Examples of org.acegisecurity.userdetails.UserDetails

• org.acegisecurity.userdetails.UserDetails
  Provides core user information.

  Implementations are not used directly by Acegi Security for security purposes. They simply store user information which is later encapsulated into {@link Authentication} objects. This allows non-security related userinformation (such as email addresses, telephone numbers etc) to be stored in a convenient location.

  Concrete implementations must take particular care to ensure the non-null contract detailed for each method is enforced. See {@link org.acegisecurity.userdetails.User} for areference implementation (which you might like to extend).

  Concrete implementations should be immutable (value object semantics, like a String). This is because the UserDetails will be stored in caches and as such multiple threads may use the same instance.

  @author Ben Alex @version $Id: UserDetails.java 1784 2007-02-24 21:00:24Z luke_t $

        // Allow subclasses to set the "details" property
        setDetails(request, authRequest);
        if (errorMessage.equals("")) {
            try {

                UserDetails userdetails = userDetailsService.loadUserByUsername(username);
                if (userdetails == null)
                    errorMessage = "loginErrorMessage3.Label";
                else if (!password.equals(userdetails.getPassword()))
                        errorMessage = "loginErrorMessage4.Label";
            }
            catch(UsernameNotFoundException usere)
            {
                log.error("Exception occured in Login!",usere);

     * @return the located user
     *
     * @throws UsernameNotFoundException if the user could not be found
     */
    public UserDetails getUser(String username) throws UsernameNotFoundException {
        UserDetails result = (UserDetails) this.userMap.get(username.toLowerCase());

        if (result == null) {
            throw new UsernameNotFoundException("Could not find user: " + username);
        }

            UserAttribute attr = (UserAttribute) configAttribEd.getValue();

            // Make a user object, assuming the properties were properly provided
            if (attr != null) {
                UserDetails user = new User(username, attr.getPassword(), attr.isEnabled(), true, true, true,
                        attr.getAuthorities());
                userMap.addUser(user);
            }
        }

            // Lookup password for presented username
            // NB: DAO-provided password MUST be clear text - not encoded/salted
            // (unless this instance's passwordAlreadyEncoded property is 'false')
            boolean loadedFromDao = false;
            UserDetails user = userCache.getUserFromCache(username);

            if (user == null) {
                loadedFromDao = true;

                try {
                    user = userDetailsService.loadUserByUsername(username);
                } catch (UsernameNotFoundException notFound) {
                    fail(request, response,
                            new BadCredentialsException(messages.getMessage("DigestProcessingFilter.usernameNotFound",
                                    new Object[]{username}, "Username {0} not found")));

                    return;
                }

                if (user == null) {
                    throw new AuthenticationServiceException(
                            "AuthenticationDao returned null, which is an interface contract violation");
                }

                userCache.putUserInCache(user);
            }

            // Compute the expected response-digest (will be in hex form)
            String serverDigestMd5;

            // Don't catch IllegalArgumentException (already checked validity)
            serverDigestMd5 = generateDigest(passwordAlreadyEncoded, username, realm, user.getPassword(),
                    ((HttpServletRequest) request).getMethod(), uri, qop, nonce, nc, cnonce);

            // If digest is incorrect, try refreshing from backend and recomputing
            if (!serverDigestMd5.equals(responseDigest) && !loadedFromDao) {
                if (logger.isDebugEnabled()) {
                    logger.debug(
                            "Digest comparison failure; trying to refresh user from DAO in case password had changed");
                }

                try {
                    user = userDetailsService.loadUserByUsername(username);
                } catch (UsernameNotFoundException notFound) {
                    // Would very rarely happen, as user existed earlier
                    fail(request, response,
                            new BadCredentialsException(messages.getMessage("DigestProcessingFilter.usernameNotFound",
                                    new Object[]{username}, "Username {0} not found")));
                }

                userCache.putUserInCache(user);

                // Don't catch IllegalArgumentException (already checked validity)
                serverDigestMd5 = generateDigest(passwordAlreadyEncoded, username, realm, user.getPassword(),
                        ((HttpServletRequest) request).getMethod(), uri, qop, nonce, nc, cnonce);
            }

            // If digest is still incorrect, definitely reject authentication attempt
            if (!serverDigestMd5.equals(responseDigest)) {
                if (logger.isDebugEnabled()) {
                    logger.debug("Expected response: '" + serverDigestMd5 + "' but received: '" + responseDigest
                            + "'; is AuthenticationDao returning clear text passwords?");
                }

                fail(request, response,
                        new BadCredentialsException(messages.getMessage("DigestProcessingFilter.incorrectResponse",
                                "Incorrect response")));

                return;
            }

            // To get this far, the digest must have been valid
            // Check the nonce has not expired
            // We do this last so we can direct the user agent its nonce is stale
            // but the request was otherwise appearing to be valid
            if (nonceExpiryTime < System.currentTimeMillis()) {
                fail(request, response,
                        new NonceExpiredException(messages.getMessage("DigestProcessingFilter.nonceExpired",
                                "Nonce has expired/timed out")));

                return;
            }

            if (logger.isDebugEnabled()) {
                logger.debug("Authentication success for user: '" + username + "' with response: '" + responseDigest
                        + "'");
            }

            UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(user,
                    user.getPassword());

            authRequest.setDetails(authenticationDetailsSource.buildDetails((HttpServletRequest) request));

            SecurityContextHolder.getContext().setAuthentication(authRequest);
        }

     * @see org.acegisecurity.providers.dao.AbstractUserDetailsAuthenticationProvider#retrieveUser(java.lang.String, org.acegisecurity.providers.UsernamePasswordAuthenticationToken)
     */
    protected final UserDetails retrieveUser(final String username,
            final UsernamePasswordAuthenticationToken authentication) throws AuthenticationException {

        UserDetails loadedUser;

        try {
            loadedUser = this.getUserDetailsService().loadUserByUsername(username);
        } catch (DataAccessException repositoryProblem) {
            throw new AuthenticationServiceException(repositoryProblem.getMessage(), repositoryProblem);

        if (clientCertificate == null) {
            throw new BadCredentialsException(messages.getMessage("X509AuthenticationProvider.certificateNull",
                    "Certificate is null"));
        }

        UserDetails user = userCache.getUserFromCache(clientCertificate);

        if (user == null) {
            logger.debug("Authenticating with certificate " + clientCertificate);
            user = x509AuthoritiesPopulator.getUserDetails(clientCertificate);
            userCache.putUserInCache(clientCertificate, user);
        }

        X509AuthenticationToken result = new X509AuthenticationToken(user, clientCertificate, user.getAuthorities());

        result.setDetails(authentication.getDetails());

        return result;
    }

            throw new IllegalArgumentException("Regular expression must contain a single group ");
        }

        String userName = match.group(1);

        UserDetails user = this.userDetailsService.loadUserByUsername(userName);

        if (user == null) {
            throw new AuthenticationServiceException(
                "UserDetailsService returned null, which is an interface contract violation");
        }

        // Determine username
        String username = (authentication.getPrincipal() == null) ? "NONE_PROVIDED" : authentication.getName();

        boolean cacheWasUsed = true;
        UserDetails user = this.userCache.getUserFromCache(username);

        if (user == null) {
            cacheWasUsed = false;

            try {
                user = retrieveUser(username, (UsernamePasswordAuthenticationToken) authentication);
            } catch (UsernameNotFoundException notFound) {
                if (hideUserNotFoundExceptions) {
                    throw new BadCredentialsException(messages.getMessage(
                            "AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials"));
                } else {
                    throw notFound;
                }
            }

            Assert.notNull(user, "retrieveUser returned null - a violation of the interface contract");
        }

        preAuthenticationChecks.check(user);

        // This check must come here, as we don't want to tell users
        // about account status unless they presented the correct credentials
        try {
            additionalAuthenticationChecks(user, (UsernamePasswordAuthenticationToken) authentication);
        } catch (AuthenticationException exception) {
            if (cacheWasUsed) {
                // There was a problem, so try again after checking
                // we're using latest data (ie not from the cache)
                cacheWasUsed = false;
                user = retrieveUser(username, (UsernamePasswordAuthenticationToken) authentication);
                additionalAuthenticationChecks(user, (UsernamePasswordAuthenticationToken) authentication);
            } else {
                throw exception;
            }
        }

        postAuthenticationChecks.check(user);

        if (!cacheWasUsed) {
            this.userCache.putUserInCache(user);
        }

        Object principalToReturn = user;

        if (forcePrincipalAsString) {
            principalToReturn = user.getUsername();
        }

        return createSuccessAuthentication(principalToReturn, authentication, user);
    }

        // Check proxy list is trusted
        this.casProxyDecider.confirmProxyListTrusted(response.getProxyList());

        // Lookup user details
        UserDetails userDetails = this.casAuthoritiesPopulator.getUserDetails(response.getUser());

        // Construct CasAuthenticationToken
        return new CasAuthenticationToken(this.key, userDetails, authentication.getCredentials(),
            userDetails.getAuthorities(), userDetails, response.getProxyList(), response.getProxyGrantingTicketIou());
    }

    return userDetailsService;
  }

  protected final UserDetails retrieveUser(String username, UsernamePasswordAuthenticationToken authentication)
      throws AuthenticationException {
    UserDetails loadedUser;

    try {
      loadedUser = this.getUserDetailsService().loadUserByUsername(username);
    }
    catch (DataAccessException repositoryProblem) {