Add GrantedAuthorities.FACTOR_*_AUTHORITY
Closes gh-17952
This commit is contained in:
Rob Winch
+2
-1
@@ -36,6 +36,7 @@ import org.springframework.security.authentication.LockedException;
|
||||
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.core.AuthenticationException;
|
||||
import org.springframework.security.core.GrantedAuthorities;
|
||||
import org.springframework.security.core.GrantedAuthority;
|
||||
import org.springframework.security.core.SpringSecurityMessageSource;
|
||||
import org.springframework.security.core.authority.SimpleGrantedAuthority;
|
||||
@@ -99,7 +100,7 @@ public abstract class AbstractUserDetailsAuthenticationProvider
|
||||
|
||||
private GrantedAuthoritiesMapper authoritiesMapper = new NullAuthoritiesMapper();
|
||||
|
||||
private static final String AUTHORITY = "FACTOR_PASSWORD";
|
||||
private static final String AUTHORITY = GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY;
|
||||
|
||||
/**
|
||||
* Allows subclasses to perform any additional checks of a returned (or cached)
|
||||
|
||||
+2
-1
@@ -44,6 +44,7 @@ import org.springframework.security.authentication.jaas.event.JaasAuthentication
|
||||
import org.springframework.security.authentication.jaas.event.JaasAuthenticationSuccessEvent;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.core.AuthenticationException;
|
||||
import org.springframework.security.core.GrantedAuthorities;
|
||||
import org.springframework.security.core.GrantedAuthority;
|
||||
import org.springframework.security.core.authority.SimpleGrantedAuthority;
|
||||
import org.springframework.security.core.context.SecurityContext;
|
||||
@@ -121,7 +122,7 @@ import org.springframework.util.ObjectUtils;
|
||||
public abstract class AbstractJaasAuthenticationProvider implements AuthenticationProvider,
|
||||
ApplicationEventPublisherAware, InitializingBean, ApplicationListener<SessionDestroyedEvent> {
|
||||
|
||||
private static final String AUTHORITY = "FACTOR_PASSWORD";
|
||||
private static final String AUTHORITY = GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY;
|
||||
|
||||
private ApplicationEventPublisher applicationEventPublisher = (event) -> {
|
||||
};
|
||||
|
||||
+2
-1
@@ -23,6 +23,7 @@ import org.springframework.security.authentication.AuthenticationProvider;
|
||||
import org.springframework.security.authentication.BadCredentialsException;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.core.AuthenticationException;
|
||||
import org.springframework.security.core.GrantedAuthorities;
|
||||
import org.springframework.security.core.GrantedAuthority;
|
||||
import org.springframework.security.core.authority.SimpleGrantedAuthority;
|
||||
import org.springframework.security.core.userdetails.UserDetails;
|
||||
@@ -40,7 +41,7 @@ import org.springframework.util.Assert;
|
||||
*/
|
||||
public final class OneTimeTokenAuthenticationProvider implements AuthenticationProvider {
|
||||
|
||||
private static final String AUTHORITY = "FACTOR_OTT";
|
||||
private static final String AUTHORITY = GrantedAuthorities.FACTOR_OTT_AUTHORITY;
|
||||
|
||||
private final OneTimeTokenService oneTimeTokenService;
|
||||
|
||||
|
||||
@@ -0,0 +1,78 @@
|
||||
/*
|
||||
* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* https://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package org.springframework.security.core;
|
||||
|
||||
/**
|
||||
* Constants for {@link GrantedAuthority}.
|
||||
*
|
||||
* @author Rob Winch
|
||||
* @since 7.0
|
||||
*/
|
||||
public final class GrantedAuthorities {
|
||||
|
||||
/**
|
||||
* The standard {@link GrantedAuthority#getAuthority()} that indicates that OAuth2
|
||||
* Authorization Code was used to authenticate.
|
||||
*/
|
||||
public static final String FACTOR_AUTHORIZATION_CODE_AUTHORITY = "FACTOR_AUTHORIZATION_CODE";
|
||||
|
||||
/**
|
||||
* The standard {@link GrantedAuthority#getAuthority()} that indicates that bearer
|
||||
* authentication was used to authenticate.
|
||||
*/
|
||||
public static final String FACTOR_BEARER_AUTHORITY = "FACTOR_BEARER";
|
||||
|
||||
/**
|
||||
* The standard {@link GrantedAuthority#getAuthority()} that indicates that CAS was
|
||||
* used to authenticate.
|
||||
*/
|
||||
public static final String FACTOR_CAS_AUTHORITY = "FACTOR_CAS";
|
||||
|
||||
/**
|
||||
* The standard {@link GrantedAuthority#getAuthority()} that indicates that one time
|
||||
* token was used to authenticate.
|
||||
*/
|
||||
public static final String FACTOR_OTT_AUTHORITY = "FACTOR_OTT";
|
||||
|
||||
/**
|
||||
* The standard {@link GrantedAuthority#getAuthority()} that indicates that a password
|
||||
* was used to authenticate.
|
||||
*/
|
||||
public static final String FACTOR_PASSWORD_AUTHORITY = "FACTOR_PASSWORD";
|
||||
|
||||
/**
|
||||
* The standard {@link GrantedAuthority#getAuthority()} that indicates that SAML was
|
||||
* used to authenticate.
|
||||
*/
|
||||
public static final String FACTOR_SAML_RESPONSE_AUTHORITY = "FACTOR_SAML_RESPONSE";
|
||||
|
||||
/**
|
||||
* The standard {@link GrantedAuthority#getAuthority()} that indicates that WebAuthn
|
||||
* was used to authenticate.
|
||||
*/
|
||||
public static final String FACTOR_WEBAUTHN_AUTHORITY = "FACTOR_WEBAUTHN";
|
||||
|
||||
/**
|
||||
* The standard {@link GrantedAuthority#getAuthority()} that indicates that X509 was
|
||||
* used to authenticate.
|
||||
*/
|
||||
public static final String FACTOR_X509_AUTHORITY = "FACTOR_X509";
|
||||
|
||||
private GrantedAuthorities() {
|
||||
}
|
||||
|
||||
}
|
||||
+2
-1
@@ -38,6 +38,7 @@ import org.springframework.security.authentication.password.CompromisedPasswordC
|
||||
import org.springframework.security.authentication.password.CompromisedPasswordDecision;
|
||||
import org.springframework.security.authentication.password.CompromisedPasswordException;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.core.GrantedAuthorities;
|
||||
import org.springframework.security.core.GrantedAuthority;
|
||||
import org.springframework.security.core.authority.AuthorityUtils;
|
||||
import org.springframework.security.core.userdetails.PasswordEncodedUser;
|
||||
@@ -511,7 +512,7 @@ public class DaoAuthenticationProviderTests {
|
||||
DaoAuthenticationProvider provider = new DaoAuthenticationProvider(withUsers(user));
|
||||
Authentication request = new UsernamePasswordAuthenticationToken("user", "password");
|
||||
Authentication result = provider.authenticate(request);
|
||||
SecurityAssertions.assertThat(result).hasAuthority("FACTOR_PASSWORD");
|
||||
SecurityAssertions.assertThat(result).hasAuthority(GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY);
|
||||
}
|
||||
|
||||
private UserDetailsService withUsers(UserDetails... users) {
|
||||
|
||||
+2
-1
@@ -40,6 +40,7 @@ import org.springframework.security.authentication.TestingAuthenticationToken;
|
||||
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.core.AuthenticationException;
|
||||
import org.springframework.security.core.GrantedAuthorities;
|
||||
import org.springframework.security.core.GrantedAuthority;
|
||||
import org.springframework.security.core.authority.AuthorityUtils;
|
||||
import org.springframework.security.core.context.SecurityContext;
|
||||
@@ -241,7 +242,7 @@ public class JaasAuthenticationProviderTests {
|
||||
public void authenticateWhenSuccessThenIssuesFactor() {
|
||||
UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("user", "password");
|
||||
Authentication result = this.jaasProvider.authenticate(token);
|
||||
SecurityAssertions.assertThat(result).hasAuthority("FACTOR_PASSWORD");
|
||||
SecurityAssertions.assertThat(result).hasAuthority(GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY);
|
||||
}
|
||||
|
||||
private static class MockLoginContext extends LoginContext {
|
||||
|
||||
+2
-1
@@ -28,6 +28,7 @@ import org.mockito.junit.jupiter.MockitoExtension;
|
||||
import org.springframework.security.authentication.BadCredentialsException;
|
||||
import org.springframework.security.authentication.SecurityAssertions;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.core.GrantedAuthorities;
|
||||
import org.springframework.security.core.userdetails.User;
|
||||
import org.springframework.security.core.userdetails.UserDetailsService;
|
||||
import org.springframework.security.core.userdetails.UsernameNotFoundException;
|
||||
@@ -108,7 +109,7 @@ public class OneTimeTokenAuthenticationProviderTests {
|
||||
OneTimeTokenAuthenticationToken token = new OneTimeTokenAuthenticationToken(TOKEN);
|
||||
|
||||
Authentication authentication = this.provider.authenticate(token);
|
||||
SecurityAssertions.assertThat(authentication).hasAuthority("FACTOR_OTT");
|
||||
SecurityAssertions.assertThat(authentication).hasAuthority(GrantedAuthorities.FACTOR_OTT_AUTHORITY);
|
||||
}
|
||||
|
||||
@Test
|
||||
|
||||
Reference in New Issue
Block a user