shionn.blog.security.AuthenticationProvider.java Source code

Java tutorial

Introduction

Here is the source code for shionn.blog.security.AuthenticationProvider.java

Source

package shionn.blog.security;

import java.text.SimpleDateFormat;

import org.apache.commons.codec.digest.DigestUtils;
import org.apache.ibatis.session.SqlSession;
import org.slf4j.Logger;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.stereotype.Controller;

import shionn.blog.db.dao.AuthenticationDao;
import shionn.blog.db.dbo.User;

/**
 * Code sous licence GPLv3 (http://www.gnu.org/licenses/gpl.html)
 *
 * @author <b>Shionn</b>, shionn@gmail.com <i>http://shionn.org</i><br>
 *         GCS d- s+:+ a+ C++ UL/M P L+ E--- W++ N K- w-- M+ t+ 5 X R+ !tv b+ D+ G- e+++ h+ r- y+
 */
@Controller
public class AuthenticationProvider implements org.springframework.security.authentication.AuthenticationProvider {

    @Autowired
    private SqlSession session;

    @Autowired
    @Value("${auth.salt}")
    private String salt = "salt";

    @Autowired
    private Logger logger;

    @Override
    public boolean supports(Class<?> type) {
        return type == UsernamePasswordAuthenticationToken.class;
    }

    @Override
    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        User user = session.getMapper(AuthenticationDao.class).readUser((String) authentication.getPrincipal());
        if (user == null) {
            throw new BadCredentialsException("TODO msg");
        } else if (checkPassword((UsernamePasswordAuthenticationToken) authentication, user)) {
            authentication = new UsernamePasswordAuthenticationToken(authentication.getPrincipal(),
                    authentication.getCredentials(), AuthorityUtils.createAuthorityList("ROLE_ADMIN"));
        } else {
            throw new BadCredentialsException("TODO msg");
        }
        return authentication;
    }

    private boolean checkPassword(UsernamePasswordAuthenticationToken token, User user) {
        return user.getPassword().equals(encodePassword(token, user));
    }

    private String encodePassword(UsernamePasswordAuthenticationToken token, User user) {
        String passphrase = new SimpleDateFormat("yyyyMMdd").format(user.getCreated()) + token.getCredentials()
                + salt;
        String encoded = DigestUtils.sha512Hex(passphrase);
        logger.info(encoded);
        return encoded;
    }
}