private OAuth2MethodSecurityExpressionHandler getExpressionHandler( DefaultMethodSecurityExpressionHandler bean) { OAuth2MethodSecurityExpressionHandler handler = new OAuth2MethodSecurityExpressionHandler(); handler.setApplicationContext(this.applicationContext); AuthenticationTrustResolver trustResolver = findInContext( AuthenticationTrustResolver.class); if (trustResolver != null) { handler.setTrustResolver(trustResolver); } PermissionEvaluator permissions = findInContext(PermissionEvaluator.class); if (permissions != null) { handler.setPermissionEvaluator(permissions); } handler.setExpressionParser(bean.getExpressionParser()); return handler; }
/** * After returning, grab the user, check if they've been modified and reset * the SecurityContext if they have. * * @param returnValue * the user object * @param method * the name of the method executed * @param args * the arguments to the method * @param target * the target class * @throws Throwable * thrown when args[0] is null or not a User object */ public void afterReturning(Object returnValue, Method method, Object[] args, Object target) throws Throwable { User user = (User) args[0]; if (user.getVersion() != null) { // reset the authentication object if current user Authentication auth = SecurityContextHolder.getContext() .getAuthentication(); AuthenticationTrustResolver resolver = new AuthenticationTrustResolverImpl(); // allow new users to signup - this is OK b/c Signup doesn't allow // setting of roles boolean signupUser = resolver.isAnonymous(auth); if (auth != null && !signupUser) { User currentUser = getCurrentUser(auth); if (currentUser.getId().equals(user.getId())) { auth = new UsernamePasswordAuthenticationToken(user, user .getPassword(), user.getAuthorities()); SecurityContextHolder.getContext().setAuthentication(auth); } } } }
/** * After returning, grab the user, check if they've been modified and reset the SecurityContext if they have. * * @param returnValue the user object * @param method the name of the method executed * @param args the arguments to the method * @param target the target class * @throws Throwable thrown when args[0] is null or not a User object */ public void afterReturning(Object returnValue, Method method, Object[] args, Object target) throws Throwable { User user = (User) args[0]; if (user.getVersion() != null) { // reset the authentication object if current user Authentication auth = SecurityContextHolder.getContext().getAuthentication(); AuthenticationTrustResolver resolver = new AuthenticationTrustResolverImpl(); // allow new users to signup - this is OK b/c Signup doesn't allow setting of roles boolean signupUser = resolver.isAnonymous(auth); if (auth != null && !signupUser) { UserManager userManager = (UserManager) target; User currentUser = getCurrentUser(auth, userManager); if (currentUser.getId().equals(user.getId())) { auth = new UsernamePasswordAuthenticationToken(user, user.getPassword(), user.getAuthorities()); SecurityContextHolder.getContext().setAuthentication(auth); } } } }
private void initUserContext() { // setup mock user context mockTrustResolver = mock(AuthenticationTrustResolver.class); mockUser = mock(HmpUserDetails.class, Mockito.withSettings().extraInterfaces(HealthTimePrinterSetHolder.class)); mockAuthentication = mock(Authentication.class); // setup mock authentication context SecurityContextHolder.getContext().setAuthentication(mockAuthentication); when(mockAuthentication.isAuthenticated()).thenReturn(true); when(mockAuthentication.getPrincipal()).thenReturn(mockUser); when(mockTrustResolver.isAnonymous(mockAuthentication)).thenReturn(false); // create and register userContext = new HmpUserContext(mockTrustResolver); addResource(userContext); }
private OAuth2MethodSecurityExpressionHandler getExpressionHandler( DefaultMethodSecurityExpressionHandler bean) { OAuth2MethodSecurityExpressionHandler handler = new OAuth2MethodSecurityExpressionHandler(); handler.setApplicationContext(this.applicationContext); AuthenticationTrustResolver trustResolver = findInContext( AuthenticationTrustResolver.class); if (trustResolver != null) { handler.setTrustResolver(trustResolver); } handler.setExpressionParser(bean.getExpressionParser()); return handler; }
private boolean isAnonymous() { AuthenticationTrustResolver resolver = new AuthenticationTrustResolverImpl(); SecurityContext ctx = SecurityContextHolder.getContext(); if (ctx != null) { Authentication auth = ctx.getAuthentication(); return resolver.isAnonymous(auth); } return true; }
@Before public void setUp() throws Exception { mockTrustResolver = mock(AuthenticationTrustResolver.class); mockUser = mock(HmpUserDetails.class, Mockito.withSettings().extraInterfaces(HealthTimePrinterSetHolder.class)); mockAuthentication = mock(Authentication.class); userContext = new HmpUserContext(mockTrustResolver); }
@Bean public AuthenticationTrustResolver getAuthenticationTrustResolver() { return new AuthenticationTrustResolverImpl(); }
/** * Grab the user from the database based on the "id" passed in. * * @return success if user found * @throws IOException * can happen when sending a "forbidden" from * response.sendError() */ public String edit() throws IOException { HttpServletRequest request = getRequest(); boolean editProfile = (request.getRequestURI().indexOf("editProfile") > -1); // if URL is "editProfile" - make sure it's the current user if (editProfile) { // reject if id passed in or "list" parameter passed in // someone that is trying this probably knows the AppFuse code // but it's a legitimate bug, so I'll fix it. ;-) if ((request.getParameter("id") != null) || (request.getParameter("from") != null)) { ServletActionContext.getResponse().sendError( HttpServletResponse.SC_FORBIDDEN); log.warn("User '" + request.getRemoteUser() + "' is trying to edit user '" + request.getParameter("id") + "'"); return null; } } // if a user's id is passed in if (id != null) { // lookup the user using that id user = userManager.getUser(id); } else if (editProfile) { user = userManager.getUserByUsername(request.getRemoteUser()); } else { user = new User(); user.addRole(new Role(Constants.USER_ROLE)); } if (user.getUsername() != null) { user.setConfirmPassword(user.getPassword()); // if user logged in with remember me, display a warning that they // can't change passwords log.debug("checking for remember me login..."); AuthenticationTrustResolver resolver = new AuthenticationTrustResolverImpl(); SecurityContext ctx = SecurityContextHolder.getContext(); if (ctx != null) { Authentication auth = ctx.getAuthentication(); if (resolver.isRememberMe(auth)) { getSession().setAttribute("cookieLogin", "true"); saveMessage(getText("userProfile.cookieLogin")); } } } return SUCCESS; }
public RestExceptionTranslator(JsonResponseWriter jsonResponseHelper, AuthenticationTrustResolver authenticationTrustResolver) { this.jsonResponseHelper = jsonResponseHelper; this.authenticationTrustResolver = authenticationTrustResolver; }
public AuthenticationTrustResolver getAuthenticationTrustResolver() { return authenticationTrustResolver; }
public void setAuthenticationTrustResolver(AuthenticationTrustResolver authenticationTrustResolver) { this.authenticationTrustResolver = authenticationTrustResolver; }
@Autowired public HmpUserContext(AuthenticationTrustResolver authenticationTrustResolver) { this.authenticationTrustResolver = authenticationTrustResolver; }
public boolean isRememberMe() { AuthenticationTrustResolver resolver = new AuthenticationTrustResolverImpl(); Authentication authentication = SecurityContextHolder.getContext().getAuthentication(); return resolver.isRememberMe(authentication); }