import org.springframework.security.GrantedAuthority; //导入依赖的package包/类
@Override
public Authentication authenticate(Authentication authenticationRequest)
		throws AuthenticationException {
	GrantedAuthority[] authorities = new GrantedAuthorityImpl[authenticationRequest.getAuthorities().length + 1];
	authorities[0] = new GrantedAuthorityImpl(AUTHENTICATED_AUTHORITY_NAME);
	int i = 1;
	for(GrantedAuthority originalAuth : authenticationRequest.getAuthorities()){
		authorities[i] = new GrantedAuthorityImpl(originalAuth.getAuthority());
		i += 1;
	}
	
	UsernamePasswordAuthenticationToken authenticationOutcome = new UsernamePasswordAuthenticationToken(authenticationRequest.getPrincipal(), 
			authenticationRequest.getCredentials(), authorities);
	authenticationOutcome.setDetails(authenticationRequest.getDetails());
	return authenticationOutcome;
}
 

import org.springframework.security.GrantedAuthority; //导入依赖的package包/类
/**
 * Determine if the currently authenticated user has the role provided. Note that role
 * comparisons are case sensitive.
 * 
 * @param role to check
 * @return true if the user has the role requested
 */
public boolean isUserInRole(String role) {
    boolean inRole = false;

    Authentication authentication = getAuthentication();
    if( authentication != null ) {
        GrantedAuthority[] authorities = authentication.getAuthorities();
        for( int i = 0; i < authorities.length; i++ ) {
            if( role.equals( authorities[i].getAuthority() ) ) {
                inRole = true;
                break;
            }
        }
    }
    return inRole;
}
 

import org.springframework.security.GrantedAuthority; //导入依赖的package包/类
@Before
public void setUp() throws Exception {
    pluginId = "github.oauth";
    user = new User("username", "displayname", "emailId");
    authorities = new GrantedAuthority[]{GoAuthority.ROLE_USER.asAuthority()};

    authorizationExtension = mock(AuthorizationExtension.class);
    authorityGranter = mock(AuthorityGranter.class);
    userService = mock(UserService.class);
    pluginRoleService = mock(PluginRoleService.class);
    goConfigService = mock(GoConfigService.class);
    authenticationProvider = new PreAuthenticatedAuthenticationProvider(authorizationExtension, pluginRoleService, userService, authorityGranter, goConfigService);
    AuthenticationResponse authenticationResponse = new AuthenticationResponse(user, asList("admin"));

    securityConfig = new SecurityConfig();
    stub(goConfigService.security()).toReturn(securityConfig);
    stub(authorizationExtension.authenticateUser(any(String.class), any(Map.class), any(List.class), any(List.class))).toReturn(authenticationResponse);
    stub(authorityGranter.authorities(anyString())).toReturn(authorities);
    securityConfig.securityAuthConfigs().add(new SecurityAuthConfig("github", pluginId));
}
 

import org.springframework.security.GrantedAuthority; //导入依赖的package包/类
@Test
public void reuthenticationUsingAuthorizationPlugins_shouldUseTheLoginNameAvailableInGoUserPrinciple() throws Exception {
    String pluginId1 = "cd.go.ldap";

    securityConfig.securityAuthConfigs().add(new SecurityAuthConfig("ldap", "cd.go.ldap"));
    addPluginSupportingPasswordBasedAuthentication(pluginId1);
    when(authorizationExtension.authenticateUser(pluginId1, "[email protected]", "password", securityConfig.securityAuthConfigs().findByPluginId(pluginId1), securityConfig.getPluginRoles(pluginId1))).thenReturn(
            new AuthenticationResponse(
                    new User("username", "bob", "[email protected]"),
                    Arrays.asList("blackbird", "admins")
            )
    );
    GoUserPrinciple principal = new GoUserPrinciple("username", "Display", "password", true, true, true, true, new GrantedAuthority[]{}, "[email protected]");

    UserDetails userDetails = provider.retrieveUser("username", new UsernamePasswordAuthenticationToken(principal, "password"));

    assertThat(userDetails, is(instanceOf(GoUserPrinciple.class)));
    GoUserPrinciple goUserPrincipal = (GoUserPrinciple) userDetails;
    assertThat(goUserPrincipal.getUsername(), is("username"));
    assertThat(goUserPrincipal.getLoginName(), is("[email protected]"));

    verify(pluginRoleService).updatePluginRoles("cd.go.ldap", "username", CaseInsensitiveString.caseInsensitiveStrings(Arrays.asList("blackbird", "admins")));
}
 

import org.springframework.security.GrantedAuthority; //导入依赖的package包/类
@Test
public void reuthenticationUsingAuthorizationPlugins_shouldFallbackOnUserNameInAbsenceOfLoginNameInGoUserPrinciple() throws Exception {
    String pluginId1 = "cd.go.ldap";

    securityConfig.securityAuthConfigs().add(new SecurityAuthConfig("ldap", "cd.go.ldap"));
    addPluginSupportingPasswordBasedAuthentication(pluginId1);
    when(authorizationExtension.authenticateUser(pluginId1, "username", "password", securityConfig.securityAuthConfigs().findByPluginId(pluginId1), securityConfig.getPluginRoles(pluginId1))).thenReturn(
            new AuthenticationResponse(
                    new User("username", "bob", "[email protected]"),
                    Arrays.asList("blackbird", "admins")
            )
    );
    GoUserPrinciple principal = new GoUserPrinciple("username", "Display", "password", true, true, true, true, new GrantedAuthority[]{}, null);

    UserDetails userDetails = provider.retrieveUser("username", new UsernamePasswordAuthenticationToken(principal, "password"));

    assertNotNull(userDetails);

    verify(pluginRoleService).updatePluginRoles("cd.go.ldap", "username", CaseInsensitiveString.caseInsensitiveStrings(Arrays.asList("blackbird", "admins")));
}
 

import org.springframework.security.GrantedAuthority; //导入依赖的package包/类
/**
 * 인증된 사용자의 권한 정보를 가져온다. 예) [ROLE_ADMIN, ROLE_USER,
 * ROLE_A, ROLE_B, ROLE_RESTRICTED,
 * IS_AUTHENTICATED_FULLY,
 * IS_AUTHENTICATED_REMEMBERED,
 * IS_AUTHENTICATED_ANONYMOUSLY]
 * @return 사용자 권한정보 목록
 */
public static List<String> getAuthorities() {
    List<String> listAuth = new ArrayList<String>();

    SecurityContext context = SecurityContextHolder.getContext();
    Authentication authentication = context.getAuthentication();

    if (EgovObjectUtil.isNull(authentication)) {
        log.debug("## authentication object is null!!");
        return null;
    }

    GrantedAuthority[] authorities = authentication.getAuthorities();

    for (int i = 0; i < authorities.length; i++) {
        listAuth.add(authorities[i].getAuthority());

        log.debug("## EgovUserDetailsHelper.getAuthorities : Authority is "
            + authorities[i].getAuthority());
    }

    return listAuth;
}
 

import org.springframework.security.GrantedAuthority; //导入依赖的package包/类
@Test
public void testAuthenticateTempUser() throws Exception {
       OnmsUser user = new OnmsUser("tempuser");
    user.setFullName("Temporary User");
    user.setPassword("18126E7BD3F84B3F3E4DF094DEF5B7DE");
    user.setDutySchedule(Arrays.asList("MoTuWeThFrSaSu800-2300"));
    m_userManager.save(user);

	Authentication authentication = new UsernamePasswordAuthenticationToken("tempuser", "mike");
	Authentication authenticated = m_provider.authenticate(authentication);
	assertNotNull("authenticated Authentication object not null", authenticated);
	GrantedAuthority[] authorities = authenticated.getAuthorities();
	assertNotNull("GrantedAuthorities should not be null", authorities);
	assertEquals("GrantedAuthorities size", 1, authorities.length);
	assertEquals("GrantedAuthorities zero role", "ROLE_USER", authorities[0].getAuthority());
}
 

import org.springframework.security.GrantedAuthority; //导入依赖的package包/类
@Test
@DirtiesContext
public void testGetByUsernameTempUser() throws Exception {
    final OnmsUser newUser = new OnmsUser("tempuser");
    newUser.setPassword("18126E7BD3F84B3F3E4DF094DEF5B7DE");
    m_userManager.save(newUser);

    final OnmsUser user = ((SpringSecurityUserDaoImpl) m_springSecurityDao).getByUsername("tempuser");
    assertNotNull("user object should not be null", user);
    assertEquals("OnmsUser name", "tempuser", user.getUsername());
    assertEquals("Full name", null, user.getFullName());
    assertEquals("Comments", null, user.getComments());
    assertEquals("Password", "18126E7BD3F84B3F3E4DF094DEF5B7DE", user.getPassword());

    GrantedAuthority[] authorities = user.getAuthorities();
    assertNotNull("authorities should not be null", authorities);
    assertEquals("authorities size", 1, authorities.length);
    assertEquals("authorities 0 name", "ROLE_USER", authorities[0].getAuthority());
}
 

import org.springframework.security.GrantedAuthority; //导入依赖的package包/类
@Test
@DirtiesContext
public void testGetByUsernameDashboard() throws Exception {
    final OnmsUser newUser = new OnmsUser("dashboard");
    newUser.setPassword("DC7161BE3DBF2250C8954E560CC35060");
    m_userManager.save(newUser);

    OnmsUser user = ((SpringSecurityUserDaoImpl) m_springSecurityDao).getByUsername("dashboard");
    assertNotNull("user object should not be null", user);
    assertEquals("OnmsUser name", "dashboard", user.getUsername());
    assertEquals("Full name", null, user.getFullName());
    assertEquals("Comments", null, user.getComments());
    assertEquals("Password", "DC7161BE3DBF2250C8954E560CC35060", user.getPassword());

    GrantedAuthority[] authorities = user.getAuthorities();
    assertNotNull("authorities should not be null", authorities);
    assertEquals("authorities size", 1, authorities.length);
    assertEquals("authorities 0 name", "ROLE_DASHBOARD", authorities[0].getAuthority());
}
 

import org.springframework.security.GrantedAuthority; //导入依赖的package包/类
@Test
public void testGetUsernameNoPrincipalObject() {
    Authentication auth = new UsernamePasswordAuthenticationToken(null, null, new GrantedAuthority[0]);
    SecurityContextHolder.getContext().setAuthentication(auth);
    
    ThrowableAnticipator ta = new ThrowableAnticipator();
    ta.anticipate(new IllegalStateException("No principal object found when calling getPrinticpal on our Authentication object"));
    
    try {
        m_service.getUsername();
    } catch (Throwable t) {
        ta.throwableReceived(t);
    }
    
    ta.verifyAnticipated();
}
 

import org.springframework.security.GrantedAuthority; //导入依赖的package包/类
@Transient @Accessor
public GrantedAuthority[] getAuthorities() {
	if (this.authorities==null) {
		throw new RuntimeException("Programmatic error. The user manager has to fill in this user's groups before passing back to the security framework.");
	} else {
		return this.authorities;
	}
}
 

import org.springframework.security.GrantedAuthority; //导入依赖的package包/类
@Override
protected void setUp() throws Exception {
	super.setUp();
	user = new User("name", "password");
	user.setAuthorities(new GrantedAuthority[0]);

	getWorkspace().setUUID(WabitWorkspace.SYSTEM_WORKSPACE_UUID);
	getWorkspace().addUser(user);
}
 

import org.springframework.security.GrantedAuthority; //导入依赖的package包/类
private void authenticateUser(String requestingUserName, HttpServletRequest request) throws UserNotFoundException
{
	IPentahoUser user = getUserRoleDao().getUser(null, requestingUserName);
	if (user == null)
	{
		// TODO: implement alternative behavior if needed, e.g. create the
		// user if it does not exist
		throw new UserNotFoundException("User '" + requestingUserName
				+ "' not found in the current system using the default UserRoleDao bean");
	}

	List<IPentahoRole> roles = getUserRoleDao().getUserRoles(null, requestingUserName);
	GrantedAuthority[] authorities = new GrantedAuthority[roles.size()];
	int index = 0;
	for (IPentahoRole role : roles)
	{
		authorities[index] = new GrantedAuthorityImpl(role.getName());
	}
	ExtensionAuthenticationToken authRequestToken = new ExtensionAuthenticationToken(requestingUserName, null,
			authorities);
	authRequestToken.setDetails(new WebAuthenticationDetails(request));
	Authentication authenticationOutcome = getAuthenticationManager().authenticate(authRequestToken);

	// TODO: manage possible errors (authenticationOutcome == null,
	// Exception, etc...)
	SecurityContextHolder.getContext().setAuthentication(authenticationOutcome);
}
 

import org.springframework.security.GrantedAuthority; //导入依赖的package包/类
private static boolean userHasRole(String privilegedRole) {
    GrantedAuthority[] authorities = SecurityContextHolder.getContext().getAuthentication().getAuthorities();

    boolean result = false;
    for (int i = 0; i < authorities.length; i++) {
        if (privilegedRole.equals(authorities[i].getAuthority())) {
            result = true;
            break;
        }
    }
    return result;
}
 

import org.springframework.security.GrantedAuthority; //导入依赖的package包/类
private GrantedAuthority[] getGrantedAuthorities(Admin admin) {
	Set<GrantedAuthority> grantedAuthorities = new HashSet<GrantedAuthority>();
	for (Role role : admin.getRoleSet()) {
		for (String authority : role.getAuthorityList()) {
			grantedAuthorities.add(new GrantedAuthorityImpl(authority));
		}
	}
	return grantedAuthorities.toArray(new GrantedAuthority[grantedAuthorities.size()]);
}
 

import org.springframework.security.GrantedAuthority; //导入依赖的package包/类
@Test
public void shouldSetAdministratorIfUserIsAdministrator() throws Exception {
    securityContext.setAuthentication(
            new TestingAuthenticationToken("jez", "badger",
                    new GrantedAuthority[]{new GrantedAuthorityImpl(GoAuthority.ROLE_SUPERVISOR.toString())}));
    request.getSession().setAttribute(SPRING_SECURITY_CONTEXT_KEY, securityContext);
    view.exposeHelpers(velocityContext, request);
    assertThat(velocityContext.get(GoVelocityView.ADMINISTRATOR), is(true));
}
 

import org.springframework.security.GrantedAuthority; //导入依赖的package包/类
@Test
public void shouldSetTemplateAdministratorIfUserIsTemplateAdministrator() throws Exception {
    securityContext.setAuthentication(
            new TestingAuthenticationToken("jez", "badger",
                    new GrantedAuthority[]{new GrantedAuthorityImpl(GoAuthority.ROLE_TEMPLATE_SUPERVISOR.toString())}));
    request.getSession().setAttribute(SPRING_SECURITY_CONTEXT_KEY, securityContext);
    view.exposeHelpers(velocityContext, request);
    assertThat(velocityContext.get(GoVelocityView.TEMPLATE_ADMINISTRATOR), is(true));
}
 

