KKUserDetailsServiceImpl.java

package org.onehippo.forge.konakart.site.security.impl;

import com.konakart.util.Security;
import com.konakartadmin.app.AdminCustomer;
import com.konakartadmin.blif.AdminCustomerMgrIf;
import org.onehippo.forge.konakart.common.engine.KKAdminEngine;
import org.onehippo.forge.konakart.site.security.KKUser;
import org.onehippo.forge.konakart.site.security.KKUserDetailsService;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.dao.DataAccessException;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.GrantedAuthorityImpl;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UsernameNotFoundException;

import javax.annotation.Nonnull;
import java.security.NoSuchAlgorithmException;
import java.util.ArrayList;
import java.util.Collection;

public class KKUserDetailsServiceImpl implements KKUserDetailsService {

  public static final Logger log = LoggerFactory.getLogger(KKUserDetailsServiceImpl.class);
  public static final String DEFAULT_ROLE = "everybody";
  public static final String SPRING_ROLE_PREFIX = "ROLE_";

  private String defaultRole = DEFAULT_ROLE;

  /**
   * Set the default role. By default is equals to everybody
   *
   * @param defaultRole the default role to set
   */
  public void setDefaultRole(String defaultRole) {
    this.defaultRole = defaultRole;
  }

  @Override
  public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException, DataAccessException {
    return createUserDetails(username, "none", false);
  }

  @Nonnull
  @Override
  public UserDetails loadUserByUsernameAndPassword(String username, String password) throws UsernameNotFoundException, DataAccessException {
    return createUserDetails(username, password, true);
  }

  /**
   * Create the associated UserDetails
   *
   * @param username      the username
   * @param password      the password
   * @param checkPassword true if the password needs to be checked,
   *                      false if the remember services is activated and the password will not be validated.
   * @return the UserDetails
   * @throws UsernameNotFoundException thrown if the user is not found
   */
  protected UserDetails createUserDetails(String username, String password, boolean checkPassword) throws UsernameNotFoundException {
    try {
      AdminCustomer adminCustomer = retrieveUserFromKonakart(username);

      if (checkPassword) {
        if (!Security.checkPassword(adminCustomer.getPassword(), password)) {
          throw new BadCredentialsException("Failed to login against Konakart for the user: " + username);
        }
      }

      boolean accountNonExpired = true;
      boolean credentialsNonExpired = true;
      boolean accountNonLocked = true;

      Collection<? extends GrantedAuthority> authorities = getGrantedAuthoritiesOfUser(username);

      if (checkPassword) {
        return new KKUser(adminCustomer, accountNonExpired, credentialsNonExpired, accountNonLocked, authorities);
      } else {
        return new KKUser(adminCustomer, true, accountNonExpired, credentialsNonExpired, accountNonLocked, authorities);
      }

    } catch (NoSuchAlgorithmException e) {
      log.error("Failed to validate the password for the user - " + username, e);
    }

    throw new UsernameNotFoundException("Failed to find existing user with the username: " + username);
  }


  /**
   * Retrieve the Konakart's user
   *
   * @param username the username
   * @return the Konakart's user
   */
  @Nonnull
  protected AdminCustomer retrieveUserFromKonakart(final String username) throws UsernameNotFoundException {
    try {
      AdminCustomerMgrIf adminCustMgr = KKAdminEngine.getInstance().getFactory().getAdminCustMgr(true);

      AdminCustomer adminCustomer = adminCustMgr.getCustomerForEmail(username);

      if (adminCustomer != null) {
        return adminCustomer;
      }
    } catch (Exception e) {
      log.error("Failed to find existing user with the username: " + username, e);
    }

    throw new UsernameNotFoundException("Failed to find existing user with the username: " + username);
  }


  /**
   * Retrieve the list of roles associated for this user.
   *
   * @param username the username
   * @return the list of roles
   */
  @Nonnull
  protected Collection<? extends GrantedAuthority> getGrantedAuthoritiesOfUser(String username) {
    Collection<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>();
    authorities.add(new GrantedAuthorityImpl(defaultRole));
    authorities.add(new GrantedAuthorityImpl(SPRING_ROLE_PREFIX + defaultRole));
    return authorities;
  }

}