@Override @Nonnull public AuthenticationDetails login(Credentials credentials) throws LoginException { checkNotNullArgument(credentials, "credentials should not be null"); SecurityContext previousSecurityContext = AppContext.getSecurityContext(); AppContext.setSecurityContext(new SecurityContext(serverSession)); AuthenticationDetails authenticationDetails = null; try { try (Transaction tx = persistence.createTransaction()) { publishBeforeLoginEvent(credentials); authenticationDetails = authenticateInternal(credentials); tx.commit(); userSessionManager.clearPermissionsOnUser(authenticationDetails.getSession()); setTimeZone(credentials, authenticationDetails); setSessionAttributes(credentials, authenticationDetails); storeSession(credentials, authenticationDetails); log.info("Logged in: {}", authenticationDetails.getSession()); publishUserLoggedInEvent(credentials, authenticationDetails); return authenticationDetails; } finally { publishAfterLoginEvent(credentials, authenticationDetails); } } finally { AppContext.setSecurityContext(previousSecurityContext); } }
publishBeforeAuthenticationEvent(credentials); List<AuthenticationProvider> providers = getProviders(); publishAuthenticationSuccess(details, credentials); publishAuthenticationFailed(credentials, provider, e); publishAuthenticationFailed(credentials, provider, ie); publishAfterAuthenticationEvent(credentials, details);
@Nonnull @Override public UserSession substituteUser(User substitutedUser) { UserSession currentSession = userSessionSource.getUserSession(); try (Transaction tx = persistence.createTransaction()) { EntityManager em = persistence.getEntityManager(); User user; if (currentSession.getUser().equals(substitutedUser)) { user = em.find(User.class, substitutedUser.getId()); if (user == null) { throw new NoResultException("User not found"); } } else { user = loadSubstitutedUser(substitutedUser, currentSession, em); } UserSession session = userSessionManager.createSession(currentSession, user); withSecurityContext(new SecurityContext(serverSession), () -> publishUserSubstitutedEvent(currentSession, session) ); tx.commit(); userSessions.remove(currentSession); userSessionManager.clearPermissionsOnUser(session); userSessions.add(session); return session; } }
@Override @Nonnull public AuthenticationDetails authenticate(Credentials credentials) throws LoginException { checkNotNullArgument(credentials, "credentials should not be null"); SecurityContext previousSecurityContext = AppContext.getSecurityContext(); AppContext.setSecurityContext(new SecurityContext(serverSession)); try (Transaction tx = persistence.createTransaction()) { AuthenticationDetails authenticationDetails = authenticateInternal(credentials); tx.commit(); userSessionManager.clearPermissionsOnUser(authenticationDetails.getSession()); return authenticationDetails; } finally { AppContext.setSecurityContext(previousSecurityContext); } }