AccountUserDetailsService.java

package gov.samhsa.consent2share.service.account;

import gov.samhsa.consent2share.domain.account.Users;
import gov.samhsa.consent2share.domain.account.UsersRepository;

import java.util.Calendar;

import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;

/**
 * The Class AccountUserDetailsService.
 */
public class AccountUserDetailsService implements UserDetailsService {

	/** The users repository. */
	UsersRepository usersRepository;

	/** The max failed attempts. */
	private short maxFailedAttempts;

	/** The auto unlock interval. */
	private long autoUnlockInterval;

	/**
	 * Instantiates a new account user details service.
	 *
	 * @param maxFailedAttempts
	 *            the max failed attempts
	 * @param autoUnlockInterval
	 *            the auto unlock interval
	 * @param usersRepository
	 *            the users repository
	 */
	public AccountUserDetailsService(short maxFailedAttempts,
			long autoUnlockInterval, UsersRepository usersRepository) {
		this.maxFailedAttempts = maxFailedAttempts;
		this.autoUnlockInterval = autoUnlockInterval;
		this.usersRepository = usersRepository;
	}

	/*
	 * (non-Javadoc)
	 * 
	 * @see org.springframework.security.core.userdetails.UserDetailsService#
	 * loadUserByUsername(java.lang.String)
	 */
	@Override
	public UserDetails loadUserByUsername(String username)
			throws UsernameNotFoundException {
		Users user = usersRepository.loadUserByUsername(username);
		if (user == null) {
			throw new UsernameNotFoundException("Invalid username/password");
		}
		if (user.getFailedLoginAttempts() >= maxFailedAttempts) {
			Calendar cal = Calendar.getInstance();
			if (user.getLockoutTime() != null)
				if (cal.getTimeInMillis()
						- user.getLockoutTime().getTimeInMillis() >= autoUnlockInterval) {
					user.setAccountNonLocked(true);
					user.setLockoutTime(null);
					user.setFailedLoginAttemptsToZero();
					// Fix issue#515 Now update/reset Login Attempt Counter to
					// database after lockouttime
					usersRepository.updateUser(user);
					return user;
				}
			user.setAccountNonLocked(false);
		}
		return user;
	}
}