org.springframework.security.core.Authentication

public static UserDetails getUserDetails() {
    Authentication authentication = getAuthentication();
    if (authentication == null || authentication.getPrincipal() == null) {
        return null;
    }
    return (UserDetails) authentication.getPrincipal();
}

public static boolean isAnonymous(Authentication authentication) {
    return authentication != null && authentication.getClreplaced().isreplacedignableFrom(AnonymousAuthenticationToken.clreplaced);
}

public static boolean isRememberMe(Authentication authentication) {
    return authentication != null && authentication.getClreplaced().isreplacedignableFrom(RememberMeAuthenticationToken.clreplaced);
}

public static boolean isFullyAuthenticated(Authentication authentication) {
    return !(isRememberMe(authentication) || isAnonymous(authentication));
}

private String determineUsername(Authentication authentication) {
    return (authentication.getPrincipal() == null) ? "NONE_PROVIDED" : authentication.getName();
}

/**
 * 得到凭证
 */
private static Authentication getAuthentication() {
    final Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
    if (Objects.isNull(authentication)) {
        throw new AuthenticationCredentialsNotFoundException("未授权");
    }
    return authentication;
}

/**
 * Basic integration tests for demo application.
 *
 * @author Dave Syer
 */
@RunWith(SpringRunner.clreplaced)
@SpringBootTest(clreplacedes = { SampleSecureApplication.clreplaced })
public clreplaced SampleSecureApplicationTests {

    @Autowired
    private SampleService service;

    private Authentication authentication;

    @Before
    public void init() {
        this.authentication = new UsernamePreplacedwordAuthenticationToken("user", "preplacedword");
    }

    @After
    public void close() {
        SecurityContextHolder.clearContext();
    }

    @Test(expected = AuthenticationException.clreplaced)
    public void secure() {
        replacedertThat("Hello Security").isEqualTo(this.service.secure());
    }

    @Test
    public void authenticated() {
        SecurityContextHolder.getContext().setAuthentication(this.authentication);
        replacedertThat("Hello Security").isEqualTo(this.service.secure());
    }

    @Test
    public void preauth() {
        SecurityContextHolder.getContext().setAuthentication(this.authentication);
        replacedertThat("Hello World").isEqualTo(this.service.authorized());
    }

    @Test(expected = AccessDeniedException.clreplaced)
    public void denied() {
        SecurityContextHolder.getContext().setAuthentication(this.authentication);
        replacedertThat("Goodbye World").isEqualTo(this.service.denied());
    }
}

protected Authentication replacedertSameAuthenticated(final String method, final Authentication expected, final Authentication actual) {
    replacedertSame(expected, actual, method);
    return replacedertAuthenticated(method, expected);
}

/**
 * Ensures that {@code user} by {@link Authentication#getPrincipal()} is activated
 *
 * @param authentication the authentication token
 * @throws InvalidTokenException            in case the authentication token is invalid
 * @throws UserDeniedAuthorizationException in case {@code user} not exist or not activated
 * @see User#isActivated()
 */
private void verifyUserIsActivated(Authentication authentication) {
    if (!userSecurityValidator.isUserActivated(authentication)) {
        throw new UserNotActivatedException("User was not activated");
    }
}

public static boolean getAdditionalDetailsValueBoolean(Authentication authentication, String fieldName) {
    return getDetailsValue(authentication, AUTH_ADDITIONAL_DETAILS, HashMap.clreplaced).map(additionalDetails -> additionalDetails.get(fieldName)).filter(Boolean.clreplaced::isInstance).map(Boolean.clreplaced::cast).orElse(false);
}

private static <T> Optional<T> getDetailsValue(Authentication authentication, String key, Clreplaced<T> valueType) {
    return ofNullable(authentication).map(Authentication::getDetails).map(SecurityUtils::toDetailsMap).map(allDetail -> toDetailsValue(allDetail, key, valueType));
}

