下面列出了怎么用org.springframework.security.web.context.HttpRequestResponseHolder的API类实例代码及写法,或者点击链接到github查看源代码。
@Override
public SecurityContext loadContext(HttpRequestResponseHolder request) {
String sid = SessionManager.get().getSessionId(request.getRequest());
if (sid == null || !SessionManager.get().isOpen(sid))
sid = null;
if (sid == null)
return SecurityContextHolder.createEmptyContext();
Session session = SessionManager.get().get(sid);
LDAuthenticationToken token = new LDAuthenticationToken(session.getUsername(), "", null);
token.setSid(sid);
SecurityContextImpl context = new SecurityContextImpl();
context.setAuthentication(token);
HttpSession servletSession = request.getRequest().getSession(false);
if (servletSession != null)
servletSessionMapping.put(sid, servletSession);
return context;
}
@Override
public SecurityContext loadContext(HttpRequestResponseHolder requestResponseHolder) {
HttpServletRequest request = requestResponseHolder.getRequest();
HttpServletResponse response = requestResponseHolder.getResponse();
HttpSession httpSession = request.getSession(false);
String sid = this.getSessionId(request, true);
SecurityContext context = readSecurityContextFromSession(request);
if (context == null) {
context = SecurityContextHolder.createEmptyContext();
}
SaveToSessionResponseWrapper wrappedResponse = new SaveToSessionResponseWrapper(
response, request, httpSession != null, context, sid);
requestResponseHolder.setResponse(wrappedResponse);
if (isServlet3) {
requestResponseHolder.setRequest(new Servlet3SaveToSessionRequestWrapper(request, wrappedResponse));
}
return context;
}
@Override
public SecurityContext loadContext(HttpRequestResponseHolder requestResponseHolder) {
SecurityContext context = SecurityContextHolder.createEmptyContext();
String token = tokenFromRequest(requestResponseHolder.getRequest());
Authentication authentication = PreAuthenticatedAuthenticationJsonWebToken.usingToken(token);
if (authentication != null) {
context.setAuthentication(authentication);
logger.debug("Found bearer token in request. Saving it in SecurityContext");
}
return context;
}
@Test
public void shouldLoadContextWithoutAuthenticationIfMissingAuthorizationHeader() throws Exception {
BearerSecurityContextRepository repository = new BearerSecurityContextRepository();
HttpServletRequest request = mock(HttpServletRequest.class);
HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request, null);
SecurityContext context = repository.loadContext(holder);
assertThat(context, is(notNullValue()));
assertThat(context.getAuthentication(), is(nullValue()));
}
@Test
public void shouldLoadContextWithoutAuthenticationIfInvalidAuthorizationHeaderValue() throws Exception {
BearerSecurityContextRepository repository = new BearerSecurityContextRepository();
HttpServletRequest request = mock(HttpServletRequest.class);
HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request, null);
when(request.getHeader("Authorization")).thenReturn("Bearer <Invalid>");
SecurityContext context = repository.loadContext(holder);
assertThat(context, is(notNullValue()));
assertThat(context.getAuthentication(), is(nullValue()));
}
@Test
public void shouldLoadContextWithoutAuthenticationIfEmptyAuthorizationHeaderValue() throws Exception {
BearerSecurityContextRepository repository = new BearerSecurityContextRepository();
HttpServletRequest request = mock(HttpServletRequest.class);
HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request, null);
when(request.getHeader("Authorization")).thenReturn("Bearer");
SecurityContext context = repository.loadContext(holder);
assertThat(context, is(notNullValue()));
assertThat(context.getAuthentication(), is(nullValue()));
}
@Test
public void shouldLoadContextWithoutAuthenticationIfAuthorizationHeaderValueNotBearerToken() throws Exception {
BearerSecurityContextRepository repository = new BearerSecurityContextRepository();
HttpServletRequest request = mock(HttpServletRequest.class);
HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request, null);
when(request.getHeader("Authorization")).thenReturn("Basic somevalue");
SecurityContext context = repository.loadContext(holder);
assertThat(context, is(notNullValue()));
assertThat(context.getAuthentication(), is(nullValue()));
}
@Test
public void shouldLoadContextWithAuthentication() throws Exception {
String token = JWT.create()
.sign(Algorithm.HMAC256("secret"));
BearerSecurityContextRepository repository = new BearerSecurityContextRepository();
HttpServletRequest request = mock(HttpServletRequest.class);
HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request, null);
when(request.getHeader("Authorization")).thenReturn("Bearer " + token);
SecurityContext context = repository.loadContext(holder);
assertThat(context, is(notNullValue()));
assertThat(context.getAuthentication(), is(notNullValue()));
assertThat(context.getAuthentication(), is(instanceOf(PreAuthenticatedAuthenticationJsonWebToken.class)));
assertThat(context.getAuthentication().isAuthenticated(), is(false));
}
@RequestMapping(value = "/login", method = RequestMethod.POST)
public String login(HttpServletRequest request, HttpServletResponse response, Model model) {
HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request, response);
httpSessionSecurityContextRepository.loadContext(holder);
try {
// 使用提供的证书认证用户
List<GrantedAuthority> authorities = AuthorityUtils.createAuthorityList("ROLE_USER", "ROLE_ADMIN");
Authentication auth = new UsernamePasswordAuthenticationToken(request.getParameter("username"), request.getParameter("password"), authorities);
SecurityContextHolder.getContext().setAuthentication(authenticationManager.authenticate(auth));
// 认证用户
if(!auth.isAuthenticated())
throw new CredentialException("用户不能够被认证");
} catch (Exception ex) {
// 用户不能够被认证,重定向回登录页
logger.info(ex);
return "login";
}
// 从会话得到默认保存的请求
DefaultSavedRequest defaultSavedRequest = (DefaultSavedRequest) request.getSession().getAttribute("SPRING_SECURITY_SAVED_REQUEST");
// 为令牌请求生成认证参数Map
Map<String, String> authParams = getAuthParameters(defaultSavedRequest);
AuthorizationRequest authRequest = new DefaultOAuth2RequestFactory(clientDetailsService).createAuthorizationRequest(authParams);
authRequest.setAuthorities(AuthorityUtils.createAuthorityList("ROLE_USER", "ROLE_ADMIN"));
model.addAttribute("authorizationRequest", authRequest);
httpSessionSecurityContextRepository.saveContext(SecurityContextHolder.getContext(), holder.getRequest(), holder.getResponse());
return "authorize";
}
@Override
public SecurityContext loadContext(HttpRequestResponseHolder requestResponseHolder) {
/*HttpServletRequest request = WebHolder.getRequest().get();
String url = request.getMethod() + "|" + request.getRequestURL();
System.out.println("url:" +url);*/
String token = authStore.getToken(requestResponseHolder.getRequest(), authHeaderName);
if(logger.isDebugEnabled()){
logger.debug("load context user token : {}", token);
}
if(StringUtils.isBlank(token)){
return SecurityContextHolder.createEmptyContext();
}
SecurityContext context = SecurityContextHolder.getContext();
Authentication authentication = null;
try {
authentication = jwtTokenService.createAuthentication(token);
} catch(CredentialsExpiredException e){
cookieStorer.clear(requestResponseHolder.getRequest(), requestResponseHolder.getResponse(), authHeaderName);
}
if(authentication!=null){
context.setAuthentication(authentication);
}
return context;
}
final void save(SecurityContext securityContext, HttpServletRequest request) {
HttpServletResponse response = new MockHttpServletResponse();
HttpRequestResponseHolder requestResponseHolder = new HttpRequestResponseHolder(request, response);
this.repository.loadContext(requestResponseHolder);
request = requestResponseHolder.getRequest();
response = requestResponseHolder.getResponse();
this.repository.saveContext(securityContext, request, response);
}
final void save(SecurityContext securityContext, HttpServletRequest request) {
HttpServletResponse response = new MockHttpServletResponse();
HttpRequestResponseHolder requestResponseHolder = new HttpRequestResponseHolder(request, response);
this.repository.loadContext(requestResponseHolder);
request = requestResponseHolder.getRequest();
response = requestResponseHolder.getResponse();
this.repository.saveContext(securityContext, request, response);
}
public SecurityContext loadContext(
HttpRequestResponseHolder requestResponseHolder) {
SecurityContext securityContext = super
.loadContext(requestResponseHolder);
if (securityContext == null) {
logger.debug("securityContext is null");
return null;
}
if (debug) {
return securityContext;
}
try {
SpringSecurityUserAuth userAuthInSession = SpringSecurityUtils
.getCurrentUser(securityContext);
if (userAuthInSession == null) {
logger.debug("userAuthInSession is null");
return securityContext;
}
UserAuthDTO userAuthInCache = authzClient.findById(
userAuthInSession.getId(), userAuthInSession.getTenantId());
SpringSecurityUserAuth userAuthResult = new SpringSecurityUserAuth();
beanMapper.copy(userAuthInCache, userAuthResult);
SpringSecurityUtils.saveUserDetailsToContext(userAuthResult, null,
securityContext);
} catch (Exception ex) {
logger.error(ex.getMessage(), ex);
}
return securityContext;
}
@Test
void testLoadContext() {
MockHttpServletRequest request = new MockHttpServletRequest();
MockHttpServletResponse response = new MockHttpServletResponse();
HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request, response);
SecurityContext securityContext = mock(SecurityContext.class);
