UserDetailsImpl.java

package org.jbehave.example.spring.security.service;

import java.util.Collection;
import java.util.Date;

import org.jbehave.example.spring.security.domain.AuthenticationPolicy;
import org.jbehave.example.spring.security.domain.User;
import org.jbehave.example.spring.security.util.DateUtils;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;


public class UserDetailsImpl implements UserDetails {

  private static final long serialVersionUID = 1L;

  private String username;
  private String password;
  private boolean accountEnabled;
  private boolean accountExpired;
  private boolean accountLocked;
  private boolean passwordExpired;

  public UserDetailsImpl(User user, AuthenticationPolicy policy) {
    this.username = user.getUsername();
    this.password = user.getPassword();
    this.accountEnabled = determineAccountEnabled(user, policy);
    this.accountExpired = determineAccountExpired(user, policy);
    this.accountLocked = determineAccountLocked(user, policy);
    this.passwordExpired = determinePasswordExpired(user, policy);
  }

  public String getUsername() {
    return username;
  }

  public String getPassword() {
    return password;
  }

  public boolean isEnabled() {
    return accountEnabled;
  }

  public boolean isAccountNonExpired() {
    return !accountExpired;
  }

  public boolean isAccountNonLocked() {
    return !accountLocked;
  }

  public boolean isCredentialsNonExpired() {
    return !passwordExpired;
  }

  protected boolean determineAccountEnabled(User user, AuthenticationPolicy policy) {
    return user.isEnabled();
  }

  protected boolean determineAccountExpired(User user, AuthenticationPolicy policy) {
    return user.isExpired();
  }

  protected boolean determineAccountLocked(User user, AuthenticationPolicy policy) {
    if (policy.isLockoutEnabled()) {
      // locked if login failure count is >= lockout count
      return user.getLoginFailureCount() >= policy.getLockoutCount();
    } else {
      // not locked
      return false;
    }
  }

  protected boolean determinePasswordExpired(User user, AuthenticationPolicy policy) {
    // if force-password-change then true
    if (user.isForcePasswordChange()) {
      return true;
    }

    // else look at policy
    if (policy.isPasswordAutoExpire()) {
      long elapsedDays = DateUtils.getElapsedDays(user.getLastPasswordResetDate(), new Date());
      return elapsedDays > policy.getPasswordExpiryDays();
    } else {
      // passwords only expire manually
      return false;
    }
  }

public Collection<? extends GrantedAuthority> getAuthorities() {
    // TODO Auto-generated method stub
    return null;
}

}