List of usage examples for org.springframework.security.authentication AuthenticationTrustResolverImpl AuthenticationTrustResolverImpl
AuthenticationTrustResolverImpl
From source file:org.web4thejob.security.CustomWebSecurityExpressionRoot.java
public CustomWebSecurityExpressionRoot(Authentication a, FilterInvocation fi) { super(a, fi); setTrustResolver(new AuthenticationTrustResolverImpl()); }
From source file:com.jeanchampemont.notedown.utils.SecurityInterceptor.java
@Override public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception { if (modelAndView != null) { FilterInvocation filterInvocation = new FilterInvocation(request, response, new FilterChain() { public void doFilter(ServletRequest request, ServletResponse response) throws IOException, ServletException { throw new UnsupportedOperationException(); }/*from w ww. ja v a2 s. co m*/ }); Authentication authentication = SecurityContextHolder.getContext().getAuthentication(); if (authentication != null) { WebSecurityExpressionRoot sec = new WebSecurityExpressionRoot(authentication, filterInvocation); sec.setTrustResolver(new AuthenticationTrustResolverImpl()); modelAndView.getModel().put("sec", sec); } } }
From source file:de.blizzy.documentr.access.DocumentrSecurityExpressionRoot.java
public DocumentrSecurityExpressionRoot(Authentication authentication, GlobalRepositoryManager repoManager) { super(authentication); this.repoManager = repoManager; setTrustResolver(new AuthenticationTrustResolverImpl()); }
From source file:com.github.carlomicieli.nerdmovies.config.ImplicitObjectsInterceptor.java
@Override public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception { if (modelAndView != null && !modelAndView.getViewName().startsWith("redirect:")) { FilterInvocation filterInvocation = new FilterInvocation(request, response, new FilterChain() { public void doFilter(ServletRequest request, ServletResponse response) throws IOException, ServletException { throw new UnsupportedOperationException(); }/*from w ww . j av a 2s.com*/ }); Authentication authentication = SecurityContextHolder.getContext().getAuthentication(); WebSecurityExpressionRoot sec = new WebSecurityExpressionRoot(authentication, filterInvocation); sec.setTrustResolver(new AuthenticationTrustResolverImpl()); modelAndView.getModel().put("sec", sec); } }
From source file:org.openmrs.contrib.metadatarepository.service.UserSecurityAdvice.java
/** * Method to enforce security and only allow administrators to modify users. Regular * users are allowed to modify themselves. * * @param method the name of the method executed * @param args the arguments to the method * @param target the target class//from w w w . j a v a 2 s.c o m * @throws Throwable thrown when args[0] is null or not a User object */ public void before(Method method, Object[] args, Object target) throws Throwable { SecurityContext ctx = SecurityContextHolder.getContext(); if (ctx.getAuthentication() != null) { Authentication auth = ctx.getAuthentication(); boolean administrator = false; Collection<GrantedAuthority> roles = auth.getAuthorities(); for (GrantedAuthority role1 : roles) { if (role1.getAuthority().equals(Constants.ADMIN_ROLE)) { administrator = true; break; } } User user = (User) args[0]; AuthenticationTrustResolver resolver = new AuthenticationTrustResolverImpl(); // allow new users to signup - this is OK b/c Signup doesn't allow setting of roles boolean signupUser = resolver.isAnonymous(auth); if (!signupUser) { User currentUser = getCurrentUser(auth); if (user.getId() != null && !user.getId().equals(currentUser.getId()) && !administrator) { log.warn("Access Denied: '" + currentUser.getUsername() + "' tried to modify '" + user.getUsername() + "'!"); throw new AccessDeniedException(ACCESS_DENIED); } else if (user.getId() != null && user.getId().equals(currentUser.getId()) && !administrator) { // get the list of roles the user is trying add Set<String> userRoles = new HashSet<String>(); if (user.getRoles() != null) { for (Object o : user.getRoles()) { Role role = (Role) o; userRoles.add(role.getName()); } } // get the list of roles the user currently has Set<String> authorizedRoles = new HashSet<String>(); for (GrantedAuthority role : roles) { authorizedRoles.add(role.getAuthority()); } // if they don't match - access denied // regular users aren't allowed to change their roles if (!CollectionUtils.isEqualCollection(userRoles, authorizedRoles)) { log.warn("Access Denied: '" + currentUser.getUsername() + "' tried to change their role(s)!"); throw new AccessDeniedException(ACCESS_DENIED); } } } else { if (log.isDebugEnabled()) { log.debug("Registering new user '" + user.getUsername() + "'"); } } } }
From source file:org.musicrecital.service.UserSecurityAdvice.java