/**
 * Check permission for role, privilege key and resource condition.
 * @param authentication the authentication
 * @param resource the resource
 * @param privilege the privilege key
 * @return true if permitted
 */
public boolean hasPermission(Authentication authentication, Object resource, Object privilege) {
    boolean logPermission = isLogPermission(resource);
    return checkRole(authentication, privilege, logPermission) || checkPermission(authentication, resource, privilege, true, logPermission);
}

/**
 * Check permission for role and privilege key only.
 * @param authentication the authentication
 * @param privilege the privilege key
 * @return true if permitted
 */
public boolean hasPermission(Authentication authentication, Object privilege) {
    return checkRole(authentication, privilege, true) || checkPermission(authentication, null, privilege, false, true);
}

/**
 * Check permission for role and privilege key only.
 *
 * @param authentication the authentication
 * @param privilege the privilege key
 * @return true if permitted
 */
public boolean hasPermission(Authentication authentication, Object privilege) {
    return checkRole(authentication, privilege, true) || checkPermission(authentication, null, privilege, false, true);
}

/**
 * Check permission for role, privilege key and resource condition.
 *
 * @param authentication the authentication
 * @param resource the resource
 * @param privilege the privilege key
 * @return true if permitted
 */
public boolean hasPermission(Authentication authentication, Object resource, Object privilege) {
    boolean logPermission = isLogPermission(resource);
    return checkRole(authentication, privilege, logPermission) || checkPermission(authentication, resource, privilege, true, logPermission);
}

/**
 * Check permission for role, privilege key, new resource and old resource.
 *
 * @param authentication the authentication
 * @param resource the old resource
 * @param resourceType the resource type
 * @param privilege the privilege key
 * @return true if permitted
 */
public boolean hasPermission(Authentication authentication, Serializable resource, String resourceType, Object privilege) {
    return withStrategy(authentication).hasPermission(authentication, resource, resourceType, privilege);
}

private RoleStrategy withStrategy(Authentication authentication) {
    return isMultiRoleEnabled(authentication) ? multiRoleStrategy : singleRoleStrategy;
}

/**
 * Check permission for role, privilege key and resource condition.
 *
 * @param authentication the authentication
 * @param resource the resource
 * @param privilege the privilege key
 * @return true if permitted
 */
public boolean hasPermission(Authentication authentication, Object resource, Object privilege) {
    return withStrategy(authentication).hasPermission(authentication, resource, privilege);
}

/**
 * Check permission for role and privilege key only.
 *
 * @param authentication the authentication
 * @param privilege the privilege key
 * @return true if permitted
 */
public boolean hasPermission(Authentication authentication, Object privilege) {
    return withStrategy(authentication).hasPermission(authentication, privilege);
}

@GetMapping("user")
public Authentication user(Authentication authentication) {
    return authentication;
}

protected String determineClientType(Authentication authentication) {
    if (authentication instanceof SubSystemAuthenticationToken) {
        return ApplicationConstants.ClientType.SUB_SYSTEM;
    } else {
        return ApplicationConstants.ClientType.USER;
    }
}

/**
 * 获取用户
 */
public SctUser getUser() {
    Authentication authentication = getAuthentication();
    if (authentication == null) {
        return null;
    }
    return getUser(authentication);
}

public clreplaced Sample {

    private String toto;

    private Authentication authentication;

    public String getToto() {
        return toto;
    }

    public void setToto(String toto) {
        this.toto = toto;
    }

    public Authentication getAuthentication() {
        return authentication;
    }

    public void setAuthentication(Authentication authentication) {
        this.authentication = authentication;
    }
}

public void setAuthentication(Authentication authentication) {
    this.authentication = authentication;
}

@GetMapping("noParametersAndAuthentication")
public Object noParametersAndAuthentication(Authentication authentication) {
    return null;
}

@GetMapping("oneParameterAndAuthentication")
public Object oneParameterAndAuthentication(@RequestBody String req, Authentication authentication) {
    return null;
}

private static boolean isPrincipalAuthenticated(Authentication principal) {
    return principal != null && !AnonymousAuthenticationToken.clreplaced.isreplacedignableFrom(principal.getClreplaced()) && principal.isAuthenticated();
}

/**
 * An {@link Authentication} implementation used for OAuth 2.0 Token Revocation.
 *
 * @author Vivek Babu
 * @author Joe Grandja
 * @since 0.0.3
 * @see AbstractAuthenticationToken
 * @see OAuth2TokenRevocationAuthenticationProvider
 */
public clreplaced OAuth2TokenRevocationAuthenticationToken extends AbstractAuthenticationToken {

    private static final long serialVersionUID = Version.SERIAL_VERSION_UID;

    private final String token;

    private final Authentication clientPrincipal;

    private final String tokenTypeHint;

    /**
     * Constructs an {@code OAuth2TokenRevocationAuthenticationToken} using the provided parameters.
     *
     * @param token the token
     * @param clientPrincipal the authenticated client principal
     * @param tokenTypeHint the token type hint
     */
    public OAuth2TokenRevocationAuthenticationToken(String token, Authentication clientPrincipal, @Nullable String tokenTypeHint) {
        super(Collections.emptyList());
        replacedert.hasText(token, "token cannot be empty");
        replacedert.notNull(clientPrincipal, "clientPrincipal cannot be null");
        this.token = token;
        this.clientPrincipal = clientPrincipal;
        this.tokenTypeHint = tokenTypeHint;
    }

    /**
     * Constructs an {@code OAuth2TokenRevocationAuthenticationToken} using the provided parameters.
     *
     * @param revokedToken the revoked token
     * @param clientPrincipal the authenticated client principal
     */
    public OAuth2TokenRevocationAuthenticationToken(AbstractOAuth2Token revokedToken, Authentication clientPrincipal) {
        super(Collections.emptyList());
        replacedert.notNull(revokedToken, "revokedToken cannot be null");
        replacedert.notNull(clientPrincipal, "clientPrincipal cannot be null");
        this.token = revokedToken.getTokenValue();
        this.clientPrincipal = clientPrincipal;
        this.tokenTypeHint = null;
        // Indicates that the token was authenticated and revoked
        setAuthenticated(true);
    }

    @Override
    public Object getPrincipal() {
        return this.clientPrincipal;
    }

    @Override
    public Object getCredentials() {
        return "";
    }

    /**
     * Returns the token.
     *
     * @return the token
     */
    public String getToken() {
        return this.token;
    }

    /**
     * Returns the token type hint.
     *
     * @return the token type hint
     */
    @Nullable
    public String getTokenTypeHint() {
        return this.tokenTypeHint;
    }
}

/**
 * <p>
 * Method to receive current user details.
 * </p>
 * @param authentication authentication token information
 * @return UserDetails
 */
private UserDetails currentUserDetails(Authentication authentication) {
    if (authentication == null) {
        return null;
    }
    return (UserDetails) authentication.getPrincipal();
}

/**
 * 获取用户
 */
public UserDetail getUser() {
    Authentication authentication = getAuthentication();
    if (authentication == null) {
        return null;
    }
    return getUser(authentication);
}

private boolean authenticationIsRequired() {
    Authentication existingAuth = SecurityContextHolder.getContext().getAuthentication();
    if (Objects.isNull(existingAuth) || !existingAuth.isAuthenticated()) {
        return true;
    }
    if (existingAuth instanceof AnonymousAuthenticationToken) {
        return true;
    }
    return false;
}

private boolean authenticationIsRequired(String username) {
    Authentication existingAuth = SecurityContextHolder.getContext().getAuthentication();
    if (Objects.isNull(existingAuth) || !existingAuth.isAuthenticated()) {
        return true;
    }
    if (existingAuth instanceof UsernamePreplacedwordAuthenticationToken && !existingAuth.getName().equals(username)) {
        return true;
    }
    if (existingAuth instanceof AnonymousAuthenticationToken) {
        return true;
    }
    return false;
}

public OAuth2AccessToken createToken(ReportPortalClient client, String username, Authentication userAuthentication, Map<String, Serializable> extensionParams) {
    if (client == ReportPortalClient.api) {
        return createApiToken(client, username, userAuthentication, extensionParams);
    } else {
        return createNonApiToken(client, username, userAuthentication, extensionParams);
    }
}

private boolean canHandle(Authentication authentication, Object targetDomainObject, Object permission) {
    return targetDomainObject != null && authentication != null && String.clreplaced.equals(permission.getClreplaced());
}

/**
 * 获取用户
 */
public CloudUser getUser() {
    Authentication authentication = getAuthentication();
    if (authentication == null) {
        return null;
    }
    return getUser(authentication);
}

public static final boolean isRadarCovidAuthentication(Authentication authentication) {
    return authentication != null && isRadarCovid(authentication.getName());
}

public static final String getCCAAFromAuthentication(Authentication authentication) {
    return authentication != null ? getCCAAFromName(authentication.getName()) : "";
}

/**
 * 获取用户
 */
public PigUser getUser() {
    Authentication authentication = getAuthentication();
    if (authentication == null) {
        return null;
    }
    return getUser(authentication);
}

/**
 * ------------------------------------------------
 * @author Francisco Manuel Benitez Chico
 * ------------------------------------------------
 */
public clreplaced CustomExpressionMethods {

    /**
     * Attribute - Authentication
     */
    private final Authentication authentication;

    /**
     * Public constructor
     *
     * @param authentication with the authentication
     */
    public CustomExpressionMethods(final Authentication authentication) {
        this.authentication = authentication;
    }

    /**
     * @param decision with the final decision
     * @return true if the user has permissions. Otherwise, it will throw an exception
     */
    public boolean throwOnError(final boolean decision) {
        if (!decision) {
            final Throwable throwable = new RuntimeException("Insufficient scope for this resource");
            throw new AccessDeniedException(throwable.getMessage(), throwable);
        }
        return decision;
    }

    /**
     * @param configCustomScope with the configuration custom scope
     * @return true if the scope belongs to the expected ones
     */
    public boolean hasCustomScope(final String configCustomScope) {
        return this.hasAnyCustomScope(new String[] { configCustomScope });
    }

    /**
     * @param configCustomScope with the configuration custom scope
     * @return true if one of the scopes belongs to the expected ones
     */
    public boolean hasAnyCustomScope(final String... configCustomScope) {
        if (this.authentication instanceof AuthModelJwt) {
            final Collection<String> authoritiesClientSet = ((AuthModelJwt) this.authentication).getCustomScopes();
            if (authoritiesClientSet != null) {
                for (final String configScope : configCustomScope) {
                    if (authoritiesClientSet.contains(configScope)) {
                        return true;
                    }
                }
            }
        }
        return false;
    }

    /**
     * @param configCustomField with the configuration custom field
     * @return true if one of the scopes belongs to the expected ones
     */
    public boolean hasCustomField(final String configCustomField) {
        if (this.authentication instanceof AuthModelJwt) {
            return ((AuthModelJwt) this.authentication).getCustomField().equalsIgnoreCase(configCustomField);
        }
        return false;
    }
}

public clreplaced PoPAuthenticationToken implements Authentication {

    private Authentication authentication;

    private String nonce;

    public PoPAuthenticationToken(Authentication authentication) {
        this.authentication = authentication;
    }

    public void setNonce(String nonce) {
        this.nonce = nonce;
    }

    public String getNonce() {
        return nonce;
    }

    @Override
    public Collection<? extends GrantedAuthority> getAuthorities() {
        return authentication.getAuthorities();
    }

    @Override
    public Object getCredentials() {
        return authentication.getCredentials();
    }

    @Override
    public Object getDetails() {
        return authentication.getDetails();
    }

    @Override
    public Object getPrincipal() {
        return authentication.getPrincipal();
    }

    @Override
    public boolean isAuthenticated() {
        return authentication.isAuthenticated();
    }

    @Override
    public void setAuthenticated(boolean isAuthenticated) throws IllegalArgumentException {
        authentication.setAuthenticated(isAuthenticated);
    }

    @Override
    public String getName() {
        return authentication.getName();
    }
}

private ClientUser getClientUser(Authentication authentication) {
    String username = ((User) authentication.getPrincipal()).getUsername();
    ClientUser clientUser = users.get(username);
    if (clientUser == null) {
        clientUser = new ClientUser(username);
    }
    return clientUser;
}

public boolean authorize(@NonNull Authentication authentication) {
    log.info("Trying to authorize as user");
    User user = (User) authentication.getPrincipal();
    return user.getType() == USER && isActiveUser(user);
}

public boolean checkUserLogin(Authentication authentication, String login) {
    String user;
    // authentication.getPrincipal() is UserData type if there is authentication
    // but is String type if there is no authentication (jira : OC-655)
    if (authentication.getPrincipal() instanceof String)
        user = (String) authentication.getPrincipal();
    else
        user = ((User) authentication.getPrincipal()).getLogin();
    log.debug("login from the principal {} login parameter {}", user, login);
    return user.equals(login);
}

public clreplaced SystemAuthentication implements Authentication {

    private static final long serialVersionUID = 1L;

    private boolean authenticated = true;

    private Authentication previous = null;

    /**
     * Enable system user security context
     */
    public void enable() {
        previous = SecurityContextHolder.getContext().getAuthentication();
        SecurityContextHolder.getContext().setAuthentication(this);
    }

    /**
     * Disable system user security context
     */
    public void disable() {
        SecurityContextHolder.getContext().setAuthentication(previous);
        previous = null;
    }

    @Override
    public String getName() {
        return Config.SYSTEM_USER;
    }

    @Override
    public Collection<? extends GrantedAuthority> getAuthorities() {
        return new HashSet<GrantedAuthority>();
    }

    @Override
    public Object getCredentials() {
        return null;
    }

    @Override
    public Object getDetails() {
        return null;
    }

    @Override
    public Object getPrincipal() {
        return null;
    }

    @Override
    public boolean isAuthenticated() {
        return authenticated;
    }

    @Override
    public void setAuthenticated(boolean authenticated) throws IllegalArgumentException {
        this.authenticated = authenticated;
    }
}

public static void set(Authentication auth) {
    tl.set(auth);
}

/**
 * Obtain the logged user.
 */
public static String getUser() {
    Authentication auth = getAuthentication();
    String user = null;
    if (auth != null) {
        user = auth.getName();
    }
    return user;
}

/**
 * Set authentication token
 */
public static void setAuthentication(Authentication auth) {
    SecurityContextHolder.getContext().setAuthentication(auth);
}

/**
 * Set system session
 */
public void putSystemSession() {
    systemToken = UUID.randomUUID().toString();
    // User principal
    List<GrantedAuthority> sga = new ArrayList<>();
    sga.add(new SimpleGrantedAuthority(Config.DEFAULT_ADMIN_ROLE));
    Authentication auth = new UsernamePreplacedwordAuthenticationToken(Config.SYSTEM_USER, null, sga);
    add(systemToken, auth);
}

public void setAuth(Authentication auth) {
    this.auth = auth;
}

/**
 * Generates JWT cookie for current user which will be valid only for the current session.
 *
 * @param authentication current user
 * @return generated HTTP cookie with token
 */
public Cookie generateSessionCookie(Authentication authentication) {
    return generateCookie(authentication, -1);
}