Josh Cummings
2 months ago
24 changed files with 279 additions and 333 deletions
@ -0,0 +1,163 @@ |
|||||||
|
/* |
||||||
|
* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited |
||||||
|
* |
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License"); |
||||||
|
* you may not use this file except in compliance with the License. |
||||||
|
* You may obtain a copy of the License at |
||||||
|
* |
||||||
|
* https://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
* |
||||||
|
* Unless required by applicable law or agreed to in writing, software |
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS, |
||||||
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
||||||
|
* See the License for the specific language governing permissions and |
||||||
|
* limitations under the License. |
||||||
|
*/ |
||||||
|
|
||||||
|
package org.springframework.security.core; |
||||||
|
|
||||||
|
import java.util.Collection; |
||||||
|
import java.util.HashSet; |
||||||
|
import java.util.Set; |
||||||
|
import java.util.function.Consumer; |
||||||
|
import java.util.stream.Collectors; |
||||||
|
|
||||||
|
import org.jspecify.annotations.Nullable; |
||||||
|
|
||||||
|
import org.springframework.security.authentication.AuthenticationManager; |
||||||
|
import org.springframework.security.core.context.SecurityContextHolder; |
||||||
|
|
||||||
|
/** |
||||||
|
* Represents the token for an authentication request or for an authenticated principal |
||||||
|
* once the request has been processed by the |
||||||
|
* {@link AuthenticationManager#authenticate(Authentication)} method. |
||||||
|
* <p> |
||||||
|
* Once the request has been authenticated, the <tt>Authentication</tt> will usually be |
||||||
|
* stored in a thread-local <tt>SecurityContext</tt> managed by the |
||||||
|
* {@link SecurityContextHolder} by the authentication mechanism which is being used. An |
||||||
|
* explicit authentication can be achieved, without using one of Spring Security's |
||||||
|
* authentication mechanisms, by creating an <tt>Authentication</tt> instance and using |
||||||
|
* the code: |
||||||
|
* |
||||||
|
* <pre> |
||||||
|
* SecurityContext context = SecurityContextHolder.createEmptyContext(); |
||||||
|
* context.setAuthentication(anAuthentication); |
||||||
|
* SecurityContextHolder.setContext(context); |
||||||
|
* </pre> |
||||||
|
* |
||||||
|
* Note that unless the <tt>Authentication</tt> has the <tt>authenticated</tt> property |
||||||
|
* set to <tt>true</tt>, it will still be authenticated by any security interceptor (for |
||||||
|
* method or web invocations) which encounters it. |
||||||
|
* <p> |
||||||
|
* In most cases, the framework transparently takes care of managing the security context |
||||||
|
* and authentication objects for you. |
||||||
|
* |
||||||
|
* @author Ben Alex |
||||||
|
*/ |
||||||
|
public interface BuildableAuthentication extends Authentication { |
||||||
|
|
||||||
|
/** |
||||||
|
* Return an {@link Builder} based on this instance. |
||||||
|
* <p> |
||||||
|
* Although a {@code default} method, all {@link BuildableAuthentication} |
||||||
|
* implementations should implement this. The reason is to ensure that the |
||||||
|
* {@link BuildableAuthentication} type is preserved when {@link Builder#build} is |
||||||
|
* invoked. This is especially important in the event that your authentication |
||||||
|
* implementation contains custom fields. |
||||||
|
* </p> |
||||||
|
* <p> |
||||||
|
* This isn't strictly necessary since it is recommended that applications code to the |
||||||
|
* {@link Authentication} interface and that custom information is often contained in |
||||||
|
* the {@link Authentication#getPrincipal} value. |
||||||
|
* </p> |
||||||
|
* @return an {@link Builder} for building a new {@link BuildableAuthentication} based |
||||||
|
* on this instance |
||||||
|
* @since 7.0 |
||||||
|
*/ |
||||||
|
Builder<?> toBuilder(); |
||||||
|
|
||||||
|
/** |
||||||
|
* A builder based on a given {@link BuildableAuthentication} instance |
||||||
|
* |
||||||
|
* @author Josh Cummings |
||||||
|
* @since 7.0 |
||||||
|
*/ |
||||||
|
interface Builder<B extends Builder<B>> { |
||||||
|
|
||||||
|
/** |
||||||
|
* Mutate the authorities with this {@link Consumer}. |
||||||
|
* <p> |
||||||
|
* Note that since a non-empty set of authorities implies an |
