Commit 2f18e38d authored by Gradl, Tobias's avatar Gradl, Tobias
Browse files

720: Implement attribute checker

Task-Url: https://minfba.de.dariah.eu/mantisbt/view.php?id=720
parent c3caf057
package eu.dariah.de.dariahsp.local;
import java.util.ArrayList;
import java.util.Collection;
import org.joda.time.DateTime;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.password.PasswordEncoder;
import eu.dariah.de.dariahsp.model.Role;
import eu.dariah.de.dariahsp.model.RoleImpl;
import eu.dariah.de.dariahsp.model.User;
import eu.dariah.de.dariahsp.model.UserImpl;
import eu.dariah.de.dariahsp.service.BaseUserService;
import eu.dariah.de.dariahsp.service.UserService;
public class LocalAuthenticationProvider implements AuthenticationProvider {
......@@ -44,7 +35,11 @@ public class LocalAuthenticationProvider implements AuthenticationProvider {
if (encoder.matches(authentication.getCredentials().toString(), user.getPassword())) {
UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken(user.getUsername(), user.getPassword().hashCode(), user.getAuthorities());
auth.setDetails(this.getUserDetails(user));
User u = userService.getUserDetails(user);
auth.setDetails(u);
userService.saveUser(u);
return auth;
} else {
throw new BadCredentialsException("Wrong password");
......@@ -58,32 +53,4 @@ public class LocalAuthenticationProvider implements AuthenticationProvider {
public boolean supports(Class<?> authentication) {
return authentication.isAssignableFrom(UsernamePasswordAuthenticationToken.class);
}
private User getUserDetails(UserDetails user) {
User authorizedUser = null;
if (this.getUserService()!=null) {
authorizedUser = getUserService().loadUserByUsername(BaseUserService.DEFAULT_LOCAL_DOMAIN, user.getUsername());
}
if (authorizedUser==null) {
authorizedUser = new UserImpl();
authorizedUser.setEndpointId(BaseUserService.DEFAULT_LOCAL_DOMAIN);
authorizedUser.setEndpointName(BaseUserService.DEFAULT_LOCAL_DOMAIN);
authorizedUser.setHasAllAttributes(true);
authorizedUser.setUsername(user.getUsername());
}
Collection<Role> roles = new ArrayList<Role>();
for (GrantedAuthority r : user.getAuthorities()) {
roles.add(new RoleImpl(r.getAuthority()));
}
authorizedUser.setAuthorities(roles);
authorizedUser.setExpired(!(user.isAccountNonExpired() && user.isAccountNonLocked() && user.isCredentialsNonExpired() && user.isEnabled()));
authorizedUser.setLastLogin(DateTime.now());
if (this.getUserService()!=null) {
getUserService().saveUser(authorizedUser);
}
return authorizedUser;
}
}
......@@ -3,7 +3,6 @@ package eu.dariah.de.dariahsp.model;
import java.util.Collection;
import org.joda.time.DateTime;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;
import eu.dariah.de.minfba.core.metamodel.interfaces.Identifiable;
......@@ -27,4 +26,7 @@ public interface User extends UserDetails, Identifiable {
public void setUsername(String username);
public void setExpired(boolean b);
public void setLastLogin(DateTime now);
public boolean isPersistent();
public void setPersistent(boolean persistent);
}
......@@ -17,6 +17,7 @@ public class UserImpl implements User {
private String language;
private boolean hasAllAttributes;
private DateTime lastLogin;
private boolean persistent;
public UserImpl() {}
......@@ -57,6 +58,9 @@ public class UserImpl implements User {
public DateTime getLastLogin() { return lastLogin; }
public void setLastLogin(DateTime lastLogin) { this.lastLogin = lastLogin; }
public boolean isPersistent() { return persistent; }
public void setPersistent(boolean persistent) { this.persistent = persistent; }
@Override public String getUsername() { return username; }
@Override public String getPassword() { return ""; }
......
......@@ -12,6 +12,7 @@ import org.opensaml.xml.schema.XSString;
import org.opensaml.xml.schema.impl.XSStringImpl;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.saml.SAMLCredential;
......@@ -84,18 +85,36 @@ public abstract class BaseUserService implements UserService, SAMLUserDetailsSer
return u;
}
/**
* Getter for the localDomain field; defaults to DEFAULT_LOCAL_DOMAIN = "LOCAL"
* override if required
*
* @return local domain, default "LOCAL"
*/
protected String getLocalDomain() { return DEFAULT_LOCAL_DOMAIN; };
protected abstract void innerSaveUser(User persistedUser);
@Override
public User getUserDetails(UserDetails localUserDetails) {
User authorizedUser = null;
authorizedUser = this.loadUserByUsername(BaseUserService.DEFAULT_LOCAL_DOMAIN, localUserDetails.getUsername());
if (authorizedUser==null) {
authorizedUser = new UserImpl();
authorizedUser.setEndpointId(BaseUserService.DEFAULT_LOCAL_DOMAIN);
authorizedUser.setEndpointName(BaseUserService.DEFAULT_LOCAL_DOMAIN);
authorizedUser.setHasAllAttributes(true);
authorizedUser.setUsername(localUserDetails.getUsername());
}
Collection<Role> roles = new ArrayList<Role>();
if (this.getDefaultAuthority()!=null && !this.getDefaultAuthority().isEmpty()) {
roles.add(new RoleImpl(this.getDefaultAuthority()));
}
for (GrantedAuthority r : localUserDetails.getAuthorities()) {
roles.add(new RoleImpl(r.getAuthority()));
}
authorizedUser.setAuthorities(roles);
authorizedUser.setExpired(!(localUserDetails.isAccountNonExpired() && localUserDetails.isAccountNonLocked() && localUserDetails.isCredentialsNonExpired() && localUserDetails.isEnabled()));
authorizedUser.setLastLogin(DateTime.now());
authorizedUser.setPersistent(true);
return authorizedUser;
}
private User getUserDetails(SAMLCredential credential) throws Exception {
@Override
public User getUserDetails(SAMLCredential credential) throws Exception {
NameID nameId = credential.getNameID();
String fetchNameId = null;
......@@ -150,12 +169,28 @@ public abstract class BaseUserService implements UserService, SAMLUserDetailsSer
u.setAuthorities(roles);
u.setOriginalAttributes(this.convertAttributes(credential.getAttributes()));
if (!credential.getNameID().getFormat().equals("urn:oasis:names:tc:SAML:2.0:nameid-format:transient")) {
u.setPersistent(true);
}
if (credential instanceof SAMLAggregatedCredential) {
u.setAggregatedAttributes(this.convertAttributes(((SAMLAggregatedCredential)credential).getAggregatedAttributes()));
}
return u;
}
/**
* Getter for the localDomain field; defaults to DEFAULT_LOCAL_DOMAIN = "LOCAL"
* override if required
*
* @return local domain, default "LOCAL"
*/
protected String getLocalDomain() { return DEFAULT_LOCAL_DOMAIN; };
protected abstract void innerSaveUser(User persistedUser);
private List<SAMLAttribute> convertAttributes(List<Attribute> attributes) {
if (attributes==null) {
return null;
......
package eu.dariah.de.dariahsp.service;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.saml.SAMLCredential;
import eu.dariah.de.dariahsp.model.User;
public interface UserService extends UserDetailsService {
public User loadUserByUsername(String domain, String username) throws UsernameNotFoundException;
public void saveUser(User persistedUser);
public User getUserDetails(UserDetails localUserDetails);
public User getUserDetails(SAMLCredential credential) throws Exception;
}
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment