@Bean public AuditorAware<String> auditorAwareBean() { return () -> { Authentication authentication = SecurityContextHolder.getContext().getAuthentication(); if (authentication == null || new AuthenticationTrustResolverImpl().isAnonymous(authentication)) { return "@SYSTEM"; } Object principal = authentication.getPrincipal(); if (principal instanceof String) { return (String) principal; } else if (principal instanceof UserDetails) { return ((UserDetails) principal).getUsername(); } else { return String.valueOf(principal); } }; }
/** * After returning, grab the user, check if they've been modified and reset * the SecurityContext if they have. * * @param returnValue * the user object * @param method * the name of the method executed * @param args * the arguments to the method * @param target * the target class * @throws Throwable * thrown when args[0] is null or not a User object */ public void afterReturning(Object returnValue, Method method, Object[] args, Object target) throws Throwable { User user = (User) args[0]; if (user.getVersion() != null) { // reset the authentication object if current user Authentication auth = SecurityContextHolder.getContext() .getAuthentication(); AuthenticationTrustResolver resolver = new AuthenticationTrustResolverImpl(); // allow new users to signup - this is OK b/c Signup doesn't allow // setting of roles boolean signupUser = resolver.isAnonymous(auth); if (auth != null && !signupUser) { User currentUser = getCurrentUser(auth); if (currentUser.getId().equals(user.getId())) { auth = new UsernamePasswordAuthenticationToken(user, user .getPassword(), user.getAuthorities()); SecurityContextHolder.getContext().setAuthentication(auth); } } } }
/** * After returning, grab the user, check if they've been modified and reset the SecurityContext if they have. * * @param returnValue the user object * @param method the name of the method executed * @param args the arguments to the method * @param target the target class * @throws Throwable thrown when args[0] is null or not a User object */ public void afterReturning(Object returnValue, Method method, Object[] args, Object target) throws Throwable { User user = (User) args[0]; if (user.getVersion() != null) { // reset the authentication object if current user Authentication auth = SecurityContextHolder.getContext().getAuthentication(); AuthenticationTrustResolver resolver = new AuthenticationTrustResolverImpl(); // allow new users to signup - this is OK b/c Signup doesn't allow setting of roles boolean signupUser = resolver.isAnonymous(auth); if (auth != null && !signupUser) { UserManager userManager = (UserManager) target; User currentUser = getCurrentUser(auth, userManager); if (currentUser.getId().equals(user.getId())) { auth = new UsernamePasswordAuthenticationToken(user, user.getPassword(), user.getAuthorities()); SecurityContextHolder.getContext().setAuthentication(auth); } } } }
@Override protected SecurityExpressionOperations createSecurityExpressionRoot(Authentication authentication, FilterInvocation fi) { WebSecurityExpressionRoot root = new CustomWebSecurityExpressionRoot(authentication, fi); root.setPermissionEvaluator(getPermissionEvaluator()); root.setTrustResolver(new AuthenticationTrustResolverImpl()); root.setRoleHierarchy(getRoleHierarchy()); return root; }
@Override protected MethodSecurityExpressionOperations createSecurityExpressionRoot(Authentication authentication, MethodInvocation invocation) { CustomMethodSecurityExpressionRoot root = new CustomMethodSecurityExpressionRoot(authentication); root.setThis(invocation.getThis()); root.setPermissionEvaluator(getPermissionEvaluator()); root.setTrustResolver(new AuthenticationTrustResolverImpl()); root.setRoleHierarchy(getRoleHierarchy()); return root; }
private boolean isAnonymous() { AuthenticationTrustResolver resolver = new AuthenticationTrustResolverImpl(); SecurityContext ctx = SecurityContextHolder.getContext(); if (ctx != null) { Authentication auth = ctx.getAuthentication(); return resolver.isAnonymous(auth); } return true; }
@Bean public AuthenticationTrustResolver getAuthenticationTrustResolver() { return new AuthenticationTrustResolverImpl(); }
/** * Grab the user from the database based on the "id" passed in. * * @return success if user found * @throws IOException * can happen when sending a "forbidden" from * response.sendError() */ public String edit() throws IOException { HttpServletRequest request = getRequest(); boolean editProfile = (request.getRequestURI().indexOf("editProfile") > -1); // if URL is "editProfile" - make sure it's the current user if (editProfile) { // reject if id passed in or "list" parameter passed in // someone that is trying this probably knows the AppFuse code // but it's a legitimate bug, so I'll fix it. ;-) if ((request.getParameter("id") != null) || (request.getParameter("from") != null)) { ServletActionContext.getResponse().sendError( HttpServletResponse.SC_FORBIDDEN); log.warn("User '" + request.getRemoteUser() + "' is trying to edit user '" + request.getParameter("id") + "'"); return null; } } // if a user's id is passed in if (id != null) { // lookup the user using that id user = userManager.getUser(id); } else if (editProfile) { user = userManager.getUserByUsername(request.getRemoteUser()); } else { user = new User(); user.addRole(new Role(Constants.USER_ROLE)); } if (user.getUsername() != null) { user.setConfirmPassword(user.getPassword()); // if user logged in with remember me, display a warning that they // can't change passwords log.debug("checking for remember me login..."); AuthenticationTrustResolver resolver = new AuthenticationTrustResolverImpl(); SecurityContext ctx = SecurityContextHolder.getContext(); if (ctx != null) { Authentication auth = ctx.getAuthentication(); if (resolver.isRememberMe(auth)) { getSession().setAttribute("cookieLogin", "true"); saveMessage(getText("userProfile.cookieLogin")); } } } return SUCCESS; }
public RestExceptionTranslator() { jsonResponseHelper = new JsonResponseWriterGsonImpl(); authenticationTrustResolver = new AuthenticationTrustResolverImpl(); }
private void addSecurityContextHolderAwareRequestFilter(List<Filter> filters) throws ServletException { SecurityContextHolderAwareRequestFilter securityFilter = new SecurityContextHolderAwareRequestFilter(); securityFilter.setTrustResolver(new AuthenticationTrustResolverImpl()); securityFilter.afterPropertiesSet(); filters.add(securityFilter); }
public boolean isRememberMe() { AuthenticationTrustResolver resolver = new AuthenticationTrustResolverImpl(); Authentication authentication = SecurityContextHolder.getContext().getAuthentication(); return resolver.isRememberMe(authentication); }