下面列出了org.junit.jupiter.api.AfterEach#org.springframework.security.core.context.SecurityContextHolder 实例代码,或者点击链接到github查看源代码,也可以在右侧发表评论。
public static Optional<String> getAccessTokenFromSecurityContext() {
SecurityContext securityContext = SecurityContextHolder.getContext();
Authentication authentication = securityContext.getAuthentication();
if (authentication instanceof OAuth2Authentication) {
Object userDetails = ((OAuth2Authentication) authentication).getUserAuthentication().getDetails();
if (userDetails != null) {
try {
final Map details = (Map) userDetails;
return Optional.ofNullable(((String) details.get(ACCESS_TOKEN)));
} catch (ClassCastException e) {
return Optional.empty();
}
} else {
return Optional.empty();
}
}
return Optional.empty();
}
@RequestMapping(value = "/authenticate", method = RequestMethod.POST)
@Timed
public ResponseEntity<?> authorize(@Valid @RequestBody LoginDTO loginDTO, HttpServletResponse response) {
UsernamePasswordAuthenticationToken authenticationToken =
new UsernamePasswordAuthenticationToken(loginDTO.getUsername(), loginDTO.getPassword());
try {
Authentication authentication = this.authenticationManager.authenticate(authenticationToken);
SecurityContextHolder.getContext().setAuthentication(authentication);
boolean rememberMe = (loginDTO.isRememberMe() == null) ? false : loginDTO.isRememberMe();
String jwt = tokenProvider.createToken(authentication, rememberMe);
response.addHeader(JWTConfigurer.AUTHORIZATION_HEADER, "Bearer " + jwt);
return ResponseEntity.ok(new JWTToken(jwt));
} catch (AuthenticationException exception) {
return new ResponseEntity<>(exception.getLocalizedMessage(), HttpStatus.UNAUTHORIZED);
}
}
@Override
public void checkCurrentToken() {
final KeycloakPrincipal<RefreshableKeycloakSecurityContext> principal =
checkPrincipalFromCookie();
if (principal != null) {
final RefreshableKeycloakSecurityContext securityContext =
principal.getKeycloakSecurityContext();
KeycloakSecurityContext current = ((OIDCHttpFacade) facade).getSecurityContext();
if (current != null) {
securityContext.setAuthorizationContext(current.getAuthorizationContext());
}
final Set<String> roles = AdapterUtils.getRolesFromSecurityContext(securityContext);
final OidcKeycloakAccount account =
new SimpleKeycloakAccount(principal, roles, securityContext);
SecurityContextHolder.getContext()
.setAuthentication(new KeycloakAuthenticationToken(account, false));
} else {
super.checkCurrentToken();
}
cookieChecked = true;
}
@Test
public void should_delete_network() throws Exception {
UserVO user = new UserVO();
user.setLogin(RandomStringUtils.randomAlphabetic(10));
user.setRole(UserRole.ADMIN);
user = userService.createUser(user, VALID_PASSWORD);
String namePrefix = RandomStringUtils.randomAlphabetic(10);
NetworkVO network = new NetworkVO();
network.setName(namePrefix + randomUUID());
network.setDescription("network description_" + randomUUID());
NetworkVO created = networkService.create(network);
assertThat(created.getId(), notNullValue());
userService.assignNetwork(user.getId(), network.getId());
final HivePrincipal principal = new HivePrincipal(user);
SecurityContextHolder.getContext().setAuthentication(new HiveAuthentication(principal));
boolean deleted = networkService.delete(created.getId(), true);
assertTrue(deleted);
created = networkDao.find(created.getId());
assertThat(created, Matchers.nullValue());
}
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
try{
String jwt = getJwtFromRequest(request);
if (StringUtils.hasText(jwt) && tokenProvider.validateToken(jwt)){
Long userId = tokenProvider.getUserIdFromJWT(jwt);
UserDetails userDetails = customUserDetailsService.loadUserById(userId);
UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken(userDetails, null, userDetails.getAuthorities());
authenticationToken.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
SecurityContextHolder.getContext().setAuthentication(authenticationToken);
}
} catch (Exception ex){
LOGGER.error("Could not set user authentication in security context", ex);
}
filterChain.doFilter(request, response);
}
/**
* 添加试题
*
* @param question
* @return
*/
@RequestMapping(value = "/secure/question/question-add", method = RequestMethod.POST)