||||||
|
* {@link Authentication} is authenticated, this method also marks the |
||||||
|
* authentication as {@link #authenticated} by default. |
||||||
|
* </p> |
||||||
|
* @param authorities a consumer that receives the full set of authorities |
||||||
|
* @return the {@link Builder} for additional configuration |
||||||
|
* @see Authentication#getAuthorities |
||||||
|
*/ |
||||||
|
B authorities(Consumer<Collection<GrantedAuthority>> authorities); |
||||||
|
|
||||||
|
/** |
||||||
|
* Use this credential. |
||||||
|
* <p> |
||||||
|
* Note that since some credentials are insecure to store, this method is |
||||||
|
* implemented as unsupported by default. Only implement or use this method if you |
||||||
|
* support secure storage of the credential or if your implementation also |
||||||
|
* implements {@link CredentialsContainer} and the credentials are thereby erased. |
||||||
|
* </p> |
||||||
|
* @param credentials the credentials to use |
||||||
|
* @return the {@link Builder} for additional configuration |
||||||
|
* @see Authentication#getCredentials |
||||||
|
*/ |
||||||
|
default B credentials(@Nullable Object credentials) { |
||||||
|
throw new UnsupportedOperationException( |
||||||
|
String.format("%s does not store credentials", this.getClass().getSimpleName())); |
||||||
|
} |
||||||
|
|
||||||
|
/** |
||||||
|
* Use this details object. |
||||||
|
* <p> |
||||||
|
* Implementations may choose to use these {@code details} in combination with any |
||||||
|
* principal from the pre-existing {@link Authentication} instance. |
||||||
|
* </p> |
||||||
|
* @param details the details to use |
||||||
|
* @return the {@link Builder} for additional configuration |
||||||
|
* @see Authentication#getDetails |
||||||
|
*/ |
||||||
|
B details(@Nullable Object details); |
||||||
|
|
||||||
|
/** |
||||||
|
* Use this principal. |
||||||
|
* <p> |
||||||
|
* Note that in many cases, the principal is strongly-typed. Implementations may |
||||||
|
* choose to do a type check and are not necessarily expected to allow any object |
||||||
|
* as a principal. |
||||||
|
* </p> |
||||||
|
* <p> |
||||||
|
* Implementations may choose to use this {@code principal} in combination with |
||||||
|
* any principal from the pre-existing {@link Authentication} instance. |
||||||
|
* </p> |
||||||
|
* @param principal the principal to use |
||||||
|
* @return the {@link Builder} for additional configuration |
||||||
|
* @see Authentication#getPrincipal |
||||||
|
*/ |
||||||
|
B principal(@Nullable Object principal); |
||||||
|
|
||||||
|
/** |
||||||
|
* Mark this authentication as authenticated or not |
||||||
|
* @param authenticated whether this is an authenticated |
||||||
|
* {@link Authentication} instance |
||||||
|
* @return the {@link Builder} for additional configuration |
||||||
|
* @see Authentication#isAuthenticated |
||||||
|
*/ |
||||||
|
B authenticated(boolean authenticated); |
||||||
|
|
||||||
|
/** |
||||||
|
* Build an {@link Authentication} instance |
||||||
|
* @return the {@link Authentication} instance |
||||||
|
*/ |
||||||
|
Authentication build(); |
||||||
|
|
||||||
|
} |
||||||
|
|
||||||
|
} |
||||||
@ -1,151 +0,0 @@ |
|||||||
/* |
|
||||||
* Copyright 2004-present the original author or authors. |
|
||||||
* |
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License"); |
|
||||||
* you may not use this file except in compliance with the License. |
|
||||||
* You may obtain a copy of the License at |
|
||||||
* |
|
||||||
* https://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
* |
|
||||||
* Unless required by applicable law or agreed to in writing, software |
|
||||||
* distributed under the License is distributed on an "AS IS" BASIS, |
|
||||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
|
||||||
* See the License for the specific language governing permissions and |
|
||||||
* limitations under the License. |
|
||||||
*/ |
|
||||||
|
|
||||||
package org.springframework.security.core; |
|
||||||
|
|
||||||
import java.io.Serial; |
|
||||||
import java.util.Collection; |
|
||||||
import java.util.LinkedHashSet; |
|
||||||
import java.util.function.Consumer; |
|
||||||
|
|
||||||
import org.apache.commons.logging.Log; |
|
||||||
import org.apache.commons.logging.LogFactory; |
|
||||||
import org.jspecify.annotations.Nullable; |
|
||||||
|
|
||||||
@Transient |
|
||||||
final class SimpleAuthentication implements Authentication { |
|
||||||
|
|
||||||
@Serial |
|
||||||
private static final long serialVersionUID = 3194696462184782814L; |
|
||||||
|
|
||||||
private final @Nullable Object principal; |
|
||||||
|
|
||||||
private final @Nullable Object credentials; |
|
||||||
|
|
||||||
private final Collection<GrantedAuthority> authorities; |
|
||||||
|
|
||||||
private final @Nullable Object details; |
|
||||||
|
|
||||||
private final boolean authenticated; |
|
||||||
|
|
||||||
private SimpleAuthentication(Builder builder) { |
|
||||||
this.principal = builder.principal; |
|
||||||
this.credentials = builder.credentials; |
|
||||||
this.authorities = builder.authorities; |
|
||||||
this.details = builder.details; |
|
||||||
this.authenticated = builder.authenticated; |
|
||||||
} |
|
||||||
|
|
||||||
@Override |
|
||||||
public Collection<? extends GrantedAuthority> getAuthorities() { |
|
||||||
return this.authorities; |
|
||||||
} |
|
||||||
|
|
||||||
@Override |
|
||||||
public @Nullable Object getCredentials() { |
|
||||||
return this.credentials; |
|
||||||
} |
|
||||||
|
|
||||||
@Override |
|
||||||
public @Nullable Object getDetails() { |
|
||||||
return this.details; |
|
||||||
} |
|
||||||
|
|
||||||
@Override |
|
||||||
public @Nullable Object getPrincipal() { |
|
||||||
return this.principal; |
|
||||||
} |
|
||||||
|
|
||||||
@Override |
|
||||||
public boolean isAuthenticated() { |
|
||||||
return this.authenticated; |
|
||||||
} |
|
||||||
|
|
||||||
@Override |
|
||||||
public void setAuthenticated(boolean isAuthenticated) throws IllegalArgumentException { |
|
||||||
throw new IllegalArgumentException( |
|
||||||
"Instead of calling this setter, please call toBuilder to create a new instance"); |
|
||||||
} |
|
||||||
|
|
||||||
@Override |
|
||||||
public String getName() { |
|
||||||
return (this.principal == null) ? "" : this.principal.toString(); |
|
||||||
} |
|
||||||
|
|
||||||
static final class Builder implements Authentication.Builder<Builder> { |
|
||||||
|
|
||||||
private final Log logger = LogFactory.getLog(getClass()); |
|
||||||
|
|
||||||
private final Collection<GrantedAuthority> authorities = new LinkedHashSet<>(); |
|
||||||
|
|
||||||
private @Nullable Object principal; |
|
||||||
|
|
||||||
private @Nullable Object credentials; |
|
||||||
|
|
||||||
private @Nullable Object details; |
|
||||||
|
|
||||||
private boolean authenticated; |
|
||||||
|
|
||||||
Builder(Authentication authentication) { |
|
||||||
this.logger.debug("Creating a builder which will result in exchanging an authentication of type " |
|
||||||
+ authentication.getClass() + " for " + SimpleAuthentication.class.getSimpleName() + ";" |
|
||||||
+ " consider implementing " + authentication.getClass().getSimpleName() + "#toBuilder"); |
|
||||||
this.authorities.addAll(authentication.getAuthorities()); |
|
||||||
this.principal = authentication.getPrincipal(); |
|
||||||
this.credentials = authentication.getCredentials(); |
|
||||||
this.details = authentication.getDetails(); |
|
||||||
this.authenticated = authentication.isAuthenticated(); |
|
||||||
|
|
||||||
} |
|
||||||
|
|
||||||
@Override |
|
||||||
public Builder authorities(Consumer<Collection<GrantedAuthority>> authorities) { |
|
||||||
authorities.accept(this.authorities); |
|
||||||
return this; |
|
||||||
} |
|
||||||
|
|
||||||
@Override |
|
||||||
public Builder details(@Nullable Object details) { |
|
||||||
this.details = details; |
|
||||||
return this; |
|
||||||
} |
|
||||||
|
|
||||||
@Override |
|
||||||
public Builder principal(@Nullable Object principal) { |
|
||||||
this.principal = principal; |
|
||||||
return this; |
|
||||||
} |
|
||||||
|
|
||||||
@Override |
|
||||||
public Builder credentials(@Nullable Object credentials) { |
|
||||||
this.credentials = credentials; |
|
||||||
return this; |
|
||||||
} |
|
||||||
|
|
||||||
@Override |
|
||||||
public Builder authenticated(boolean authenticated) { |
|
||||||
this.authenticated = authenticated; |
|
||||||
return this; |
|
||||||
} |
|
||||||
|
|
||||||
@Override |
|
||||||
public Authentication build() { |
|
||||||
return new SimpleAuthentication(this); |
|
||||||
} |
|
||||||
|
|
||||||
} |
|
||||||
|
|
||||||
} |
|
||||||
Loading…
Reference in new issue