Java tutorial
/** * Copyright 2014 Paul Illingworth * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package uk.co.threeonefour.ifictionary.web.user.service; import java.util.ArrayList; import java.util.Arrays; import java.util.Collection; import java.util.List; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.core.Authentication; import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.authority.SimpleGrantedAuthority; import org.springframework.security.core.context.SecurityContextHolder; import uk.co.threeonefour.ifictionary.web.user.dao.UserDao; import uk.co.threeonefour.ifictionary.web.user.model.Role; import uk.co.threeonefour.ifictionary.web.user.model.User; public class DaoUserService implements UserService { private final UserDao userDao; public DaoUserService(UserDao userDao) { this.userDao = userDao; } private org.springframework.security.core.userdetails.User buildUserFromUserEntity(User userEntity) { // convert model user to spring security user String username = userEntity.getUserId(); String password = userEntity.getPassword(); boolean enabled = true; boolean accountNonExpired = true; boolean credentialsNonExpired = true; boolean accountNonLocked = true; Collection<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>(); Collection<Role> roles = userEntity.getRoles(); for (Role role : roles) { authorities.add(new SimpleGrantedAuthority(role.name())); } org.springframework.security.core.userdetails.User springUser = new org.springframework.security.core.userdetails.User( username, password, enabled, accountNonExpired, credentialsNonExpired, accountNonLocked, authorities); return springUser; } public User createUser(String userId, String name, String emailAddress) { uk.co.threeonefour.ifictionary.web.user.model.User userEntity = new uk.co.threeonefour.ifictionary.web.user.model.User(); userEntity.setUserId(userId); userEntity.setPassword(""); userEntity.setName(name); userEntity.setEmailAddress(emailAddress); userEntity.setRoles(Arrays.asList(Role.USER)); return userDao.add(userEntity); } public void logInUser(User userEntity) { org.springframework.security.core.userdetails.User springUser = buildUserFromUserEntity(userEntity); Authentication authentication = new UsernamePasswordAuthenticationToken(springUser, null, springUser.getAuthorities()); SecurityContextHolder.getContext().setAuthentication(authentication); } public uk.co.threeonefour.ifictionary.web.user.model.User getLoggedInUser() { // TODO use session Authentication auth = SecurityContextHolder.getContext().getAuthentication(); if (auth != null) { String username = auth.getName(); if (auth.isAuthenticated() && username != null && !username.equals("anonymousUser")) { org.springframework.security.core.userdetails.User userDetails = (org.springframework.security.core.userdetails.User) auth .getPrincipal(); User user = userDao.findUser(userDetails.getUsername()); List<Role> roles = new ArrayList<Role>(); for (GrantedAuthority authority : userDetails.getAuthorities()) { roles.add(Role.valueOf(authority.getAuthority())); } user.setRoles(roles); return user; } } return null; } }