RainbowLoginAuthenticationFilter.java example

Explorer
openclouddb-master
/*
 * Copyright (c) 2013, OpenCloudDB/MyCAT and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software;Designed and Developed mainly by many Chinese 
 * opensource volunteers. you can redistribute it and/or modify it under the 
 * terms of the GNU General Public License version 2 only, as published by the
 * Free Software Foundation.
 *
 * This code is distributed in the hope that it will be useful, but WITHOUT
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
 * version 2 for more details (a copy is included in the LICENSE file that
 * accompanied this code).
 *
 * You should have received a copy of the GNU General Public License version
 * 2 along with this work; if not, write to the Free Software Foundation,
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
 * 
 * Any questions about this component can be directed to it's project Web address 
 * https://code.google.com/p/opencloudb/.
 *
 */
package org.hx.rainbow.common.security.login;

import java.util.HashMap;
import java.util.Map;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.hx.rainbow.common.dao.Dao;
import org.hx.rainbow.common.security.md5.Md5;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;


public class RainbowLoginAuthenticationFilter extends UsernamePasswordAuthenticationFilter{
	public static final String USERNAME = "userName";
	public static final String PASSWORD = "password";
	public static final String VALIDATECODE = "kaptchafield";
	private static final String NAMESPACE = "SYSUSER";
	private static final String STATEMENT = "query";
	
	private Dao dao;
	

	public Dao getDao() {
		return dao;
	}

	public void setDao(Dao dao) {
		this.dao = dao;
	}

	@Override
	public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException {
		if (!request.getMethod().equals("POST")) {
			throw new AuthenticationServiceException("Authentication method not supported: " + request.getMethod());
		}
	
		String username = obtainUsername(request);
/*		//检测验证码
		if(!"admin".equals(username)){
			checkValidateCode(request);
		}*/
		String password = Md5.getInstance().encrypt(obtainPassword(request));
		//验证用户账号与密码是否对应
		username = username.trim();
		Map<String,Object> paramData = new HashMap<String,Object>();
		paramData.put("loginId", username);
		paramData.put("password",password);
		Map<String,Object> userData = this.dao.get(NAMESPACE, STATEMENT, paramData);
		
		
		if(userData == null || userData.size() == 0) {
			throw new AuthenticationServiceException("?error=2"); 
		}
		
		if(!"0".equals((String)userData.get("aliveFlag"))){
			throw new AuthenticationServiceException("?error=3"); 
		};
		
		//UsernamePasswordAuthenticationToken实现 Authentication
		UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(username, password);

        setDetails(request, authRequest);
        return this.getAuthenticationManager().authenticate(authRequest);
	}
	
/*	protected void checkValidateCode(HttpServletRequest request) { 
		HttpSession session = request.getSession();
		String kaptchaReceived = request.getParameter(VALIDATECODE);
	    if (kaptchaReceived == null || kaptchaReceived.isEmpty() || !validateCode(session).equals(kaptchaReceived)) {  
	        throw new AuthenticationServiceException("?error=0");  
	    }  
	}*/
	
/*	protected String validateCode(HttpSession session) {
		Object obj = session.getAttribute(com.google.code.kaptcha.Constants.KAPTCHA_SESSION_KEY);
		return null == obj ? "" : obj.toString();
	}*/

	@Override
	protected String obtainUsername(HttpServletRequest request) {
		Object obj = request.getParameter(USERNAME);
		return null == obj ? "" : obj.toString();
	}
	

	@Override
	protected String obtainPassword(HttpServletRequest request) {
		Object obj = request.getParameter(PASSWORD);
		return null == obj ? "" : obj.toString();
	}
	
	
}