org.springframework.security.core.context.SecurityContextHolder源码实例Demo

org.junit.jupiter.api.AfterEach#org.springframework.security.core.context.SecurityContextHolder源码实例Demo

下面列出了org.junit.jupiter.api.AfterEach#org.springframework.security.core.context.SecurityContextHolder 实例代码,或者点击链接到github查看源代码,也可以在右侧发表评论。

源代码1 项目: spring-boot   文件: AccessTokenUtils.java
public static Optional<String> getAccessTokenFromSecurityContext() {
    SecurityContext securityContext = SecurityContextHolder.getContext();

    Authentication authentication = securityContext.getAuthentication();
    if (authentication instanceof OAuth2Authentication) {
        Object userDetails = ((OAuth2Authentication) authentication).getUserAuthentication().getDetails();
        if (userDetails != null) {
            try {
                final Map details = (Map) userDetails;
                return Optional.ofNullable(((String) details.get(ACCESS_TOKEN)));
            } catch (ClassCastException e) {

                return Optional.empty();
            }
        } else {

            return Optional.empty();
        }
    }

    return Optional.empty();
}
 
@RequestMapping(value = "/authenticate", method = RequestMethod.POST)
@Timed
public ResponseEntity<?> authorize(@Valid @RequestBody LoginDTO loginDTO, HttpServletResponse response) {

    UsernamePasswordAuthenticationToken authenticationToken =
        new UsernamePasswordAuthenticationToken(loginDTO.getUsername(), loginDTO.getPassword());

    try {
        Authentication authentication = this.authenticationManager.authenticate(authenticationToken);
        SecurityContextHolder.getContext().setAuthentication(authentication);
        boolean rememberMe = (loginDTO.isRememberMe() == null) ? false : loginDTO.isRememberMe();
        String jwt = tokenProvider.createToken(authentication, rememberMe);
        response.addHeader(JWTConfigurer.AUTHORIZATION_HEADER, "Bearer " + jwt);
        return ResponseEntity.ok(new JWTToken(jwt));
    } catch (AuthenticationException exception) {
        return new ResponseEntity<>(exception.getLocalizedMessage(), HttpStatus.UNAUTHORIZED);
    }
}
 
源代码3 项目: keycloak   文件: SpringSecurityCookieTokenStore.java
@Override
public void checkCurrentToken() {
    final KeycloakPrincipal<RefreshableKeycloakSecurityContext> principal =
            checkPrincipalFromCookie();
    if (principal != null) {
        final RefreshableKeycloakSecurityContext securityContext =
                principal.getKeycloakSecurityContext();
        KeycloakSecurityContext current = ((OIDCHttpFacade) facade).getSecurityContext();
        if (current != null) {
            securityContext.setAuthorizationContext(current.getAuthorizationContext());
        }
        final Set<String> roles = AdapterUtils.getRolesFromSecurityContext(securityContext);
        final OidcKeycloakAccount account =
                new SimpleKeycloakAccount(principal, roles, securityContext);
        SecurityContextHolder.getContext()
                .setAuthentication(new KeycloakAuthenticationToken(account, false));
    } else {
        super.checkCurrentToken();
    }
    cookieChecked = true;
}
 
@Test
public void should_delete_network() throws Exception {
    UserVO user = new UserVO();
    user.setLogin(RandomStringUtils.randomAlphabetic(10));
    user.setRole(UserRole.ADMIN);
    user = userService.createUser(user, VALID_PASSWORD);

    String namePrefix = RandomStringUtils.randomAlphabetic(10);
    NetworkVO network = new NetworkVO();
    network.setName(namePrefix + randomUUID());
    network.setDescription("network description_" + randomUUID());

    NetworkVO created = networkService.create(network);
    assertThat(created.getId(), notNullValue());
    userService.assignNetwork(user.getId(), network.getId());

    final HivePrincipal principal = new HivePrincipal(user);
    SecurityContextHolder.getContext().setAuthentication(new HiveAuthentication(principal));

    boolean deleted = networkService.delete(created.getId(), true);
    assertTrue(deleted);

    created = networkDao.find(created.getId());
    assertThat(created, Matchers.nullValue());
}
 
