Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ...
- .and()
- .formLogin()
- .successHandler(myAuthenticationSuccessHandler)
- .failureHandler(myAuthenticationFailureHandler)
- .usernameParameter(... some code ...)
- .passwordParameter(... some code ...)
- .loginProcessingUrl(... some code ...)
- .and()
- .logout()
- .invalidateHttpSession(true)
- .deleteCookies("JSESSIONID")
- .logoutUrl(... some code ...)
- .logoutSuccessHandler(noRedirectLogoutSuccessHandler)
- .and()
- .httpBasic()
- .and()
- .exceptionHandling().authenticationEntryPoint(restAuthenticationEntryPoint)
- .and()
- .addFilterBefore(new HmacAuthorizationFilter(), UsernamePasswordAuthenticationFilter.class)
- ...
- import java.io.IOException;
- import java.util.Arrays;
- import javax.servlet.http.HttpServletRequest;
- import javax.servlet.http.HttpServletResponse;
- import org.slf4j.Logger;
- import org.slf4j.LoggerFactory;
- import org.springframework.security.authentication.AuthenticationManager;
- import org.springframework.security.authentication.InternalAuthenticationServiceException;
- import org.springframework.security.core.Authentication;
- import org.springframework.security.core.AuthenticationException;
- import org.springframework.security.core.context.SecurityContextHolder;
- import org.springframework.security.core.session.SessionRegistry;
- import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
- import org.springframework.security.web.authentication.session.ChangeSessionIdAuthenticationStrategy;
- import org.springframework.security.web.authentication.session.CompositeSessionAuthenticationStrategy;
- import org.springframework.security.web.authentication.session.ConcurrentSessionControlAuthenticationStrategy;
- import org.springframework.security.web.authentication.session.RegisterSessionAuthenticationStrategy;
- import org.springframework.security.web.util.matcher.RequestMatcher;
- import mx.i4b.sisintadmin.sec.WebSecurityConfig.RestWebSecurityConfigurationAdapter;
- import mx.i4b.sisintadmin.service.CryptoService;
- import mx.i4b.sisintadmin.util.EntityHelper;
- import mx.i4b.sisintadmin.util.Util;
- public class HmacAuthorizationFilter extends UsernamePasswordAuthenticationFilter /*AbstractAuthenticationProcessingFilter*/ {
- @SuppressWarnings("unused")
- private final Logger logger = LoggerFactory.getLogger(getClass());
- public HmacAuthorizationFilter() {
- super();
- setRequiresAuthenticationRequestMatcher(authMatcher());
- }
- protected RequestMatcher authMatcher() {
- return new RequestMatcher() {
- @Override
- public boolean matches(HttpServletRequest request) {
- boolean result = true;
- result = result && Util.isDiferenteVacio(request.getHeader("Authorization"));
- result = result && Util.isDiferenteVacio(request.getHeader("Date"));
- return result;
- }
- };
- }
- @Override
- public Authentication attemptAuthentication(HttpServletRequest request,
- HttpServletResponse response)
- throws AuthenticationException {
- // Get authorization header
- String credentials = request.getHeader("Authorization");
- // get timestamp
- String timestamp = request.getHeader("Date");
- // If there's not credentials or date, return...
