Commit d4aa1b92 authored by Gradl, Tobias's avatar Gradl, Tobias
Browse files

#480: Implement sessions

Copied some sec func from ScheReg
parent 790e3fcf
......@@ -4,17 +4,35 @@
<groupId>eu.dariah.de</groupId>
<artifactId>dariah-javasp-core</artifactId>
<version>0.0.4-SNAPSHOT</version>
<version>0.0.5-SNAPSHOT</version>
<name>DARIAH AAI library - core</name>
<packaging>jar</packaging>
<properties>
<java-version>1.7</java-version>
<maven.compiler.source>1.7</maven.compiler.source>
<maven.compiler.target>1.7</maven.compiler.target>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
<eu.dariah.de.minfba.core-metamodel.version>3.1.0-SNAPSHOT</eu.dariah.de.minfba.core-metamodel.version>
</properties>
<dependencies>
<dependency>
<groupId>eu.dariah.de.minfba.core</groupId>
<artifactId>core-metamodel</artifactId>
<version>${eu.dariah.de.minfba.core-metamodel.version}</version>
</dependency>
<dependency>
<groupId>eu.dariah.de</groupId>
<artifactId>spring-security-saml2-core</artifactId>
<version>1.0.2-SNAPSHOT</version>
</dependency>
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>servlet-api</artifactId>
......
package de.dariah.aai.javasp.base;
import org.joda.time.DateTime;
import de.dariah.aai.javasp.base.SimpleUserDetails;
import eu.dariah.de.minfba.core.metamodel.interfaces.Identifiable;
public class PersistedUserDetails extends SimpleUserDetails implements Identifiable {
private static final long serialVersionUID = -6763023924626676185L;
private DateTime lastLogin;
public DateTime getLastLogin() { return lastLogin; }
public void setLastLogin(DateTime lastLogin) { this.lastLogin = lastLogin; }
}
package de.dariah.aai.javasp.base;
import de.dariah.aai.javasp.base.Role;
public class RoleImpl implements Role {
private static final long serialVersionUID = 4139022217963525795L;
private int level;
private String authority;
private String description;
public RoleImpl() {}
public RoleImpl(String authority) {
this.authority = authority;
}
@Override
public int getLevel() { return level; }
public void setLevel(int level) { this.level = level; }
@Override
public String getAuthority() { return authority; }
public void setAuthority(String authority) { this.authority = authority; }
@Override
public String getDescription() { return description; }
public void setDescription(String description) { this.description = description; }
@Override
public int getId() { return 0; }
}
package de.dariah.aai.javasp.service;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import de.dariah.aai.javasp.base.PersistedUserDetails;
public interface PersistedUserDetailsService {
public PersistedUserDetails loadUserByUsername(String domain, String username) throws UsernameNotFoundException;
public void saveUser(PersistedUserDetails persistedUser);
}
......@@ -4,14 +4,14 @@
<artifactId>dariah-javasp-web</artifactId>
<groupId>eu.dariah.de</groupId>
<version>0.0.4-SNAPSHOT</version>
<version>0.0.5-SNAPSHOT</version>
<name>dariah-aai-web</name>
<url>http://maven.apache.org</url>
<packaging>jar</packaging>
<properties>
<eu.dariah.de.minfba.core-web.version>1.1.0-SNAPSHOT</eu.dariah.de.minfba.core-web.version>
<eu.dariah.de.minfba.core-web.version>1.2.0-SNAPSHOT</eu.dariah.de.minfba.core-web.version>
<org.springframework-version>4.1.9.RELEASE</org.springframework-version>
<org.springsecurity-version>3.2.6.RELEASE</org.springsecurity-version>
<org.slf4j-version>1.7.10</org.slf4j-version>
......@@ -21,7 +21,7 @@
<dependency>
<groupId>eu.dariah.de</groupId>
<artifactId>dariah-javasp-core</artifactId>
<version>0.0.4-SNAPSHOT</version>
<version>0.0.5-SNAPSHOT</version>
</dependency>
<dependency>
<groupId>eu.dariah.de</groupId>
......
package de.dariah.aai.javasp.web.auth.local;
import java.util.ArrayList;
import java.util.Collection;
import org.joda.time.DateTime;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import de.dariah.aai.javasp.base.PersistedUserDetails;
import de.dariah.aai.javasp.base.Role;
import de.dariah.aai.javasp.base.RoleImpl;
import de.dariah.aai.javasp.base.SimpleUserDetails;
import de.dariah.aai.javasp.service.PersistedUserDetailsService;
public class LocalAuthenticationProvider implements AuthenticationProvider {
@Autowired private PersistedUserDetailsService persistedUserDetailsService;
private UserDetailsService localUserDetailsService;
public UserDetailsService getLocalUserDetailsService() { return localUserDetailsService; }
public void setLocalUserDetailsService(UserDetailsService localUserDetailsService) { this.localUserDetailsService = localUserDetailsService; }
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
try {
UserDetails user = localUserDetailsService.loadUserByUsername(authentication.getName());
if (user.getPassword().equals(authentication.getCredentials())) {
UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken(user.getUsername(), user.getPassword().hashCode(), user.getAuthorities());
auth.setDetails(this.getUserDetails(user));
return auth;
} else {
throw new BadCredentialsException("Wrong password");
}
} catch (AuthenticationException e) {
throw new BadCredentialsException("Provided username and/or password wrong.");
}
}
public boolean supports(Class<?> authentication) {
return authentication.isAssignableFrom(UsernamePasswordAuthenticationToken.class);
}
private SimpleUserDetails getUserDetails(UserDetails user) {
PersistedUserDetails persistedUser = persistedUserDetailsService.loadUserByUsername("LOCAL", user.getUsername());
if (persistedUser==null) {
persistedUser = new PersistedUserDetails();
persistedUser.setEndpointId("LOCAL");
persistedUser.setEndpointName("LOCAL");
persistedUser.setHasAllAttributes(true);
persistedUser.setUsername(user.getUsername());
}
Collection<Role> roles = new ArrayList<Role>();
for (GrantedAuthority r : user.getAuthorities()) {
roles.add(new RoleImpl(r.getAuthority()));
}
persistedUser.setAuthorities(roles);
persistedUser.setExpired(!(user.isAccountNonExpired() && user.isAccountNonLocked() && user.isCredentialsNonExpired() && user.isEnabled()));
persistedUser.setLastLogin(DateTime.now());
persistedUserDetailsService.saveUser(persistedUser);
return persistedUser;
}
}
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment