下面列出了org.springframework.security.core.Authentication#getDetails ( ) 实例代码,或者点击链接到github查看源代码,也可以在右侧发表评论。
protected void process(AuthenticationFailureDisabledEvent authFailEvent) {
Authentication auth = authFailEvent.getAuthentication();
WebAuthenticationDetails details = (WebAuthenticationDetails) auth
.getDetails();
String remoteAddress = details != null ? details.getRemoteAddress()
: "";
String sessionId = details != null ? details.getSessionId() : "";
logger.info("Login Unsuccessful:" + auth.getName() + " | Ip Address:"
+ remoteAddress);
sessionMgr.processFailureLogin(XXAuthSession.AUTH_STATUS_DISABLED,
XXAuthSession.AUTH_TYPE_PASSWORD, auth.getName(),
remoteAddress, sessionId);
}
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
String username = authentication.getName();
String password;
Map data = (Map) authentication.getDetails();
String clientId = (String) data.get("client");
Assert.hasText(clientId, "clientId must have value");
String type = (String) data.get("type");
Map map;
password = (String) authentication.getCredentials();
//如果你是调用user服务,这边不用注掉
//map = userClient.checkUsernameAndPassword(getUserServicePostObject(username, password, type));
map = checkUsernameAndPassword(getUserServicePostObject(username, password, type));
String userId = (String) map.get("userId");
if (StringUtils.isBlank(userId)) {
String errorCode = (String) map.get("code");
throw new BadCredentialsException(errorCode);
}
CustomUserDetails customUserDetails = buildCustomUserDetails(username, password, userId, clientId);
return new CustomAuthenticationToken(customUserDetails);
}
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
// 获取用户输入的用户名和密码
String inputName = authentication.getName();
String inputPassword = authentication.getCredentials().toString();
CustomWebAuthenticationDetails details = (CustomWebAuthenticationDetails) authentication.getDetails();
String verifyCode = details.getVerifyCode();
if (!validateVerify(verifyCode)) {
throw new DisabledException("验证码输入错误");
}
// userDetails为数据库中查询到的用户信息
UserDetails userDetails = customUserDetailsService.loadUserByUsername(inputName);
// 这里直接偷懒手动密码校验了,也可以通过注入 passwordEncode 实现
if (!userDetails.getPassword().equals(inputPassword)) {
throw new BadCredentialsException("密码错误");
}
return new UsernamePasswordAuthenticationToken(inputName, inputPassword, userDetails.getAuthorities());
}
@GetMapping(value = "get")
//@PreAuthorize("hasAuthority('ROLE_ADMIN')")
@PreAuthorize("hasAnyRole('ROLE_ADMIN')")
public Object get(Authentication authentication){
//Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
authentication.getCredentials();
OAuth2AuthenticationDetails details = (OAuth2AuthenticationDetails)authentication.getDetails();
String jwtToken = details.getTokenValue();
Claims claims = Jwts.parser()
.setSigningKey("dev".getBytes(StandardCharsets.UTF_8))
.parseClaimsJws(jwtToken)
.getBody();
return claims;
//return "给你";
}
@Override
public String extractKey(OAuth2Authentication authentication) {
Map<String, String> values = new LinkedHashMap<>();
OAuth2Request authorizationRequest = authentication.getOAuth2Request();
if (!authentication.isClientOnly()) {
values.put(USERNAME, authentication.getName());
}
values.put(CLIENT_ID, authorizationRequest.getClientId());
if (authorizationRequest.getScope() != null) {
values.put(SCOPE, OAuth2Utils.formatParameterList(new TreeSet<>(authorizationRequest.getScope())));
}
Authentication auth = authentication.getUserAuthentication();
if (auth != null && auth.getDetails() instanceof WebAuthenticationDetails) {
String sessionId = ((WebAuthenticationDetails) auth.getDetails()).getSessionId();
logger.info("sessionId : {}", sessionId);
if (!StringUtils.isEmpty(sessionId)) {
values.put(SESSION, sessionId);
}
}
return generateKey(values);
}
public String getUserIp(Authentication authentication) {
if (authentication == null) {
return "";
}
Object details = authentication.getDetails();
if (!(details instanceof WebAuthenticationDetails)) {
return "";
}
WebAuthenticationDetails webDetails = (WebAuthenticationDetails) details;
return webDetails.getRemoteAddress();
}
public static String getDomain() {
Authentication auth = SecurityContextHolder.getContext().getAuthentication();
String domainKey = auth != null && auth.getDetails() instanceof SyncopeAuthenticationDetails
? SyncopeAuthenticationDetails.class.cast(auth.getDetails()).getDomain()
: null;
if (StringUtils.isBlank(domainKey)) {
domainKey = SyncopeConstants.MASTER_DOMAIN;
}
return domainKey;
}
@Override
