List of usage examples for org.springframework.security.authentication AuthenticationTrustResolver isAnonymous
boolean isAnonymous(Authentication authentication);
Authentication token represents an anonymous user. From source file:org.openmrs.contrib.metadatarepository.service.UserSecurityAdvice.java
/** * After returning, grab the user, check if they've been modified and reset the SecurityContext if they have. * @param returnValue the user object//from ww w. j a va 2s.c o m * @param method the name of the method executed * @param args the arguments to the method * @param target the target class * @throws Throwable thrown when args[0] is null or not a User object */ public void afterReturning(Object returnValue, Method method, Object[] args, Object target) throws Throwable { User user = (User) args[0]; if (user.getVersion() != null) { // reset the authentication object if current user Authentication auth = SecurityContextHolder.getContext().getAuthentication(); AuthenticationTrustResolver resolver = new AuthenticationTrustResolverImpl(); // allow new users to signup - this is OK b/c Signup doesn't allow setting of roles boolean signupUser = resolver.isAnonymous(auth); if (auth != null && !signupUser) { User currentUser = getCurrentUser(auth); if (currentUser.getId().equals(user.getId())) { auth = new UsernamePasswordAuthenticationToken(user, user.getPassword(), user.getAuthorities()); SecurityContextHolder.getContext().setAuthentication(auth); } } } }
From source file:org.musicrecital.service.UserSecurityAdvice.java
/** * After returning, grab the user, check if they've been modified and reset the SecurityContext if they have. * * @param returnValue the user object/*from ww w . j av a2 s. c o m*/ * @param method the name of the method executed * @param args the arguments to the method * @param target the target class * @throws Throwable thrown when args[0] is null or not a User object */ public void afterReturning(Object returnValue, Method method, Object[] args, Object target) throws Throwable { User user = (User) args[0]; if (user.getVersion() != null) { // reset the authentication object if current user Authentication auth = SecurityContextHolder.getContext().getAuthentication(); AuthenticationTrustResolver resolver = new AuthenticationTrustResolverImpl(); // allow new users to signup - this is OK b/c Signup doesn't allow setting of roles boolean signupUser = resolver.isAnonymous(auth); if (auth != null && !signupUser) { UserManager userManager = (UserManager) target; User currentUser = getCurrentUser(auth, userManager); if (currentUser.getId().equals(user.getId())) { auth = new UsernamePasswordAuthenticationToken(user, user.getPassword(), user.getAuthorities()); SecurityContextHolder.getContext().setAuthentication(auth); } } } }
From source file:org.openmrs.contrib.metadatarepository.service.UserSecurityAdvice.java
/** * Method to enforce security and only allow administrators to modify users. Regular * users are allowed to modify themselves. * * @param method the name of the method executed * @param args the arguments to the method * @param target the target class//from www . ja v a2s. c o m * @throws Throwable thrown when args[0] is null or not a User object */ public void before(Method method, Object[] args, Object target) throws Throwable { SecurityContext ctx = SecurityContextHolder.getContext(); if (ctx.getAuthentication() != null) { Authentication auth = ctx.getAuthentication(); boolean administrator = false; Collection<GrantedAuthority> roles = auth.getAuthorities(); for (GrantedAuthority role1 : roles) { if (role1.getAuthority().equals(Constants.ADMIN_ROLE)) { administrator = true; break; } } User user = (User) args[0]; AuthenticationTrustResolver resolver = new AuthenticationTrustResolverImpl(); // allow new users to signup - this is OK b/c Signup doesn't allow setting of roles boolean signupUser = resolver.isAnonymous(auth); if (!signupUser) { User currentUser = getCurrentUser(auth); if (user.getId() != null && !user.getId().equals(currentUser.getId()) && !administrator) { log.warn("Access Denied: '" + currentUser.getUsername() + "' tried to modify '" + user.getUsername() + "'!"); throw new AccessDeniedException(ACCESS_DENIED); } else if (user.getId() != null && user.getId().equals(currentUser.getId()) && !administrator) { // get the list of roles the user is trying add Set<String> userRoles = new HashSet<String>(); if (user.getRoles() != null) { for (Object o : user.getRoles()) { Role role = (Role) o; userRoles.add(role.getName()); } } // get the list of roles the user currently has Set<String> authorizedRoles = new HashSet<String>(); for (GrantedAuthority role : roles) { authorizedRoles.add(role.getAuthority()); } // if they don't match - access denied // regular users aren't allowed to change their roles if (!CollectionUtils.isEqualCollection(userRoles, authorizedRoles)) { log.warn("Access Denied: '" + currentUser.getUsername() + "' tried to change their role(s)!"); throw new AccessDeniedException(ACCESS_DENIED); } } } else { if (log.isDebugEnabled()) { log.debug("Registering new user '" + user.getUsername() + "'"); } } } }
From source file:org.musicrecital.service.UserSecurityAdvice.java
/** * Method to enforce security and only allow administrators to modify users. Regular * users are allowed to modify themselves. * * @param method the name of the method executed * @param args the arguments to the method * @param target the target class/*from w w w .ja v a 2 s .co m*/ * @throws Throwable thrown when args[0] is null or not a User object */ public void before(Method method, Object[] args, Object target) throws Throwable { SecurityContext ctx = SecurityContextHolder.getContext(); if (ctx.getAuthentication() != null) { Authentication auth = ctx.getAuthentication(); boolean administrator = false; Collection<? extends GrantedAuthority> roles = auth.getAuthorities(); for (GrantedAuthority role : roles) { if (role.getAuthority().equals(Constants.ADMIN_ROLE)) { administrator = true; break; } } User user = (User) args[0]; AuthenticationTrustResolver resolver = new AuthenticationTrustResolverImpl(); // allow new users to signup - this is OK b/c Signup doesn't allow setting of roles boolean signupUser = resolver.isAnonymous(auth); if (!signupUser) { UserManager userManager = (UserManager) target; User currentUser = getCurrentUser(auth, userManager); if (user.getId() != null && !user.getId().equals(currentUser.getId()) && !administrator) { log.warn("Access Denied: '" + currentUser.getUsername() + "' tried to modify '" + user.getUsername() + "'!"); throw new AccessDeniedException(ACCESS_DENIED); } else if (user.getId() != null && user.getId().equals(currentUser.getId()) && !administrator) { // get the list of roles the user is trying add Set<String> userRoles = new HashSet<String>(); if (user.getRoles() != null) { for (Object o : user.getRoles()) { Role role = (Role) o; userRoles.add(role.getName()); } } // get the list of roles the user currently has Set<String> authorizedRoles = new HashSet<String>(); for (GrantedAuthority role : roles) { authorizedRoles.add(role.getAuthority()); } // if they don't match - access denied // regular users aren't allowed to change their roles if (!CollectionUtils.isEqualCollection(userRoles, authorizedRoles)) { log.warn("Access Denied: '" + currentUser.getUsername() + "' tried to change their role(s)!"); throw new AccessDeniedException(ACCESS_DENIED); } } } else { if (log.isDebugEnabled()) { log.debug("Registering new user '" + user.getUsername() + "'"); } } } }
From source file:org.musicrecital.webapp.listener.UserCounterListener.java
private boolean isAnonymous() { AuthenticationTrustResolver resolver = new AuthenticationTrustResolverImpl(); SecurityContext ctx = SecurityContextHolder.getContext(); if (ctx != null) { Authentication auth = ctx.getAuthentication(); return resolver.isAnonymous(auth); }/*from w w w . java 2s .c o m*/ return true; }
From source file:alpha.portal.webapp.listener.UserCounterListener.java
/** * Checks if is anonymous.//from ww w . j a va 2 s.c o m * * @return true, if is anonymous */ private boolean isAnonymous() { final AuthenticationTrustResolver resolver = new AuthenticationTrustResolverImpl(); final SecurityContext ctx = SecurityContextHolder.getContext(); if (ctx != null) { final Authentication auth = ctx.getAuthentication(); return resolver.isAnonymous(auth); } return true; }