本文整理汇总了Java中org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken.setDetails方法的典型用法代码示例。如果您正苦于以下问题:Java PreAuthenticatedAuthenticationToken.setDetails方法的具体用法?Java PreAuthenticatedAuthenticationToken.setDetails怎么用?Java PreAuthenticatedAuthenticationToken.setDetails使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken的用法示例。
在下文中一共展示了PreAuthenticatedAuthenticationToken.setDetails方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: doFilter
import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken; //导入方法依赖的package包/类
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
final HttpServletRequest httpRequest = (HttpServletRequest) request;
final String header = httpRequest.getHeader("Authorization");
final SecurityContext context = SecurityContextHolder.getContext();
if (header != null && context.getAuthentication() == null) {
final String tokenStr = header.substring("Bearer ".length());
final JwtToken token = jwtTokenCodec.decodeToken(tokenStr);
if (!token.isExpired()) {
final PreAuthenticatedAuthenticationToken authentication = new PreAuthenticatedAuthenticationToken(token, "n/a", token.getRoles().stream().map(SimpleGrantedAuthority::new).collect(Collectors.toList()));
authentication.setDetails(new WebAuthenticationDetailsSource().buildDetails(httpRequest));
context.setAuthentication(authentication);
}
}
chain.doFilter(request, response);
}
示例2: authenticateUser
import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken; //导入方法依赖的package包/类
/**
* Creates the user based on the given request, and puts the user into the security context. Throws if authentication fails.
*
* @param servletRequest {@link HttpServletRequest} containing the user's request.
*/
private void authenticateUser(HttpServletRequest servletRequest)
{
try
{
// Setup the authentication request and perform the authentication. Perform the authentication based on the fully built user.
PreAuthenticatedAuthenticationToken preAuthenticatedAuthenticationToken =
new PreAuthenticatedAuthenticationToken(applicationUserBuilder.build(servletRequest), "N/A");
preAuthenticatedAuthenticationToken.setDetails(authenticationDetailsSource.buildDetails(servletRequest));
Authentication authentication = authenticationManager.authenticate(preAuthenticatedAuthenticationToken);
// The authentication returned so it was successful.
successfulAuthentication(authentication);
}
catch (AuthenticationException e)
{
// An authentication exception was thrown so authentication failed.
unsuccessfulAuthentication(servletRequest, e);
// Throw an exception so we don't continue since there is some problem (e.g. user profile doesn't
// exist for the logged in user or it couldn't be retrieved).
throw e;
}
}
示例3: doHttpFilter
import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken; //导入方法依赖的package包/类
/**
* doFilter implementation for an HTTP request and response.
*
* @param request the HTTP servlet request.
* @param response the HTTP servlet response.
* @param chain the filter chain.
*
* @throws IOException if an I/O error occurs.
* @throws ServletException if a servlet error occurs.
*/
public void doHttpFilter(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException, ServletException
{
// Check if security is enabled
// If security is not enabled, perform allow as trusted user.
if (!securityHelper.isSecurityEnabled(request))
{
// If authentication is not there or is not of trusted user type.
PreAuthenticatedAuthenticationToken authRequest = new PreAuthenticatedAuthenticationToken(applicationUserBuilder.build(request), "N/A");
authRequest.setDetails(authenticationDetailsSource.buildDetails(request));
Authentication authResult = authenticationManager.authenticate(authRequest);
// The authentication returned so it was successful.
SecurityContextHolder.getContext().setAuthentication(authResult);
}
chain.doFilter(request, response);
}
示例4: principalAndCredentialsNotTheSameThrowsAuthenticationException
import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken; //导入方法依赖的package包/类
@Test
@Description("Testing in case the containing controllerId in the URI request path does not accord with the controllerId in the request header.")
public void principalAndCredentialsNotTheSameThrowsAuthenticationException() {
final String principal = "controllerIdURL";
final String credentials = "controllerIdHeader";
final PreAuthenticatedAuthenticationToken token = new PreAuthenticatedAuthenticationToken(principal,
Arrays.asList(credentials));
token.setDetails(webAuthenticationDetailsMock);
// test, should throw authentication exception
try {
underTestWithoutSourceIpCheck.authenticate(token);
fail("Should not work with wrong credentials");
} catch (final BadCredentialsException e) {
}
}
示例5: priniciapAndCredentialsAreTheSameButSourceIpRequestNotMatching
import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken; //导入方法依赖的package包/类
@Test
@Description("Testing that the controllerId in the URI request match with the controllerId in the request header but the request are not coming from a trustful source.")
public void priniciapAndCredentialsAreTheSameButSourceIpRequestNotMatching() {
final String remoteAddress = "192.168.1.1";
final String principal = "controllerId";
final String credentials = "controllerId";
final PreAuthenticatedAuthenticationToken token = new PreAuthenticatedAuthenticationToken(principal,
Arrays.asList(credentials));
token.setDetails(webAuthenticationDetailsMock);
when(webAuthenticationDetailsMock.getRemoteAddress()).thenReturn(remoteAddress);
// test, should throw authentication exception
try {
underTestWithSourceIpCheck.authenticate(token);
fail("as source is not trusted.");
} catch (final InsufficientAuthenticationException e) {
}
}
示例6: priniciapAndCredentialsAreTheSameAndSourceIpIsWithinList
import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken; //导入方法依赖的package包/类
@Test
public void priniciapAndCredentialsAreTheSameAndSourceIpIsWithinList() {
final String[] trustedIPAddresses = new String[] { "192.168.1.1", "192.168.1.2", REQUEST_SOURCE_IP,
"192.168.1.3" };
final String principal = "controllerId";
final String credentials = "controllerId";
final PreAuthenticatedAuthenticationToken token = new PreAuthenticatedAuthenticationToken(principal,
Arrays.asList(credentials));
token.setDetails(webAuthenticationDetailsMock);
when(webAuthenticationDetailsMock.getRemoteAddress()).thenReturn(REQUEST_SOURCE_IP);
final PreAuthTokenSourceTrustAuthenticationProvider underTestWithList = new PreAuthTokenSourceTrustAuthenticationProvider(
trustedIPAddresses);
// test, should throw authentication exception
final Authentication authenticate = underTestWithList.authenticate(token);
assertThat(authenticate.isAuthenticated()).isTrue();
}
示例7: principalAndCredentialsAreTheSameSourceIpListNotMatches
import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken; //导入方法依赖的package包/类
@Test(expected = InsufficientAuthenticationException.class)
public void principalAndCredentialsAreTheSameSourceIpListNotMatches() {
final String[] trustedIPAddresses = new String[] { "192.168.1.1", "192.168.1.2", "192.168.1.3" };
final String principal = "controllerId";
final String credentials = "controllerId";
final PreAuthenticatedAuthenticationToken token = new PreAuthenticatedAuthenticationToken(principal,
Arrays.asList(credentials));
token.setDetails(webAuthenticationDetailsMock);
when(webAuthenticationDetailsMock.getRemoteAddress()).thenReturn(REQUEST_SOURCE_IP);
final PreAuthTokenSourceTrustAuthenticationProvider underTestWithList = new PreAuthTokenSourceTrustAuthenticationProvider(
trustedIPAddresses);
// test, should throw authentication exception
final Authentication authenticate = underTestWithList.authenticate(token);
try {
assertThat(authenticate.isAuthenticated()).isTrue();
fail("as source is not trusted.");
} catch (final InsufficientAuthenticationException e) {
}
}
示例8: doFilter
import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken; //导入方法依赖的package包/类
@Override
public void doFilter(final ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
final HttpServletRequest httpServletRequest = (HttpServletRequest) request;
String userId = httpServletRequest.getHeader(userIdHeader);
if (authentication == null && StringUtils.isNotEmpty(userId)) {
userId = userId.toLowerCase();
LOGGER.info("[NOTICE][SSO] {} is accessing through SSO", userId);
PreAuthenticatedAuthenticationToken token = new PreAuthenticatedAuthenticationToken(
userId, "");
token.setDetails(createDetails(httpServletRequest, userId));
threadStorage.set(createEmpInfoFrom(httpServletRequest));
Authentication authenticate = authenticationManager.authenticate(token);
SecurityContextHolder.getContext().setAuthentication(authenticate);
}
chain.doFilter(request, response);
}
示例9: authenticate
import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken; //导入方法依赖的package包/类
public static boolean authenticate(MetkaAuthenticationDetails details) {
SecurityContext context = SecurityContextHolder.getContext();
if(context == null) {
Logger.error(AuthenticationUtil.class, "Authentication was requested but no SecurityContext was found");
throw new AuthenticationCredentialsNotFoundException("Couldn't find security context");
}
/*Authentication authentication = context.getAuthentication();
if(authentication != null && authentication.getDetails() != null) {
logger.error("Authentication details already set");
throw new AuthenticationCredentialsNotFoundException("Authentication details already set");
}*/
PreAuthenticatedAuthenticationToken auth = new PreAuthenticatedAuthenticationToken(details.getUserName(), "credentials", details.getGrantedAuthorities());
auth.setDetails(details);
context.setAuthentication(auth);
return true;
}
示例10: saveUserDetailsToContext
import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken; //导入方法依赖的package包/类
/**
* 将UserDetails保存到Security Context.
*
* @param userDetails
* 已初始化好的用户信息.
* @param request
* 用于获取用户IP地址信息,可为Null.
*/
public static void saveUserDetailsToContext(UserDetails userDetails,
HttpServletRequest request) {
PreAuthenticatedAuthenticationToken authentication = new PreAuthenticatedAuthenticationToken(
userDetails, userDetails.getPassword(),
userDetails.getAuthorities());
if (request != null) {
authentication.setDetails(new WebAuthenticationDetails(request));
}
SecurityContextHolder.getContext().setAuthentication(authentication);
}
示例11: replaceContext
import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken; //导入方法依赖的package包/类
/**
* Put new information in SecurityContextHolder.
*
* @param context
* the security context to update.
* @param newPrincipal
* the new principal to place.
*/
private void replaceContext(final SecurityContext context, final UserDetails newPrincipal) {
final PreAuthenticatedAuthenticationToken authentication = new PreAuthenticatedAuthenticationToken(newPrincipal, null);
authentication.setDetails(newPrincipal);
context.setAuthentication(authentication);
final SecurityContextImpl securityContextImpl = new SecurityContextImpl();
securityContextImpl.setAuthentication(authentication);
// Replace the old context
SecurityContextHolder.setContext(securityContextImpl);
}
示例12: saveUserDetailsToContext
import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken; //导入方法依赖的package包/类
/**
* Save user details to security context.
*
* @param userDetails user details
* @param request request
*/
public static void saveUserDetailsToContext(UserDetails userDetails, HttpServletRequest request) {
PreAuthenticatedAuthenticationToken authentication = new PreAuthenticatedAuthenticationToken(
userDetails,
userDetails.getPassword(), userDetails.getAuthorities());
if (request != null) {
authentication.setDetails(new WebAuthenticationDetails(request));
}
SecurityContextHolder.getContext().setAuthentication(authentication);
}
示例13: successfulAuthentication
import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken; //导入方法依赖的package包/类
@Override
protected void successfulAuthentication(final HttpServletRequest request, final HttpServletResponse response,
final Authentication authResult) throws IOException, ServletException {
final Collection<GrantedAuthority> authorities = new ArrayList<>();
authorities.addAll(authResult.getAuthorities());
authorities.addAll(abstractControllerAuthenticationFilter.getSuccessfulAuthenticationAuthorities());
final PreAuthenticatedAuthenticationToken authTokenWithGrantedAuthorities = new PreAuthenticatedAuthenticationToken(
authResult.getPrincipal(), authResult.getCredentials(), authorities);
authTokenWithGrantedAuthorities.setDetails(authResult.getDetails());
super.successfulAuthentication(request, response, authTokenWithGrantedAuthorities);
}
示例14: principalAndCredentialsAreTheSameWithNoSourceIpCheckIsSuccessful
import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken; //导入方法依赖的package包/类
@Test
@Description("Testing that the controllerId within the URI request path is the same with the controllerId within the request header and no source IP check is in place.")
public void principalAndCredentialsAreTheSameWithNoSourceIpCheckIsSuccessful() {
final String principal = "controllerId";
final String credentials = "controllerId";
final PreAuthenticatedAuthenticationToken token = new PreAuthenticatedAuthenticationToken(principal,
Arrays.asList(credentials));
token.setDetails(webAuthenticationDetailsMock);
final Authentication authenticate = underTestWithoutSourceIpCheck.authenticate(token);
assertThat(authenticate.isAuthenticated()).isTrue();
}
示例15: priniciapAndCredentialsAreTheSameAndSourceIpIsTrusted
import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken; //导入方法依赖的package包/类
@Test
@Description("Testing that the controllerId in the URI request match with the controllerId in the request header and the source Ip is matching the allowed remote IP address.")
public void priniciapAndCredentialsAreTheSameAndSourceIpIsTrusted() {
final String principal = "controllerId";
final String credentials = "controllerId";
final PreAuthenticatedAuthenticationToken token = new PreAuthenticatedAuthenticationToken(principal,
Arrays.asList(credentials));
token.setDetails(webAuthenticationDetailsMock);
when(webAuthenticationDetailsMock.getRemoteAddress()).thenReturn(REQUEST_SOURCE_IP);
// test, should throw authentication exception
final Authentication authenticate = underTestWithSourceIpCheck.authenticate(token);
assertThat(authenticate.isAuthenticated()).isTrue();
}