List of usage examples for org.springframework.security.core.token Sha512DigestUtils shaHex
public static String shaHex(String data)
From source file:org.openwms.client.security.TokenUtils.java
/** * Concatenate credentials with <code>expires</code>, add a salt and hash * this String.// w w w .j a v a 2 s .co m * * @param userDetails * Where to take the credentials from * @param expires * Expiration lease * @return The hashed String */ public static String computeSignature(UserDetails userDetails, long expires) { StringBuilder signatureBuilder = new StringBuilder(); signatureBuilder.append(userDetails.getUsername()); signatureBuilder.append(":"); signatureBuilder.append(expires); signatureBuilder.append(":"); signatureBuilder.append(userDetails.getPassword()); signatureBuilder.append(":"); signatureBuilder.append(TokenUtils.MAGIC_KEY); MessageDigest digest; try { digest = MessageDigest.getInstance("MD5"); } catch (NoSuchAlgorithmException e) { throw new IllegalStateException("No MD5 algorithm found on platform!"); } return new String(Sha512DigestUtils.shaHex(digest.digest(signatureBuilder.toString().getBytes()))); }
From source file:de.thm.arsnova.controller.LoginController.java
@RequestMapping(value = { "/auth/login", "/doLogin" }, method = { RequestMethod.POST, RequestMethod.GET }) public void doLogin(@RequestParam("type") final String type, @RequestParam(value = "user", required = false) String username, @RequestParam(required = false) final String password, @RequestParam(value = "role", required = false) final UserSessionService.Role role, final HttpServletRequest request, final HttpServletResponse response) throws IOException { String addr = request.getRemoteAddr(); if (userService.isBannedFromLogin(addr)) { response.sendError(429, "Too Many Requests"); return;//from w ww .ja v a2s. c o m } userSessionService.setRole(role); if ("arsnova".equals(type)) { Authentication authRequest = new UsernamePasswordAuthenticationToken(username, password); try { Authentication auth = daoProvider.authenticate(authRequest); if (auth.isAuthenticated()) { SecurityContextHolder.getContext().setAuthentication(auth); request.getSession(true).setAttribute( HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY, SecurityContextHolder.getContext()); return; } } catch (AuthenticationException e) { LOGGER.info("Authentication failed: {}", e.getMessage()); } userService.increaseFailedLoginCount(addr); response.setStatus(HttpStatus.UNAUTHORIZED.value()); } else if ("ldap".equals(type)) { if (!"".equals(username) && !"".equals(password)) { org.springframework.security.core.userdetails.User user = new org.springframework.security.core.userdetails.User( username, password, true, true, true, true, this.getAuthorities()); Authentication token = new UsernamePasswordAuthenticationToken(user, password, getAuthorities()); try { Authentication auth = ldapAuthenticationProvider.authenticate(token); if (auth.isAuthenticated()) { SecurityContextHolder.getContext().setAuthentication(token); request.getSession(true).setAttribute( HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY, SecurityContextHolder.getContext()); return; } LOGGER.info("LDAPLOGIN: {}", auth.isAuthenticated()); } catch (AuthenticationException e) { LOGGER.info("No LDAP login: {}", e); } userService.increaseFailedLoginCount(addr); response.setStatus(HttpStatus.UNAUTHORIZED.value()); } } else if ("guest".equals(type)) { List<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>(); authorities.add(new SimpleGrantedAuthority("ROLE_GUEST")); if (username == null || !username.startsWith("Guest") || username.length() != MAX_USERNAME_LENGTH) { username = "Guest" + Sha512DigestUtils.shaHex(request.getSession().getId()).substring(0, MAX_GUESTHASH_LENGTH); } org.springframework.security.core.userdetails.User user = new org.springframework.security.core.userdetails.User( username, "", true, true, true, true, authorities); Authentication token = new UsernamePasswordAuthenticationToken(user, null, authorities); SecurityContextHolder.getContext().setAuthentication(token); request.getSession(true).setAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY, SecurityContextHolder.getContext()); } }