Example #1
Source File: From sakai with Educational Community License v2.0 | 7 votes |
* Attempt to authenticate request - basically just pass over to another method to authenticate request headers
public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) {
String header = request.getHeader(tokenHeader);
if (header == null || !header.startsWith("Bearer ")) {
throw new JwtTokenMissingException("No JWT token found in request headers");
String authToken = header.substring(7);
if (SecurityContextHolder.getContext().getAuthentication() == null) {
JwtAuthenticationToken authentication = new JwtAuthenticationToken(authToken);
authentication.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
return SecurityContextHolder.getContext().getAuthentication();
Example #2
Source File: From Spring-Security-Third-Edition with MIT License | 6 votes |
/** * Get the {@link CalendarUser} by obtaining the currently logged in Spring Security user's * {@link Authentication#getName()} and using that to find the {@link CalendarUser} by email address (since for our * application Spring Security usernames are email addresses). */ @Override public CalendarUser getCurrentUser() { SecurityContext context = SecurityContextHolder.getContext(); Authentication authentication = context.getAuthentication(); if (authentication == null) { return null; } CalendarUser user = (CalendarUser) authentication.getPrincipal(); String email = user.getEmail(); if (email == null) { return null; } CalendarUser result = calendarService.findUserByEmail(email); if (result == null) { throw new IllegalStateException( "Spring Security is not in synch with CalendarUsers. Could not find user with email " + email); }"CalendarUser: {}", result); return result; }
Example #3
Source File: From nifi with Apache License 2.0 | 6 votes |
public Authentication validateKerberosTicket(HttpServletRequest request) {
// Only support Kerberos login when running securely
if (!request.isSecure()) {
return null;
String header = request.getHeader(AUTHORIZATION_HEADER_NAME);
if (isValidKerberosHeader(header)) {
if (logger.isDebugEnabled()) {
logger.debug("Received Negotiate Header for request " + request.getRequestURL() + ": " + header);
byte[] base64Token = header.substring(header.indexOf(" ") + 1).getBytes(StandardCharsets.UTF_8);
byte[] kerberosTicket = Base64.decode(base64Token);
KerberosServiceRequestToken authenticationRequest = new KerberosServiceRequestToken(kerberosTicket);
return kerberosServiceAuthenticationProvider.authenticate(authenticationRequest);
} else {
return null;
Example #4
Source File: From onetwo with Apache License 2.0 | 6 votes |
@Override public Authentication createAuthentication(String token) throws BadCredentialsException { Claims claims = createClaimsFromToken(token); DateTime expireation = new DateTime(claims.getExpiration()); if(expireation.isBeforeNow()){ return null; } String authorityString = claims.get(JwtSecurityUtils.CLAIM_AUTHORITIES).toString(); List<GrantedAuthority> authorities = GuavaUtils.splitAsStream(authorityString, ",").map(auth->{ return new SimpleGrantedAuthority(auth); }) .collect(Collectors.toList()); Authentication authentication = buildAuthentication(claims, authorities); return authentication; }
Example #5
Source File: From Spring-Security-Third-Edition with MIT License | 6 votes |
/** * Get the {@link CalendarUser} by obtaining the currently logged in Spring Security user's * {@link Authentication#getName()} and using that to find the {@link CalendarUser} by email address (since for our * application Spring Security usernames are email addresses). */ @Override public CalendarUser getCurrentUser() { SecurityContext context = SecurityContextHolder.getContext(); Authentication authentication = context.getAuthentication(); if (authentication == null) { return null; } CalendarUser user = (CalendarUser) authentication.getPrincipal(); String email = user.getEmail(); if (email == null) { return null; } CalendarUser result = calendarService.findUserByEmail(email); if (result == null) { throw new IllegalStateException( "Spring Security is not in synch with CalendarUsers. Could not find user with email " + email); }"CalendarUser: {}", result); return result; }
Example #6
Source File: From hauth-java with MIT License | 6 votes |
@Override public Authentication authenticate(Authentication authentication) throws AuthenticationException { // 获取认证的用户名 & 密码 String name = authentication.getName(); Object pd = authentication.getCredentials(); if (pd == null) { return new UsernamePasswordAuthenticationToken(name, "", new ArrayList<>()); } String password = pd.toString(); UserLoginEntity userLoginEntity = loginService.loginValidator(name, password); // 认证逻辑 if (userLoginEntity.isFlag()) { return getRole(name, password); } else {"登录失败,原因是:账号 {}: {}", userLoginEntity.getUsername(), userLoginEntity.getMessage()); throw new BadCredentialsException(new GsonBuilder().create().toJson(userLoginEntity)); } }
Example #7
Source File: From todo-spring-angular with MIT License | 6 votes |
public void onLogoutSuccess(HttpServletRequest request, HttpServletResponse response,
Authentication authentication)
throws IOException, ServletException {
// Request the token
String token = request.getHeader("authorization");
if (token != null && token.startsWith(BEARER_AUTHENTICATION)) {
final OAuth2AccessToken oAuth2AccessToken = tokenStore.readAccessToken(StringUtils.substringAfter(token, BEARER_AUTHENTICATION));
if (oAuth2AccessToken != null) {
Example #8
Source File: From herd with Apache License 2.0 | 6 votes |
public void testUpdateUserNamespaceAuthorizationLowerCaseParameters()
// Override the security context to return an application user populated with test values.
Authentication originalAuthentication = overrideSecurityContext();
// Create a user namespace authorization key.
UserNamespaceAuthorizationKey key = new UserNamespaceAuthorizationKey(USER_ID, NAMESPACE);
// Create and persist the relative database entities.
UserNamespaceAuthorizationEntity userNamespaceAuthorizationEntity = userNamespaceAuthorizationDaoTestHelper
.createUserNamespaceAuthorizationEntity(key, Arrays.asList(NamespacePermissionEnum.READ, NamespacePermissionEnum.WRITE));
// Update a user namespace authorization using lowercase input parameters.
UserNamespaceAuthorization resultUserNamespaceAuthorization = userNamespaceAuthorizationService
.updateUserNamespaceAuthorization(new UserNamespaceAuthorizationKey(key.getUserId().toLowerCase(), key.getNamespace().toLowerCase()),
new UserNamespaceAuthorizationUpdateRequest(SUPPORTED_NAMESPACE_PERMISSIONS));
// Validate the returned object.
assertEquals(new UserNamespaceAuthorization(userNamespaceAuthorizationEntity.getId(), key, SUPPORTED_NAMESPACE_PERMISSIONS),
// Restore the original authentication.
Example #9
Source File: From with GNU General Public License v3.0 | 6 votes |
private ResponseEntity<Void> handleReservationWith(String eventName, String reservationId, Authentication authentication,
BiFunction<Event, TicketReservation, ResponseEntity<Void>> with) {
ResponseEntity<Void> notFound = ResponseEntity.notFound().build();
ResponseEntity<Void> badRequest = ResponseEntity.badRequest().build();
return eventRepository.findOptionalByShortName(eventName).map(event -> {
if(canAccessReceiptOrInvoice(event, authentication)) {
return ticketReservationManager.findById(reservationId).map(ticketReservation -> with.apply(event, ticketReservation)).orElse(notFound);
} else {
return badRequest;
Example #10
Source File: From jhipster-ribbon-hystrix with GNU General Public License v3.0 | 6 votes |
* When logout occurs, only invalidate the current token, and not all user sessions.
* <p>
* The standard Spring Security implementations are too basic: they invalidate all tokens for the
* current user, so when he logs out from one browser, all his other sessions are destroyed.
public void logout(HttpServletRequest request, HttpServletResponse response, Authentication authentication) {
String rememberMeCookie = extractRememberMeCookie(request);
if (rememberMeCookie != null && rememberMeCookie.length() != 0) {
try {
String[] cookieTokens = decodeCookie(rememberMeCookie);
PersistentToken token = getPersistentToken(cookieTokens);
} catch (InvalidCookieException ice) {"Invalid cookie, no persistent token could be deleted");
} catch (RememberMeAuthenticationException rmae) {
log.debug("No persistent token found, so no token could be deleted");
super.logout(request, response, authentication);
Example #11
Source File: From camunda-bpm-identity-keycloak with Apache License 2.0 | 6 votes |
* {@inheritDoc}
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws IOException, ServletException {
// Get the Bearer Token and extract claims
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
OAuth2AuthenticationDetails details = (OAuth2AuthenticationDetails) authentication.getDetails();
String accessToken = details.getTokenValue();
String claims = JwtHelper.decode(accessToken).getClaims();
// Extract user ID from Token claims -depending on Keycloak Identity Provider configuration
// String userId = Spin.JSON(claims).prop("sub").stringValue();
String userId = Spin.JSON(claims).prop("email").stringValue(); // useEmailAsCamundaUserId = true
// String userId = Spin.JSON(claims).prop("preferred_username").stringValue(); // useUsernameAsCamundaUserId = true
LOG.debug("Extracted userId from bearer token: {}", userId);
try {
identityService.setAuthentication(userId, getUserGroups(userId));
chain.doFilter(request, response);
} finally {
Example #12
Source File: From Spring-Security-Third-Edition with MIT License | 6 votes |
@Override public Authentication authenticate(Authentication authentication) throws AuthenticationException { UsernamePasswordAuthenticationToken token = (UsernamePasswordAuthenticationToken) authentication; String email = token.getName(); CalendarUser user = email == null ? null : calendarService.findUserByEmail(email); if(user == null) { throw new UsernameNotFoundException("Invalid username/password"); } // Database Password already encrypted: String password = user.getPassword(); boolean passwordsMatch = passwordEncoder.matches(token.getCredentials().toString(), password); if(!passwordsMatch) { throw new BadCredentialsException("Invalid username/password"); } Collection<? extends GrantedAuthority> authorities = CalendarUserAuthorityUtils.createAuthorities(user); UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = new UsernamePasswordAuthenticationToken(user, password, authorities); return usernamePasswordAuthenticationToken; }
Example #13
Source File: From document-management-system with GNU General Public License v2.0 | 6 votes |
public String getName(String token, String user) throws PrincipalAdapterException {
String name = null;
Authentication oldAuth = null;
try {
if (token == null) {
} else {
oldAuth = PrincipalUtils.getAuthentication();
name = CommonAuthModule.getName(user);
} catch (AccessDeniedException e) {
throw new PrincipalAdapterException(e.getMessage(), e);
} finally {
if (token != null) {
return name;
Example #14
Source File: From batch-scheduler with MIT License | 6 votes |
@Override public Authentication authenticate(Authentication authentication) throws AuthenticationException { // 获取认证的用户名 & 密码 String name = authentication.getName(); Object pd = authentication.getCredentials(); if (pd == null) { return new UsernamePasswordAuthenticationToken(name, "", new ArrayList<>()); } String password = pd.toString(); UserLoginEntity userLoginEntity = loginService.loginValidator(name, password); // 认证逻辑 if (userLoginEntity.isFlag()) { return getRole(name, password); } else {"登录失败,原因是:账号 {}: {}", userLoginEntity.getUsername(), userLoginEntity.getMessage()); throw new BadCredentialsException(new GsonBuilder().create().toJson(userLoginEntity)); } }
