Java 类org.springframework.security.web.authentication.switchuser.SwitchUserFilter 实例源码

项目:esup-ecandidat    文件:UserController.java   
/**
 * Change le rôle de l'utilisateur courant
 * 
 * @param username
 *            le nom de l'utilisateur a prendre
 */
public void switchToUser(String username) {
    Assert.hasText(username, applicationContext.getMessage("assert.hasText", null, UI.getCurrent().getLocale()));

    /* Vérifie que l'utilisateur existe */
    try {
        UserDetails details = userDetailsService.loadUserByUsername(username);
        if (details == null || details.getAuthorities() == null || details.getAuthorities().size() == 0) {
            Notification.show(applicationContext.getMessage("admin.switchUser.usernameNotFound",
                    new Object[] { username }, UI.getCurrent().getLocale()), Notification.Type.WARNING_MESSAGE);
            return;
        }
    } catch (UsernameNotFoundException unfe) {
        Notification.show(applicationContext.getMessage("admin.switchUser.usernameNotFound",
                new Object[] { username }, UI.getCurrent().getLocale()), Notification.Type.WARNING_MESSAGE);
        return;
    }
    String switchToUserUrl = MethodUtils.formatSecurityPath(loadBalancingController.getApplicationPath(false),
            ConstanteUtils.SECURITY_SWITCH_PATH) + "?" + SwitchUserFilter.SPRING_SECURITY_SWITCH_USERNAME_KEY + "="
            + username;
    Page.getCurrent().open(switchToUserUrl, null);
}
项目:esup-ecandidat    文件:SecurityConfig.java   
/**
 * @see org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter#configure(org.springframework.security.config.annotation.web.builders.HttpSecurity)
 */
@Override
protected void configure(HttpSecurity http) throws Exception {
    http.exceptionHandling()
            .authenticationEntryPoint(casEntryPoint())
            .and()
        .authorizeRequests()
            .antMatchers(ConstanteUtils.SECURITY_CONNECT_PATH+"/**").authenticated()
            .antMatchers("/**").permitAll()
            .antMatchers(ConstanteUtils.SECURITY_SWITCH_PATH).hasAuthority(NomenclatureUtils.DROIT_PROFIL_ADMIN)
            .antMatchers(ConstanteUtils.SECURITY_SWITCH_BACK_PATH).hasAuthority(SwitchUserFilter.ROLE_PREVIOUS_ADMINISTRATOR)
            .anyRequest().authenticated()
            .and()
        .addFilterBefore(singleSignOutFilter(), LogoutFilter.class)
        .addFilter(new LogoutFilter(casUrl + ConstanteUtils.SECURITY_LOGOUT_PATH, new SecurityContextLogoutHandler()))
        .addFilter(casAuthenticationFilter())
        .addFilterAfter(switchUserFilter(), FilterSecurityInterceptor.class)
        /* La protection Spring Security contre le Cross Scripting Request Forgery est désactivée, Vaadin implémente sa propre protection */
        .csrf().disable()
        .headers()
            /* Autorise l'affichage en iFrame */
            .frameOptions().disable()
            /* Supprime la gestion du cache du navigateur, pour corriger le bug IE de chargement des polices cf. http://stackoverflow.com/questions/7748140/font-face-eot-not-loading-over-https */
            .cacheControl().disable();
}
项目:autopivot    文件:SecurityConfig.java   
@Override
protected void doConfigure(HttpSecurity http) throws Exception {
    http.authorizeRequests()
            // The order of the matchers matters
            .antMatchers(HttpMethod.OPTIONS, REST_API_URL_PREFIX + "/**")
            .permitAll()
            // The REST ping service is temporarily authenticated (see PIVOT-3149)
            .antMatchers(url(REST_API_URL_PREFIX, PING_SUFFIX))
            .hasAnyAuthority(ROLE_USER, ROLE_TECH)
            // REST services
            .antMatchers(REST_API_URL_PREFIX + "/**")
            .hasAnyAuthority(ROLE_USER)
            // One has to be a user for all the other URLs
            .antMatchers("/**")
            .hasAuthority(ROLE_USER)
            .and()
            .httpBasic()
            // SwitchUserFilter is the last filter in the chain. See FilterComparator class.
            .and()
            .addFilterAfter(activePivotConfig.contextValueFilter(), SwitchUserFilter.class);
}
项目:esup-ecandidat    文件:UserController.java   
/**
 * @return true si l'utilisateur a pris le rôle d'un autre utilisateur
 */
public boolean isUserSwitched() {
    Authentication auth = getCurrentAuthentication();
    if (auth == null) {
        return false;
    }
    return auth.getAuthorities().stream().map(GrantedAuthority::getAuthority)
            .filter(Predicate.isEqual(SwitchUserFilter.ROLE_PREVIOUS_ADMINISTRATOR)).findAny().isPresent();
}
项目:haven-platform    文件:ServletContainerConfiguration.java   
@Override
        protected void configure(HttpSecurity http) throws Exception {
            final String uiPrefix = "/ui/";
            final String loginUrl = uiPrefix + "login.html";

            TokenAuthFilterConfigurer<HttpSecurity> tokenFilterConfigurer =
                    new TokenAuthFilterConfigurer<>(new RequestTokenHeaderRequestMatcher(),
                            new TokenAuthProvider(tokenValidator, userDetailsService, authProcessor));
            http.csrf().disable()
                    .authenticationProvider(provider).userDetailsService(userDetailsService)
                    .anonymous().principal(SecurityUtils.USER_ANONYMOUS).and()
                    .authorizeRequests().antMatchers(uiPrefix + "/token/login").permitAll()
                    .antMatchers(HttpMethod.OPTIONS, "/**").permitAll()//allow CORS option calls
                    .antMatchers(uiPrefix + "**").authenticated()
                    .and().headers().cacheControl().disable()
                    .and().formLogin().loginPage(loginUrl).permitAll().defaultSuccessUrl(uiPrefix)
                    .and().logout().logoutUrl(uiPrefix + "logout").logoutSuccessUrl(loginUrl)
                    .and().apply(tokenFilterConfigurer);
//                enable after testing
//                        .and().sessionManagement()
//                        .sessionCreationPolicy(SessionCreationPolicy.STATELESS);

            // X-Frame-Options
            http.headers()
              .frameOptions().sameOrigin();

            http.addFilterAfter(new AccessContextFilter(aclContextFactory), SwitchUserFilter.class);

            //we use basic in testing and scripts
            if (basicAuthEnable) {
                http.httpBasic();
            }

        }
项目:entelect-spring-webapp-template    文件:SpringSecurityConfig.java   
@Bean
public SwitchUserFilter switchUserFilter(UserDetailsService userDetailsService) {
    SwitchUserFilter suFilter = new SwitchUserFilter();
    suFilter.setUserDetailsService(userDetailsService);
    suFilter.setSuccessHandler((httpServletRequest, httpServletResponse, authentication) -> {
        String url = httpServletRequest.getHeader("referer");
        if (url == null) {
            httpServletResponse.sendRedirect("/");
        } else {
            httpServletResponse.sendRedirect(url);
        }
    });
    return suFilter;
}