[1240] | 1 | package gov.va.med.edp.springframework.security.providers.vistalink;
|
---|
| 2 |
|
---|
| 3 | import gov.va.med.edp.springframework.security.userdetails.VistaUserDetails;
|
---|
| 4 | import gov.va.med.edp.springframework.security.userdetails.VistaUserDetailsService;
|
---|
| 5 | import org.springframework.security.*;
|
---|
| 6 | import org.springframework.security.providers.AuthenticationProvider;
|
---|
| 7 | import org.springframework.security.providers.dao.UserCache;
|
---|
| 8 | import org.springframework.security.providers.dao.cache.NullUserCache;
|
---|
| 9 | import org.springframework.beans.factory.InitializingBean;
|
---|
| 10 | import org.springframework.context.MessageSource;
|
---|
| 11 | import org.springframework.context.MessageSourceAware;
|
---|
| 12 | import org.springframework.context.support.MessageSourceAccessor;
|
---|
| 13 | import org.springframework.dao.DataAccessException;
|
---|
| 14 | import org.springframework.util.Assert;
|
---|
| 15 |
|
---|
| 16 | public class VistaAuthenticationProvider implements AuthenticationProvider, MessageSourceAware, InitializingBean {
|
---|
| 17 |
|
---|
| 18 | protected MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor();
|
---|
| 19 | private UserCache userCache = new NullUserCache();
|
---|
| 20 |
|
---|
| 21 | private VistaUserDetailsService userDetailsService;
|
---|
| 22 |
|
---|
| 23 | public void afterPropertiesSet() throws Exception {
|
---|
| 24 | Assert.notNull(this.userCache, "A user cache must be set");
|
---|
| 25 | Assert.notNull(this.messages, "A message source must be set");
|
---|
| 26 | Assert.notNull(this.userDetailsService, "A VistaUserDetailsService must be set");
|
---|
| 27 | }
|
---|
| 28 |
|
---|
| 29 | public Authentication authenticate(Authentication authentication) throws AuthenticationException {
|
---|
| 30 | Assert.isInstanceOf(VistaAuthenticationToken.class, authentication,
|
---|
| 31 | messages.getMessage("VistaAuthenticationProvider.onlySupports",
|
---|
| 32 | "Only VistaAuthenticationToken is supported"));
|
---|
| 33 |
|
---|
| 34 | VistaAuthenticationToken auth = (VistaAuthenticationToken) authentication;
|
---|
| 35 |
|
---|
| 36 | String username = auth.getName();
|
---|
| 37 |
|
---|
| 38 | boolean cacheWasUsed = true;
|
---|
| 39 | VistaUserDetails user = (VistaUserDetails) this.userCache.getUserFromCache(username);
|
---|
| 40 |
|
---|
| 41 | if (user == null) {
|
---|
| 42 | cacheWasUsed = false;
|
---|
| 43 | user = retrieveUser(auth);
|
---|
| 44 | Assert.notNull(user, "retrieveUser returned null - a violation of the interface contract");
|
---|
| 45 | }
|
---|
| 46 |
|
---|
| 47 | if (!user.isAccountNonLocked()) {
|
---|
| 48 | throw new LockedException(messages.getMessage("VistaAuthenticationProvider.locked",
|
---|
| 49 | "User account is locked"));
|
---|
| 50 | }
|
---|
| 51 |
|
---|
| 52 | if (!user.isEnabled()) {
|
---|
| 53 | throw new DisabledException(messages.getMessage("VistaAuthenticationProvider.disabled",
|
---|
| 54 | "User is disabled"));
|
---|
| 55 | }
|
---|
| 56 |
|
---|
| 57 | if (!user.isAccountNonExpired()) {
|
---|
| 58 | throw new AccountExpiredException(messages.getMessage("VistaAuthenticationProvider.expired",
|
---|
| 59 | "User account has expired"));
|
---|
| 60 | }
|
---|
| 61 |
|
---|
| 62 | // This check must come here, as we don't want to tell users
|
---|
| 63 | // about account status unless they presented the correct credentials
|
---|
| 64 | try {
|
---|
| 65 | additionalAuthenticationChecks(user, auth);
|
---|
| 66 | } catch (AuthenticationException exception) {
|
---|
| 67 | if (cacheWasUsed) {
|
---|
| 68 | // There was a problem, so try again after checking
|
---|
| 69 | // we're using latest data (ie not from the cache)
|
---|
| 70 | cacheWasUsed = false;
|
---|
| 71 | user = retrieveUser(auth);
|
---|
| 72 | additionalAuthenticationChecks(user, auth);
|
---|
| 73 | } else {
|
---|
| 74 | throw exception;