public AuthenticationResult extractAuthenticatedUser(HttpServletRequest request, ProcessEngine engine) {
// Extract authentication details
OAuth2Authentication authentication = (OAuth2Authentication) SecurityContextHolder.getContext().getAuthentication();
if (authentication == null) {
return AuthenticationResult.unsuccessful();
}
Authentication userAuthentication = authentication.getUserAuthentication();
if (userAuthentication == null || userAuthentication.getDetails() == null) {
return AuthenticationResult.unsuccessful();
}
// Extract user ID from Keycloak authentication result - which is part of the requested user info
@SuppressWarnings("unchecked")
// String userId = ((HashMap<String, String>) userAuthentication.getDetails()).get("sub");
String userId = ((HashMap<String, String>) userAuthentication.getDetails()).get("email"); // useEmailAsCamundaUserId = true
// String userId = ((HashMap<String, String>) userAuthentication.getDetails()).get("preferred_username"); // useUsernameAsCamundaUserId = true
if (StringUtils.isEmpty(userId)) {
return AuthenticationResult.unsuccessful();
}
// Authentication successful
AuthenticationResult authenticationResult = new AuthenticationResult(userId, true);
authenticationResult.setGroups(getUserGroups(userId, engine));
return authenticationResult;
}
@Override
public void apply(RequestTemplate template) {
SecurityContext securityContext = SecurityContextHolder.getContext();
Authentication authentication = securityContext.getAuthentication();
if (authentication != null && authentication.getDetails() instanceof OAuth2AuthenticationDetails) {
OAuth2AuthenticationDetails details = (OAuth2AuthenticationDetails) authentication.getDetails();
template.header(AUTHORIZATION_HEADER, String.format("%s %s", BEARER_TOKEN_TYPE, details.getTokenValue()));
}
}
@Override
public void apply(RequestTemplate template) {
SecurityContext securityContext = SecurityContextHolder.getContext();
Authentication authentication = securityContext.getAuthentication();
if (authentication != null && authentication.getDetails() instanceof OAuth2AuthenticationDetails) {
OAuth2AuthenticationDetails details = (OAuth2AuthenticationDetails) authentication.getDetails();
template.header(AUTHORIZATION_HEADER, String.format("%s %s", BEARER_TOKEN_TYPE, details.getTokenValue()));
}
}
@GetMapping(value = "jwt")
@PreAuthorize("hasAnyRole('ROLE_ADMIN')")
public Object jwtParser(Authentication authentication){
authentication.getCredentials();
OAuth2AuthenticationDetails details = (OAuth2AuthenticationDetails)authentication.getDetails();
String jwtToken = details.getTokenValue();
Claims claims = Jwts.parser()
.setSigningKey("dev".getBytes(StandardCharsets.UTF_8))
.parseClaimsJws(jwtToken)
.getBody();
return claims;
}
@org.springframework.web.bind.annotation.ResponseBody
@GetMapping(value = "get")
@PreAuthorize("hasAnyRole('ROLE_ADMIN')")
public Object get(Authentication authentication) {
//Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
authentication.getCredentials();
OAuth2AuthenticationDetails details = (OAuth2AuthenticationDetails) authentication.getDetails();
String token = details.getTokenValue();
return token;
}
public String getUserIp(Authentication authentication) {
if (authentication == null) {
return "";
}
Object details = authentication.getDetails();
if (!(details instanceof WebAuthenticationDetails)) {
return "";
}
WebAuthenticationDetails webDetails = (WebAuthenticationDetails) details;
return webDetails.getRemoteAddress();
}
public Message(MessageType type, String message)
{
this.type = type;
this.message = message;
SecurityContext context = SecurityContextHolder.getContext ();
if (context == null)
{
return;
}
Authentication auth =
SecurityContextHolder.getContext ().getAuthentication ();
if (auth == null)
{
return;
}
String user;
if (auth.getDetails () instanceof WebAuthenticationDetails)
{
WebAuthenticationDetails details =
(WebAuthenticationDetails) auth.getDetails ();
user = "["+((User)auth.getPrincipal ()).getUsername () +
" @ "+details.getRemoteAddress ()+"] ";
}
else
{
user = "["+auth.getPrincipal ().toString () + "] ";
}
this.message = user + message;
}
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
String userId = (String) authentication.getPrincipal();
CustomAuthenticationDetails details = (CustomAuthenticationDetails) authentication.getDetails();
boolean isBlocked = loginAttemptService.isBlocked(userId);
if (isBlocked) {
log.debug("User account is locked");
throw new LockedException(messages.getMessage(
"AbstractUserDetailsAuthenticationProvider.locked",
"User account is locked"));
}
