List of usage examples for org.springframework.security.authentication UsernamePasswordAuthenticationToken UsernamePasswordAuthenticationToken
public UsernamePasswordAuthenticationToken(Object principal, Object credentials, Collection<? extends GrantedAuthority> authorities)
AuthenticationManager or AuthenticationProvider implementations that are satisfied with producing a trusted (i.e. From source file:com.castlemock.war.config.SecurityInterceptor.java
/** * The method will check if the logged in user is still valid. * @param request The incoming request./*w w w . ja v a 2 s . c o m*/ * @param response The outgoing response * @param handler The handler contains information about the method and controller that will process the incoming request * @return Returns true if the logged in users information is still valid. Returns false if the user is not valid * @throws IOException Upon unable to send a redirect as a response * @throws ServletException Upon unable to logout the user */ @Override public boolean preHandle(final HttpServletRequest request, final HttpServletResponse response, final Object handler) throws IOException, ServletException { final Authentication authentication = SecurityContextHolder.getContext().getAuthentication(); if (authentication == null || !authentication.isAuthenticated()) { return true; } final String loggedInUsername = authentication.getName(); if (ANONYMOUS_USER.equals(loggedInUsername)) { return true; } final ReadUserByUsernameInput readUserByUsernameInput = new ReadUserByUsernameInput(loggedInUsername); final ReadUserByUsernameOutput readUserByUsernameOutput = serviceProcessor.process(readUserByUsernameInput); final UserDto loggedInUser = readUserByUsernameOutput.getUser(); if (loggedInUser == null) { LOGGER.info("The following logged in user is not valid anymore: " + loggedInUsername); request.logout(); response.sendRedirect(request.getContextPath()); return false; } else if (!Status.ACTIVE.equals(loggedInUser.getStatus())) { LOGGER.info("The following logged in user is not active anymore: " + loggedInUsername); request.logout(); response.sendRedirect(request.getContextPath()); return false; } else { for (GrantedAuthority grantedAuthority : authentication.getAuthorities()) { Role role = Role.valueOf(grantedAuthority.getAuthority()); if (!loggedInUser.getRole().equals(role)) { LOGGER.info("The following logged in user's authorities has been updated: " + loggedInUsername); final UserDetails userDetails = userDetailSecurityService.loadUserByUsername(loggedInUsername); final Authentication newAuthentication = new UsernamePasswordAuthenticationToken(userDetails, userDetails.getPassword(), userDetails.getAuthorities()); SecurityContextHolder.getContext().setAuthentication(newAuthentication); } } return true; } }
From source file:sk.lazyman.gizmo.security.GizmoAuthProvider.java
private Authentication authenticateUsingDb(Authentication authentication) throws AuthenticationException { String principal = (String) authentication.getPrincipal(); String password = (String) ((UsernamePasswordAuthenticationToken) authentication).getCredentials(); User user = userRepository.findUserByName(principal); if (user == null) { throw new BadCredentialsException("web.security.provider.invalid"); }//from w ww . j a va2 s . c o m if (user.getPassword() == null || !user.getPassword().equals(GizmoUtils.toSha1(password))) { throw new BadCredentialsException("GizmoAuthenticationProvider.userPasswordIncorrect"); } if (!user.isEnabled()) { throw new BadCredentialsException("GizmoAuthenticationProvider.userDisabled"); } GizmoPrincipal gizmoPrincipal = new GizmoPrincipal(user); LOGGER.debug("User '{}' authenticated ({}), authorities: {}", new Object[] { authentication.getPrincipal(), authentication.getClass().getSimpleName(), gizmoPrincipal.getAuthorities() }); return new UsernamePasswordAuthenticationToken(gizmoPrincipal, null, gizmoPrincipal.getAuthorities()); }