1 | package gov.va.med.edp.springframework.security.providers.vistalink;
|
---|
2 |
|
---|
3 | import gov.va.med.edp.springframework.security.userdetails.VistaUserDetails;
|
---|
4 | import gov.va.med.edp.springframework.security.userdetails.VistaUserDetailsService;
|
---|
5 | import org.springframework.security.*;
|
---|
6 | import org.springframework.security.providers.AuthenticationProvider;
|
---|
7 | import org.springframework.security.providers.dao.UserCache;
|
---|
8 | import org.springframework.security.providers.dao.cache.NullUserCache;
|
---|
9 | import org.springframework.beans.factory.InitializingBean;
|
---|
10 | import org.springframework.context.MessageSource;
|
---|
11 | import org.springframework.context.MessageSourceAware;
|
---|
12 | import org.springframework.context.support.MessageSourceAccessor;
|
---|
13 | import org.springframework.dao.DataAccessException;
|
---|
14 | import org.springframework.util.Assert;
|
---|
15 |
|
---|
16 | public class VistaAuthenticationProvider implements AuthenticationProvider, MessageSourceAware, InitializingBean {
|
---|
17 |
|
---|
18 | protected MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor();
|
---|
19 | private UserCache userCache = new NullUserCache();
|
---|
20 |
|
---|
21 | private VistaUserDetailsService userDetailsService;
|
---|
22 |
|
---|
23 | public void afterPropertiesSet() throws Exception {
|
---|
24 | Assert.notNull(this.userCache, "A user cache must be set");
|
---|
25 | Assert.notNull(this.messages, "A message source must be set");
|
---|
26 | Assert.notNull(this.userDetailsService, "A VistaUserDetailsService must be set");
|
---|
27 | }
|
---|
28 |
|
---|
29 | public Authentication authenticate(Authentication authentication) throws AuthenticationException {
|
---|
30 | Assert.isInstanceOf(VistaAuthenticationToken.class, authentication,
|
---|
31 | messages.getMessage("VistaAuthenticationProvider.onlySupports",
|
---|
32 | "Only VistaAuthenticationToken is supported"));
|
---|
33 |
|
---|
34 | VistaAuthenticationToken auth = (VistaAuthenticationToken) authentication;
|
---|
35 |
|
---|
36 | String username = auth.getName();
|
---|
37 |
|
---|
38 | boolean cacheWasUsed = true;
|
---|
39 | VistaUserDetails user = (VistaUserDetails) this.userCache.getUserFromCache(username);
|
---|
40 |
|
---|
41 | if (user == null) {
|
---|
42 | cacheWasUsed = false;
|
---|
43 | user = retrieveUser(auth);
|
---|
44 | Assert.notNull(user, "retrieveUser returned null - a violation of the interface contract");
|
---|
45 | }
|
---|
46 |
|
---|
47 | if (!user.isAccountNonLocked()) {
|
---|
48 | throw new LockedException(messages.getMessage("VistaAuthenticationProvider.locked",
|
---|
49 | "User account is locked"));
|
---|
50 | }
|
---|
51 |
|
---|
52 | if (!user.isEnabled()) {
|
---|
53 | throw new DisabledException(messages.getMessage("VistaAuthenticationProvider.disabled",
|
---|
54 | "User is disabled"));
|
---|
55 | }
|
---|
56 |
|
---|
57 | if (!user.isAccountNonExpired()) {
|
---|
58 | throw new AccountExpiredException(messages.getMessage("VistaAuthenticationProvider.expired",
|
---|
59 | "User account has expired"));
|
---|
60 | }
|
---|
61 |
|
---|
62 | // This check must come here, as we don't want to tell users
|
---|
63 | // about account status unless they presented the correct credentials
|
---|
64 | try {
|
---|
65 | additionalAuthenticationChecks(user, auth);
|
---|
66 | } catch (AuthenticationException exception) {
|
---|
67 | if (cacheWasUsed) {
|
---|
68 | // There was a problem, so try again after checking
|
---|
69 | // we're using latest data (ie not from the cache)
|
---|
70 | cacheWasUsed = false;
|
---|
71 | user = retrieveUser(auth);
|
---|
72 | additionalAuthenticationChecks(user, auth);
|
---|
73 | } else {
|
---|
74 | throw exception;
|
---|
75 | }
|
---|
76 | }
|
---|
77 |
|
---|
78 | if (!user.isCredentialsNonExpired()) {
|
---|
79 | throw new CredentialsExpiredException(messages.getMessage(
|
---|
80 | "VistaAuthenticationProvider.credentialsExpired", "User credentials have expired"));
|
---|
81 | }
|
---|
82 |
|
---|
83 | if (!cacheWasUsed) {
|
---|
84 | this.userCache.putUserInCache(user);
|
---|
85 | }
|
---|
86 |
|
---|
87 | return createSuccessAuthentication(user, auth);
|
---|
88 | }
|
---|
89 |
|
---|
90 | protected void additionalAuthenticationChecks(VistaUserDetails userDetails,
|
---|
91 | VistaAuthenticationToken authentication) throws AuthenticationException {
|
---|
92 | // Object salt = null;
|
---|
93 | //
|
---|
94 | // if (this.saltSource != null) {
|
---|
95 | // salt = this.saltSource.getSalt(userDetails);
|
---|
96 | // }
|
---|
97 | //
|
---|
98 | if (authentication.getCredentials() == null) {
|
---|
99 | throw new BadCredentialsException(messages.getMessage(
|
---|
100 | "VistaAuthenticationProvider.badCredentials", "Bad credentials"),
|
---|
101 | userDetails);
|
---|
102 | }
|
---|
103 | //
|
---|
104 | // String presentedPassword = authentication.getCredentials() == null ? "" : authentication.getCredentials()
|
---|
105 | // .toString();
|
---|
106 | //
|
---|
107 | // if (!passwordEncoder.isPasswordValid(userDetails.getPassword(), presentedPassword, salt)) {
|
---|
108 | // throw new BadCredentialsException(messages.getMessage(
|
---|
109 | // "VistaAuthenticationProvider.badCredentials", "Bad credentials"),
|
---|
110 | // includeDetailsObject ? userDetails : null);
|
---|
111 | // }
|
---|
112 | }
|
---|
113 |
|
---|
114 | protected Authentication createSuccessAuthentication(VistaUserDetails user, VistaAuthenticationToken authentication) {
|
---|
115 | return new VistaAuthenticationToken(user, authentication.getAccessCode(), authentication.getVerifyCode(), authentication.getRemoteAddress(), user.getAuthorities());
|
---|
116 | }
|
---|
117 |
|
---|
118 | public void setMessageSource(MessageSource messageSource) {
|
---|
119 | this.messages = new MessageSourceAccessor(messageSource);
|
---|
120 | }
|
---|
121 |
|
---|
122 | public void setUserCache(UserCache userCache) {
|
---|
123 | this.userCache = userCache;
|
---|
124 | }
|
---|
125 |
|
---|
126 | public boolean supports(Class authentication) {
|
---|
127 | return VistaAuthenticationToken.class.isAssignableFrom(authentication);
|
---|
128 | }
|
---|
129 |
|
---|
130 | public VistaUserDetailsService getUserDetailsService() {
|
---|
131 | return userDetailsService;
|
---|
132 | }
|
---|
133 |
|
---|
134 | protected final VistaUserDetails retrieveUser(VistaAuthenticationToken authentication)
|
---|
135 | throws AuthenticationException {
|
---|
136 | VistaUserDetails loadedUser;
|
---|
137 |
|
---|
138 | try {
|
---|
139 | loadedUser = this.getUserDetailsService().login(authentication.getStationNumber(), authentication.getAccessCode(), authentication.getVerifyCode(), authentication.getRemoteAddress());
|
---|
140 | }
|
---|
141 | catch (DataAccessException repositoryProblem) {
|
---|
142 | throw new AuthenticationServiceException(repositoryProblem.getMessage(), repositoryProblem);
|
---|
143 | }
|
---|
144 |
|
---|
145 | if (loadedUser == null) {
|
---|
146 | throw new AuthenticationServiceException(
|
---|
147 | "VistaUserDetailsService returned null, which is an interface contract violation");
|
---|
148 | }
|
---|
149 | return loadedUser;
|
---|
150 | }
|
---|
151 |
|
---|
152 | public void setUserDetailsService(VistaUserDetailsService userDetailsService) {
|
---|
153 | this.userDetailsService = userDetailsService;
|
---|
154 | }
|
---|
155 |
|
---|
156 | public UserCache getUserCache() {
|
---|
157 | return userCache;
|
---|
158 | }
|
---|
159 | }
|
---|