RestAuthenticationProvider.java example

Explorer
eMonocot-master
/*
 * This is eMonocot, a global online biodiversity information resource.
 *
 * Copyright © 2011–2015 The Board of Trustees of the Royal Botanic Gardens, Kew and The University of Oxford
 *
 * eMonocot is free software: you can redistribute it and/or modify it under the terms of the
 * GNU Affero General Public License as published by the Free Software Foundation, either version 3
 * of the License, or (at your option) any later version.
 *
 * eMonocot is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even
 * the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Affero General Public License for more details.
 *
 * The complete text of the GNU Affero General Public License is in the source repository as the file
 * ‘COPYING’.  It is also available from <http://www.gnu.org/licenses/>.
 */
package org.emonocot.portal.auth;

import org.emonocot.api.UserService;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.userdetails.UserDetails;

public class RestAuthenticationProvider implements AuthenticationProvider {

	private UserService userService;

	public void setUserService(UserService userService) {
		this.userService = userService;
	}

	@Override
	public boolean supports(Class<? extends Object> authentication) {
		return authentication.equals(RestAuthenticationToken.class);
	}

	@Override
	public Authentication authenticate(Authentication authentication)
			throws AuthenticationException {
		UserDetails userDetails;

		try {
			userDetails = userService.getUserByApiKey((String)authentication.getPrincipal());
			if(userDetails != null) {
				return new RestAuthenticationToken(authentication.getPrincipal(),authentication.getCredentials(),userDetails);
			} else {
				throw new BadCredentialsException("Invalid API Key");
			}
		}  catch (Exception e) {
			throw new AuthenticationServiceException(e.getMessage(), e);
		}
	}

}