Java 类org.springframework.security.authentication.AuthenticationTrustResolverImpl 实例源码

@Bean
public AuditorAware<String> auditorAwareBean() {
  return () -> {
    Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
    if (authentication == null
        || new AuthenticationTrustResolverImpl().isAnonymous(authentication)) {
      return "@SYSTEM";
    }

    Object principal = authentication.getPrincipal();
    if (principal instanceof String) {
      return (String) principal;
    } else if (principal instanceof UserDetails) {
      return ((UserDetails) principal).getUsername();
    } else {
      return String.valueOf(principal);
    }
  };
}

/**
    * After returning, grab the user, check if they've been modified and reset
    * the SecurityContext if they have.
    * 
    * @param returnValue
    *                the user object
    * @param method
    *                the name of the method executed
    * @param args
    *                the arguments to the method
    * @param target
    *                the target class
    * @throws Throwable
    *                 thrown when args[0] is null or not a User object
    */
   public void afterReturning(Object returnValue, Method method,
    Object[] args, Object target) throws Throwable {
User user = (User) args[0];

if (user.getVersion() != null) {
    // reset the authentication object if current user
    Authentication auth = SecurityContextHolder.getContext()
        .getAuthentication();
    AuthenticationTrustResolver resolver = new AuthenticationTrustResolverImpl();
    // allow new users to signup - this is OK b/c Signup doesn't allow
    // setting of roles
    boolean signupUser = resolver.isAnonymous(auth);
    if (auth != null && !signupUser) {
    User currentUser = getCurrentUser(auth);
    if (currentUser.getId().equals(user.getId())) {
        auth = new UsernamePasswordAuthenticationToken(user, user
            .getPassword(), user.getAuthorities());
        SecurityContextHolder.getContext().setAuthentication(auth);
    }
    }
}
   }

/**
 * After returning, grab the user, check if they've been modified and reset the SecurityContext if they have.
 *
 * @param returnValue the user object
 * @param method      the name of the method executed
 * @param args        the arguments to the method
 * @param target      the target class
 * @throws Throwable thrown when args[0] is null or not a User object
 */
public void afterReturning(Object returnValue, Method method, Object[] args, Object target)
        throws Throwable {
    User user = (User) args[0];

    if (user.getVersion() != null) {
        // reset the authentication object if current user
        Authentication auth = SecurityContextHolder.getContext().getAuthentication();
        AuthenticationTrustResolver resolver = new AuthenticationTrustResolverImpl();
        // allow new users to signup - this is OK b/c Signup doesn't allow setting of roles
        boolean signupUser = resolver.isAnonymous(auth);
        if (auth != null && !signupUser) {
            UserManager userManager = (UserManager) target;
            User currentUser = getCurrentUser(auth, userManager);
            if (currentUser.getId().equals(user.getId())) {
                auth = new UsernamePasswordAuthenticationToken(user, user.getPassword(), user.getAuthorities());
                SecurityContextHolder.getContext().setAuthentication(auth);
            }
        }
    }
}

/**
 * After returning, grab the user, check if they've been modified and reset the SecurityContext if they have.
 *
 * @param returnValue the user object
 * @param method      the name of the method executed
 * @param args        the arguments to the method
 * @param target      the target class
 * @throws Throwable thrown when args[0] is null or not a User object
 */
public void afterReturning(Object returnValue, Method method, Object[] args, Object target)
        throws Throwable {
    User user = (User) args[0];

    if (user.getVersion() != null) {
        // reset the authentication object if current user
        Authentication auth = SecurityContextHolder.getContext().getAuthentication();
        AuthenticationTrustResolver resolver = new AuthenticationTrustResolverImpl();
        // allow new users to signup - this is OK b/c Signup doesn't allow setting of roles
        boolean signupUser = resolver.isAnonymous(auth);
        if (auth != null && !signupUser) {
            UserManager userManager = (UserManager) target;
            User currentUser = getCurrentUser(auth, userManager);
            if (currentUser.getId().equals(user.getId())) {
                auth = new UsernamePasswordAuthenticationToken(user, user.getPassword(), user.getAuthorities());
                SecurityContextHolder.getContext().setAuthentication(auth);
            }
        }
    }
}

@Override
protected SecurityExpressionOperations createSecurityExpressionRoot(Authentication authentication, FilterInvocation fi) {
    WebSecurityExpressionRoot root = new CustomWebSecurityExpressionRoot(authentication, fi);
    root.setPermissionEvaluator(getPermissionEvaluator());
    root.setTrustResolver(new AuthenticationTrustResolverImpl());
    root.setRoleHierarchy(getRoleHierarchy());
    return root;
}