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
    try{
        String jwt = getJwtFromRequest(request);

        if (StringUtils.hasText(jwt) && tokenProvider.validateToken(jwt)){
            Long userId = tokenProvider.getUserIdFromJWT(jwt);

            UserDetails userDetails = customUserDetailsService.loadUserById(userId);
            UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken(userDetails, null, userDetails.getAuthorities());
            authenticationToken.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));

            SecurityContextHolder.getContext().setAuthentication(authenticationToken);
        }
    } catch (Exception ex){
        LOGGER.error("Could not set user authentication in security context", ex);
    }

    filterChain.doFilter(request, response);
}
 
源代码6 项目: ExamStack   文件: QuestionAction.java
/**
 * 添加试题
 * 
 * @param question
 * @return
 */
@RequestMapping(value = "/secure/question/question-add", method = RequestMethod.POST)
public @ResponseBody Message addQuestion(@RequestBody Question question) {

	UserDetails userDetails = (UserDetails) SecurityContextHolder.getContext().getAuthentication().getPrincipal();
	Message message = new Message();
	Gson gson = new Gson();
	question.setContent(gson.toJson(question.getQuestionContent()));
	question.setCreate_time(new Date());
	question.setCreator(userDetails.getUsername());
	try {
		questionService.addQuestion(question);
	} catch (Exception e) {
		// TODO Auto-generated catch block
		message.setResult("error");
		message.setMessageInfo(e.getClass().getName());
		e.printStackTrace();
	}

	return message;
}
 
源代码7 项目: secure-data-service   文件: ApplicationResource.java
private void validateDeveloperHasAccessToApp(EntityBody app) {
    SLIPrincipal principal = (SLIPrincipal) SecurityContextHolder.getContext().getAuthentication().getPrincipal();

    if (sandboxEnabled) {
        @SuppressWarnings("unchecked")
        Map<String, Object> metaData = (Map<String, Object>) app.get("metaData");
        if (metaData != null) {
            String tenantId = (String) metaData.get("tenantId");
            if (tenantId != null && tenantId.equals(principal.getTenantId())) {
                return;
            }
        }
        throw new APIAccessDeniedException("Developer " + principal.getExternalId()
                + " does not share the same tenant as the creator of this app and cannot modify it.");
    } else {
        if (!(principal.getExternalId().equals(app.get(CREATED_BY)) || belongToSameSandboxTenant(app, principal.getSandboxTenant()))) {
            throw new APIAccessDeniedException("Developer " + principal.getExternalId()
                    + " is not the creator of this app and does not share same sandbox tenant as the creator hence cannot modify it.");
        }
    }
}
 
源代码8 项目: mall-learning   文件: UmsAdminServiceImpl.java
@Override
public String login(String username, String password) {
    String token = null;
    try {
        UserDetails userDetails = userDetailsService.loadUserByUsername(username);
        if (!passwordEncoder.matches(password, userDetails.getPassword())) {
            throw new BadCredentialsException("密码不正确");
        }
        UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(userDetails, null, userDetails.getAuthorities());
        SecurityContextHolder.getContext().setAuthentication(authentication);
        token = jwtTokenUtil.generateToken(userDetails);
    } catch (AuthenticationException e) {
        LOGGER.warn("登录异常:{}", e.getMessage());
    }
    return token;
}
 
@Test
public void testJWTFilter() throws Exception {
    UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(
        "test-user",
        "test-password",
        Collections.singletonList(new SimpleGrantedAuthority(AuthoritiesConstants.USER))
    );
    String jwt = tokenProvider.createToken(authentication, false);
    MockHttpServletRequest request = new MockHttpServletRequest();
    request.addHeader(JWTConfigurer.AUTHORIZATION_HEADER, "Bearer " + jwt);
    request.setRequestURI("/api/test");
    MockHttpServletResponse response = new MockHttpServletResponse();
    MockFilterChain filterChain = new MockFilterChain();
    jwtFilter.doFilter(request, response, filterChain);
    assertThat(response.getStatus()).isEqualTo(HttpStatus.OK.value());
    assertThat(SecurityContextHolder.getContext().getAuthentication().getName()).isEqualTo("test-user");
    assertThat(SecurityContextHolder.getContext().getAuthentication().getCredentials().toString()).isEqualTo(jwt);
}
 
