Package org.beangle.security.auth.dao

Source Code of org.beangle.security.auth.dao.AbstractUserDetailAuthenticationProvider$DefaultPostAuthenticationChecker

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
/* Copyright c 2005-2012.
* Licensed under GNU  LESSER General Public License, Version 3.
* http://www.gnu.org/licenses
*/
package org.beangle.security.auth.dao;

import org.beangle.security.auth.AccountExpiredException;
import org.beangle.security.auth.AuthenticationProvider;
import org.beangle.security.auth.CredentialsExpiredException;
import org.beangle.security.auth.DisabledException;
import org.beangle.security.auth.LockedException;
import org.beangle.security.auth.UsernamePasswordAuthentication;
import org.beangle.security.core.Authentication;
import org.beangle.security.core.AuthenticationException;
import org.beangle.security.core.userdetail.UserDetail;
import org.beangle.security.core.userdetail.UserDetailChecker;
import org.beangle.security.core.userdetail.UsernameNotFoundException;

public abstract class AbstractUserDetailAuthenticationProvider implements AuthenticationProvider {
  private boolean forcePrincipalAsString = false;
  private UserDetailChecker preAuthenticationChecker = new DefaultPreAuthenticationChecker();
  private UserDetailChecker postAuthenticationChecker = new DefaultPostAuthenticationChecker();

  protected abstract void additionalAuthenticationChecks(UserDetail userDetails,
      Authentication authentication) throws AuthenticationException;

  public Authentication authenticate(Authentication authentication) throws AuthenticationException {
    // Determine username
    String username = (authentication.getPrincipal() == null) ? "NONE_PROVIDED" : authentication
        .getName();

    UserDetail user = retrieveUser(username, authentication);

    if (null == user) { throw new UsernameNotFoundException(); }
    preAuthenticationChecker.check(user);

    additionalAuthenticationChecks(user, authentication);

    postAuthenticationChecker.check(user);

    Object principalToReturn = user;

    if (forcePrincipalAsString) {
      principalToReturn = user.getUsername();
    }

    return createSuccessAuthentication(principalToReturn, authentication, user);
  }

  protected Authentication createSuccessAuthentication(Object principal, Authentication authentication,
      UserDetail user) {
    UsernamePasswordAuthentication result = new UsernamePasswordAuthentication(principal,
        authentication.getCredentials(), user.getAuthorities());
    result.setDetails(authentication.getDetails());
    return result;
  }

  protected void doAfterPropertiesSet() throws Exception {
  }

  public boolean isForcePrincipalAsString() {
    return forcePrincipalAsString;
  }

  /**
   * Allows subclasses to actually retrieve the <code>UserDetails</code> from
   * an implementation-specific location, with the option of throwing an
   * <code>AuthenticationException</code> immediately if the presented
   * credentials are incorrect (this is especially useful if it is necessary
   * to bind to a resource as the user in order to obtain or generate a <code>UserDetails</code>).
   * <p>
   * Subclasses are not required to perform any caching, as the
   * <code>AbstractUserDetailsAuthenticationProvider</code> will by default cache the
   * <code>UserDetails</code>. The caching of <code>UserDetails</code> does present additional
   * complexity as this means subsequent requests that rely on the cache will need to still have
   * their credentials validated, even if the correctness of credentials was assured by subclasses
   * adopting a binding-based strategy in this method. Accordingly it is important that subclasses
   * either disable caching (if they want to ensure that this method is the only method that is
   * capable of authenticating a request, as no <code>UserDetails</code> will ever be cached) or
   * ensure subclasses implement
   * {@link #additionalAuthenticationChecks(UserDetail, UsernamePasswordAuthentication)} to
   * compare the credentials of a cached <code>UserDetails</code> with subsequent authentication
   * requests.
   * </p>
   * <p>
   * Most of the time subclasses will not perform credentials inspection in this method, instead
   * performing it in
   * {@link #additionalAuthenticationChecks(UserDetail, UsernamePasswordAuthentication)} so that
   * code related to credentials validation need not be duplicated across two methods.
   * </p>
   *
   * @param username
   *            The username to retrieve
   * @param authentication
   *            The authentication request, which subclasses <em>may</em> need
   *            to perform a binding-based retrieval of the <code>UserDetails</code>
   * @return the user information (never <code>null</code> - instead an
   *         exception should the thrown)
   * @throws AuthenticationException
   *             if the credentials could not be validated (generally a
   *             <code>BadCredentialsException</code>, an
   *             <code>AuthenticationServiceException</code> or
   *             <code>UsernameNotFoundException</code>)
   */
  protected abstract UserDetail retrieveUser(String username, Authentication authentication)
      throws AuthenticationException;

  public void setForcePrincipalAsString(boolean forcePrincipalAsString) {
    this.forcePrincipalAsString = forcePrincipalAsString;
  }

  public boolean supports(Class<? extends Authentication> authentication) {
    return (UsernamePasswordAuthentication.class.isAssignableFrom(authentication));
  }

  protected UserDetailChecker getPreAuthenticationChecks() {
    return preAuthenticationChecker;
  }

  /**
   * Sets the policy will be used to verify the status of the loaded <tt>UserDetails</tt>
   * <em>before</em> validation of the credentials takes
   * place.
   *
   * @param preAuthenticationChecks
   *            strategy to be invoked prior to authentication.
   */
  public void setPreAuthenticationChecks(UserDetailChecker preAuthenticationChecks) {
    this.preAuthenticationChecker = preAuthenticationChecks;
  }

  protected UserDetailChecker getPostAuthenticationChecks() {
    return postAuthenticationChecker;
  }

  public void setPostAuthenticationChecks(UserDetailChecker postAuthenticationChecks) {
    this.postAuthenticationChecker = postAuthenticationChecks;
  }

  private class DefaultPreAuthenticationChecker implements UserDetailChecker {
    public void check(UserDetail user) {
      if (user.isAccountLocked()) { throw new LockedException(null, user); }

      if (!user.isEnabled()) { throw new DisabledException(null, user); }

      if (user.isAccountExpired()) { throw new AccountExpiredException(null, user); }
    }
  }

  private class DefaultPostAuthenticationChecker implements UserDetailChecker {
    public void check(UserDetail user) {
      if (user.isCredentialsExpired()) { throw new CredentialsExpiredException(null, user); }
    }
  }

}
TOP

Related Classes of org.beangle.security.auth.dao.AbstractUserDetailAuthenticationProvider$DefaultPostAuthenticationChecker

  • org.beangle.security.auth.UsernamePasswordAuthentication
  • org.beangle.security.core.userdetail.UserDetail
  • org.beangle.security.auth.AccountExpiredException
  • org.beangle.security.auth.DisabledException
  • org.beangle.security.auth.CredentialsExpiredException
  • org.beangle.security.auth.LockedException
  • org.beangle.security.core.userdetail.UsernameNotFoundException
    • TOP
    Copyright © 2018 www.massapi.com. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.