@Override
protected MethodSecurityExpressionOperations createSecurityExpressionRoot(Authentication authentication, MethodInvocation invocation) {
    CustomMethodSecurityExpressionRoot root = new CustomMethodSecurityExpressionRoot(authentication);
    root.setThis(invocation.getThis());
    root.setPermissionEvaluator(getPermissionEvaluator());
    root.setTrustResolver(new AuthenticationTrustResolverImpl());
    root.setRoleHierarchy(getRoleHierarchy());

    return root;
}

private boolean isAnonymous() {
AuthenticationTrustResolver resolver = new AuthenticationTrustResolverImpl();
SecurityContext ctx = SecurityContextHolder.getContext();
if (ctx != null) {
    Authentication auth = ctx.getAuthentication();
    return resolver.isAnonymous(auth);
}
return true;
   }

private boolean isAnonymous() {
    AuthenticationTrustResolver resolver = new AuthenticationTrustResolverImpl();
    SecurityContext ctx = SecurityContextHolder.getContext();
    if (ctx != null) {
        Authentication auth = ctx.getAuthentication();
        return resolver.isAnonymous(auth);
    }
    return true;
}

private boolean isAnonymous() {
    AuthenticationTrustResolver resolver = new AuthenticationTrustResolverImpl();
    SecurityContext ctx = SecurityContextHolder.getContext();
    if (ctx != null) {
        Authentication auth = ctx.getAuthentication();
        return resolver.isAnonymous(auth);
    }
    return true;
}

@Bean
public AuthenticationTrustResolver getAuthenticationTrustResolver() {
    return new AuthenticationTrustResolverImpl();
}

@Bean
public AuthenticationTrustResolver getAuthenticationTrustResolver() {
    return new AuthenticationTrustResolverImpl();
}

/**
    * Grab the user from the database based on the "id" passed in.
    * 
    * @return success if user found
    * @throws IOException
    *                 can happen when sending a "forbidden" from
    *                 response.sendError()
    */
   public String edit() throws IOException {
HttpServletRequest request = getRequest();
boolean editProfile = (request.getRequestURI().indexOf("editProfile") > -1);

// if URL is "editProfile" - make sure it's the current user
if (editProfile) {
    // reject if id passed in or "list" parameter passed in
    // someone that is trying this probably knows the AppFuse code
    // but it's a legitimate bug, so I'll fix it. ;-)
    if ((request.getParameter("id") != null)
        || (request.getParameter("from") != null)) {
    ServletActionContext.getResponse().sendError(
        HttpServletResponse.SC_FORBIDDEN);
    log.warn("User '" + request.getRemoteUser()
        + "' is trying to edit user '"
        + request.getParameter("id") + "'");

    return null;
    }
}

// if a user's id is passed in
if (id != null) {
    // lookup the user using that id
    user = userManager.getUser(id);
} else if (editProfile) {
    user = userManager.getUserByUsername(request.getRemoteUser());
} else {
    user = new User();
    user.addRole(new Role(Constants.USER_ROLE));
}

if (user.getUsername() != null) {
    user.setConfirmPassword(user.getPassword());

    // if user logged in with remember me, display a warning that they
    // can't change passwords
    log.debug("checking for remember me login...");

    AuthenticationTrustResolver resolver = new AuthenticationTrustResolverImpl();
    SecurityContext ctx = SecurityContextHolder.getContext();

    if (ctx != null) {
    Authentication auth = ctx.getAuthentication();

    if (resolver.isRememberMe(auth)) {
        getSession().setAttribute("cookieLogin", "true");
        saveMessage(getText("userProfile.cookieLogin"));
    }
    }
}

return SUCCESS;
   }

public RestExceptionTranslator() {
    jsonResponseHelper = new JsonResponseWriterGsonImpl();
    authenticationTrustResolver = new AuthenticationTrustResolverImpl();
}

private void addSecurityContextHolderAwareRequestFilter(List<Filter> filters) throws ServletException {
    SecurityContextHolderAwareRequestFilter securityFilter = new SecurityContextHolderAwareRequestFilter();
    securityFilter.setTrustResolver(new AuthenticationTrustResolverImpl());
    securityFilter.afterPropertiesSet();
    filters.add(securityFilter);
}

public boolean isRememberMe() {
    AuthenticationTrustResolver resolver = new AuthenticationTrustResolverImpl();
    Authentication authentication = SecurityContextHolder.getContext().getAuthentication();

    return resolver.isRememberMe(authentication);
}