List of usage examples for org.springframework.security.web.context HttpRequestResponseHolder getRequest
public HttpServletRequest getRequest()
From source file:au.gov.dto.dibp.appointments.security.context.CookieBasedSecurityContextRepository.java
@Override public SecurityContext loadContext(HttpRequestResponseHolder requestResponseHolder) { SaveToCookieResponseWrapper responseWrapper = new SaveToCookieResponseWrapper( requestResponseHolder.getRequest(), requestResponseHolder.getResponse(), true); requestResponseHolder.setResponse(responseWrapper); return securityContextSerializer.deserialize(requestResponseHolder.getRequest(), requestResponseHolder.getResponse()); }
From source file:fr.mycellar.interfaces.web.security.SecurityContextTokenRepository.java
@Override public SecurityContext loadContext(HttpRequestResponseHolder requestResponseHolder) { try {//from w w w . ja v a 2s. c o m Object key = requestResponseHolder.getRequest() .getHeader(SpringSecurityConfiguration.TOKEN_HEADER_NAME); if ((key != null) && (key instanceof String)) { Token token = keyBasedPersistenceTokenService.verifyToken((String) key); if (token != null) { TimedSecurityContext context = securityContexts.get(token); if (context != null) { context.localDateTime = new LocalDateTime(); return context.securityContext; } } } } catch (Exception e) { // return SecurityContextHolder.createEmptyContext(); } return SecurityContextHolder.createEmptyContext(); }
From source file:com.cfitzarl.cfjwed.core.security.SecurityContextLoader.java
/** * This method does all the heavy work in retrieving the context out of Redis. It inspects the servlet request * and tries to scrape the authentication token out of a header. If the header is missing or the token is not * found, an empty {@link SecurityContext} is returned, effectively telling Spring that the current request is * coming from an anonymous, unauthenticated actor. * * @param requestResponseHolder the request container * @return a security context// w ww .ja va 2 s . c o m */ @Override public SecurityContext loadContext(HttpRequestResponseHolder requestResponseHolder) { HttpServletRequest request = requestResponseHolder.getRequest(); String tokenParam = coalesce(request.getHeader(SessionConstant.AUTH_TOKEN_HEADER), request.getParameter(SessionConstant.AUTH_TOKEN_PARAM)); SecurityContext securityContext = new SecurityContextImpl(); if (tokenParam == null || !redisService.exists(tokenParam)) { return securityContext; } String serializedAuthData = redisService.get(tokenParam); AuthenticationDTO dto; try { dto = new ObjectMapper().readValue(serializedAuthData, AuthenticationDTO.class); } catch (IOException e) { LOGGER.error("Error deserializing auth DTO", e); return securityContext; } Account account = accountDao.findByEmail(dto.getEmail()); Collection<GrantedAuthority> gal = Collections.singletonList(new SimpleGrantedAuthority(dto.getRole())); UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(account.getId(), null, gal); token.setDetails(dto.getCsrf()); securityContext.setAuthentication(token); return securityContext; }
From source file:au.gov.dto.springframework.security.web.context.CookieSecurityContextRepository.java
/** * Obtains the security context for the supplied request. For an unauthenticated user, an empty context * implementation should be returned. This method should not return null. * <p>/*from w ww .j av a 2s . co m*/ * The use of the <tt>HttpRequestResponseHolder</tt> parameter allows implementations to return wrapped versions of * the request or response (or both), allowing them to access implementation-specific state for the request. * The values obtained from the holder will be passed on to the filter chain and also to the <tt>saveContext</tt> * method when it is finally called. Implementations may wish to return a subclass of * {@link SaveContextOnUpdateOrErrorResponseWrapper} as the response object, which guarantees that the context is * persisted when an error or redirect occurs. * * @param requestResponseHolder holder for the current request and response for which the context should be loaded. * * @return The security context which should be used for the current request, never null. */ @Override public SecurityContext loadContext(HttpRequestResponseHolder requestResponseHolder) { HttpServletRequest request = requestResponseHolder.getRequest(); HttpServletResponse response = requestResponseHolder.getResponse(); requestResponseHolder.setResponse(new SaveToCookieResponseWrapper(request, response)); Cookie authenticationCookie = getAuthenticationCookie(request); if (authenticationCookie == null) { return SecurityContextHolder.createEmptyContext(); } String serialisedAuthentication = tokenEncryption.decryptAndVerify(authenticationCookie.getValue()); if (serialisedAuthentication == null) { response.addCookie(createExpireAuthenticationCookie(request)); return SecurityContextHolder.createEmptyContext(); } Authentication authentication = authenticationSerializer.deserialize(serialisedAuthentication); SecurityContext securityContext = SecurityContextHolder.createEmptyContext(); securityContext.setAuthentication(authentication); return securityContext; }
From source file:org.carewebframework.security.spring.DesktopSecurityContextRepository.java
/** * Gets the security context for the current request (if available) and returns it. * <p>/* w w w. j av a2 s. c om*/ * If the session is null, the context object is null or the context object stored in the * session is not an instance of <tt>SecurityContext</tt>, a new context object will be * generated and returned. * <p> * If <tt>cloneFromHttpSession</tt> is set to true, it will attempt to clone the context object * first and return the cloned instance. */ @Override public SecurityContext loadContext(HttpRequestResponseHolder requestResponseHolder) { HttpServletRequest request = requestResponseHolder.getRequest(); HttpServletResponse response = requestResponseHolder.getResponse(); HttpSession httpSession = request.getSession(false); SecurityContext context = readSecurityContextFromRequest(request); if (context == null) { if (log.isDebugEnabled()) { log.debug("No SecurityContext was available from the HttpSession: " + httpSession + ". " + "A new one will be created."); } context = generateNewContext(); } requestResponseHolder .setResponse(new SaveToSessionResponseWrapper(response, request, httpSession != null, context)); return context; }
From source file:org.springframework.security.web.context.HttpSessionSecurityContextRepository.java
/** * Gets the security context for the current request (if available) and returns it. * <p>//ww w . j av a 2 s . c om * If the session is null, the context object is null or the context object stored in * the session is not an instance of {@code SecurityContext}, a new context object * will be generated and returned. */ public SecurityContext loadContext(HttpRequestResponseHolder requestResponseHolder) { HttpServletRequest request = requestResponseHolder.getRequest(); HttpServletResponse response = requestResponseHolder.getResponse(); HttpSession httpSession = request.getSession(false); SecurityContext context = readSecurityContextFromSession(httpSession); if (context == null) { if (logger.isDebugEnabled()) { logger.debug("No SecurityContext was available from the HttpSession: " + httpSession + ". " + "A new one will be created."); } context = generateNewContext(); } SaveToSessionResponseWrapper wrappedResponse = new SaveToSessionResponseWrapper(response, request, httpSession != null, context); requestResponseHolder.setResponse(wrappedResponse); requestResponseHolder.setRequest(new SaveToSessionRequestWrapper(request, wrappedResponse)); return context; }