Examples of org.acegisecurity.Authentication

org.acegisecurity.Authentication
Represents an authentication request.
An Authentication object is not considered authenticated until it is processed by an {@link AuthenticationManager}.

Stored in a request {@link org.acegisecurity.context.SecurityContext}.
@author Ben Alex @version $Id: Authentication.java 1784 2007-02-24 21:00:24Z luke_t $

          "An Authentication object was not found in the SecurityContext"), object, attr);
    }


    // Attempt authentication if not already authenticated, or user always
    // wants reauthentication
    Authentication authenticated;


    if (!SecurityContextHolder.getContext().getAuthentication().isAuthenticated() || alwaysReauthenticate) {
      try {
        authenticated = this.authenticationManager.authenticate(SecurityContextHolder.getContext()
            .getAuthentication());
      }
      catch (AuthenticationException authenticationException) {
        throw authenticationException;
      }


      // We don't authenticated.setAuthentication(true), because each
      // provider should do that
      if (logger.isDebugEnabled()) {
        logger.debug("Successfully Authenticated: " + authenticated.toString());
      }


      SecurityContextHolder.getContext().setAuthentication(authenticated);
    }
    else {
      authenticated = SecurityContextHolder.getContext().getAuthentication();


      if (logger.isDebugEnabled()) {
        logger.debug("Previously Authenticated: " + authenticated.toString());
      }
    }


    // Attempt authorization
    try {
      this.accessDecisionManager.decide(authenticated, object, attr);
    }
    catch (AccessDeniedException accessDeniedException) {
      AuthorizationFailureEvent event = new AuthorizationFailureEvent(object, attr, authenticated,
          accessDeniedException);
      publishEvent(event);


      throw accessDeniedException;
    }


    if (logger.isDebugEnabled()) {
      logger.debug("Authorization successful");
    }


    AuthorizedEvent event = new AuthorizedEvent(object, attr, authenticated);
    publishEvent(event);


    // Attempt to run as a different user
    Authentication runAs = this.runAsManager.buildRunAs(authenticated, object, attr);


    if (runAs == null) {
      if (logger.isDebugEnabled()) {
        logger.debug("RunAsManager did not change Authentication object");
      }


      // no further work post-invocation
      return new InterceptorStatusToken(authenticated, false, attr, object);
    }
    else {
      if (logger.isDebugEnabled()) {
        logger.debug("Switching to RunAs Authentication: " + runAs.toString());
      }


      SecurityContextHolder.getContext().setAuthentication(runAs);


      // revert to token.Authenticated post-invocation

View Full Code Here

     */
    protected void prepareConnection(HttpURLConnection con, int contentLength)
        throws IOException, AuthenticationCredentialsNotFoundException {
        super.prepareConnection(con, contentLength);


        Authentication auth = SecurityContextHolder.getContext().getAuthentication();


        if ((auth != null) && (auth.getName() != null) && (auth.getCredentials() != null)) {
            String base64 = auth.getName() + ":" + auth.getCredentials().toString();
            con.setRequestProperty("Authorization", "Basic " + new String(Base64.encodeBase64(base64.getBytes())));


            if (logger.isDebugEnabled()) {
                logger.debug("HttpInvocation now presenting via BASIC authentication SecurityContextHolder-derived: "
                    + auth.toString());
            }
        } else {
            if (logger.isDebugEnabled()) {
                logger.debug("Unable to set BASIC authentication header as SecurityContext did not provide "
                        + "valid Authentication: " + auth);

View Full Code Here

            AuthenticationProvider provider = (AuthenticationProvider) iter.next();


            if (provider.supports(toTest)) {
                logger.debug("Authentication attempt using " + provider.getClass().getName());


                Authentication result = null;


                try {
                    result = provider.authenticate(authentication);
                    copyDetails(authentication, result);
                    sessionController.checkAuthenticationAllowed(result);

View Full Code Here

     *         request.
     */
    protected Authentication attemptExitUser(HttpServletRequest request)
        throws AuthenticationCredentialsNotFoundException {
        // need to check to see if the current user has a SwitchUserGrantedAuthority
        Authentication current = SecurityContextHolder.getContext().getAuthentication();


        if (null == current) {
            throw new AuthenticationCredentialsNotFoundException(messages.getMessage(
                    "SwitchUserProcessingFilter.noCurrentUser", "No current user associated with this request"));
        }


        // check to see if the current user did actual switch to another user
        // if so, get the original source user so we can switch back
        Authentication original = getSourceAuthentication(current);


        if (original == null) {
            logger.error("Could not find original user Authentication object!");
            throw new AuthenticationCredentialsNotFoundException(messages.getMessage(
                    "SwitchUserProcessingFilter.noOriginalAuthentication",
                    "Could not find original Authentication object"));
        }


        // get the source user details
        UserDetails originalUser = null;
        Object obj = original.getPrincipal();


        if ((obj != null) && obj instanceof UserDetails) {
            originalUser = (UserDetails) obj;
        }

View Full Code Here

        UserDetails targetUser) {
        UsernamePasswordAuthenticationToken targetUserRequest;


        // grant an additional authority that contains the original Authentication object
        // which will be used to 'exit' from the current switched user.
        Authentication currentAuth = SecurityContextHolder.getContext().getAuthentication();
        GrantedAuthority switchAuthority = new SwitchUserGrantedAuthority(ROLE_PREVIOUS_ADMINISTRATOR, currentAuth);


        // get the original authorities        
        ArrayList orig = new ArrayList();
        for (int i = 0; i < targetUser.getAuthorities().length; i++) {

View Full Code Here

        HttpServletResponse httpResponse = (HttpServletResponse) response;


        // check for switch or exit request
        if (requiresSwitchUser(httpRequest)) {
            // if set, attempt switch and store original
            Authentication targetUser = attemptSwitchUser(httpRequest);


            // update the current context to the new target user
            SecurityContextHolder.getContext().setAuthentication(targetUser);


            // redirect to target url
            httpResponse.sendRedirect(httpResponse.encodeRedirectURL(httpRequest.getContextPath() + targetUrl));


            return;
        } else if (requiresExitUser(httpRequest)) {
            // get the original authentication object (if exists)
            Authentication originalUser = attemptExitUser(httpRequest);


            // update the current context back to the original user
            SecurityContextHolder.getContext().setAuthentication(originalUser);


            // redirect to target url

View Full Code Here

     * @param current The current  <code>Authentication</code> object
     *
     * @return The source user <code>Authentication</code> object or <code>null</code> otherwise.
     */
    private Authentication getSourceAuthentication(Authentication current) {
        Authentication original = null;


        // iterate over granted authorities and find the 'switch user' authority
        GrantedAuthority[] authorities = current.getAuthorities();


        for (int i = 0; i < authorities.length; i++) {

View Full Code Here

    if (requiresAuthentication(httpRequest, httpResponse)) {
      if (logger.isDebugEnabled()) {
        logger.debug("Request is to process authentication");
      }


      Authentication authResult;


      try {
        onPreAuthentication(httpRequest, httpResponse);
        authResult = attemptAuthentication(httpRequest);
      }

View Full Code Here


        HttpServletRequest httpRequest = (HttpServletRequest) request;
        HttpServletResponse httpResponse = (HttpServletResponse) response;


        if (SecurityContextHolder.getContext().getAuthentication() == null) {
            Authentication rememberMeAuth = rememberMeServices.autoLogin(httpRequest, httpResponse);


            if (rememberMeAuth != null) {
                // Attempt authenticaton via AuthenticationManager
                try {
                  rememberMeAuth = authenticationManager.authenticate(rememberMeAuth);

View Full Code Here


        HttpServletRequest httpRequest = (HttpServletRequest) request;
        HttpServletResponse httpResponse = (HttpServletResponse) response;


        if (requiresLogout(httpRequest, httpResponse)) {
            Authentication auth = SecurityContextHolder.getContext().getAuthentication();


            if (logger.isDebugEnabled()) {
                logger.debug("Logging out user '" + auth + "' and redirecting to logout page");
            }

View Full Code Here

0 1 2 3 4 5 6 7 8 9

TOP

Related Classes of org.acegisecurity.Authentication

$.AuthorizeSupport

$.HttpSessionContextIntegrationForCacheFilter

$.UserAuthenticationProcessingFilter

com.cisco.step.jenkins.plugins.jenkow.JenkowWorkflowRepository

com.cloudbees.jenkins.GitHubWebHook

com.groupon.jenkins.dynamic.organizationcontainer.OrganizationGravatarIcon

com.groupon.jenkins.github.services.AuthenticationService

com.groupon.jenkins.util.AuthenticationMixin

com.san.my.web.action.account.Login

com.vst.service.UserSecurityAdvice

All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.