源代码10 项目: para   文件: LdapAuthFilter.java
/**
 * Calls an external API to get the user profile using a given access token.
 * @param app the app where the user will be created, use null for root app
 * @param accessToken access token - in the case of LDAP this is should be "uid:password"
 * @return {@link UserAuthentication} object or null if something went wrong
 * @throws IOException ex
 */
public UserAuthentication getOrCreateUser(App app, String accessToken) throws IOException {
	UserAuthentication userAuth = null;
	if (accessToken != null && accessToken.contains(Config.SEPARATOR)) {
		String[] parts = accessToken.split(Config.SEPARATOR, 2);
		String username = parts[0];
		String password = parts[1];
		try {
			Authentication auth = new LDAPAuthentication(username, password).withApp(app);

			// set authentication in context to avoid warning message from SpringSecurityAuthenticationSource
			SecurityContextHolder.getContext().setAuthentication(new AnonymousAuthenticationToken("key",
					"anonymous", AuthorityUtils.createAuthorityList("ROLE_ANONYMOUS")));
			Authentication ldapAuth = getAuthenticationManager().authenticate(auth);
			if (ldapAuth != null) {
				//success!
				userAuth = getOrCreateUser(app, ldapAuth);
			}
		} catch (Exception ex) {
			LOG.info("Failed to authenticate '{}' with LDAP server: {}", username, ex.getMessage());
		}
	}
	return SecurityUtils.checkIfActive(userAuth, SecurityUtils.getAuthenticatedUser(userAuth), false);
}
 
源代码11 项目: molgenis   文件: FeedbackControllerTest.java
@Test
void initFeedbackAnonymous() throws Exception {
  SecurityContextHolder.getContext()
      .setAuthentication(new TestingAuthenticationToken("anonymous", null));

  List<String> adminEmails = Collections.singletonList("[email protected]");
  when(userService.getSuEmailAddresses()).thenReturn(adminEmails);
  verify(userService, never()).getUser("anonymous");

  mockMvcFeedback
      .perform(get(FeedbackController.URI))
      .andExpect(status().isOk())
      .andExpect(view().name("view-feedback"))
      .andExpect(model().attribute("adminEmails", adminEmails))
      .andExpect(model().attributeDoesNotExist("userName"))
      .andExpect(model().attributeDoesNotExist("userEmail"));
}
 
@Override
public String signIn(String userId, Connection<?> connection, NativeWebRequest request){
    try {
        UserDetails user = userDetailsService.loadUserByUsername(userId);
        UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken(
            user,
            null,
            user.getAuthorities());

        SecurityContextHolder.getContext().setAuthentication(authenticationToken);
        String jwt = tokenProvider.createToken(authenticationToken, false);
        ServletWebRequest servletWebRequest = (ServletWebRequest) request;
        servletWebRequest.getResponse().addCookie(getSocialAuthenticationCookie(jwt));
    } catch (AuthenticationException exception) {
        log.error("Social authentication error");
    }
    return jHipsterProperties.getSocial().getRedirectAfterSignIn();
}
 
源代码13 项目: spring-boot-jwt   文件: JwtTokenFilter.java
@Override
protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException {
  String token = jwtTokenProvider.resolveToken(httpServletRequest);
  try {
    if (token != null && jwtTokenProvider.validateToken(token)) {
      Authentication auth = jwtTokenProvider.getAuthentication(token);
      SecurityContextHolder.getContext().setAuthentication(auth);
    }
  } catch (CustomException ex) {
    //this is very important, since it guarantees the user is not authenticated at all
    SecurityContextHolder.clearContext();
    httpServletResponse.sendError(ex.getHttpStatus().value(), ex.getMessage());
    return;
  }

  filterChain.doFilter(httpServletRequest, httpServletResponse);
}
 
源代码14 项目: e-commerce-microservice   文件: JWTFilterTest.java
@Test
public void testJWTFilter() throws Exception {
    UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(
        "test-user",
        "test-password",
        Collections.singletonList(new SimpleGrantedAuthority(AuthoritiesConstants.USER))
    );
    String jwt = tokenProvider.createToken(authentication, false);
    MockHttpServletRequest request = new MockHttpServletRequest();
    request.addHeader(JWTFilter.AUTHORIZATION_HEADER, "Bearer " + jwt);
    request.setRequestURI("/api/test");
    MockHttpServletResponse response = new MockHttpServletResponse();
    MockFilterChain filterChain = new MockFilterChain();
    jwtFilter.doFilter(request, response, filterChain);
    assertThat(response.getStatus()).isEqualTo(HttpStatus.OK.value());
    assertThat(SecurityContextHolder.getContext().getAuthentication().getName()).isEqualTo("test-user");
    assertThat(SecurityContextHolder.getContext().getAuthentication().getCredentials().toString()).isEqualTo(jwt);
}
 
源代码15 项目: pivotal-bank-demo   文件: AccountsController.java
@RequestMapping(value = "/accounts", method = RequestMethod.GET)
public String accounts(Model model) {
	logger.debug("/accounts");
	model.addAttribute("marketSummary", summaryService.getMarketSummary());
	
	//check if user is logged in!
	Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
	if (!(authentication instanceof AnonymousAuthenticationToken)) {
	    String currentUserName = authentication.getName();
	    logger.debug("accounts: User logged in: " + currentUserName);
	    
	    try {
	    	model.addAttribute("accounts",accountService.getAccounts(currentUserName));
	    } catch (HttpServerErrorException e) {
	    	logger.debug("error retrieving accounts: " + e.getMessage());
	    	model.addAttribute("accountsRetrievalError",e.getMessage());
	    }
	}
	
	return "accounts";
}
 
@After
public void tearDown() {
    mockRepo = null;
    staffToStudentValidator = null;
    studentIds.clear();
    SecurityContextHolder.clearContext();
}
 
源代码17 项目: tutorials   文件: UserJWTController.java
@PostMapping("/authenticate")
public ResponseEntity<JWTToken> authorize(@Valid @RequestBody LoginVM loginVM) {

    UsernamePasswordAuthenticationToken authenticationToken =
        new UsernamePasswordAuthenticationToken(loginVM.getUsername(), loginVM.getPassword());

    Authentication authentication = this.authenticationManager.authenticate(authenticationToken);
    SecurityContextHolder.getContext().setAuthentication(authentication);
    boolean rememberMe = (loginVM.isRememberMe() == null) ? false : loginVM.isRememberMe();
    String jwt = tokenProvider.createToken(authentication, rememberMe);
    HttpHeaders httpHeaders = new HttpHeaders();
    httpHeaders.add(JWTFilter.AUTHORIZATION_HEADER, "Bearer " + jwt);
    return new ResponseEntity<>(new JWTToken(jwt), httpHeaders, HttpStatus.OK);
}
 
源代码18 项目: albedo   文件: SysLogUtils.java
/**
 * 获取用户名称
 *
 * @return username
 */
private String getUsername() {
	Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
	if (authentication == null) {
		return null;
	}
	return authentication.getName();
}
 
@Override
public void register(PluginReqisterQuery pluginReqisterQuery, PluginUpdate pluginUpdate, String authorization,
        @Suspended final AsyncResponse asyncResponse) {
    hiveValidator.validate(pluginUpdate);
    try {
        HivePrincipal principal = (HivePrincipal) SecurityContextHolder.getContext().getAuthentication().getPrincipal();
        pluginRegisterService.register(principal.getUser().getId(), pluginReqisterQuery, pluginUpdate, authorization)
                .thenAccept(asyncResponse::resume);
    } catch (ServiceUnavailableException e) {
        logger.warn(HEALTH_CHECK_FAILED);
        asyncResponse.resume(ResponseFactory.response(BAD_REQUEST,
                new ErrorResponse(BAD_REQUEST.getStatusCode(), HEALTH_CHECK_FAILED)));
    }
}
 
源代码20 项目: engine   文件: GroovyScriptUtils.java
private static void addSecurityVariables(Map<String, Object> variables) {
    Authentication auth = SecurityContextHolder.getContext().getAuthentication();
    variables.put(VARIABLE_AUTH_TOKEN, auth);

    // for backwards compatibility with Profile ...

    variables.put(VARIABLE_AUTH, null);
    variables.put(VARIABLE_PROFILE, null);

    if (auth != null && auth.getPrincipal() instanceof ProfileUser) {
        ProfileUser details = (ProfileUser) auth.getPrincipal();
        variables.put(VARIABLE_AUTH, details.getAuthentication());
        variables.put(VARIABLE_PROFILE, details.getProfile());
    }
}
 
