Java tutorial
/******************************************************************************* * Copyright (c) 2009 Daniel Grout. * * GNU GENERAL PUBLIC LICENSE - Version 3 * * This file is part of Report Runner (http://code.google.com/p/reportrunner). * * Report Runner is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * Report Runner is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with Report Runner. If not, see <http://www.gnu.org/licenses/>. * * Module: AuthenticationServiceImpl.java ******************************************************************************/ package binky.reportrunner.service.impl; import java.util.LinkedList; import java.util.List; import org.apache.commons.lang.StringUtils; import org.apache.log4j.Logger; import org.springframework.dao.DataAccessException; import org.springframework.security.authentication.AuthenticationServiceException; import org.springframework.security.authentication.BadCredentialsException; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.core.Authentication; import org.springframework.security.core.AuthenticationException; import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.authority.GrantedAuthorityImpl; import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.core.userdetails.UsernameNotFoundException; import binky.reportrunner.dao.ReportRunnerDao; import binky.reportrunner.data.RunnerUser; import binky.reportrunner.service.AuthenticationService; import binky.reportrunner.util.EncryptionUtil; public class AuthenticationServiceImpl implements AuthenticationService { private ReportRunnerDao<RunnerUser, String> userDao; private static final Logger logger = Logger.getLogger(AuthenticationServiceImpl.class); public void setUserDao(ReportRunnerDao<RunnerUser, String> userDao) { this.userDao = userDao; } public Authentication authenticate(Authentication authentication) throws AuthenticationException { logger.info("authenticate service invoked"); if (StringUtils.isBlank((String) authentication.getPrincipal()) || StringUtils.isBlank((String) authentication.getCredentials())) { logger.debug("userName blank is " + StringUtils.isBlank((String) authentication.getPrincipal() + " password blank is " + StringUtils.isBlank((String) authentication.getCredentials()))); throw new BadCredentialsException("Invalid username/password"); } String userName = (String) authentication.getPrincipal(); String password = (String) authentication.getCredentials(); RunnerUser user = userDao.get(userName); EncryptionUtil enc = new EncryptionUtil(); List<GrantedAuthority> authorities = new LinkedList<GrantedAuthority>(); try { if (user != null && user.getPassword().equals(enc.hashString(password))) { if (user.getIsAdmin()) { logger.info("admin login for user: " + userName); authorities.add(new GrantedAuthorityImpl("ROLE_ADMIN")); } else { logger.info("user login for user: " + userName); } authorities.add(new GrantedAuthorityImpl("ROLE_USER")); } else { logger.warn("login fail for user: " + userName); throw new BadCredentialsException("Invalid username/password"); } } catch (Exception e) { logger.fatal(e.getMessage(), e); throw new AuthenticationServiceException(e.getMessage(), e); } return new UsernamePasswordAuthenticationToken(userName, authentication.getCredentials(), authorities); } public boolean supports(Class<? extends Object> arg0) { return true; } public UserDetails loadUserByUsername(String userName) throws UsernameNotFoundException, DataAccessException { logger.info("authenticate service invoked for userName: " + userName); return userDao.get(userName); } }