Example #15
Source File: From flowable-engine with Apache License 2.0 | 6 votes |
@Override public Authentication authenticate(Authentication authentication) throws AuthenticationException { RemoteUser user = remoteIdmService.authenticateUser(authentication.getPrincipal().toString(), authentication.getCredentials().toString()); if (user == null) { throw new FlowableException("user not found " + authentication.getPrincipal()); } Collection<GrantedAuthority> grantedAuthorities = new ArrayList<>(); for (String privilege : user.getPrivileges()) { grantedAuthorities.add(new SimpleGrantedAuthority(privilege)); } Authentication auth = new UsernamePasswordAuthenticationToken(authentication.getPrincipal(), authentication.getCredentials(), grantedAuthorities); return auth; }
Example #16
Source File: From spring-boot-samples with Apache License 2.0 | 6 votes |
public void submitTalk() throws Exception {
Authentication authentication = new TestingAuthenticationToken(
new User("jsmith", "John Smith"), "secret", "ROLE_USER");
given(this.submissionService.create(any())).willReturn(new Submission());
.param("title", "Alice in Wonderland")
.param("summary", "my abstract")
.param("track", Track.ALTERNATE_LANGUAGES.getId())
.param("notes", "this rocks")
.andExpect(header().string(HttpHeaders.LOCATION, "/submit?navSection=submit"));
Example #17
Source File: From demo-project with MIT License | 6 votes |
public void decide(Authentication authentication, Object object, Collection<ConfigAttribute> configAttributes)
throws AccessDeniedException, InsufficientAuthenticationException {
if(configAttributes==null || configAttributes.size()==0)
// if(!authentication.isAuthenticated()){
throw new InsufficientAuthenticationException("未登录");
Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities();
for(ConfigAttribute attribute : configAttributes){
if(!(attribute instanceof MyConfigAttribute)) continue;
MyConfigAttribute urlConfigAttribute = (MyConfigAttribute)attribute;
for(GrantedAuthority authority: authorities){
if(!(authority instanceof MyGrantedAuthority)) continue;
MyGrantedAuthority myGrantedAuthority = (MyGrantedAuthority)authority;
throw new AccessDeniedException("无权限");
Example #18
Source File: From maintain with MIT License | 6 votes |
public void decide(Authentication authentication, Object obj, Collection<ConfigAttribute> configAttributes)
throws AccessDeniedException, InsufficientAuthenticationException {
if (null == configAttributes || configAttributes.size() <= 0) {"decide == return");
ConfigAttribute c;
String needRole;
for (Iterator<ConfigAttribute> iter = configAttributes.iterator(); iter.hasNext();) {
c =;
needRole = c.getAttribute();"need======" + needRole.trim() + " size=" + authentication.getAuthorities());
for (GrantedAuthority ga : authentication.getAuthorities()) {"needRole==" + needRole.trim() + " [] = authority=" + ga.getAuthority());
// authentication 为在注释1 中循环添加到 GrantedAuthority 对象中的权限信息集合
if (needRole.trim().equals(ga.getAuthority())) {
throw new AccessDeniedException("no right");
Example #19
Source File: From govpay with GNU General Public License v3.0 | 5 votes |
public Response getTipoPendenza(Authentication user, UriInfo uriInfo, HttpHeaders httpHeaders , String idDominio, String idTipoPendenza) {
String methodName = "getTipoPendenza";
String transactionId = ContextThreadLocal.get().getTransactionId();
this.log.debug(MessageFormat.format(BaseController.LOG_MSG_ESECUZIONE_METODO_IN_CORSO, methodName));
// autorizzazione sulla API
this.isAuthorized(user, Arrays.asList(TIPO_UTENZA.OPERATORE, TIPO_UTENZA.APPLICAZIONE), Arrays.asList(Servizio.ANAGRAFICA_CREDITORE), Arrays.asList(Diritti.LETTURA));
ValidatoreIdentificativi validatoreId = ValidatoreIdentificativi.newInstance();
validatoreId.validaIdDominio("idDominio", idDominio);
validatoreId.validaIdTipoVersamento("idTipoPendenza", idTipoPendenza);
// Parametri - > DTO Input
