Example usage for org.springframework.security.core.token Sha512DigestUtils shaHex

List of usage examples for org.springframework.security.core.token Sha512DigestUtils shaHex

  1. HOME
  2. Java
  3. org.springframework
  4. org.springframework.security.core.token.*
  5. Sha512DigestUtils
  6. shaHex

Introduction

In this page you can find the example usage for org.springframework.security.core.token Sha512DigestUtils shaHex.

Prototype

public static String shaHex(String data)

Source Link

Document

Calculates the SHA digest and returns the value as a hex string.

Usage

From source file:org.openwms.client.security.TokenUtils.java

/**
 * Concatenate credentials with <code>expires</code>, add a salt and hash
 * this String.// w w  w .j  a v  a 2  s  .co  m
 * 
 * @param userDetails
 *            Where to take the credentials from
 * @param expires
 *            Expiration lease
 * @return The hashed String
 */
public static String computeSignature(UserDetails userDetails, long expires) {
    StringBuilder signatureBuilder = new StringBuilder();
    signatureBuilder.append(userDetails.getUsername());
    signatureBuilder.append(":");
    signatureBuilder.append(expires);
    signatureBuilder.append(":");
    signatureBuilder.append(userDetails.getPassword());
    signatureBuilder.append(":");
    signatureBuilder.append(TokenUtils.MAGIC_KEY);
    MessageDigest digest;
    try {
        digest = MessageDigest.getInstance("MD5");
    } catch (NoSuchAlgorithmException e) {
        throw new IllegalStateException("No MD5 algorithm found on platform!");
    }
    return new String(Sha512DigestUtils.shaHex(digest.digest(signatureBuilder.toString().getBytes())));
}

From source file:de.thm.arsnova.controller.LoginController.java

@RequestMapping(value = { "/auth/login", "/doLogin" }, method = { RequestMethod.POST, RequestMethod.GET })
public void doLogin(@RequestParam("type") final String type,
        @RequestParam(value = "user", required = false) String username,
        @RequestParam(required = false) final String password,
        @RequestParam(value = "role", required = false) final UserSessionService.Role role,
        final HttpServletRequest request, final HttpServletResponse response) throws IOException {
    String addr = request.getRemoteAddr();
    if (userService.isBannedFromLogin(addr)) {
        response.sendError(429, "Too Many Requests");

        return;//from w ww .ja  v a2s. c o  m
    }

    userSessionService.setRole(role);

    if ("arsnova".equals(type)) {
        Authentication authRequest = new UsernamePasswordAuthenticationToken(username, password);
        try {
            Authentication auth = daoProvider.authenticate(authRequest);
            if (auth.isAuthenticated()) {
                SecurityContextHolder.getContext().setAuthentication(auth);
                request.getSession(true).setAttribute(
                        HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY,
                        SecurityContextHolder.getContext());

                return;
            }
        } catch (AuthenticationException e) {
            LOGGER.info("Authentication failed: {}", e.getMessage());
        }

        userService.increaseFailedLoginCount(addr);
        response.setStatus(HttpStatus.UNAUTHORIZED.value());
    } else if ("ldap".equals(type)) {
        if (!"".equals(username) && !"".equals(password)) {
            org.springframework.security.core.userdetails.User user = new org.springframework.security.core.userdetails.User(
                    username, password, true, true, true, true, this.getAuthorities());

            Authentication token = new UsernamePasswordAuthenticationToken(user, password, getAuthorities());
            try {
                Authentication auth = ldapAuthenticationProvider.authenticate(token);
                if (auth.isAuthenticated()) {
                    SecurityContextHolder.getContext().setAuthentication(token);
                    request.getSession(true).setAttribute(
                            HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY,
                            SecurityContextHolder.getContext());

                    return;
                }
                LOGGER.info("LDAPLOGIN: {}", auth.isAuthenticated());
            } catch (AuthenticationException e) {
                LOGGER.info("No LDAP login: {}", e);
            }

            userService.increaseFailedLoginCount(addr);
            response.setStatus(HttpStatus.UNAUTHORIZED.value());
        }
    } else if ("guest".equals(type)) {
        List<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>();
        authorities.add(new SimpleGrantedAuthority("ROLE_GUEST"));
        if (username == null || !username.startsWith("Guest") || username.length() != MAX_USERNAME_LENGTH) {
            username = "Guest"
                    + Sha512DigestUtils.shaHex(request.getSession().getId()).substring(0, MAX_GUESTHASH_LENGTH);
        }
        org.springframework.security.core.userdetails.User user = new org.springframework.security.core.userdetails.User(
                username, "", true, true, true, true, authorities);
        Authentication token = new UsernamePasswordAuthenticationToken(user, null, authorities);

        SecurityContextHolder.getContext().setAuthentication(token);
        request.getSession(true).setAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY,
                SecurityContextHolder.getContext());
    }
}