|
---|
| 75 | }
|
---|
| 76 | }
|
---|
| 77 |
|
---|
| 78 | if (!user.isCredentialsNonExpired()) {
|
---|
| 79 | throw new CredentialsExpiredException(messages.getMessage(
|
---|
| 80 | "VistaAuthenticationProvider.credentialsExpired", "User credentials have expired"));
|
---|
| 81 | }
|
---|
| 82 |
|
---|
| 83 | if (!cacheWasUsed) {
|
---|
| 84 | this.userCache.putUserInCache(user);
|
---|
| 85 | }
|
---|
| 86 |
|
---|
| 87 | return createSuccessAuthentication(user, auth);
|
---|
| 88 | }
|
---|
| 89 |
|
---|
| 90 | protected void additionalAuthenticationChecks(VistaUserDetails userDetails,
|
---|
| 91 | VistaAuthenticationToken authentication) throws AuthenticationException {
|
---|
| 92 | // Object salt = null;
|
---|
| 93 | //
|
---|
| 94 | // if (this.saltSource != null) {
|
---|
| 95 | // salt = this.saltSource.getSalt(userDetails);
|
---|
| 96 | // }
|
---|
| 97 | //
|
---|
| 98 | if (authentication.getCredentials() == null) {
|
---|
| 99 | throw new BadCredentialsException(messages.getMessage(
|
---|
| 100 | "VistaAuthenticationProvider.badCredentials", "Bad credentials"),
|
---|
| 101 | userDetails);
|
---|
| 102 | }
|
---|
| 103 | //
|
---|
| 104 | // String presentedPassword = authentication.getCredentials() == null ? "" : authentication.getCredentials()
|
---|
| 105 | // .toString();
|
---|
| 106 | //
|
---|
| 107 | // if (!passwordEncoder.isPasswordValid(userDetails.getPassword(), presentedPassword, salt)) {
|
---|
| 108 | // throw new BadCredentialsException(messages.getMessage(
|
---|
| 109 | // "VistaAuthenticationProvider.badCredentials", "Bad credentials"),
|
---|
| 110 | // includeDetailsObject ? userDetails : null);
|
---|
| 111 | // }
|
---|
| 112 | }
|
---|
| 113 |
|
---|
| 114 | protected Authentication createSuccessAuthentication(VistaUserDetails user, VistaAuthenticationToken authentication) {
|
---|
| 115 | return new VistaAuthenticationToken(user, authentication.getAccessCode(), authentication.getVerifyCode(), authentication.getRemoteAddress(), user.getAuthorities());
|
---|
| 116 | }
|
---|
| 117 |
|
---|
| 118 | public void setMessageSource(MessageSource messageSource) {
|
---|
| 119 | this.messages = new MessageSourceAccessor(messageSource);
|
---|
| 120 | }
|
---|
| 121 |
|
---|
| 122 | public void setUserCache(UserCache userCache) {
|
---|
| 123 | this.userCache = userCache;
|
---|
| 124 | }
|
---|
| 125 |
|
---|
| 126 | public boolean supports(Class authentication) {
|
---|
| 127 | return VistaAuthenticationToken.class.isAssignableFrom(authentication);
|
---|
| 128 | }
|
---|
| 129 |
|
---|
| 130 | public VistaUserDetailsService getUserDetailsService() {
|
---|
| 131 | return userDetailsService;
|
---|
| 132 | }
|
---|
| 133 |
|
---|
| 134 | protected final VistaUserDetails retrieveUser(VistaAuthenticationToken authentication)
|
---|
| 135 | throws AuthenticationException {
|
---|
| 136 | VistaUserDetails loadedUser;
|
---|
| 137 |
|
---|
| 138 | try {
|
---|
| 139 | loadedUser = this.getUserDetailsService().login(authentication.getStationNumber(), authentication.getAccessCode(), authentication.getVerifyCode(), authentication.getRemoteAddress());
|
---|
| 140 | }
|
---|
| 141 | catch (DataAccessException repositoryProblem) {
|
---|
| 142 | throw new AuthenticationServiceException(repositoryProblem.getMessage(), repositoryProblem);
|
---|
| 143 | }
|
---|
| 144 |
|
---|
| 145 | if (loadedUser == null) {
|
---|
| 146 | throw new AuthenticationServiceException(
|
---|
| 147 | "VistaUserDetailsService returned null, which is an interface contract violation");
|
---|
| 148 | }
|
---|
| 149 | return loadedUser;
|
---|
| 150 | }
|
---|
| 151 |
|
---|
| 152 | public void setUserDetailsService(VistaUserDetailsService userDetailsService) {
|
---|
| 153 | this.userDetailsService = userDetailsService;
|
---|
| 154 | }
|
---|
| 155 |
|
---|
| 156 | public UserCache getUserCache() {
|
---|
| 157 | return userCache;
|
---|
| 158 | }
|
---|
| 159 | }
|
---|