/** * Method to enforce security and only allow administrators to modify users. Regular * users are allowed to modify themselves. * * @param method the name of the method executed * @param args the arguments to the method * @param target the target class/*from ww w .j a v a 2 s. co m*/ * @throws Throwable thrown when args[0] is null or not a User object */ public void before(Method method, Object[] args, Object target) throws Throwable { SecurityContext ctx = SecurityContextHolder.getContext(); if (ctx.getAuthentication() != null) { Authentication auth = ctx.getAuthentication(); boolean administrator = false; Collection<? extends GrantedAuthority> roles = auth.getAuthorities(); for (GrantedAuthority role : roles) { if (role.getAuthority().equals(Constants.ADMIN_ROLE)) { administrator = true; break; } } User user = (User) args[0]; AuthenticationTrustResolver resolver = new AuthenticationTrustResolverImpl(); // allow new users to signup - this is OK b/c Signup doesn't allow setting of roles boolean signupUser = resolver.isAnonymous(auth); if (!signupUser) { UserManager userManager = (UserManager) target; User currentUser = getCurrentUser(auth, userManager); if (user.getId() != null && !user.getId().equals(currentUser.getId()) && !administrator) { log.warn("Access Denied: '" + currentUser.getUsername() + "' tried to modify '" + user.getUsername() + "'!"); throw new AccessDeniedException(ACCESS_DENIED); } else if (user.getId() != null && user.getId().equals(currentUser.getId()) && !administrator) { // get the list of roles the user is trying add Set<String> userRoles = new HashSet<String>(); if (user.getRoles() != null) { for (Object o : user.getRoles()) { Role role = (Role) o; userRoles.add(role.getName()); } } // get the list of roles the user currently has Set<String> authorizedRoles = new HashSet<String>(); for (GrantedAuthority role : roles) { authorizedRoles.add(role.getAuthority()); } // if they don't match - access denied // regular users aren't allowed to change their roles if (!CollectionUtils.isEqualCollection(userRoles, authorizedRoles)) { log.warn("Access Denied: '" + currentUser.getUsername() + "' tried to change their role(s)!"); throw new AccessDeniedException(ACCESS_DENIED); } } } else { if (log.isDebugEnabled()) { log.debug("Registering new user '" + user.getUsername() + "'"); } } } }
From source file:org.musicrecital.webapp.services.impl.SpringSecurityContext.java
public boolean isRememberMe() { AuthenticationTrustResolver resolver = new AuthenticationTrustResolverImpl(); Authentication authentication = SecurityContextHolder.getContext().getAuthentication(); return resolver.isRememberMe(authentication); }
From source file:org.bremersee.common.spring.autoconfigure.AclCommonAutoConfiguration.java
@Bean @ConditionalOnMissingBean({ AuthenticationTrustResolver.class }) public AuthenticationTrustResolver trustResolver() { AuthenticationTrustResolverImpl impl = new AuthenticationTrustResolverImpl(); LOG.info("Creating new 'AuthenticationTrustResolver' ..."); return impl;//ww w . ja va2s .com }
From source file:org.musicrecital.webapp.listener.UserCounterListener.java
private boolean isAnonymous() { AuthenticationTrustResolver resolver = new AuthenticationTrustResolverImpl(); SecurityContext ctx = SecurityContextHolder.getContext(); if (ctx != null) { Authentication auth = ctx.getAuthentication(); return resolver.isAnonymous(auth); }/*from w w w.ja v a2 s. c o m*/ return true; }
From source file:org.openmrs.contrib.metadatarepository.service.UserSecurityAdvice.java
/** * After returning, grab the user, check if they've been modified and reset the SecurityContext if they have. * @param returnValue the user object/*from w w w. j a va2s .c o m*/ * @param method the name of the method executed * @param args the arguments to the method * @param target the target class * @throws Throwable thrown when args[0] is null or not a User object */ public void afterReturning(Object returnValue, Method method, Object[] args, Object target) throws Throwable { User user = (User) args[0]; if (user.getVersion() != null) { // reset the authentication object if current user Authentication auth = SecurityContextHolder.getContext().getAuthentication(); AuthenticationTrustResolver resolver = new AuthenticationTrustResolverImpl(); // allow new users to signup - this is OK b/c Signup doesn't allow setting of roles boolean signupUser = resolver.isAnonymous(auth); if (auth != null && !signupUser) { User currentUser = getCurrentUser(auth); if (currentUser.getId().equals(user.getId())) { auth = new UsernamePasswordAuthenticationToken(user, user.getPassword(), user.getAuthorities()); SecurityContextHolder.getContext().setAuthentication(auth); } } } }