Authentication authenticated = super.authenticate(authentication);
UserAuth userAuth = (UserAuth) authenticated.getPrincipal();
if (!userAuth.isUsing2fa())
return authenticated;
String code = details.getTotpCode();
String secret = userAuth.getTotpSecret();
if (secret == null || code == null) {
throw new BadCredentialsException("OTP was not provided");
} else if (TwoFAService.isInvalidOtp(secret, code)) {
throw new BadCredentialsException("OTP was incorrect. Please try again");
}
return authenticated;
}
@Override
public User onAuthenticationSuccess(Authentication auth) {
final DefaultUser principal = (DefaultUser) auth.getPrincipal();
final EndUserAuthentication authentication = new EndUserAuthentication(principal.getUsername(), null, new SimpleAuthenticationContext());
Map<String, String> details = auth.getDetails() == null ? new HashMap<>() : new HashMap<>((Map) auth.getDetails());
details.forEach(authentication.getContext()::set);
authentication.getContext().set(Claims.organization, Organization.DEFAULT);
final String source = details.get(SOURCE);
io.gravitee.am.model.User endUser = userService.findByExternalIdAndSource(ReferenceType.ORGANIZATION, Organization.DEFAULT, principal.getId(), source)
.switchIfEmpty(Maybe.defer(() -> userService.findByUsernameAndSource(ReferenceType.ORGANIZATION, Organization.DEFAULT, principal.getUsername(), source)))
.switchIfEmpty(Maybe.error(new UserNotFoundException(principal.getUsername())))
.flatMapSingle(existingUser -> {
existingUser.setSource(details.get(SOURCE));
existingUser.setClient(CLIENT_ID);
existingUser.setLoggedAt(new Date());
existingUser.setLoginsCount(existingUser.getLoginsCount() + 1);
// set roles
if (existingUser.getRoles() == null) {
existingUser.setRoles(principal.getRoles());
} else if (principal.getRoles() != null) {
// filter roles
principal.getRoles().removeAll(existingUser.getRoles());
existingUser.getRoles().addAll(principal.getRoles());
}
existingUser.setAdditionalInformation(principal.getAdditionalInformation());
return userService.update(existingUser);
})
.onErrorResumeNext(ex -> {
if (ex instanceof UserNotFoundException) {
final io.gravitee.am.model.User newUser = new io.gravitee.am.model.User();
newUser.setInternal(false);
newUser.setUsername(principal.getUsername());
newUser.setSource(details.get(SOURCE));
newUser.setClient(CLIENT_ID);
newUser.setReferenceType(ReferenceType.ORGANIZATION);
newUser.setReferenceId(Organization.DEFAULT);
newUser.setLoggedAt(new Date());
newUser.setLoginsCount(1l);
newUser.setAdditionalInformation(principal.getAdditionalInformation());
return userService.create(newUser)
.flatMap(user -> setRoles(principal, user)
.map(membership -> user));
}
return Single.error(ex);
})
.flatMap(userService::enhance)
.doOnSuccess(user -> auditService.report(AuditBuilder.builder(AuthenticationAuditBuilder.class).principal(authentication).referenceType(ReferenceType.ORGANIZATION).referenceId(Organization.DEFAULT).client(CLIENT_ID).user(user)))
.blockingGet();
principal.setId(endUser.getId());
principal.getAdditionalInformation().put(StandardClaims.SUB, endUser.getId());
principal.getAdditionalInformation().put(Claims.organization, endUser.getReferenceId());
principal.getAdditionalInformation().put("login_count", endUser.getLoginsCount());
// set roles
Set<String> roles = endUser.getRoles() != null ? new HashSet<>(endUser.getRoles()) : new HashSet<>();
if (principal.getRoles() != null) {
roles.addAll(principal.getRoles());
}
principal.getAdditionalInformation().put(CustomClaims.ROLES, roles);
return principal;
}
/**
* 设置登陆成功后令牌返回
* */
public static void addAuthentication(HttpServletRequest request, HttpServletResponse response, Authentication authResult) throws IOException {
// 获取用户登陆角色
Collection<? extends GrantedAuthority> authorities = authResult.getAuthorities();
// 遍历用户角色
StringBuffer stringBuffer = new StringBuffer();
authorities.forEach(authority -> {
stringBuffer.append(authority.getAuthority()).append(",");
});
long expirationTime = EXPIRATION_TIME;
int cookExpirationTime = -1;
// 处理登陆附加信息
LoginDetails loginDetails = (LoginDetails) authResult.getDetails();
if (loginDetails.getRememberMe() != null && loginDetails.getRememberMe()) {
expirationTime = COOKIE_EXPIRATION_TIME * 1000;
cookExpirationTime = COOKIE_EXPIRATION_TIME;
}
String jwt = Jwts.builder()
// Subject 设置用户名
.setSubject(authResult.getName())
// 设置用户权限
.claim("authorities", stringBuffer)
// 过期时间
.setExpiration(new Date(System.currentTimeMillis() + expirationTime))
// 签名算法
.signWith(SignatureAlgorithm.HS512, SECRET_KEY)
