Pac4jUserDetailsService.java example

Explorer
artifact-listener-master
package fr.openwide.maven.artifact.notifier.web.application.auth.pac4j.service;

import java.util.HashSet;
import java.util.Set;

import org.pac4j.core.profile.CommonProfile;
import org.pac4j.springframework.security.authentication.ClientAuthenticationToken;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.access.hierarchicalroles.RoleHierarchy;
import org.springframework.security.authentication.DisabledException;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.AuthenticationUserDetailsService;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UsernameNotFoundException;

import fr.openwide.core.jpa.security.business.authority.model.Authority;
import fr.openwide.core.jpa.security.business.person.model.IGroupedUser;
import fr.openwide.core.jpa.security.business.person.model.IUserGroup;
import fr.openwide.maven.artifact.notifier.core.business.user.service.IUserService;

public class Pac4jUserDetailsService implements AuthenticationUserDetailsService<ClientAuthenticationToken> {

	@Autowired
	private IUserService userService;
	
	@Autowired
	private RoleHierarchy roleHierarchy;
	
	@Override
	public UserDetails loadUserDetails(ClientAuthenticationToken token) throws UsernameNotFoundException {
		CommonProfile commonProfile = (CommonProfile) token.getUserProfile();
		
		IGroupedUser<?> person = userService.getByRemoteIdentifier(commonProfile.getId());
		
		if (person == null) {
			throw new UsernameNotFoundException("User not found for: " + token.getPrincipal());
		}
		
		if (!person.isActive()) {
			throw new DisabledException("User is disabled");
		}
		
		Set<GrantedAuthority> grantedAuthorities = new HashSet<GrantedAuthority>();
		
		addAuthorities(grantedAuthorities, person.getAuthorities());
		
		for (IUserGroup personGroup : person.getGroups()) {
			addAuthorities(grantedAuthorities, personGroup.getAuthorities());
		}
		
		User userDetails = new User(person.getUserName(), person.getPasswordHash(), person.isActive(), true, true, true, 
				roleHierarchy.getReachableGrantedAuthorities(grantedAuthorities));
		
		return userDetails;
	}
	
	protected void addAuthorities(Set<GrantedAuthority> grantedAuthorities, Set<Authority> authorities) {
		for (Authority authority : authorities) {
			grantedAuthorities.add(new SimpleGrantedAuthority(authority.getName()));
		}
	}
}