Josh Cummings
Steve Riesenberg
parent
37ccf3c18c
commit
ba468c7e6e
|
|
@ -175,6 +175,7 @@ public class SwitchUserFilter extends GenericFilterBean implements ApplicationEv
|
||||||
Authentication targetUser = attemptSwitchUser(request);
|
Authentication targetUser = attemptSwitchUser(request);
|
||||||
// update the current context to the new target user
|
// update the current context to the new target user
|
||||||
SecurityContextHolder.getContext().setAuthentication(targetUser);
|
SecurityContextHolder.getContext().setAuthentication(targetUser);
|
||||||
|
this.logger.debug(LogMessage.format("Set SecurityContextHolder to %s", targetUser));
|
||||||
// redirect to target url
|
// redirect to target url
|
||||||
this.successHandler.onAuthenticationSuccess(request, response, targetUser);
|
this.successHandler.onAuthenticationSuccess(request, response, targetUser);
|
||||||
}
|
}
|
||||||
|
|
@ -189,10 +190,13 @@ public class SwitchUserFilter extends GenericFilterBean implements ApplicationEv
|
||||||
Authentication originalUser = attemptExitUser(request);
|
Authentication originalUser = attemptExitUser(request);
|
||||||
// update the current context back to the original user
|
// update the current context back to the original user
|
||||||
SecurityContextHolder.getContext().setAuthentication(originalUser);
|
SecurityContextHolder.getContext().setAuthentication(originalUser);
|
||||||
|
this.logger.debug(LogMessage.format("Set SecurityContextHolder to %s", originalUser));
|
||||||
// redirect to target url
|
// redirect to target url
|
||||||
this.successHandler.onAuthenticationSuccess(request, response, originalUser);
|
this.successHandler.onAuthenticationSuccess(request, response, originalUser);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
this.logger.trace(LogMessage.format("Did not attempt to switch user since request did not match [%s] or [%s]",
|
||||||
|
this.switchUserMatcher, this.exitUserMatcher));
|
||||||
chain.doFilter(request, response);
|
chain.doFilter(request, response);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -211,12 +215,11 @@ public class SwitchUserFilter extends GenericFilterBean implements ApplicationEv
|
||||||
UsernamePasswordAuthenticationToken targetUserRequest;
|
UsernamePasswordAuthenticationToken targetUserRequest;
|
||||||
String username = request.getParameter(this.usernameParameter);
|
String username = request.getParameter(this.usernameParameter);
|
||||||
username = (username != null) ? username : "";
|
username = (username != null) ? username : "";
|
||||||
this.logger.debug(LogMessage.format("Attempt to switch to user [%s]", username));
|
this.logger.debug(LogMessage.format("Attempting to switch to user [%s]", username));
|
||||||
UserDetails targetUser = this.userDetailsService.loadUserByUsername(username);
|
UserDetails targetUser = this.userDetailsService.loadUserByUsername(username);
|
||||||
this.userDetailsChecker.check(targetUser);
|
this.userDetailsChecker.check(targetUser);
|
||||||
// OK, create the switch user token
|
// OK, create the switch user token
|
||||||
targetUserRequest = createSwitchUserToken(request, targetUser);
|
targetUserRequest = createSwitchUserToken(request, targetUser);
|
||||||
this.logger.debug(LogMessage.format("Switch User Token [%s]", targetUserRequest));
|
|
||||||
// publish event
|
// publish event
|
||||||
if (this.eventPublisher != null) {
|
if (this.eventPublisher != null) {
|
||||||
this.eventPublisher.publishEvent(new AuthenticationSwitchUserEvent(
|
this.eventPublisher.publishEvent(new AuthenticationSwitchUserEvent(
|
||||||
|
|
@ -245,9 +248,9 @@ public class SwitchUserFilter extends GenericFilterBean implements ApplicationEv
|
||||||
// if so, get the original source user so we can switch back
|
// if so, get the original source user so we can switch back
|
||||||
Authentication original = getSourceAuthentication(current);