.compact();
Cookie cookie = new Cookie(COOKIE_TOKEN, jwt);
cookie.setHttpOnly(true);
cookie.setPath("/");
cookie.setMaxAge(cookExpirationTime);
response.addCookie(cookie);
// 向前端写入数据
LoginResultDetails loginResultDetails = new LoginResultDetails();
ResultDetails resultDetails = new ResultDetails();
resultDetails.setStatus(HttpStatus.OK.value());
resultDetails.setMessage("登陆成功!");
resultDetails.setSuccess(true);
resultDetails.setTimestamp(LocalDateTime.now());
User user = new User();
user.setUsername(authResult.getName());
user.setPower(stringBuffer.toString());
user.setExpirationTime(System.currentTimeMillis() + expirationTime);
loginResultDetails.setResultDetails(resultDetails);
loginResultDetails.setUser(user);
loginResultDetails.setStatus(200);
response.setContentType("application/json; charset=UTF-8");
PrintWriter out = response.getWriter();
out.write(new ObjectMapper().writeValueAsString(loginResultDetails));
out.flush();
out.close();
}
public static DiscordUserDetails getDetails(Authentication authentication) {
if (authentication != null && authentication.getDetails() instanceof DiscordUserDetails) {
return (DiscordUserDetails) authentication.getDetails();
}
return null;
}
@Override
@Transactional (propagation=Propagation.REQUIRED)
public Authentication authenticate (Authentication authentication)
throws AuthenticationException
{
String username = (String) authentication.getPrincipal ();
String password = (String) authentication.getCredentials ();
String ip = "unknown";
if (authentication.getDetails () instanceof WebAuthenticationDetails)
{
ip = ((WebAuthenticationDetails)authentication.getDetails ())
.getRemoteAddress ();
}
LOGGER.info ("Connection attempted by '" + authentication.getName () +
"' from " + ip);
User user = userService.getUserNoCheck (username);
if (user == null || user.isDeleted ())
{
throw new BadCredentialsException (errorMessage);
}
PasswordEncryption encryption = user.getPasswordEncryption ();
if ( !encryption.equals (PasswordEncryption.NONE))
{
MessageDigest md;
try
{
md = MessageDigest.getInstance (encryption.getAlgorithmKey ());
password =
new String (
Hex.encode (md.digest (password.getBytes ("UTF-8"))));
}
catch (NoSuchAlgorithmException | UnsupportedEncodingException e)
{
throw new BadCredentialsException ("Authentication process failed",
e);
}
}
if ( !user.getPassword ().equals (password))
{
LOGGER.warn (
new Message (MessageType.USER, "Connection refused for '" +
username
+ "' from " + ip +
" : error in login/password combination"));
throw new BadCredentialsException (errorMessage);
}
for (AccessRestriction restriction : user.getRestrictions ())
{
LOGGER.warn ("Connection refused for '" + username +
"' from " + ip + " : account is locked (" +
restriction.getBlockingReason () + ")");
throw new LockedException (restriction.getBlockingReason ());
}
LOGGER.info ("Connection success for '" + username + "' from " + ip);
return new ValidityAuthentication (user, user.getAuthorities ());
}
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
byte[] hashKey = hf.hashString(authentication.getName() + authentication.getCredentials()).asBytes();
String userKey = Arrays.toString(hashKey);
if (userService.isEvictCacheFlag()) {
userCache.invalidateAll();
userService.setEvictCacheFlag(false);
}
Authentication authed = userCache.getIfPresent(userKey);
if (null != authed) {
SecurityContextHolder.getContext().setAuthentication(authed);
} else {
try {
authed = authenticationProvider.authenticate(authentication);
ManagedUser user;
if (authed.getDetails() == null) {
//authed.setAuthenticated(false);
throw new UsernameNotFoundException(
"User not found in LDAP, check whether he/she has been added to the groups.");
}
if (authed.getDetails() instanceof UserDetails) {
UserDetails details = (UserDetails) authed.getDetails();
user = new ManagedUser(details.getUsername(), details.getPassword(), false,
details.getAuthorities());
} else {
user = new ManagedUser(authentication.getName(), "skippped-ldap", false, authed.getAuthorities());
}
Assert.notNull(user, "The UserDetail is null.");
String username = user.getUsername();
logger.debug("User {} authorities : {}", username, user.getAuthorities());
if (!userService.userExists(username)) {
userService.createUser(user);
} else if (needUpdateUser(user, username)) {
userService.updateUser(user);
}
userCache.put(userKey, authed);
} catch (AuthenticationException e) {
logger.error("Failed to auth user: " + authentication.getName(), e);
throw e;
}
logger.debug("Authenticated user " + authed.toString());
}
return authed;
}