication) authentication).getUserAuthentication().getDetails();
if (userDetails != null) {
try {
final Map details = (Map) userDetails;
return Optional.ofNullable(((String) details.get(ACCESS_TOKEN)));
} catch (ClassCastException e) {
return Optional.empty();
}
} else {
return Optional.empty();
}
}
return Optional.empty();
}
Example #13
| Source File: ApplicationResource.java From secure-data-service with Apache License 2.0 | 6 votes |
|
private void validateDeveloperHasAccessToApp(EntityBody app) {
SLIPrincipal principal = (SLIPrincipal) SecurityContextHolder.getContext().getAuthentication().getPrincipal();
if (sandboxEnabled) {
@SuppressWarnings("unchecked")
Map<String, Object> metaData = (Map<String, Object>) app.get("metaData");
if (metaData != null) {
String tenantId = (String) metaData.get("tenantId");
if (tenantId != null && tenantId.equals(principal.getTenantId())) {
return;
}
}
throw new APIAccessDeniedException("Developer " + principal.getExternalId()
+ " does not share the same tenant as the creator of this app and cannot modify it.");
} else {
if (!(principal.getExternalId().equals(app.get(CREATED_BY)) || belongToSameSandboxTenant(app, principal.getSandboxTenant()))) {
throw new APIAccessDeniedException("Developer " + principal.getExternalId()
+ " is not the creator of this app and does not share same sandbox tenant as the creator hence cannot modify it.");
}
}
}
Example #14
| Source File: AccountsController.java From pivotal-bank-demo with Apache License 2.0 | 6 votes |
|
@RequestMapping(value = "/accounts", method = RequestMethod.GET)
public String accounts(Model model) {
logger.debug("/accounts");
model.addAttribute("marketSummary", summaryService.getMarketSummary());
//check if user is logged in!
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
if (!(authentication instanceof AnonymousAuthenticationToken)) {
String currentUserName = authentication.getName();
logger.debug("accounts: User logged in: " + currentUserName);
try {
model.addAttribute("accounts",accountService.getAccounts(currentUserName));
} catch (HttpServerErrorException e) {
logger.debug("error retrieving accounts: " + e.getMessage());
model.addAttribute("accountsRetrievalError",e.getMessage());
}
}
return "accounts";
}
Example #15
| Source File: UmsAdminServiceImpl.java From mall-learning with Apache License 2.0 | 6 votes |
|
@Override
public String login(String username, String password) {
String token = null;
try {
UserDetails userDetails = userDetailsService.loadUserByUsername(username);
if (!passwordEncoder.matches(password, userDetails.getPassword())) {
throw new BadCredentialsException("密码不正确");
}
UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(userDetails, null, userDetails.getAuthorities());
SecurityContextHolder.getContext().setAuthentication(authentication);
token = jwtTokenUtil.generateToken(userDetails);
} catch (AuthenticationException e) {
LOGGER.warn("登录异常:{}", e.getMessage());
}
return token;
}
Example #16
| Source File: SpringOAuthController.java From Spring-5.0-Projects with MIT License | 5 votes |
|
/**
* This method will check if valid user is logged in.
* @return boolean if user is logged In
*/
@ModelAttribute("validUserLogin")
public boolean isUserLoggedIn() {
return SecurityContextHolder.getContext().getAuthentication() != null && SecurityContextHolder.getContext().getAuthentication().isAuthenticated() &&
//when Anonymous Authentication is enabled
!(SecurityContextHolder.getContext().getAuthentication() instanceof AnonymousAuthenticationToken);
}
Example #17
| Source File: DeviceResourceImpl.java From devicehive-java-server with Apache License 2.0 | 5 votes |
|
@Override
public void count(String name, String namePattern, Long networkId, String networkName, AsyncResponse asyncResponse) {
logger.debug("Device count requested");
HivePrincipal principal = (HivePrincipal) SecurityContextHolder.getContext().getAuthentication().getPrincipal();
deviceService.count(name, namePattern, networkId, networkName, principal)
.thenApply(count -> {
logger.debug("Device count request proceed successfully");
return ResponseFactory.response(OK, count, JsonPolicyDef.Policy.DEVICES_LISTED);
}).thenAccept(asyncResponse::resume);
}
Example #18
| Source File: HomeController.java From Spring with Apache License 2.0 | 5 votes |
|
@RequestMapping(value = "/logout", method = RequestMethod.GET)
public ModelAndView logOut(SecurityContextHolder sch, HttpServletRequest request) throws ServletException {
ModelAndView mav = new ModelAndView("home");
request.logout();
//sch.getContext().setAuthentication(null);
//sch.clearContext();
return mav;
}
Example #19
| Source File: JwtAuthenticationTokenFilter.java From tour-of-heros-api-security-zerhusen with MIT License | 5 votes |
|
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws ServletException, IOException {
String authToken = request.getHeader(this.tokenHeader);
// authToken.startsWith("Bearer ")
// String authToken = header.substring(7);
if(authToken != null && authToken.startsWith("Bearer ")) {
authToken = authToken.substring(7);
}
String username = jwtTokenUtil.getUsernameFromToken(authToken);
logger.info("checking authentication für user " + username);
if (username != null && SecurityContextHolder.getContext().getAuthentication() == null) {
// It is not compelling necessary to load the use details from the database. You could also store the information
// in the token and read it from it. It's up to you ;)
UserDetails userDetails = this.userDetailsService.loadUserByUsername(username);
// For simple validation it is completely sufficient to just check the token integrity. You don't have to call
// the database compellingly. Again it's up to you ;)
if (jwtTokenUtil.validateToken(authToken, userDetails)) {
UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(userDetails, null, userDetails.getAuthorities());
authentication.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
logger.info("authenticated user " + username + ", setting security context");
SecurityContextHolder.getContext().setAuthentication(authentication);
}
}
chain.doFilter(request, response);
}
Example #20
| Source File: NamespaceSecurityAdviceTest.java From herd with Apache License 2.0 | 5 votes |
|
@Test
public void checkPermissionAssertAccessDeniedWhenNoPermissionsNamespaceTrimmed() throws Exception
{
// Mock a join point of the method call
// mockMethod(" foo ");
JoinPoint joinPoint = mock(JoinPoint.class);
MethodSignature methodSignature = mock(MethodSignature.class);
Method method = NamespaceSecurityAdviceTest.class.getDeclaredMethod("mockMethod", String.class);
when(methodSignature.getParameterNames()).thenReturn(new String[] {"namespace"});
when(methodSignature.getMethod()).thenReturn(method);
when(joinPoint.getSignature()).thenReturn(methodSignature);
when(joinPoint.getArgs()).thenReturn(new Object[] {BLANK_TEXT + "foo" + BLANK_TEXT});
String userId = "userId";
ApplicationUser applicationUser = new ApplicationUser(getClass());
applicationUser.setUserId(userId);
applicationUser.setNamespaceAuthorizations(new HashSet<>());
// User has permission to "bar" but the actual namespace given is " foo "
applicationUser.getNamespaceAuthorizations().add(new NamespaceAuthorization("bar", Arrays.asList(NamespacePermissionEnum.READ)));
SecurityContextHolder.getContext().setAuthentication(
new TestingAuthenticationToken(new SecurityUserWrapper(userId, "", false, false, false, false, Arrays.asList(), applicationUser), null));
try
{
namespaceSecurityAdvice.checkPermission(joinPoint);
fail();
}
catch (Exception e)
{
assertEquals(AccessDeniedException.class, e.getClass());
assertEquals(String.format("User \"%s\" does not have \"[READ]\" permission(s) to the namespace \"foo\"", userId), e.getMessage());
}
}
Example #21
| Source File: EchoController.java From Spring-Security-Third-Edition with MIT License | 5 votes |
|
@ResponseBody
@RequestMapping("/echo")
public String echo() throws UnsupportedEncodingException {
final CasAuthenticationToken token = (CasAuthenticationToken) SecurityContextHolder
.getContext()
.getAuthentication();
// The proxyTicket could be cached in session and reused if we wanted to
final String proxyTicket = token.getAssertion().getPrincipal().getProxyTicketFor(targetUrl);
// Make a remote call using the proxy ticket
return restClient.getForObject(targetUrl+"?ticket={pt}", String.class, proxyTicket);
}
Example #22
| Source File: SecurityUtils.java From tutorials with MIT License | 5 votes |
|
/**
* Check if a user is authenticated.