源代码21 项目: bbs   文件: StaffLoginLogAction.java
/**
 * 员工登录日志列表
 * @param userId 员工Id
 * @param request
 * @param response
 * @return
 * @throws Exception
 */
@RequestMapping("/control/staffLoginLog/list") 
public String execute(ModelMap model,String userId,PageForm pageForm,
		HttpServletRequest request, HttpServletResponse response)
		throws Exception {	
	String _userId = "";//用户Id
	boolean issys = false;//是否是超级用户
	Object obj  =  SecurityContextHolder.getContext().getAuthentication().getPrincipal(); 
	if(obj instanceof SysUsers){
		issys = ((SysUsers)obj).isIssys();
		_userId =((SysUsers)obj).getUserId();
	}
	//调用分页算法代码
	PageView<StaffLoginLog> pageView = new PageView<StaffLoginLog>(settingService.findSystemSetting().getBackstagePageNumber(),pageForm.getPage(),10);
	//当前页
	int firstIndex = (pageForm.getPage()-1)*pageView.getMaxresult();;	
	if(userId != null && !"".equals(userId.trim())){
		if(issys == false && !_userId.equals(userId)){
			throw new SystemException("非超级管理员不允许查看其他成员登录记录");
		}
		QueryResult<StaffLoginLog> qr = staffService.findStaffLoginLogPage(userId, firstIndex, pageView.getMaxresult());
		if(qr != null && qr.getResultlist() != null && qr.getResultlist().size() >0){
			for(StaffLoginLog staffLoginLog : qr.getResultlist()){
				if(staffLoginLog.getIp() != null && !"".equals(staffLoginLog.getIp().trim())){
					staffLoginLog.setIpAddress(IpAddress.queryAddress(staffLoginLog.getIp()));
				}
			}
		}
		//将查询结果集传给分页List
		pageView.setQueryResult(qr);	
	}else{//如果接收到所属用户为空
		throw new SystemException("参数错误!");
	}
	model.addAttribute("pageView", pageView);

	return "jsp/staff/loginLogList";
}
 
源代码22 项目: Spring-Boot-Book   文件: SysUserController.java
@RequestMapping("/whoim")
@ResponseBody
public Object whoIm() {
    Set<String> urls = new HashSet<>();
    System.out.println(urls.toString());
    return SecurityContextHolder.getContext().getAuthentication().getPrincipal();
}
 
@Override
public void setCurrentUser(CalendarUser user) {
    if (user == null) {
        throw new IllegalArgumentException("user cannot be null");
    }
    UserDetails userDetails = userDetailsService.loadUserByUsername(user.getEmail());
    UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(userDetails,
            user.getPassword(), userDetails.getAuthorities());
    SecurityContextHolder.getContext().setAuthentication(authentication);
}
 
@RequestMapping("/current")
public ResponseEntity<UserDetails> getCurrent() throws Exception{
	Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
	
	String authenticatedUserName = authentication.getName();
	if(authenticatedUserName.equals("anonymousUser"))
		throw new UnAuthorizedAccessException(authenticatedUserName);
	else
		return makeResponse((UserDetails)authentication.getPrincipal());
}
 
源代码25 项目: ExamStack   文件: ExamPageAdmin.java
/**
 * 发布考试
 * 
 * @param model
 * @param request
 * @return
 */
@RequestMapping(value = "/admin/exam/model-test-add", method = RequestMethod.GET)
private String modelTestAddPage(Model model, HttpServletRequest request) {
	
	UserInfo userInfo = (UserInfo) SecurityContextHolder.getContext()
		    .getAuthentication()
		    .getPrincipal();
	List<ExamPaper> examPaperList = examPaperService.getEnabledExamPaperList(userInfo.getUsername(), null);
	
	model.addAttribute("examPaperList", examPaperList);
	return "model-test-add";
}
 
源代码26 项目: devicehive-java-server   文件: CommandHandlers.java
@HiveWebsocketAuth
@PreAuthorize("isAuthenticated() and hasPermission(#deviceId, 'UPDATE_DEVICE_COMMAND')")
public void processCommandUpdate(String deviceId, JsonObject request, WebSocketSession session) {
    HivePrincipal principal = (HivePrincipal) SecurityContextHolder.getContext().getAuthentication().getPrincipal();
    final Long id = gson.fromJson(request.get(COMMAND_ID), Long.class);
    final DeviceCommandUpdate commandUpdate = gson
            .fromJson(request.getAsJsonObject(COMMAND), DeviceCommandUpdate.class);

