/* * Data Hub Service (DHuS) - For Space data distribution. * Copyright (C) 2013,2014,2015 GAEL Systems * * This file is part of DHuS software sources. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU Affero General Public License as * published by the Free Software Foundation, either version 3 of the * License, or (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU Affero General Public License for more details. * * You should have received a copy of the GNU Affero General Public License * along with this program. If not, see <http://www.gnu.org/licenses/>. */ package fr.gael.dhus.spring.security.authentication; import java.io.UnsupportedEncodingException; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; import org.apache.logging.log4j.Logger; import org.apache.logging.log4j.LogManager; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.security.authentication.AuthenticationProvider; import org.springframework.security.authentication.BadCredentialsException; import org.springframework.security.authentication.LockedException; import org.springframework.security.authentication .UsernamePasswordAuthenticationToken; import org.springframework.security.core.Authentication; import org.springframework.security.core.AuthenticationException; import org.springframework.security.crypto.codec.Hex; import org.springframework.security.web.authentication.WebAuthenticationDetails; import org.springframework.stereotype.Component; import org.springframework.transaction.annotation.Propagation; import org.springframework.transaction.annotation.Transactional; import fr.gael.dhus.database.object.User; import fr.gael.dhus.database.object.User.PasswordEncryption; import fr.gael.dhus.database.object.restriction.AccessRestriction; import fr.gael.dhus.messaging.jms.Message; import fr.gael.dhus.messaging.jms.Message.MessageType; import fr.gael.dhus.service.UserService; @Component public class DefaultAuthenticationProvider implements AuthenticationProvider { private static final Logger LOGGER = LogManager.getLogger(DefaultAuthenticationProvider.class); protected final String errorMessage = "There was an error with your " + "login/password combination. Please try again."; @Autowired private UserService userService; @Override @Transactional (propagation=Propagation.REQUIRED) public Authentication authenticate (Authentication authentication) throws AuthenticationException { String username = (String) authentication.getPrincipal (); String password = (String) authentication.getCredentials (); String ip = "unknown"; if (authentication.getDetails () instanceof WebAuthenticationDetails) { ip = ((WebAuthenticationDetails)authentication.getDetails ()) .getRemoteAddress (); } LOGGER.info ("Connection attempted by '" + authentication.getName () + "' from " + ip); User user = userService.getUserNoCheck (username); if (user == null || user.isDeleted ()) { throw new BadCredentialsException (errorMessage); } PasswordEncryption encryption = user.getPasswordEncryption (); if ( !encryption.equals (PasswordEncryption.NONE)) { MessageDigest md; try { md = MessageDigest.getInstance (encryption.getAlgorithmKey ()); password = new String ( Hex.encode (md.digest (password.getBytes ("UTF-8")))); } catch (NoSuchAlgorithmException | UnsupportedEncodingException e) { throw new BadCredentialsException ("Authentication process failed", e); } } if ( !user.getPassword ().equals (password)) { LOGGER.warn ( new Message (MessageType.USER, "Connection refused for '" + username + "' from " + ip + " : error in login/password combination")); throw new BadCredentialsException (errorMessage); } for (AccessRestriction restriction : user.getRestrictions ()) { LOGGER.warn ("Connection refused for '" + username + "' from " + ip + " : account is locked (" + restriction.getBlockingReason () + ")"); throw new LockedException (restriction.getBlockingReason ()); } LOGGER.info ("Connection success for '" + username + "' from " + ip); return new ValidityAuthentication (user, user.getAuthorities ()); } @Override public boolean supports (Class<?> authentication) { return UsernamePasswordAuthenticationToken.class .isAssignableFrom (authentication); } }