import org.springframework.security.GrantedAuthority; //导入依赖的package包/类
@Test
public void shouldSetTemplateViewUserRightsForTemplateViewUser() throws Exception {
    securityContext.setAuthentication(
            new TestingAuthenticationToken("templateView", "badger",
                    new GrantedAuthority[]{new GrantedAuthorityImpl(GoAuthority.ROLE_TEMPLATE_VIEW_USER.toString())}));
    request.getSession().setAttribute(SPRING_SECURITY_CONTEXT_KEY, securityContext);
    view.exposeHelpers(velocityContext, request);
    assertThat(velocityContext.get(GoVelocityView.TEMPLATE_VIEW_USER), is(true));
}
 

import org.springframework.security.GrantedAuthority; //导入依赖的package包/类
@Test
public void shouldSetViewAdministratorRightsIfUserHasAnyLevelOfAdministratorRights() throws Exception {
    securityContext.setAuthentication(new TestingAuthenticationToken("jez", "badger", new GrantedAuthority[]{new GrantedAuthorityImpl(GoAuthority.ROLE_TEMPLATE_SUPERVISOR.toString())}));
    request.getSession().setAttribute(SPRING_SECURITY_CONTEXT_KEY, securityContext);
    view.exposeHelpers(velocityContext, request);
    assertThat(velocityContext.get(GoVelocityView.VIEW_ADMINISTRATOR_RIGHTS), is(true));

    securityContext.setAuthentication(new TestingAuthenticationToken("jez", "badger", new GrantedAuthority[]{new GrantedAuthorityImpl(GoAuthority.ROLE_GROUP_SUPERVISOR.toString())}));
    request.getSession().setAttribute(SPRING_SECURITY_CONTEXT_KEY, securityContext);
    view.exposeHelpers(velocityContext, request);
    assertThat(velocityContext.get(GoVelocityView.VIEW_ADMINISTRATOR_RIGHTS), is(true));

    securityContext.setAuthentication(new TestingAuthenticationToken("jez", "badger", new GrantedAuthority[]{new GrantedAuthorityImpl(GoAuthority.ROLE_SUPERVISOR.toString())}));
    request.getSession().setAttribute(SPRING_SECURITY_CONTEXT_KEY, securityContext);
    view.exposeHelpers(velocityContext, request);
    assertThat(velocityContext.get(GoVelocityView.VIEW_ADMINISTRATOR_RIGHTS), is(true));

    securityContext.setAuthentication(new TestingAuthenticationToken("jez", "badger", new GrantedAuthority[]{new GrantedAuthorityImpl(GoAuthority.ROLE_TEMPLATE_VIEW_USER.toString())}));
    request.getSession().setAttribute(SPRING_SECURITY_CONTEXT_KEY, securityContext);
    view.exposeHelpers(velocityContext, request);
    assertThat(velocityContext.get(GoVelocityView.VIEW_ADMINISTRATOR_RIGHTS), is(true));

    securityContext.setAuthentication(new TestingAuthenticationToken("jez", "badger", new GrantedAuthority[]{new GrantedAuthorityImpl(GoAuthority.ROLE_USER.toString())}));
    request.getSession().setAttribute(SPRING_SECURITY_CONTEXT_KEY, securityContext);
    view.exposeHelpers(velocityContext, request);
    assertThat(velocityContext.get(GoVelocityView.VIEW_ADMINISTRATOR_RIGHTS), is(nullValue()));
}
 

import org.springframework.security.GrantedAuthority; //导入依赖的package包/类
@Test
public void shouldSetGroupAdministratorIfUserIsAPipelineGroupAdministrator() throws Exception {
    securityContext.setAuthentication(
            new TestingAuthenticationToken("jez", "badger",
                    new GrantedAuthority[]{new GrantedAuthorityImpl(GoAuthority.ROLE_GROUP_SUPERVISOR.toString())}));
    request.getSession().setAttribute(SPRING_SECURITY_CONTEXT_KEY, securityContext);
    view.exposeHelpers(velocityContext, request);
    assertThat(velocityContext.get(GoVelocityView.ADMINISTRATOR), is(nullValue()));
    assertThat(velocityContext.get(GoVelocityView.GROUP_ADMINISTRATOR), is(true));
}