|
Authentication original = getSourceAuthentication(current);
|
||||||
if (original == null) {
|
if (original == null) {
|
||||||
this.logger.debug("Could not find original user Authentication object!");
|
this.logger.debug("Failed to find original user");
|
||||||
throw new AuthenticationCredentialsNotFoundException(this.messages.getMessage(
|
throw new AuthenticationCredentialsNotFoundException(this.messages
|
||||||
"SwitchUserFilter.noOriginalAuthentication", "Could not find original Authentication object"));
|
.getMessage("SwitchUserFilter.noOriginalAuthentication", "Failed to find original user"));
|
||||||
}
|
}
|
||||||
// get the source user details
|
// get the source user details
|
||||||
UserDetails originalUser = null;
|
UserDetails originalUser = null;
|
||||||
|
|
@ -322,7 +325,7 @@ public class SwitchUserFilter extends GenericFilterBean implements ApplicationEv
|
||||||
// check for switch user type of authority
|
// check for switch user type of authority
|
||||||
if (auth instanceof SwitchUserGrantedAuthority) {
|
if (auth instanceof SwitchUserGrantedAuthority) {
|
||||||
original = ((SwitchUserGrantedAuthority) auth).getSource();
|
original = ((SwitchUserGrantedAuthority) auth).getSource();
|
||||||
this.logger.debug("Found original switch user granted authority [" + original + "]");
|
this.logger.debug(LogMessage.format("Found original switch user granted authority [%s]", original));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return original;
|
return original;
|
||||||
|
|
|
||||||
|
|
@ -158,8 +158,12 @@ public class SwitchUserWebFilter implements WebFilter {
|
||||||
public Mono<Void> filter(ServerWebExchange exchange, WebFilterChain chain) {
|
public Mono<Void> filter(ServerWebExchange exchange, WebFilterChain chain) {
|
||||||
final WebFilterExchange webFilterExchange = new WebFilterExchange(exchange, chain);
|
final WebFilterExchange webFilterExchange = new WebFilterExchange(exchange, chain);
|
||||||
return switchUser(webFilterExchange).switchIfEmpty(Mono.defer(() -> exitSwitchUser(webFilterExchange)))
|
return switchUser(webFilterExchange).switchIfEmpty(Mono.defer(() -> exitSwitchUser(webFilterExchange)))
|
||||||
.switchIfEmpty(Mono.defer(() -> chain.filter(exchange).then(Mono.empty())))
|
.switchIfEmpty(Mono.defer(() -> {
|
||||||
.flatMap((authentication) -> onAuthenticationSuccess(authentication, webFilterExchange))
|
this.logger.trace(
|
||||||
|
LogMessage.format("Did not attempt to switch user since request did not match [%s] or [%s]",
|
||||||
|
this.switchUserMatcher, this.exitUserMatcher));
|
||||||
|
return chain.filter(exchange).then(Mono.empty());
|
||||||
|
})).flatMap((authentication) -> onAuthenticationSuccess(authentication, webFilterExchange))
|
||||||
.onErrorResume(SwitchUserAuthenticationException.class, (exception) -> Mono.empty());
|
.onErrorResume(SwitchUserAuthenticationException.class, (exception) -> Mono.empty());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -211,7 +215,7 @@ public class SwitchUserWebFilter implements WebFilter {
|
||||||
@NonNull
|
@NonNull
|
||||||
private Mono<Authentication> attemptSwitchUser(Authentication currentAuthentication, String userName) {
|
private Mono<Authentication> attemptSwitchUser(Authentication currentAuthentication, String userName) {
|
||||||
Assert.notNull(userName, "The userName can not be null.");
|
Assert.notNull(userName, "The userName can not be null.");
|
||||||
this.logger.debug(LogMessage.format("Attempt to switch to user [%s]", userName));
|
this.logger.debug(LogMessage.format("Attempting to switch to user [%s]", userName));
|
||||||
return this.userDetailsService.findByUsername(userName)
|
return this.userDetailsService.findByUsername(userName)
|
||||||
.switchIfEmpty(Mono.error(this::noTargetAuthenticationException))
|
.switchIfEmpty(Mono.error(this::noTargetAuthenticationException))
|
||||||
.doOnNext(this.userDetailsChecker::check)
|
.doOnNext(this.userDetailsChecker::check)
|
||||||
|
|
@ -222,7 +226,7 @@ public class SwitchUserWebFilter implements WebFilter {
|
||||||
private Authentication attemptExitUser(Authentication currentAuthentication) {
|
private Authentication attemptExitUser(Authentication currentAuthentication) {
|
||||||
Optional<Authentication> sourceAuthentication = extractSourceAuthentication(currentAuthentication);
|
Optional<Authentication> sourceAuthentication = extractSourceAuthentication(currentAuthentication);
|
||||||
if (!sourceAuthentication.isPresent()) {
|
if (!sourceAuthentication.isPresent()) {
|
||||||
this.logger.debug("Could not find original user Authentication object!");
|
this.logger.debug("Failed to find original user");
|
||||||
throw noOriginalAuthenticationException();
|
throw noOriginalAuthenticationException();
|
||||||
}
|
}
|
||||||
return sourceAuthentication.get();
|
return sourceAuthentication.get();
|
||||||
|
|
@ -232,13 +236,14 @@ public class SwitchUserWebFilter implements WebFilter {
|
||||||
ServerWebExchange exchange = webFilterExchange.getExchange();
|
ServerWebExchange exchange = webFilterExchange.getExchange();
|
||||||
SecurityContextImpl securityContext = new SecurityContextImpl(authentication);
|
SecurityContextImpl securityContext = new SecurityContextImpl(authentication);
|
||||||
return this.securityContextRepository.save(exchange, securityContext)
|
return this.securityContextRepository.save(exchange, securityContext)
|
||||||
|
.doOnSuccess((v) -> this.logger.debug(LogMessage.format("Switched user to %s", authentication)))
|
||||||
.then(this.successHandler.onAuthenticationSuccess(webFilterExchange, authentication))
|
.then(this.successHandler.onAuthenticationSuccess(webFilterExchange, authentication))
|
||||||
.subscriberContext(ReactiveSecurityContextHolder.withSecurityContext(Mono.just(securityContext)));
|
.subscriberContext(ReactiveSecurityContextHolder.withSecurityContext(Mono.just(securityContext)));
|
||||||
}
|
}
|
||||||
|
|
||||||
private Mono<Void> onAuthenticationFailure(AuthenticationException exception, WebFilterExchange webFilterExchange) {
|
private Mono<Void> onAuthenticationFailure(AuthenticationException exception, WebFilterExchange webFilterExchange) {
|
||||||
return Mono.justOrEmpty(this.failureHandler).switchIfEmpty(Mono.defer(() -> {
|
return Mono.justOrEmpty(this.failureHandler).switchIfEmpty(Mono.defer(() -> {
|
||||||
this.logger.error("Switch User failed", exception);
|
this.logger.debug("Failed to switch user", exception);
|
||||||
return Mono.error(exception);
|
return Mono.error(exception);
|
||||||
})).flatMap((failureHandler) -> failureHandler.onAuthenticationFailure(webFilterExchange, exception));
|
})).flatMap((failureHandler) -> failureHandler.onAuthenticationFailure(webFilterExchange, exception));
|
||||||
}
|
}
|
||||||
|
|
@ -247,7 +252,7 @@ public class SwitchUserWebFilter implements WebFilter {
|
||||||
Optional<Authentication> sourceAuthentication = extractSourceAuthentication(currentAuthentication);
|
Optional<Authentication> sourceAuthentication = extractSourceAuthentication(currentAuthentication);
|
||||||
if (sourceAuthentication.isPresent()) {
|
if (sourceAuthentication.isPresent()) {
|
||||||
// SEC-1763. Check first if we are already switched.
|
// SEC-1763. Check first if we are already switched.
|
||||||
this.logger.info(
|
this.logger.debug(
|
||||||
LogMessage.format("Found original switch user granted authority [%s]", sourceAuthentication.get()));
|
LogMessage.format("Found original switch user granted authority [%s]", sourceAuthentication.get()));
|
||||||
currentAuthentication = sourceAuthentication.get();
|
currentAuthentication = sourceAuthentication.get();
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue