Collection<? extends GrantedAuthority> extractAuthorities( Authentication authentication) { return authentication.getAuthorities(); } }
public Map<String, ?> convertUserAuthentication(Authentication authentication) { Map<String, Object> response = new LinkedHashMap<String, Object>(); response.put(USERNAME, authentication.getName()); if (authentication.getAuthorities() != null && !authentication.getAuthorities().isEmpty()) { response.put(AUTHORITIES, AuthorityUtils.authorityListToSet(authentication.getAuthorities())); } return response; }
@Override public Set<GrantedAuthority> getAuthorities() { Authentication authentication = SecurityContextHolder.getContext().getAuthentication(); if (authentication == null) { return Collections.emptySet(); } return Collections.unmodifiableSet(new HashSet<GrantedAuthority>(authentication.getAuthorities())); }
/** * Construct an OAuth 2 authentication. Since some grant types don't require user authentication, the user * authentication may be null. * * @param storedRequest The authorization request (must not be null). * @param userAuthentication The user authentication (possibly null). */ public OAuth2Authentication(OAuth2Request storedRequest, Authentication userAuthentication) { super(userAuthentication == null ? storedRequest.getAuthorities() : userAuthentication.getAuthorities()); this.storedRequest = storedRequest; this.userAuthentication = userAuthentication; }
/** * Calls the <tt>RoleHierarchy</tt> to obtain the complete set of user authorities. */ @Override Collection<? extends GrantedAuthority> extractAuthorities( Authentication authentication) { return roleHierarchy.getReachableGrantedAuthorities(authentication .getAuthorities()); } }
public Collection<? extends GrantedAuthority> attemptAuthentication(String username, String password) throws RemoteAuthenticationException { UsernamePasswordAuthenticationToken request = new UsernamePasswordAuthenticationToken( username, password); try { return authenticationManager.authenticate(request).getAuthorities(); } catch (AuthenticationException authEx) { throw new RemoteAuthenticationException(authEx.getMessage()); } }
public List<Sid> getSids(Authentication authentication) { Collection<? extends GrantedAuthority> authorities = roleHierarchy .getReachableGrantedAuthorities(authentication.getAuthorities()); List<Sid> sids = new ArrayList<>(authorities.size() + 1); sids.add(new PrincipalSid(authentication)); for (GrantedAuthority authority : authorities) { sids.add(new GrantedAuthoritySid(authority)); } return sids; } }
private Set<String> getAuthoritySet() { if (roles == null) { roles = new HashSet<>(); Collection<? extends GrantedAuthority> userAuthorities = authentication .getAuthorities(); if (roleHierarchy != null) { userAuthorities = roleHierarchy .getReachableGrantedAuthorities(userAuthorities); } roles = AuthorityUtils.authorityListToSet(userAuthorities); } return roles; }
private boolean checkExternalPermission(ExternalAclProvider eap, Authentication authentication, String entityType, String entityUuid, Object permission) { String currentUser = authentication.getName(); List<String> authorities = AclPermissionUtil.transformAuthorities(authentication.getAuthorities()); List<Permission> kylinPermissions = resolveKylinPermission(permission); for (Permission p : kylinPermissions) { if (eap.checkPermission(currentUser, authorities, entityType, entityUuid, p)) return true; } return false; }
@GetMapping("/roles") public String roles(@AuthenticationPrincipal Authentication authentication) { return authentication.getAuthorities().stream() .map(GrantedAuthority::getAuthority) .collect(Collectors.joining(",")); }
@Override public Mono<AuthorizationDecision> check(Mono<Authentication> authentication, T object) { return authentication .filter(a -> a.isAuthenticated()) .flatMapIterable( a -> a.getAuthorities()) .map(g -> g.getAuthority()) .any(a -> this.authorities.contains(a)) .map( hasAuthority -> new AuthorizationDecision(hasAuthority)) .defaultIfEmpty(new AuthorizationDecision(false)); }
@Test public void checkWhenHasAuthorityAndAuthenticatedAndNoAuthoritiesThenReturnFalse() { when(authentication.isAuthenticated()).thenReturn(true); when(authentication.getAuthorities()).thenReturn(Collections.emptyList()); boolean granted = manager.check(Mono.just(authentication), null).block().isGranted(); assertThat(granted).isFalse(); }
@Test public void securityContextDeserializeTest() throws IOException { SecurityContext context = mapper.readValue(SECURITY_CONTEXT_JSON, SecurityContextImpl.class); assertThat(context).isNotNull(); assertThat(context.getAuthentication()).isNotNull().isInstanceOf(UsernamePasswordAuthenticationToken.class); assertThat(context.getAuthentication().getPrincipal()).isEqualTo("admin"); assertThat(context.getAuthentication().getCredentials()).isEqualTo("1234"); assertThat(context.getAuthentication().isAuthenticated()).isTrue(); Collection authorities = context.getAuthentication().getAuthorities(); assertThat(authorities).hasSize(1); assertThat(authorities).contains(new SimpleGrantedAuthority("ROLE_USER")); } }
@Test public void authenticateSuccess() throws Exception { Authentication auth = provider.authenticate(token); assertThat(auth.getPrincipal()).isEqualTo(token.getPrincipal()); assertThat(auth.getCredentials()).isEqualTo(token.getCredentials()); assertThat(auth.isAuthenticated()).isEqualTo(true); assertThat(auth.getAuthorities().isEmpty()).isEqualTo(false); verify(publisher).publishEvent(isA(JaasAuthenticationSuccessEvent.class)); verifyNoMoreInteractions(publisher); }
@Test public void authenticateWhenJwtThenSuccess() { BearerTokenAuthenticationToken token = new BearerTokenAuthenticationToken("token-1"); when(this.jwtDecoder.decode(token.getToken())).thenReturn(Mono.just(this.jwt)); Authentication authentication = this.manager.authenticate(token).block(); assertThat(authentication).isNotNull(); assertThat(authentication.isAuthenticated()).isTrue(); assertThat(authentication.getAuthorities()).extracting(GrantedAuthority::getAuthority).containsOnly("SCOPE_message:read", "SCOPE_message:write"); } }
@Test public void getAuthenticationManagerWhenProtectedPasswordEncoderBeanThenUsed() throws Exception { this.spring.register(PasswordEncoderGlobalConfig.class).autowire(); AuthenticationManager manager = this.spring.getContext() .getBean(AuthenticationConfiguration.class).getAuthenticationManager(); Authentication auth = manager.authenticate(new UsernamePasswordAuthenticationToken("user", "password")); assertThat(auth.getName()).isEqualTo("user"); assertThat(auth.getAuthorities()).extracting(GrantedAuthority::getAuthority).containsOnly("ROLE_USER"); }
@Test public void getAuthenticationManagerWhenGlobalPasswordEncoderBeanThenUsed() throws Exception { this.spring.register(PasswordEncoderGlobalConfig.class).autowire(); AuthenticationManager manager = this.spring.getContext() .getBean(AuthenticationConfiguration.class).getAuthenticationManager(); Authentication auth = manager.authenticate(new UsernamePasswordAuthenticationToken("user", "password")); assertThat(auth.getName()).isEqualTo("user"); assertThat(auth.getAuthorities()).extracting(GrantedAuthority::getAuthority).containsOnly("ROLE_USER"); }
@Test public void testNullDefaultAuthorities() { UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken( "user", "password"); assertThat(jaasProvider.supports(UsernamePasswordAuthenticationToken.class)).isTrue(); Authentication auth = jaasProvider.authenticate(token); assertThat(auth .getAuthorities()).withFailMessage("Only ROLE_TEST1 and ROLE_TEST2 should have been returned").hasSize(2); }
@Test public void testSuccessfulAuthenticationCreatesObject() { RemoteAuthenticationProvider provider = new RemoteAuthenticationProvider(); provider.setRemoteAuthenticationManager( new MockRemoteAuthenticationManager(true)); Authentication result = provider .authenticate(new UsernamePasswordAuthenticationToken("rod", "password")); assertThat(result.getPrincipal()).isEqualTo("rod"); assertThat(result.getCredentials()).isEqualTo("password"); assertThat(AuthorityUtils.authorityListToSet(result.getAuthorities())).contains("foo"); }
@Test @WithMockUser public void methodSecurityWhenCustomRunAsManagerThenRunAsWrapsAuthentication() { this.spring.register(CustomRunAsManagerConfig.class, MethodSecurityServiceConfig.class).autowire(); assertThat(service.runAs().getAuthorities()) .anyMatch(authority -> "ROLE_RUN_AS_SUPER".equals(authority.getAuthority())); }