when(defaultSecurityContextRepository.loadContext(holder)).thenReturn(securityContext);
assertEquals(securityContext, tokenAwareSecurityContextRepository.loadContext(holder));
}
@Test
void testLoadContextTokenRequest() {
MockHttpServletRequest request = new MockHttpServletRequest();
request.setParameter("molgenis-token", "my_token");
MockHttpServletResponse response = new MockHttpServletResponse();
HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request, response);
SecurityContext securityContext = mock(SecurityContext.class);
when(tokenSecurityContextRepository.loadContext(holder)).thenReturn(securityContext);
assertEquals(securityContext, tokenAwareSecurityContextRepository.loadContext(holder));
}
@Override
public SecurityContext loadContext(HttpRequestResponseHolder requestResponseHolder) {
return SecurityContextHolder.createEmptyContext();
}
@RequestMapping(value = "/login", method = RequestMethod.POST)
public String login(HttpServletRequest request, HttpServletResponse response, Model model) {
HttpRequestResponseHolder responseHolder = new HttpRequestResponseHolder(request, response);
sessionRepository.loadContext(responseHolder);
try {
// Authenticate the user with the supplied credentials
List<GrantedAuthority> authorities = AuthorityUtils.createAuthorityList("ROLE_USER", "ROLE_ADMIN");
Authentication auth =
new UsernamePasswordAuthenticationToken(request.getParameter("username"),
request.getParameter("password"), authorities);
SecurityContextHolder.getContext()
.setAuthentication(authenticationManager.authenticate(auth));
// Authenticate the user
if(!authenticationManager.authenticate(auth).isAuthenticated())
throw new CredentialException("User could not be authenticated");
} catch (Exception ex) {
// The user couldn't be authenticated, redirect back to login
ex.printStackTrace();
return "login";
}
// Get the default saved request from session
DefaultSavedRequest defaultSavedRequest = ((DefaultSavedRequest) request.getSession().getAttribute("SPRING_SECURITY_SAVED_REQUEST"));
// Generate an authorization parameter map for the token request
Map<String, String> authParams = getAuthParameters(defaultSavedRequest);
// Create the authorization request and put it in the view model
AuthorizationRequest authRequest = new DefaultOAuth2RequestFactory(clients).createAuthorizationRequest(authParams);
authRequest.setAuthorities(AuthorityUtils.createAuthorityList("ROLE_USER", "ROLE_ADMIN"));
sessionRepository.saveContext(SecurityContextHolder.getContext(), responseHolder.getRequest(), responseHolder.getResponse());
model.addAttribute("authorizationRequest", authRequest);
// Return the token authorization view
return "authorize";
}
@RequestMapping(value = "/login", method = RequestMethod.POST)
public String login(HttpServletRequest request, HttpServletResponse response, Model model) {
HttpRequestResponseHolder responseHolder = new HttpRequestResponseHolder(request, response);
sessionRepository.loadContext(responseHolder);
try {
// Authenticate the user with the supplied credentials
List<GrantedAuthority> authorities = AuthorityUtils.createAuthorityList("ROLE_USER", "ROLE_ADMIN");
Authentication auth =
new UsernamePasswordAuthenticationToken(request.getParameter("username"),
request.getParameter("password"), authorities);
SecurityContextHolder.getContext()
.setAuthentication(authenticationManager.authenticate(auth));
// Authenticate the user
if(!authenticationManager.authenticate(auth).isAuthenticated())
throw new CredentialException("User could not be authenticated");
} catch (Exception ex) {
// The user couldn't be authenticated, redirect back to login
ex.printStackTrace();
return "login";
}
// Get the default saved request from session
DefaultSavedRequest defaultSavedRequest = ((DefaultSavedRequest) request.getSession().getAttribute("SPRING_SECURITY_SAVED_REQUEST"));
// Generate an authorization parameter map for the token request
Map<String, String> authParams = getAuthParameters(defaultSavedRequest);
// Create the authorization request and put it in the view model
AuthorizationRequest authRequest = new DefaultOAuth2RequestFactory(clients).createAuthorizationRequest(authParams);
authRequest.setAuthorities(AuthorityUtils.createAuthorityList("ROLE_USER", "ROLE_ADMIN"));
sessionRepository.saveContext(SecurityContextHolder.getContext(), responseHolder.getRequest(), responseHolder.getResponse());
model.addAttribute("authorizationRequest", authRequest);
// Return the token authorization view
return "authorize";
}
@Override
public SecurityContext loadContext(HttpRequestResponseHolder requestResponseHolder) {
HttpServletRequest request = requestResponseHolder.getRequest();
return getSecurityContextRepository(request).loadContext(requestResponseHolder);
}