AuthenticationAuthorizationServiceFacadeImpl.java example

Explorer
head-master
/*
 * Copyright (c) 2005-2011 Grameen Foundation USA
 * All rights reserved.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
 * implied. See the License for the specific language governing
 * permissions and limitations under the License.
 *
 * See also http://www.apache.org/licenses/LICENSE-2.0.html for an
 * explanation of the license and how it is applied.
 */

package org.mifos.security;

import org.apache.commons.lang.StringUtils;
import org.mifos.customers.personnel.persistence.PersonnelDao;
import org.mifos.security.login.util.helpers.LoginConstants;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.dao.DataAccessException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.context.SecurityContextImpl;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsChecker;
import org.springframework.security.core.userdetails.UsernameNotFoundException;

public class AuthenticationAuthorizationServiceFacadeImpl implements AuthenticationAuthorizationServiceFacade {

    private final PersonnelDao personnelDao;
    private final UserDetailsChecker userDetailsChecker;

    @Autowired
    public AuthenticationAuthorizationServiceFacadeImpl(PersonnelDao personnelDao, UserDetailsChecker userDetailsChecker) {
        this.personnelDao = personnelDao;
        this.userDetailsChecker = userDetailsChecker;
    }

    /**
     * used by spring security when authenticating user at login.
     */
    @Override
    public UserDetails loadUserByUsername(final String username) throws UsernameNotFoundException, DataAccessException {

        if (StringUtils.isBlank(username)) {
            throw new UsernameNotFoundException(LoginConstants.KEYINVALIDUSER);
        }

        MifosUser userDetails = personnelDao.findAuthenticatedUserByUsername(username);

        if (userDetails == null) {
            throw new UsernameNotFoundException(LoginConstants.KEYINVALIDUSER);
        }

        userDetailsChecker.check(userDetails);

        return userDetails;
    }

    @Override
    public void reloadUserDetailsForSecurityContext(String username) {
        UserDetails userSecurityDetails = loadUserByUsername(username);
        MifosUser reloadedUserDetails = (MifosUser) userSecurityDetails;

        SecurityContext securityContext = SecurityContextHolder.getContext();
        if (securityContext == null) {
            securityContext = new SecurityContextImpl();
            SecurityContextHolder.setContext(securityContext);
        }
        Authentication authentication = new UsernamePasswordAuthenticationToken(reloadedUserDetails, reloadedUserDetails, reloadedUserDetails.getAuthorities());
        securityContext.setAuthentication(authentication);
    }

}