Java tutorial
/* * [y] hybris Platform * * Copyright (c) 2017 SAP SE or an SAP affiliate company. All rights reserved. * * This software is the confidential and proprietary information of SAP * ("Confidential Information"). You shall not disclose such Confidential * Information and shall use it only in accordance with the terms of the * license agreement you entered into with SAP. */ package com.daimler.spm.b2bacceleratoraddon.security; import de.hybris.platform.acceleratorstorefrontcommons.security.AbstractAcceleratorAuthenticationProvider; import de.hybris.platform.b2b.constants.B2BConstants; import de.hybris.platform.core.model.user.UserGroupModel; import de.hybris.platform.core.model.user.UserModel; import org.apache.commons.lang.StringUtils; import org.springframework.security.authentication.AbstractAuthenticationToken; import org.springframework.security.authentication.DisabledException; import org.springframework.security.authentication.InsufficientAuthenticationException; import org.springframework.security.core.AuthenticationException; import org.springframework.security.core.userdetails.UserDetails; /** * Derived authentication provider supporting additional authentication checks. See * {@link de.hybris.platform.spring.security.RejectUserPreAuthenticationChecks}. * * <ul> * <li>prevent login without password for users created via CSCockpit</li> * <li>prevent login as user in group admingroup</li> * <li>prevent login as user if not authorised for B2B</li> * </ul> * * any login as admin disables SearchRestrictions and therefore no page can be viewed correctly */ public class B2BAcceleratorAuthenticationProvider extends AbstractAcceleratorAuthenticationProvider { private B2BUserGroupProvider b2bUserGroupProvider; /** * @see de.hybris.platform.acceleratorstorefrontcommons.security.AbstractAcceleratorAuthenticationProvider#additionalAuthenticationChecks(org.springframework.security.core.userdetails.UserDetails, * org.springframework.security.authentication.AbstractAuthenticationToken) */ @Override protected void additionalAuthenticationChecks(final UserDetails details, final AbstractAuthenticationToken authentication) throws AuthenticationException { super.additionalAuthenticationChecks(details, authentication); final UserModel userModel = getUserService().getUserForUID(StringUtils.lowerCase(details.getUsername())); final UserGroupModel b2bgroup = getUserService().getUserGroupForUID(B2BConstants.B2BGROUP); // Check if the customer is B2B type if (getUserService().isMemberOfGroup(userModel, b2bgroup)) { if (!getB2bUserGroupProvider().isUserAuthorized(details.getUsername())) { throw new InsufficientAuthenticationException( messages.getMessage("checkout.error.invalid.accountType", "You are not allowed to login")); } // if its a b2b user, check if it is active if (!getB2bUserGroupProvider().isUserEnabled(details.getUsername())) { throw new DisabledException("User " + details.getUsername() + " is disabled... " + messages.getMessage("text.company.manage.units.disabled")); } } } protected B2BUserGroupProvider getB2bUserGroupProvider() { return b2bUserGroupProvider; } public void setB2bUserGroupProvider(final B2BUserGroupProvider b2bUserGroupProvider) { this.b2bUserGroupProvider = b2bUserGroupProvider; } }