Java SecurityContextAccessor.isClient Examples

Programming Language: Java

Namespace/Package Name: org.cloudfoundry.identity.uaa.security

Method/Function: isClient

Examples at hotexamples.com: 3

Java SecurityContextAccessor.isClient - 3 examples found. These are the top rated real world Java examples of org.cloudfoundry.identity.uaa.security.SecurityContextAccessor.isClient extracted from open source projects. You can rate examples to help us improve the quality of examples.

Frequently Used Methods

Show Hide

isClient(3)

isAdmin(3)

getAuthenticationInfo(2)

getAuthorities(2)

getUserId(2)

isUser(2)

getClientId(1)

getUserName(1)

Example #1

Show file

File: PasswordChangeEndpoint.java Project: rmorgan/uaa

  private void checkPasswordChangeIsAllowed(String userId, String oldPassword) {
    if (securityContextAccessor.isClient()) {
      // Trusted client (not acting on behalf of user)
      return;
    }

    // Call is by or on behalf of end user
    String currentUser = securityContextAccessor.getUserId();

    if (securityContextAccessor.isAdmin()) {

      // even an admin needs to provide the old value to change his
      // password
      if (userId.equals(currentUser) && !StringUtils.hasText(oldPassword)) {
        throw new InvalidPasswordException("Previous password is required even for admin");
      }

    } else {

      if (!userId.equals(currentUser)) {
        logger.warn(
            "User with id " + currentUser + " attempting to change password for user " + userId);
        // TODO: This should be audited when we have non-authentication
        // events in the log
        throw new InvalidPasswordException("Not permitted to change another user's password");
      }

      // User is changing their own password, old password is required
      if (!StringUtils.hasText(oldPassword)) {
        throw new InvalidPasswordException("Previous password is required");
      }
    }
  }

Example #2

Show file

File: PasswordChangeEndpointTests.java Project: DeepakBansal-NTI/uaa

 @Test
 public void clientCanChangeUserPasswordWithoutCurrentPassword() {
   SecurityContextAccessor sca = mockSecurityContext(joel);
   when(sca.isClient()).thenReturn(true);
   endpoints.setSecurityContextAccessor(sca);
   PasswordChangeRequest change = new PasswordChangeRequest();
   change.setPassword("newpassword");
   endpoints.changePassword(joel.getId(), change);
 }

Example #3

Show file

File: ClientAdminEndpoints.java Project: aiddren/uaa

  private void checkPasswordChangeIsAllowed(ClientDetails clientDetails, String oldSecret) {

    if (!securityContextAccessor.isClient()) {
      // Trusted client (not acting on behalf of user)
      throw new IllegalStateException("Only a client can change client secret");
    }

    String clientId = clientDetails.getClientId();

    // Call is by client
    String currentClientId = securityContextAccessor.getClientId();

    if (securityContextAccessor.isAdmin()) {

      // even an admin needs to provide the old value to change password
      if (clientId.equals(currentClientId) && !StringUtils.hasText(oldSecret)) {
        throw new IllegalStateException("Previous secret is required even for admin");
      }

    } else {

      if (!clientId.equals(currentClientId)) {
        logger.warn(
            "Client with id "
                + currentClientId
                + " attempting to change password for client "
                + clientId);
        // TODO: This should be audited when we have non-authentication events in the log
        throw new IllegalStateException(
            "Bad request. Not permitted to change another client's secret");
      }

      // Client is changing their own secret, old password is required
      if (!StringUtils.hasText(oldSecret)) {
        throw new IllegalStateException("Previous secret is required");
      }
    }
  }