GetTipoPendenzaDominioDTO getTipoPendenzaDominioDTO = new GetTipoPendenzaDominioDTO(user, idDominio, idTipoPendenza);
DominiDAO dominiDAO = new DominiDAO(false);
GetTipoPendenzaDominioDTOResponse getTipoPendenzaDominioDTOResponse = dominiDAO.getTipoPendenza(getTipoPendenzaDominioDTO);
TipoPendenzaDominio response = DominiConverter.toTipoPendenzaRsModel(getTipoPendenzaDominioDTOResponse);
this.log.debug(MessageFormat.format(BaseController.LOG_MSG_ESECUZIONE_METODO_COMPLETATA, methodName));
return this.handleResponseOk(Response.status(Status.OK).entity(response.toJSON(null)),transactionId).build();
}catch (Exception e) {
return this.handleException(uriInfo, httpHeaders, methodName, e, transactionId);
} finally {
Example #20
Source File: From fullstop with Apache License 2.0 | 5 votes |
public String getCurrentAuditor() {
final Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
if (authentication == null) {
return "FULLSTOP";
} else {
final String userName = authentication.getName();
logger.trace("Found Auditor: {}", userName);
Assert.hasText(userName, "Username should never by empty");
return userName;
Example #21
Source File: From spring-boot-doma2-sample with Apache License 2.0 | 5 votes |
public void logout(HttpServletRequest request, HttpServletResponse response, Authentication authentication) {
super.logout(request, response, authentication);
if (authentication != null) {
val username = authentication.getName();
val userAgent = getUserAgent(request);
tokenRepository.removeUserTokens(username, userAgent);
Example #22
Source File: From tutorials with MIT License | 5 votes |
@RequestMapping(value = "/user")
public String user(Model model, Principal principal) {
UserDetails currentUser = (UserDetails) ((Authentication) principal).getPrincipal();
model.addAttribute("username", currentUser.getUsername());
return "user";
Example #23
Source File: From AIDR with GNU Affero General Public License v3.0 | 5 votes |
protected String getAuthenticatedUserName() throws Exception{
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
if(authentication != null){
return authentication.getName();
throw new Exception("No user logged in ");
Example #24
Source File: From document-management-system with GNU General Public License v2.0 | 5 votes |
public Folder getPersonalFolder(String token) throws AccessDeniedException, PathNotFoundException, RepositoryException, DatabaseException {
log.debug("getPersonalFolder({})", token);
Folder personalFolder = new Folder();
Authentication auth = null, oldAuth = null;
try {
if (token == null) {
auth = PrincipalUtils.getAuthentication();
} else {
oldAuth = PrincipalUtils.getAuthentication();
auth = PrincipalUtils.getAuthenticationByToken(token);
String personalPath = "/" + Repository.PERSONAL + "/" + auth.getName();
String personalUuid = NodeBaseDAO.getInstance().getUuidFromPath(personalPath);
NodeFolder personalNode = NodeFolderDAO.getInstance().findByPk(personalUuid);
personalFolder = BaseFolderModule.getProperties(auth.getName(), personalNode);
// Activity log
UserActivity.log(auth.getName(), "GET_PERSONAL_FOLDER", personalNode.getUuid(), personalPath, null);
} catch (DatabaseException e) {
throw e;
} finally {
if (token != null) {
log.debug("getPersonalFolder: {}", personalFolder);
return personalFolder;
Example #25
Source File: From Spring-Security-Third-Edition with MIT License | 5 votes |
@Override public Authentication authenticate(final Authentication authentication) throws AuthenticationException { UsernamePasswordAuthenticationToken token = (UsernamePasswordAuthenticationToken) authentication; String email = token.getName(); CalendarUser user = email == null ? null : calendarService.findUserByEmail(email); if(user == null) { throw new UsernameNotFoundException("Invalid username/password"); } String password = user.getPassword(); if(!password.equals(token.getCredentials())) { throw new BadCredentialsException("Invalid username/password"); } Collection<? extends GrantedAuthority> authorities = CalendarUserAuthorityUtils.createAuthorities(user); return new UsernamePasswordAuthenticationToken(user, password, authorities); }
Example #26
Source File: From spring-cloud-gray with Apache License 2.0 | 5 votes |
public String getUserPrincipal(){
SecurityContext securityContext = SecurityContextHolder.getContext();
Authentication authentication = securityContext.getAuthentication();
String userPrincipal = null;
if (authentication != null) {
if (authentication.getPrincipal() instanceof UserDetails) {
UserDetails springSecurityUser = (UserDetails) authentication.getPrincipal();
userPrincipal = springSecurityUser.getUsername();
} else if (authentication.getPrincipal() instanceof String) {
userPrincipal = (String) authentication.getPrincipal();
return userPrincipal;
Example #27
Source File: From egeria with Apache License 2.0 | 5 votes |
public Authentication getAuthentication(HttpServletRequest request) {
final String token = request.getHeader(AUTH_HEADER_NAME);
if (token != null && !token.isEmpty()) {
final TokenUser user = parseUserFromToken(token, secret);
if (user != null) {
return new UserAuthentication(user);
return null;
Example #28
Source File: From open-capacity-platform with Apache License 2.0 | 5 votes |
/** * 移除access_token和refresh_token * * @param access_token */ @ApiOperation(value = "移除token") @PostMapping(value = "/oauth/remove/token", params = "access_token") public void removeToken(String access_token) { // 拿到当前用户信息 Authentication user = SecurityContextHolder.getContext().getAuthentication(); if (user != null) { if (user instanceof OAuth2Authentication) { Authentication athentication = (Authentication) user; OAuth2AuthenticationDetails details = (OAuth2AuthenticationDetails) athentication.getDetails(); } } OAuth2AccessToken accessToken = tokenStore.readAccessToken(access_token); if (accessToken != null) { // 移除access_token tokenStore.removeAccessToken(accessToken); // 移除refresh_token if (accessToken.getRefreshToken() != null) { tokenStore.removeRefreshToken(accessToken.getRefreshToken()); } } }
Example #29
Source File: From para with Apache License 2.0 | 5 votes |
* Handles an authentication request.
* @param request HTTP request
* @param response HTTP response
* @return an authentication object that contains the principal object if successful.
* @throws IOException ex
public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response)
throws IOException {
final String requestURI = request.getRequestURI();
UserAuthentication userAuth = null;
if (requestURI.endsWith(GITHUB_ACTION)) {
String authCode = request.getParameter("code");
if (!StringUtils.isBlank(authCode)) {
String appid = SecurityUtils.getAppidFromAuthRequest(request);
String redirectURI = SecurityUtils.getRedirectUrl(request);
App app = Para.getDAO().read( == null ? Config.getRootAppIdentifier() : appid));
String[] keys = SecurityUtils.getOAuthKeysForApp(app, Config.GITHUB_PREFIX);
String entity = Utils.formatMessage(PAYLOAD, authCode, Utils.urlEncode(redirectURI), keys[0], keys[1]);
HttpPost tokenPost = new HttpPost(TOKEN_URL);
tokenPost.setHeader(HttpHeaders.CONTENT_TYPE, "application/x-www-form-urlencoded");
tokenPost.setHeader(HttpHeaders.ACCEPT, "application/json");
tokenPost.setEntity(new StringEntity(entity, "UTF-8"));
try (CloseableHttpResponse resp1 = httpclient.execute(tokenPost)) {
if (resp1 != null && resp1.getEntity() != null) {
Map<String, Object> token = jreader.readValue(resp1.getEntity().getContent());
if (token != null && token.containsKey("access_token")) {
userAuth = getOrCreateUser(app, (String) token.get("access_token"));
return SecurityUtils.checkIfActive(userAuth, SecurityUtils.getAuthenticatedUser(userAuth), true);
Example #30
Source File: From alchemy with Apache License 2.0 | 5 votes |
public void testReturnFalseWhenJWTisMalformed() {
Authentication authentication = createAuthentication();
String token = tokenProvider.createToken(authentication, false);
String invalidToken = token.substring(1);
boolean isTokenValid = tokenProvider.validateToken(invalidToken);