Examples of be.c4j.ee.security.model.UserPrincipal

• be.c4j.ee.security.model.UserPrincipal

        userInfo.putAll(values);
        return this;
    }

    public AuthenticationInfo build() {
        UserPrincipal principal = new UserPrincipal(principalId, userName, name);
        principal.addUserInfo(userInfo);
        AuthenticationInfo result;
        if (salt == null) {
            result = new SimpleAuthenticationInfo(principal, password, realmName);
        } else {
            result = new SimpleAuthenticationInfo(principal, password, salt, realmName);

        return result;
    }

    public static AuthenticationInfo forOracleAuthentication(String userName) {
        String name = userName.toUpperCase(Locale.ENGLISH);
        UserPrincipal principal = new UserPrincipal(name, name, name);
        return new SimpleAuthenticationInfo(principal, null, DEFAULT_REALM);
    }

 */
@ApplicationScoped
public class AuthenticationService {

    public boolean reauthenticate(String password) {
        UserPrincipal principal = (UserPrincipal) SecurityUtils.getSubject().getPrincipal();
        AuthenticationToken token = new UsernamePasswordToken(principal.getUserName(), password);
        boolean result = true;
        try {
            SecurityUtils.getSecurityManager().authenticate(token);
        } catch (AuthenticationException e) {
            result = false;

            violations.add(newSecurityViolation(infoProducer.getViolationInfo(invocationContext, newSecurityViolation("Employees can only view their own card or manager of the employee"))));
        }
    }

    private void checkEmployeeAccess(InvocationContext invocationContext, Set<SecurityViolation> violations) {
        UserPrincipal parameter = methodParameterCheckUtil.getAssignableParameter(invocationContext, UserPrincipal.class);
        if (!userPrincipal.equals(parameter)) {
            SecurityViolationInfoProducer infoProducer = CodiUtils.getContextualReferenceByClass(SecurityViolationInfoProducer.class);
            violations.add(newSecurityViolation(infoProducer.getViolationInfo(invocationContext, newSecurityViolation("Employees can only view their own card"))));
        }