public @ResponseBody Message addQuestion(@RequestBody Question question) {
UserDetails userDetails = (UserDetails) SecurityContextHolder.getContext().getAuthentication().getPrincipal();
Message message = new Message();
Gson gson = new Gson();
question.setContent(gson.toJson(question.getQuestionContent()));
question.setCreate_time(new Date());
question.setCreator(userDetails.getUsername());
try {
questionService.addQuestion(question);
} catch (Exception e) {
// TODO Auto-generated catch block
message.setResult("error");
message.setMessageInfo(e.getClass().getName());
e.printStackTrace();
}
return message;
}
private void validateDeveloperHasAccessToApp(EntityBody app) {
SLIPrincipal principal = (SLIPrincipal) SecurityContextHolder.getContext().getAuthentication().getPrincipal();
if (sandboxEnabled) {
@SuppressWarnings("unchecked")
Map<String, Object> metaData = (Map<String, Object>) app.get("metaData");
if (metaData != null) {
String tenantId = (String) metaData.get("tenantId");
if (tenantId != null && tenantId.equals(principal.getTenantId())) {
return;
}
}
throw new APIAccessDeniedException("Developer " + principal.getExternalId()
+ " does not share the same tenant as the creator of this app and cannot modify it.");
} else {
if (!(principal.getExternalId().equals(app.get(CREATED_BY)) || belongToSameSandboxTenant(app, principal.getSandboxTenant()))) {
throw new APIAccessDeniedException("Developer " + principal.getExternalId()
+ " is not the creator of this app and does not share same sandbox tenant as the creator hence cannot modify it.");
}
}
}
@Override
public String login(String username, String password) {
String token = null;
try {
UserDetails userDetails = userDetailsService.loadUserByUsername(username);
if (!passwordEncoder.matches(password, userDetails.getPassword())) {
throw new BadCredentialsException("密码不正确");
}
UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(userDetails, null, userDetails.getAuthorities());
SecurityContextHolder.getContext().setAuthentication(authentication);
token = jwtTokenUtil.generateToken(userDetails);
} catch (AuthenticationException e) {
LOGGER.warn("登录异常:{}", e.getMessage());
}
return token;
}
@Test
public void testJWTFilter() throws Exception {
UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(
"test-user",
"test-password",
Collections.singletonList(new SimpleGrantedAuthority(AuthoritiesConstants.USER))
);
String jwt = tokenProvider.createToken(authentication, false);
MockHttpServletRequest request = new MockHttpServletRequest();
request.addHeader(JWTConfigurer.AUTHORIZATION_HEADER, "Bearer " + jwt);
request.setRequestURI("/api/test");
MockHttpServletResponse response = new MockHttpServletResponse();
MockFilterChain filterChain = new MockFilterChain();
jwtFilter.doFilter(request, response, filterChain);
assertThat(response.getStatus()).isEqualTo(HttpStatus.OK.value());
assertThat(SecurityContextHolder.getContext().getAuthentication().getName()).isEqualTo("test-user");
assertThat(SecurityContextHolder.getContext().getAuthentication().getCredentials().toString()).isEqualTo(jwt);
}
/**
* Calls an external API to get the user profile using a given access token.
* @param app the app where the user will be created, use null for root app
* @param accessToken access token - in the case of LDAP this is should be "uid:password"
* @return {@link UserAuthentication} object or null if something went wrong
* @throws IOException ex
*/
public UserAuthentication getOrCreateUser(App app, String accessToken) throws IOException {
UserAuthentication userAuth = null;
if (accessToken != null && accessToken.contains(Config.SEPARATOR)) {
String[] parts = accessToken.split(Config.SEPARATOR, 2);
String username = parts[0];
String password = parts[1];
try {
Authentication auth = new LDAPAuthentication(username, password).withApp(app);
// set authentication in context to avoid warning message from SpringSecurityAuthenticationSource
SecurityContextHolder.getContext().setAuthentication(new AnonymousAuthenticationToken("key",
"anonymous", AuthorityUtils.createAuthorityList("ROLE_ANONYMOUS")));
Authentication ldapAuth = getAuthenticationManager().authenticate(auth);
if (ldapAuth != null) {
//success!