    logger.debug("command/update requested for session: {}. Device ID: {}. Command id: {}", session, deviceId, id);
    if (id == null) {
        logger.debug("command/update canceled for session: {}. Command id is not provided", session);
        throw new HiveException(Messages.COMMAND_ID_REQUIRED, SC_BAD_REQUEST);
    }

    if (deviceId == null) {
        throw new HiveException(DEVICE_ID_REQUIRED, SC_BAD_REQUEST);
    }

    DeviceVO deviceVO = deviceService.findByIdWithPermissionsCheck(deviceId, principal);
    if (deviceVO == null) {
        throw new HiveException(String.format(DEVICE_NOT_FOUND, deviceId), SC_NOT_FOUND);
    }

    commandService.findOne(id, deviceVO.getDeviceId())
            .thenAccept(optionalCommand -> {
                optionalCommand.map(deviceCommand -> commandService.update(deviceCommand, commandUpdate))
                        .orElseThrow(() -> new HiveException(String.format(COMMAND_NOT_FOUND, id), SC_NOT_FOUND));
            }).thenAccept(whenUpdated -> {
                logger.debug("command/update proceed successfully for session: {}. Device ID: {}. Command id: {}",
                        session, deviceId, id);
                clientHandler.sendMessage(request, new WebSocketResponse(), session);
            });
}
 
源代码27 项目: abixen-platform   文件: SecurityService.java
public PlatformUser getAuthorizedUser() {
    final Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
    if (authentication != null && !(authentication instanceof AnonymousAuthenticationToken)) {
        return (PlatformUser) authentication.getPrincipal();
    }
    return null;
}
 
源代码28 项目: yes-cart   文件: VoManagementServiceImpl.java
/** {@inheritDoc} */
@Override
public VoLicenseAgreement acceptMyAgreement() throws Exception {

    final SecurityContext sc = SecurityContextHolder.getContext();
    final String username = sc != null && sc.getAuthentication() != null ? sc.getAuthentication().getName() : null;
    if (StringUtils.isNotBlank(username)) {
        managementService.grantRole(username, LICENSE_ROLE);
    }
    return getMyAgreement();

}
 
@Override
public void handle(HttpServletRequest httpServletRequest,
                   HttpServletResponse httpServletResponse,
                   AccessDeniedException e) throws IOException, ServletException {

    Authentication auth
            = SecurityContextHolder.getContext().getAuthentication();

    if (auth != null) {
        logger.info(String.format("User '%s' attempted to access the protected URL: %s", auth.getName(), httpServletRequest.getRequestURI()));
    }

    httpServletResponse.sendRedirect(httpServletRequest.getContextPath() + "/403");

}
 
源代码30 项目: front50   文件: AuthorizationSupport.java
public boolean hasRunAsUserPermission(final Pipeline pipeline) {
  List<String> runAsUsers =
      Optional.ofNullable(pipeline.getTriggers())
          .map(
              triggers ->
                  triggers.stream()
                      .map(it -> (String) it.get("runAsUser"))
                      .filter(Objects::nonNull)
                      .collect(Collectors.toList()))
          .orElse(Collections.emptyList());

  if (runAsUsers.isEmpty()) {
    return true;
  }

  final Authentication auth = SecurityContextHolder.getContext().getAuthentication();

  return runAsUsers.stream()
      .noneMatch(
          runAsUser -> {
            if (!userCanAccessServiceAccount(auth, runAsUser)) {
              log.error(
                  "User {} does not have access to service account {}",
                  Optional.ofNullable(auth).map(Authentication::getPrincipal).orElse("unknown"),
                  runAsUser);
              return true;
            }
            if (!serviceAccountCanAccessApplication(runAsUser, pipeline.getApplication())) {
              log.error(
                  "Service account {} does not have access to application {}",
                  runAsUser,
                  pipeline.getApplication());
              return true;
            }
            return false;
          });
}