Examples of org.springframework.security.core.Authentication

• org.springframework.security.core.Authentication
  Represents the token for an authentication request or for an authenticated principal once the request has been processed by the {@link AuthenticationManager#authenticate(Authentication)} method.

  Once the request has been authenticated, the Authentication will usually be stored in a thread-local SecurityContext managed by the {@link SecurityContextHolder} by the authentication mechanism which isbeing used. An explicit authentication can be achieved, without using one of Spring Security's authentication mechanisms, by creating an Authentication instance and using the code:

   SecurityContextHolder.getContext().setAuthentication(anAuthentication); 

  Note that unless the Authentication has the authenticated property set to true, it will still be authenticated by any security interceptor (for method or web invocations) which encounters it.

  In most cases, the framework transparently takes care of managing the security context and authentication objects for you. @author Ben Alex

    @Test
    public void onAuthenticationSuccess() throws ServletException, IOException {
        MockHttpServletRequest request = new MockHttpServletRequest();
        MockHttpServletResponse response = new MockHttpServletResponse();
        Authentication authentication = new TestingAuthenticationToken(null, null);

        successHandler.onAuthenticationSuccess(request, response, authentication);

        assertEquals(MockHttpServletResponse.SC_OK, response.getStatus());
    }

        return user;
    }

    @Override
    public User getAuthenticatedUser() {
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();

        if (authentication != null && authentication.getPrincipal() instanceof User) {
            return (User) authentication.getPrincipal();
        } else {
            throw new SecurityException("Could not get the authenticated user!");
        }
    }

  }

  @Override
  public String getUsername() {
    SecurityContext ctx = SecurityContextHolder.getContext();
    Authentication authentication = ctx == null ? null : ctx.getAuthentication();
    Object principal = authentication == null ? null : authentication.getPrincipal();

    String username;
    if (principal instanceof UserDetails) {
      username = ((UserDetails)principal).getUsername();
    } else {

     * Extend the current authentication context to include the given role.
     *
     * @param roleId role id
     */
    public static void extendAuthContext(final Long roleId) {
        Authentication auth = SecurityContextHolder.getContext().getAuthentication();
        List<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>(auth.getAuthorities());
        authorities.add(new SimpleGrantedAuthority(EntitlementUtil.getEntitlementNameFromRoleId(roleId)));
        Authentication newAuth = new UsernamePasswordAuthenticationToken(
                auth.getPrincipal(), auth.getCredentials(), authorities);
        SecurityContextHolder.getContext().setAuthentication(newAuth);
    }

    }

    public static PracticalUserDetails getLoggedInUser() {

        // Anyone logged in?
        Authentication auth = SecurityContextHolder.getContext().getAuthentication();

        if ( auth == null ) {

            // Nope
            return null;

        } else {

            Object princ = auth.getPrincipal();

            if (princ instanceof PracticalUserDetails) {
                return (PracticalUserDetails) princ;
            } else {

    @Override
    public FeatureUser getCurrentUser() {

        SecurityContext context = SecurityContextHolder.getContext();
        Authentication authentication = context.getAuthentication();

        // null if no authentication data is available for the current thread
        if (authentication != null) {

            String name = null;

            // try to obtain the name of thie user
            Object principal = authentication.getPrincipal();
            if (principal instanceof UserDetails) {
                UserDetails userDetails = (UserDetails) principal;
                name = userDetails.getUsername();
            } else {
                name = principal.toString();
            }

            Set<String> authorities = AuthorityUtils.authorityListToSet(authentication.getAuthorities());

            // check for the authority for feature admins
            boolean featureAdmin = false;
            if (featureAdminAuthority != null) {
                featureAdmin = authorities.contains(featureAdminAuthority);

     *            the current <code>ServletRequest</code>
     * @return the Subject to run as or <code>null</code> if no
     *         <code>Subject</code> is available.
     */
    protected Subject obtainSubject(ServletRequest request) {
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        if (logger.isDebugEnabled()) {
            logger.debug("Attempting to obtainSubject using authentication : " + authentication);
        }
        if (authentication == null) {
            return null;
        }
        if (!authentication.isAuthenticated()) {
            return null;
        }
        if (!(authentication instanceof JaasAuthenticationToken)) {
            return null;
        }

     * @see org.springframework.web.method.support.HandlerMethodArgumentResolver#resolveArgument(org.springframework.core.MethodParameter, org.springframework.web.method.support.ModelAndViewContainer, org.springframework.web.context.request.NativeWebRequest, org.springframework.web.bind.support.WebDataBinderFactory)
     */
    public Object resolveArgument(MethodParameter parameter,
            ModelAndViewContainer mavContainer, NativeWebRequest webRequest,
            WebDataBinderFactory binderFactory) throws Exception {
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        if(authentication == null) {
            return null;
        }
        Object principal = authentication.getPrincipal();
        if(principal != null && !parameter.getParameterType().isAssignableFrom(principal.getClass())) {
            AuthenticationPrincipal authPrincipal = findMethodAnnotation(AuthenticationPrincipal.class, parameter);
            if(authPrincipal.errorOnInvalidType()) {
                throw new ClassCastException(principal + " is not assignable to " + parameter.getParameterType());
            } else {

            password = "wombat";
        } else if ("peter".equals(username)) {
            password = "opal";
        }

        Authentication authRequest = new UsernamePasswordAuthenticationToken(username, password);
        SecurityContextHolder.getContext().setAuthentication(authRequest);
    }

            .andExpect(authenticated().withAuthenticationPrincipal(user));
    }

    @Test
    public void requestProtectedUrlWithAuthentication() throws Exception {
        Authentication authentication = new TestingAuthenticationToken("test", "notused", "ROLE_USER");
        mvc
            .perform(get("/").with(authentication(authentication)))
            // Ensure we got past Security
            .andExpect(status().isNotFound())
            // Ensure it appears we are authenticated with user