KaaPostAuthenticationChecks.java

/*
 * Copyright 2014-2016 CyberVision, Inc.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package org.kaaproject.kaa.server.admin.services.auth;

import org.kaaproject.kaa.server.admin.services.entity.AuthUserDto;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.context.support.MessageSourceAccessor;
import org.springframework.security.authentication.CredentialsExpiredException;
import org.springframework.security.core.SpringSecurityMessageSource;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsChecker;

public class KaaPostAuthenticationChecks implements UserDetailsChecker {

  private static final Logger LOG = LoggerFactory.getLogger(KaaPostAuthenticationChecks.class);
  protected MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor();

  @Override
  public void check(UserDetails user) {
    if (!user.isCredentialsNonExpired()) {
      LOG.debug("User account credentials have expired");

      throw new CredentialsExpiredException(messages.getMessage(
          "AbstractUserDetailsAuthenticationProvider.credentialsExpired",
          "User credentials have expired"));
    }
    if (user instanceof AuthUserDto) {
      AuthUserDto authUser = (AuthUserDto) user;
      if (authUser.isTempPassword()) {
        throw new TempCredentialsException("Temp credentials used to authenticate");
      }
    }
  }

}