*
* @return true if the user is authenticated, false otherwise
*/
public static boolean isAuthenticated() {
SecurityContext securityContext = SecurityContextHolder.getContext();
return Optional.ofNullable(securityContext.getAuthentication())
.map(authentication -> authentication.getAuthorities().stream()
.noneMatch(grantedAuthority -> grantedAuthority.getAuthority().equals(AuthoritiesConstants.ANONYMOUS)))
.orElse(false);
}
Example #23
| Source File: HomeController.java From Spring with Apache License 2.0 | 5 votes |
|
@RequestMapping(value="/logout", method = RequestMethod.GET)
public ModelAndView logOut(SecurityContextHolder sch,HttpServletRequest request) throws ServletException {
ModelAndView mav = new ModelAndView("home");
request.logout();
//sch.getContext().setAuthentication(null);
//sch.clearContext();
return mav;
}
Example #24
| Source File: Oauth2AuthenticationManager.java From ods-provisioning-app with Apache License 2.0 | 5 votes |
|
/** @see IODSAuthnzAdapter#getUserName() */
public String getUserName() {
Object principal = SecurityContextHolder.getContext().getAuthentication().getPrincipal();
if (DefaultOidcUser.class.isInstance(principal)) {
return ((DefaultOidcUser) principal).getEmail();
} else if (CrowdUserDetails.class.isInstance(principal)) {
return ((CrowdUserDetails) principal).getUsername();
} else {
throw new RuntimeException(
String.format(
"Unexpected error! Contact developers! Unsupported Principal object class '%s'! Supported Principal classes are String or DefaultOAuth2User",
principal.getClass()));
}
}
Example #25
| Source File: SpringSecurityUserContext.java From Spring-Security-Third-Edition with MIT License | 5 votes |
|
@Override
public void setCurrentUser(CalendarUser user) {
if (user == null) {
throw new IllegalArgumentException("user cannot be null");
}
UserDetails userDetails = userDetailsService.loadUserByUsername(user.getEmail());
UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(userDetails,
user.getPassword(), userDetails.getAuthorities());
SecurityContextHolder.getContext().setAuthentication(authentication);
}
Example #26
| Source File: AuthorizationFilter.java From microservice-integration with MIT License | 5 votes |
|
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
log.info("Filter过滤器正在执行...");
// pass the request along the filter chain
HttpServletRequest request = (HttpServletRequest) servletRequest;
System.out.println(request.getServletPath());
String userId = request.getHeader(SecurityConstants.USER_ID_IN_HEADER);
if (StringUtils.isNotEmpty(userId)) {
UserContext userContext = new UserContext(UUID.fromString(userId));
userContext.setAccessType(AccessType.ACCESS_TYPE_NORMAL);
List<Permission> permissionList = feignAuthClient.getUserPermissions(userId);
List<SimpleGrantedAuthority> authorityList = new ArrayList();
for (Permission permission : permissionList) {
SimpleGrantedAuthority authority = new SimpleGrantedAuthority();
authority.setAuthority(permission.getPermission());
authorityList.add(authority);
}
CustomAuthentication userAuth = new CustomAuthentication();
userAuth.setAuthorities(authorityList);
userContext.setAuthorities(authorityList);
userContext.setAuthentication(userAuth);
SecurityContextHolder.setContext(userContext);
}
filterChain.doFilter(servletRequest, servletResponse);
}
Example #27
| Source File: UmsMemberServiceImpl.java From mall-swarm with Apache License 2.0 | 5 votes |
|
@Override
public UmsMember getCurrentMember() {
SecurityContext ctx = SecurityContextHolder.getContext();
Authentication auth = ctx.getAuthentication();
MemberDetails memberDetails = (MemberDetails) auth.getPrincipal();
return memberDetails.getUmsMember();
}
Example #28
| Source File: NamespaceSecurityHelper.java From herd with Apache License 2.0 | 5 votes |
|
/**
* Gets the ApplicationUser in the current security context. Assumes the user is already authenticated, and the authenticated user is constructed through
* the application's authentication mechanism.
*
* @return The ApplicationUser or null if not authenticated
*/
private ApplicationUser getApplicationUser()
{
Object principal = SecurityContextHolder.getContext().getAuthentication().getPrincipal();
if (principal != null && principal instanceof SecurityUserWrapper)
{
SecurityUserWrapper securityUserWrapper = (SecurityUserWrapper) principal;
return securityUserWrapper.getApplicationUser();
}
return null;
}
Example #29
| Source File: RestController.java From molgenis with GNU Lesser General Public License v3.0 | 5 votes |
|
@PostMapping("/logout")
@ResponseStatus(OK)
public void logout(@TokenParam(required = true) String token, HttpServletRequest request) {
tokenService.removeToken(token);
SecurityContextHolder.getContext().setAuthentication(null);
if (request.getSession(false) != null) {
request.getSession().invalidate();
}
}
Example #30
| Source File: UserJWTController.java From tutorials with MIT License | 5 votes |
|
@PostMapping("/authenticate")
public ResponseEntity<JWTToken> authorize(@Valid @RequestBody LoginVM loginVM) {
UsernamePasswordAuthenticationToken authenticationToken =
new UsernamePasswordAuthenticationToken(loginVM.getUsername(), loginVM.getPassword());
Authentication authentication = this.authenticationManager.authenticate(authenticationToken);
SecurityContextHolder.getContext().setAuthentication(authentication);
boolean rememberMe = (loginVM.isRememberMe() == null) ? false : loginVM.isRememberMe();
String jwt = tokenProvider.createToken(authentication, rememberMe);
HttpHeaders httpHeaders = new HttpHeaders();
httpHeaders.add(JWTFilter.AUTHORIZATION_HEADER, "Bearer " + jwt);
return new ResponseEntity<>(new JWTToken(jwt), httpHeaders, HttpStatus.OK);
}