userAuth = getOrCreateUser(app, ldapAuth);
}
} catch (Exception ex) {
LOG.info("Failed to authenticate '{}' with LDAP server: {}", username, ex.getMessage());
}
}
return SecurityUtils.checkIfActive(userAuth, SecurityUtils.getAuthenticatedUser(userAuth), false);
}
@Test
void initFeedbackAnonymous() throws Exception {
SecurityContextHolder.getContext()
.setAuthentication(new TestingAuthenticationToken("anonymous", null));
List<String> adminEmails = Collections.singletonList("[email protected]");
when(userService.getSuEmailAddresses()).thenReturn(adminEmails);
verify(userService, never()).getUser("anonymous");
mockMvcFeedback
.perform(get(FeedbackController.URI))
.andExpect(status().isOk())
.andExpect(view().name("view-feedback"))
.andExpect(model().attribute("adminEmails", adminEmails))
.andExpect(model().attributeDoesNotExist("userName"))
.andExpect(model().attributeDoesNotExist("userEmail"));
}
@Override
public String signIn(String userId, Connection<?> connection, NativeWebRequest request){
try {
UserDetails user = userDetailsService.loadUserByUsername(userId);
UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken(
user,
null,
user.getAuthorities());
SecurityContextHolder.getContext().setAuthentication(authenticationToken);
String jwt = tokenProvider.createToken(authenticationToken, false);
ServletWebRequest servletWebRequest = (ServletWebRequest) request;
servletWebRequest.getResponse().addCookie(getSocialAuthenticationCookie(jwt));
} catch (AuthenticationException exception) {
log.error("Social authentication error");
}
return jHipsterProperties.getSocial().getRedirectAfterSignIn();
}
@Override
protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException {
String token = jwtTokenProvider.resolveToken(httpServletRequest);
try {
if (token != null && jwtTokenProvider.validateToken(token)) {
Authentication auth = jwtTokenProvider.getAuthentication(token);
SecurityContextHolder.getContext().setAuthentication(auth);
}
} catch (CustomException ex) {
//this is very important, since it guarantees the user is not authenticated at all
SecurityContextHolder.clearContext();
httpServletResponse.sendError(ex.getHttpStatus().value(), ex.getMessage());
return;
}
filterChain.doFilter(httpServletRequest, httpServletResponse);
}
@Test
public void testJWTFilter() throws Exception {
UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(
"test-user",
"test-password",
Collections.singletonList(new SimpleGrantedAuthority(AuthoritiesConstants.USER))
);
String jwt = tokenProvider.createToken(authentication, false);
MockHttpServletRequest request = new MockHttpServletRequest();
request.addHeader(JWTFilter.AUTHORIZATION_HEADER, "Bearer " + jwt);
request.setRequestURI("/api/test");
MockHttpServletResponse response = new MockHttpServletResponse();
MockFilterChain filterChain = new MockFilterChain();
jwtFilter.doFilter(request, response, filterChain);
assertThat(response.getStatus()).isEqualTo(HttpStatus.OK.value());
assertThat(SecurityContextHolder.getContext().getAuthentication().getName()).isEqualTo("test-user");
assertThat(SecurityContextHolder.getContext().getAuthentication().getCredentials().toString()).isEqualTo(jwt);
}
@RequestMapping(value = "/accounts", method = RequestMethod.GET)
public String accounts(Model model) {
logger.debug("/accounts");
model.addAttribute("marketSummary", summaryService.getMarketSummary());
//check if user is logged in!
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
if (!(authentication instanceof AnonymousAuthenticationToken)) {
String currentUserName = authentication.getName();
logger.debug("accounts: User logged in: " + currentUserName);
try {
model.addAttribute("accounts",accountService.getAccounts(currentUserName));
} catch (HttpServerErrorException e) {
logger.debug("error retrieving accounts: " + e.getMessage());
model.addAttribute("accountsRetrievalError",e.getMessage());
}
}
return "accounts";
}
@After
public void tearDown() {
mockRepo = null;
staffToStudentValidator = null;
studentIds.clear();
SecurityContextHolder.clearContext();
}
@PostMapping("/authenticate")
public ResponseEntity<JWTToken> authorize(@Valid @RequestBody LoginVM loginVM) {
UsernamePasswordAuthenticationToken authenticationToken =
new UsernamePasswordAuthenticationToken(loginVM.getUsername(), loginVM.getPassword());
Authentication authentication = this.authenticationManager.authenticate(authenticationToken);
SecurityContextHolder.getContext().setAuthentication(authentication);
boolean rememberMe = (loginVM.isRememberMe() == null) ? false : loginVM.isRememberMe();
String jwt = tokenProvider.createToken(authentication, rememberMe);
HttpHeaders httpHeaders = new HttpHeaders();
httpHeaders.add(JWTFilter.AUTHORIZATION_HEADER, "Bearer " + jwt);
return new ResponseEntity<>(new JWTToken(jwt), httpHeaders, HttpStatus.OK);
}
/**
* 获取用户名称
*
* @return username
*/
private String getUsername() {
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
if (authentication == null) {
return null;
}
return authentication.getName();
}
@Override
public void register(PluginReqisterQuery pluginReqisterQuery, PluginUpdate pluginUpdate, String authorization,
@Suspended final AsyncResponse asyncResponse) {
hiveValidator.validate(pluginUpdate);
try {
HivePrincipal principal = (HivePrincipal) SecurityContextHolder.getContext().getAuthentication().getPrincipal();
pluginRegisterService.register(principal.getUser().getId(), pluginReqisterQuery, pluginUpdate, authorization)
.thenAccept(asyncResponse::resume);
} catch (ServiceUnavailableException e) {
logger.warn(HEALTH_CHECK_FAILED);
asyncResponse.resume(ResponseFactory.response(BAD_REQUEST,
new ErrorResponse(BAD_REQUEST.getStatusCode(), HEALTH_CHECK_FAILED)));
}
}
private static void addSecurityVariables(Map<String, Object> variables) {
Authentication auth = SecurityContextHolder.getContext().getAuthentication();
variables.put(VARIABLE_AUTH_TOKEN, auth);
// for backwards compatibility with Profile ...
variables.put(VARIABLE_AUTH, null);
variables.put(VARIABLE_PROFILE, null);
if (auth != null && auth.getPrincipal() instanceof ProfileUser) {
ProfileUser details = (ProfileUser) auth.getPrincipal();
variables.put(VARIABLE_AUTH, details.getAuthentication());
variables.put(VARIABLE_PROFILE, details.getProfile());
}
}
/**
* 员工登录日志列表
* @param userId 员工Id
* @param request
* @param response
* @return
* @throws Exception
*/
@RequestMapping("/control/staffLoginLog/list")
public String execute(ModelMap model,String userId,PageForm pageForm,
HttpServletRequest request, HttpServletResponse response)
throws Exception {
String _userId = "";//用户Id
boolean issys = false;//是否是超级用户
Object obj = SecurityContextHolder.getContext().getAuthentication().getPrincipal();
if(obj instanceof SysUsers){
issys = ((SysUsers)obj).isIssys();
_userId =((SysUsers)obj).getUserId();
}
//调用分页算法代码
PageView<StaffLoginLog> pageView = new PageView<StaffLoginLog>(settingService.findSystemSetting().getBackstagePageNumber(),pageForm.getPage(),10);
//当前页
int firstIndex = (pageForm.getPage()-1)*pageView.getMaxresult();;
if(userId != null && !"".equals(userId.trim())){
if(issys == false && !_userId.equals(userId)){
throw new SystemException("非超级管理员不允许查看其他成员登录记录");
}
QueryResult<StaffLoginLog> qr = staffService.findStaffLoginLogPage(userId, firstIndex, pageView.getMaxresult());
if(qr != null && qr.getResultlist() != null && qr.getResultlist().size() >0){
for(StaffLoginLog staffLoginLog : qr.getResultlist()){
if(staffLoginLog.getIp() != null && !"".equals(staffLoginLog.getIp().trim())){
staffLoginLog.setIpAddress(IpAddress.queryAddress(staffLoginLog.getIp()));
}
}
}
//将查询结果集传给分页List
pageView.setQueryResult(qr);
}else{//如果接收到所属用户为空
throw new SystemException("参数错误!");
}
model.addAttribute("pageView", pageView);
return "jsp/staff/loginLogList";
}
@RequestMapping("/whoim")
@ResponseBody
public Object whoIm() {
Set<String> urls = new HashSet<>();
System.out.println(urls.toString());
return SecurityContextHolder.getContext().getAuthentication().getPrincipal();
}
@Override
public void setCurrentUser(CalendarUser user) {
if (user == null) {
throw new IllegalArgumentException("user cannot be null");
}
UserDetails userDetails = userDetailsService.loadUserByUsername(user.getEmail());
UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(userDetails,
user.getPassword(), userDetails.getAuthorities());
SecurityContextHolder.getContext().setAuthentication(authentication);
}
@RequestMapping("/current")
public ResponseEntity<UserDetails> getCurrent() throws Exception{
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
String authenticatedUserName = authentication.getName();
if(authenticatedUserName.equals("anonymousUser"))
throw new UnAuthorizedAccessException(authenticatedUserName);
else
return makeResponse((UserDetails)authentication.getPrincipal());
}
/**
* 发布考试
*
* @param model
* @param request
* @return
*/
@RequestMapping(value = "/admin/exam/model-test-add", method = RequestMethod.GET)
private String modelTestAddPage(Model model, HttpServletRequest request) {
UserInfo userInfo = (UserInfo) SecurityContextHolder.getContext()
.getAuthentication()
.getPrincipal();
List<ExamPaper> examPaperList = examPaperService.getEnabledExamPaperList(userInfo.getUsername(), null);
model.addAttribute("examPaperList", examPaperList);
return "model-test-add";
}
@HiveWebsocketAuth
@PreAuthorize("isAuthenticated() and hasPermission(#deviceId, 'UPDATE_DEVICE_COMMAND')")
public void processCommandUpdate(String deviceId, JsonObject request, WebSocketSession session) {
HivePrincipal principal = (HivePrincipal) SecurityContextHolder.getContext().getAuthentication().getPrincipal();
final Long id = gson.fromJson(request.get(COMMAND_ID), Long.class);
final DeviceCommandUpdate commandUpdate = gson
.fromJson(request.getAsJsonObject(COMMAND), DeviceCommandUpdate.class);
logger.debug("command/update requested for session: {}. Device ID: {}. Command id: {}", session, deviceId, id);
if (id == null) {
logger.debug("command/update canceled for session: {}. Command id is not provided", session);
throw new HiveException(Messages.COMMAND_ID_REQUIRED, SC_BAD_REQUEST);
}
if (deviceId == null) {
throw new HiveException(DEVICE_ID_REQUIRED, SC_BAD_REQUEST);
}
DeviceVO deviceVO = deviceService.findByIdWithPermissionsCheck(deviceId, principal);
if (deviceVO == null) {
throw new HiveException(String.format(DEVICE_NOT_FOUND, deviceId), SC_NOT_FOUND);
}
commandService.findOne(id, deviceVO.getDeviceId())
.thenAccept(optionalCommand -> {
optionalCommand.map(deviceCommand -> commandService.update(deviceCommand, commandUpdate))
.orElseThrow(() -> new HiveException(String.format(COMMAND_NOT_FOUND, id), SC_NOT_FOUND));
}).thenAccept(whenUpdated -> {
logger.debug("command/update proceed successfully for session: {}. Device ID: {}. Command id: {}",
session, deviceId, id);
clientHandler.sendMessage(request, new WebSocketResponse(), session);
});
}
public PlatformUser getAuthorizedUser() {
final Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
if (authentication != null && !(authentication instanceof AnonymousAuthenticationToken)) {
return (PlatformUser) authentication.getPrincipal();
}
return null;
}
/** {@inheritDoc} */
@Override
public VoLicenseAgreement acceptMyAgreement() throws Exception {
final SecurityContext sc = SecurityContextHolder.getContext();
final String username = sc != null && sc.getAuthentication() != null ? sc.getAuthentication().getName() : null;
if (StringUtils.isNotBlank(username)) {
managementService.grantRole(username, LICENSE_ROLE);
}
return getMyAgreement();
}
@Override
public void handle(HttpServletRequest httpServletRequest,
HttpServletResponse httpServletResponse,
AccessDeniedException e) throws IOException, ServletException {
Authentication auth
= SecurityContextHolder.getContext().getAuthentication();
if (auth != null) {
logger.info(String.format("User '%s' attempted to access the protected URL: %s", auth.getName(), httpServletRequest.getRequestURI()));
}
httpServletResponse.sendRedirect(httpServletRequest.getContextPath() + "/403");
}
public boolean hasRunAsUserPermission(final Pipeline pipeline) {
List<String> runAsUsers =
Optional.ofNullable(pipeline.getTriggers())
.map(
triggers ->
triggers.stream()
.map(it -> (String) it.get("runAsUser"))
.filter(Objects::nonNull)
.collect(Collectors.toList()))
.orElse(Collections.emptyList());
if (runAsUsers.isEmpty()) {
return true;
}
final Authentication auth = SecurityContextHolder.getContext().getAuthentication();
return runAsUsers.stream()
.noneMatch(
runAsUser -> {
if (!userCanAccessServiceAccount(auth, runAsUser)) {
log.error(
"User {} does not have access to service account {}",
Optional.ofNullable(auth).map(Authentication::getPrincipal).orElse("unknown"),
runAsUser);
return true;
}
if (!serviceAccountCanAccessApplication(runAsUser, pipeline.getApplication())) {
log.error(
"Service account {} does not have access to application {}",
runAsUser,
pipeline.getApplication());
return true;
}
return false;
});
}