- if ((credentials == null) || (timestamp == null)) {
- return null;
- }
- ----- some code ----
- HmacAuthorizationToken token = cryptoService.createHmacAutorizationToken(... some code ...);
- token.setDetails(authenticationDetailsSource.buildDetails(request));
- //FIXME FIND OUT WHY this.getAuthenticationManager() IS NULL USING @Autowired
- AuthenticationManager authenticationManager = EntityHelper.getAuthenticationManager();
- Authentication result = authenticationManager.authenticate(token);
- ////////////////////////////////////////////////////////////////////
- //// Session configuration /////
- ////////////////////////////////////////////////////////////////////
- SessionRegistry sessionRegistry = EntityHelper.getSessionRegistry();
- ConcurrentSessionControlAuthenticationStrategy cscas =
- new ConcurrentSessionControlAuthenticationStrategy(sessionRegistry);
- ChangeSessionIdAuthenticationStrategy csias = new ChangeSessionIdAuthenticationStrategy();
- RegisterSessionAuthenticationStrategy rsas =
- new RegisterSessionAuthenticationStrategy(sessionRegistry);
- CompositeSessionAuthenticationStrategy sessionAuthenticationStrategy =
- new CompositeSessionAuthenticationStrategy(Arrays.asList(cscas, csias, rsas));
- sessionAuthenticationStrategy.onAuthentication(result, request, response);
- SecurityContextHolder.getContext().setAuthentication(result);
- this.setAuthenticationSuccessHandler(
- RestWebSecurityConfigurationAdapter.myAuthenticationSuccessHandler);
- this.setAuthenticationFailureHandler(
- RestWebSecurityConfigurationAdapter.myAuthenticationFailureHandler);
- //this.setContinueChainBeforeSuccessfulAuthentication(true);
- return result;
- }
- }
- public static AuthenticationManager getAuthenticationManager() {
- AuthenticationManager authenticationManager =
- getContext().getBean(AuthenticationManager.class);
- if (authenticationManager == null) {
- final Logger logger = LoggerFactory.getLogger(EntityHelper.class);
- logger.error("**************************************** EN EntityHelper RECEIVED AuthenticationManager NULL ****************************************");
- }
- return authenticationManager;
- }
- 2016-06-21 18:48:53,427 DEBUG [http-nio-8084-exec-3] (ProviderManager.java:152) - Authentication attempt using some.package.sec.HmacAuthenticationProvider
- 2016-06-21 18:48:53,427 DEBUG [http-nio-8084-exec-3] (HmacAuthenticationProvider.java:101) - retrieveUser HMAC . LOGIN username: ---- SOME CODE ---- desde la IP: 0:0:0:0:0:0:0:1
- 2016-06-21 18:48:53,691 INFO [http-nio-8084-exec-3] (UsuarioServiceImpl.java:1398) - LOGIN username: ---- SOME CODE ---- desde la IP: 0:0:0:0:0:0:0:1, Exitoso
- 2016-06-21 18:48:53,780 INFO [http-nio-8084-exec-3] (AuditListener.java:42) - AuditEvent [timestamp=Tue Jun 21 18:48:53 CDT 2016, principal=---- SOME CODE ----, type=AUTHENTICATION_SUCCESS, data={details=org.springframework.security.web.authentication.WebAuthenticationDetails@b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null}]
- 2016-06-21 18:48:53,785 DEBUG [http-nio-8084-exec-3] (CompositeSessionAuthenticationStrategy.java:81) - Delegating to org.springframework.security.web.authentication.session.ConcurrentSessionControlAuthenticationStrategy@51652639
- 2016-06-21 18:48:53,786 DEBUG [http-nio-8084-exec-3] (CompositeSessionAuthenticationStrategy.java:81) - Delegating to org.springframework.security.web.authentication.session.ChangeSessionIdAuthenticationStrategy@47b091ee
- 2016-06-21 18:48:53,786 DEBUG [http-nio-8084-exec-3] (CompositeSessionAuthenticationStrategy.java:81) - Delegating to org.springframework.security.web.authentication.session.RegisterSessionAuthenticationStrategy@193cc507
- 2016-06-21 18:48:53,787 DEBUG [http-nio-8084-exec-3] (HttpSessionEventPublisher.java:66) - Publishing event: org.springframework.security.web.session.HttpSessionCreatedEvent[source=org.apache.catalina.session.StandardSessionFacade@64ab5b82]
- 2016-06-21 18:48:53,788 DEBUG [http-nio-8084-exec-3] (SessionRegistryImpl.java:107) - Registering session 8A4D0A8AF99E7F74D6CFCD3DDAC86522, for principal some.package.sec.AppUserDetails@4476b273: Username: ---- SOME CODE ----; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_MAIN_USER
- 2016-06-21 18:48:53,788 DEBUG [http-nio-8084-exec-3] (AbstractAuthenticationProcessingFilter.java:319) - Authentication success. Updating SecurityContextHolder to contain: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@2588dcdb: Principal: some.package.sec.AppUserDetails@4476b273: Username: ---- SOME CODE ----; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_MAIN_USER; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null; Granted Authorities: ROLE_MAIN_USER
- 2016-06-21 18:48:53,789 DEBUG [http-nio-8084-exec-3] (HttpSessionSecurityContextRepository.java:327) - SecurityContext stored to HttpSession: 'org.springframework.security.core.context.SecurityContextImpl@2588dcdb: Authentication: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@2588dcdb: Principal: some.package.sec.AppUserDetails@4476b273: Username: ---- SOME CODE ----; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_MAIN_USER; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null; Granted Authorities: ROLE_MAIN_USER'
- 2016-06-21 18:48:53,790 DEBUG [http-nio-8084-exec-3] (SecurityContextPersistenceFilter.java:97) - SecurityContextHolder now cleared, as request processing completed
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement