Created
August 30, 2014 15:11
-
-
Save anonymous/b73cf93b3d0c2534813e to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
package com.blabadi.sec.oauth.provider; | |
import java.util.ArrayList; | |
import java.util.Collection; | |
import java.util.List; | |
import org.slf4j.Logger; | |
import org.slf4j.LoggerFactory; | |
import org.springframework.beans.factory.annotation.Autowired; | |
import org.springframework.security.authentication.AuthenticationProvider; | |
import org.springframework.security.authentication.BadCredentialsException; | |
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; | |
import org.springframework.security.core.Authentication; | |
import org.springframework.security.core.AuthenticationException; | |
import org.springframework.security.core.authority.SimpleGrantedAuthority; | |
public class CustomAuthenticationProvider implements AuthenticationProvider { | |
/** LoginService service bean */ | |
@Autowired | |
LoginService loginSvc; | |
/** Logger */ | |
private final static Logger logger = LoggerFactory.getLogger(CustomAuthenticationProvider.class); | |
/** | |
* Override the authenticate method to implement our custom authentication logic agains LoginService api. | |
*/ | |
public Authentication authenticate(Authentication auth) throws AuthenticationException { | |
logger.debug("entered CustomAuthenticationProvider.authenticate() with arguments: {}", auth.toString()); | |
//extract user name and password from Authentication instance | |
String userName = (String) auth.getPrincipal(); | |
String password = (String) auth.getCredentials(); | |
//call LoginService login to authenticate the user name and password | |
logger.debug("calling LoginService.login for user: {}", userName); | |
String userId = loginSvc.login(userName, password); | |
//check validity of the user Id returned, if it's valid => authentication successful. | |
if (loginSvc.validateUserId(userId)) { | |
logger.info("user {} authentication with LoginService was successful, found userId : {}", userName, userId); | |
logger.debug("getting user: {} roles from LoginService", userName); | |
List<String> userRoles = loginSvc.getUserRoles(userId); | |
logger.info("retrieved user roles from LoginService"); | |
//create GrantedAuthority collection from retrieved roles | |
Collection<SimpleGrantedAuthority> authorties = fillUserAuthorities(userRoles); | |
//create a fully populated authentication object | |
Authentication filledAuthentication = new UsernamePasswordAuthenticationToken(userName, password, authorties); | |
logger.info("created fully populated authentication object {}", filledAuthentication.toString()); | |
logger.debug("exiting authenticate()"); | |
return filledAuthentication; | |
} else { | |
logger.error("authentication failed against LoginService, invalid userId : {} , was returned", userId); | |
//throw an exception to indicate failure of authentication process | |
throw new BadCredentialsException("Invalid credentials"); | |
} | |
} | |
public boolean supports(Class<?> arg0) { | |
return true; | |
} | |
/** | |
* utility method to convert the user roles to a Collection<GrantedAuthority> for spring security to deal with | |
* @param roles the list of roles as string | |
* @return a collection of SimpleGrantedAuthority that represent user roles | |
*/ | |
private Collection<SimpleGrantedAuthority> fillUserAuthorities(List<String> roles) { | |
Collection<SimpleGrantedAuthority> authorties = new ArrayList<SimpleGrantedAuthority>(); | |
for(String role : roles) { | |
authorties.add(new SimpleGrantedAuthority(role)); | |
} | |
return authorties; | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment