@Override public void configure(HttpSecurity builder) throws Exception { OAuth2ClientAuthenticationProcessingFilter ssoFilter = this.filter; ssoFilter.setSessionAuthenticationStrategy( builder.getSharedObject(SessionAuthenticationStrategy.class)); builder.addFilterAfter(ssoFilter, AbstractPreAuthenticatedProcessingFilter.class); }
@Override public void configure(H http) throws Exception { AuthenticationTokenFilter af = getAuthenticationFilter(); if(authenticationDetailsSource != null) { af.setAuthenticationDetailsSource(authenticationDetailsSource); } af.setAuthenticationManager(http.getSharedObject(AuthenticationManager.class)); af.setAuthenticationSuccessHandler(new AuthenticationStubSuccessHandler()); SessionAuthenticationStrategy sessionAuthenticationStrategy = http.getSharedObject(SessionAuthenticationStrategy.class); if(sessionAuthenticationStrategy != null) { af.setSessionAuthenticationStrategy(sessionAuthenticationStrategy); } AuthenticationTokenFilter filter = postProcess(af); filter.setContinueChainAfterSuccessfulAuthentication(true); http.addFilterBefore(filter, BasicAuthenticationFilter.class); }
/** * sessionAuthenticationStrategy does not work in JavaConfig * @param sessionRegistry * @return */ @Bean public SessionAuthenticationStrategy sessionAuthenticationStrategy(SessionRegistry sessionRegistry){ return new ConcurrentSessionControlAuthenticationStrategy(sessionRegistry){{ setMaximumSessions(-1); }}; }
/** * sessionAuthenticationStrategy does not work in JavaConfig * @param sessionRegistry * @return */ // @Bean public SessionAuthenticationStrategy sessionAuthenticationStrategy(SessionRegistry sessionRegistry){ return new ConcurrentSessionControlAuthenticationStrategy(sessionRegistry){{ setMaximumSessions(-1); }}; }
@Override public void configure(HttpSecurity http) { authFilter.setAuthenticationDetailsSource(new WebAuthenticationDetailsSource()); authFilter.setApplicationEventPublisher( Objects.requireNonNull(http.getSharedObject(ApplicationContext.class))); authFilter.setAuthenticationManager( Objects.requireNonNull(http.getSharedObject(AuthenticationManager.class))); authFilter.setSessionAuthenticationStrategy( Objects.requireNonNull(http.getSharedObject(SessionAuthenticationStrategy.class))); authFilter.setRememberMeServices( Objects.requireNonNull(http.getSharedObject(RememberMeServices.class))); http.addFilterBefore(authFilter, UsernamePasswordAuthenticationFilter.class); }
/** * Defines the session authentication strategy. */ @Bean @Override protected SessionAuthenticationStrategy sessionAuthenticationStrategy() { // When using as confidential keycloak/OpenID Connect client: //return new RegisterSessionAuthenticationStrategy(new SessionRegistryImpl()); // When using as bearer-only keycloak/OpenID Connect client: return new NullAuthenticatedSessionStrategy(); }
@Override public void setSessionAuthenticationStrategy (SessionAuthenticationStrategy sessionStrategy) { log.debug("Invoking setSessionAuthenticationStrategy"); super.setSessionAuthenticationStrategy(sessionStrategy); }
@Bean @Override protected SessionAuthenticationStrategy sessionAuthenticationStrategy() { return new RegisterSessionAuthenticationStrategy(new SessionRegistryImpl()); }
@Bean public SessionManagementFilter sessionManagementFilter(SecurityContextRepository securityContextRepository, SessionAuthenticationStrategy sessionAuthenticationStrategy){ return new SessionManagementFilter(securityContextRepository, sessionAuthenticationStrategy); }
/** * The {@link SessionAuthenticationStrategy} must be available as a Spring * bean for Vaadin4Spring. */ @Bean public SessionAuthenticationStrategy sessionAuthenticationStrategy() { return new SessionFixationProtectionStrategy(); }
/** * Defines the session authentication strategy. */ @Bean @Override protected SessionAuthenticationStrategy sessionAuthenticationStrategy() { return new RegisterSessionAuthenticationStrategy(new SessionRegistryImpl()); }
@Bean @ConditionalOnProperty(name="shiny.proxy.authentication", havingValue="keycloak") protected SessionAuthenticationStrategy sessionAuthenticationStrategy() { return new RegisterSessionAuthenticationStrategy(new SessionRegistryImpl()); }
public SessionAuthenticationStrategy getSessionAuthenticationStrategy() { return sessionAuthenticationStrategy; }
public void setSessionAuthenticationStrategy(SessionAuthenticationStrategy sessionStrategy) { this.sessionAuthenticationStrategy = sessionStrategy; }
protected SessionAuthenticationStrategy getSessionAuthenticationStrategy() { return sessionAuthenticationStrategy; }
/** * The {@link SessionAuthenticationStrategy} must be available as a Spring bean for Vaadin4Spring. */ @Bean public SessionAuthenticationStrategy sessionAuthenticationStrategy() { return new SessionFixationProtectionStrategy(); }
/** * @return the sessionStrategy */ public SessionAuthenticationStrategy getSessionStrategy() { return sessionStrategy; }
/** * @param sessionStrategy the sessionStrategy to set */ public void setSessionStrategy(SessionAuthenticationStrategy sessionStrategy) { this.sessionStrategy = sessionStrategy; }
/** * Makes it possible to replace the * {@link org.springframework.security.web.authentication.session.SessionAuthenticationStrategy} after * the bean has been configured. */ public void setSessionAuthenticationStrategy(SessionAuthenticationStrategy sessionAuthenticationStrategy) { this.sessionAuthenticationStrategy = sessionAuthenticationStrategy; }
