ExAuthenticationProvider.java

/*
 * Copyright 2014-2015 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package com.rockagen.gnext.service.spring.security.extension;

import com.rockagen.commons.util.CommUtil;
import com.rockagen.gnext.po.AuthGroup;
import com.rockagen.gnext.po.AuthUser;
import com.rockagen.gnext.service.AuthUserServ;
import com.rockagen.gnext.tool.Crypto;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.InternalAuthenticationServiceException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UsernameNotFoundException;

import java.util.*;


/**
 * An {@link org.springframework.security.authentication.AuthenticationProvider} implementation that retrieves user details from a {@link org.springframework.security.core.userdetails.UserDetailsService}.
 *
 * @author ra
 * @since JDK1.8
 */
public class ExAuthenticationProvider extends AbstractUserDetailsAuthenticationProvider {


    // 3 hours
    private long lockedTime = 10800000;

    private AuthUserServ authUserServ;

    @Override
    protected void additionalAuthenticationChecks(UserDetails userDetails, UsernamePasswordAuthenticationToken authentication) throws AuthenticationException {
    }

    @Override
    protected UserDetails retrieveUser(String username, UsernamePasswordAuthenticationToken authentication) throws AuthenticationException {
        UserDetails loadedUser;

        try {
            loadedUser = loadUser(username, authentication.getCredentials().toString());
        } catch (Exception repositoryProblem) {
            throw new InternalAuthenticationServiceException(repositoryProblem.getMessage(), repositoryProblem);
        }

        return loadedUser;
    }


    /**
     * Create a new {@link org.springframework.security.core.userdetails.UserDetails} by uid
     *
     * @param uid         uid
     * @param credentials Credentials(always was password)
     * @return {@link org.springframework.security.core.userdetails.UserDetails}
     * @throws org.springframework.security.authentication.BadCredentialsException if credentials invalid
     */
    private UserDetails loadUser(String uid, String credentials) {

        // Not empty
        if(CommUtil.isBlank(uid) || CommUtil.isBlank(credentials)) {
            throw new BadCredentialsException(messages.getMessage(
                    "AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials"));
        }

        // Load user
        Optional<AuthUser> u=authUserServ.load(uid);

        if(u.filter(x->x.enabled()).isPresent()){
            AuthUser user=u.get();
            // Check credentials
            checkCredentials(user.getPassword(), credentials, user.getSalt());

            // After authenticated handler
            afterAuthenticatedHandler(user);

            List<GrantedAuthority> authorities = new LinkedList<>();
            Set<AuthGroup> groups = user.getGroups();
            if (groups != null && groups.size() > 0) {
                groups.forEach(x -> x.getRoles().forEach(y -> authorities.add(new SimpleGrantedAuthority(y.getName().trim()))));
            }
            return new User(user.getUid(), user.getPassword(), true, true, true, true, authorities);

        }else{
            throw new UsernameNotFoundException(messages.getMessage("",
                    new Object[]{uid}, "User {0} has no GrantedAuthority"));
        }

    }

    /**
     * Check password is valid?
     *
     * @param encPass     - a pre-encoded password
     * @param credentials Credentials(always was password)
     * @param salt        - a salt value.
     * @throws org.springframework.security.authentication.BadCredentialsException if credentials invalid
     */
    protected void checkCredentials(String encPass, String credentials, String salt) {
        if (!Crypto.passwdValid(encPass, credentials, salt)) {
            throw new BadCredentialsException(messages.getMessage(
                    "AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials"));
        }
    }

    /**
     * Do something after authenticated
     *
     * @param user {@link org.newland.kserv.po.AuthUser}
     */
    protected void afterAuthenticatedHandler(AuthUser user) {
        // CASE 1: Auto unlocked
        if (!user.enabled()) {
            Date date = new Date();
            long now = date.getTime();
            if(user.getLastSignInAt()!=null){
                long lastTime = user.getLastSignInAt().getTime();
                if (now - lastTime > lockedTime) {
                    // Unlocked user
                    user.setEnabledAt(date);
                    user.setEnabled(1);
                }
            }
        }
        // CASE 2: ..
    }


    public void setAuthUserServ(AuthUserServ authUserServ) {
        this.authUserServ = authUserServ;
    }

    /**
     * Locked user times
     *
     * @param lockedTime locked time
     */
    public void setLockedTime(long lockedTime) {
        this.lockedTime = lockedTime;
    }
}