Examples of org.acegisecurity.userdetails.UserDetails

org.acegisecurity.userdetails.UserDetails
Provides core user information.
Implementations are not used directly by Acegi Security for security purposes. They simply store user information which is later encapsulated into {@link Authentication} objects. This allows non-security related userinformation (such as email addresses, telephone numbers etc) to be stored in a convenient location.

Concrete implementations must take particular care to ensure the non-null contract detailed for each method is enforced. See {@link org.acegisecurity.userdetails.User} for areference implementation (which you might like to extend).

Concrete implementations should be immutable (value object semantics, like a String). This is because the UserDetails will be stored in caches and as such multiple threads may use the same instance.
@author Ben Alex @version $Id: UserDetails.java 1784 2007-02-24 21:00:24Z luke_t $

     */
    @Override
    protected UserDetails authenticate(String username, String password)
            throws AuthenticationException
    {
        UserDetails userDetails = null;


        String connectionString;


        connectionString = "jdbc:mysql://" + myServer + "/" +
                myDatabase;

View Full Code Here

     */
    @Override
    public UserDetails loadUserByUsername(String username)
            throws UsernameNotFoundException, DataAccessException
    {
        UserDetails user = null;
        String connectionString;


        connectionString = "jdbc:mysql://" + myServer + "/" +
                myDatabase;
        LOGGER.info("MySQLSecurity: Connection String - " + connectionString);

View Full Code Here

    }


    public List<User> query() {
        if (id!=null) {
            try {
                UserDetails d = sr.loadUserByUsername(id);
                if (d!=null)
                    return Collections.singletonList($(d));
            } catch (UsernameNotFoundException e) {
                // no such user
            } catch (DataAccessException e) {

View Full Code Here

  }


  // TODO: replace with User#impersonate once we are requiring 1.419+ as core
  private Authentication impersonateUser(User u) {
        try {
            UserDetails d = Hudson.getInstance().getSecurityRealm().loadUserByUsername(u.getId());
            return new UsernamePasswordAuthenticationToken(d.getUsername(), "", d.getAuthorities());
        } catch (AuthenticationException e) {
            // TODO: use the stored GrantedAuthorities
            return new UsernamePasswordAuthenticationToken(
                u.getId(), "", new GrantedAuthority[]{SecurityRealm.AUTHENTICATED_AUTHORITY});
        }

View Full Code Here

                            return null;
                        }


                        // Check the user exists
                        // Defer lookup until after expiry time checked, to possibly avoid expensive lookup
                        UserDetails userDetails;


                        try {
                            userDetails = this.userDetailsService
                                .loadUserByUsername(cookieTokens[0]);
                        } catch (UsernameNotFoundException notFound) {
                            cancelCookie(request, response,
                                "Cookie token[0] contained username '"
                                + cookieTokens[0] + "' but was not found");


                            return null;
                        }


                        // Immediately reject if the user is not allowed to login
                        if (!userDetails.isAccountNonExpired()
                            || !userDetails.isCredentialsNonExpired()
                            || !userDetails.isEnabled()) {
                            cancelCookie(request, response,
                                "Cookie token[0] contained username '"
                                + cookieTokens[0]
                                + "' but account has expired, credentials have expired, or user is disabled");


                            return null;
                        }


                        // Check signature of token matches remaining details
                        // Must do this after user lookup, as we need the DAO-derived password
                        // If efficiency was a major issue, just add in a UserCache implementation,
                        // but recall this method is usually only called one per HttpSession
                        // (as if the token is valid, it will cause SecurityContextHolder population, whilst
                        // if invalid, will cause the cookie to be cancelled)
                        String expectedTokenSignature = DigestUtils.md5Hex(userDetails
                                .getUsername() + ":" + tokenExpiryTime + ":"
                                + userDetails.getPassword() + ":" + this.key);


                        if (!expectedTokenSignature.equals(cookieTokens[2])) {
                            cancelCookie(request, response,
                                "Cookie token[2] contained signature '"
                                + cookieTokens[2] + "' but expected '"
                                + expectedTokenSignature + "'");


                            return null;
                        }


                        // By this stage we have a valid token
                        if (logger.isDebugEnabled()) {
                            logger.debug("Remember-me cookie accepted");
                        }


                        return new RememberMeAuthenticationToken(this.key,
                            userDetails, userDetails.getauthorities());
                    } else {
                        cancelCookie(request, response,
                            "Cookie token did not contain 3 tokens; decoded value was '"
                            + cookieAsPlainText + "'");

View Full Code Here

            throw new BadCredentialsException(messages.getMessage(
                    "X509AuthenticationProvider.certificateNull",
                    "Certificate is null"));
        }


        UserDetails user = userCache.getUserFromCache(clientCertificate);


        if (user == null) {
            logger.debug("Authenticating with certificate " + clientCertificate);
            user = X509AuthoritiesPopulator.getUserDetails(clientCertificate);
            userCache.putUserInCache(clientCertificate, user);
        }


        X509AuthenticationToken result = new X509AuthenticationToken(user,
                clientCertificate, user.getauthorities());


        result.setDetails((authentication.getDetails() != null)
            ? authentication.getDetails() : null);


        return result;

View Full Code Here


            // Lookup password for presented username
            // NB: DAO-provided password MUST be clear text - not encoded/salted
            // (unless this instance's passwordAlreadyEncoded property is 'false')
            boolean loadedFromDao = false;
            UserDetails user = userCache.getUserFromCache(username);


            if (user == null) {
                loadedFromDao = true;


                try {
                    user = userDetailsService.loadUserByUsername(username);
                } catch (UsernameNotFoundException notFound) {
                    fail(request, response,
                        new BadCredentialsException(messages.getMessage(
                                "DigestProcessingFilter.usernameNotFound",
                                new Object[] {username},
                                "Username {0} not found")));


                    return;
                }


                if (user == null) {
                    throw new AuthenticationServiceException(
                        "AuthenticationDao returned null, which is an interface contract violation");
                }


                userCache.putUserInCache(user);
            }


            // Compute the expected response-digest (will be in hex form)
            String serverDigestMd5;


            // Don't catch IllegalArgumentException (already checked validity)
            serverDigestMd5 = generateDigest(passwordAlreadyEncoded, username,
                    realm, user.getPassword(),
                    ((HttpServletRequest) request).getMethod(), uri, qop,
                    nonce, nc, cnonce);


            // If digest is incorrect, try refreshing from backend and recomputing
            if (!serverDigestMd5.equals(responseDigest) && !loadedFromDao) {
                if (logger.isDebugEnabled()) {
                    logger.debug(
                        "Digest comparison failure; trying to refresh user from DAO in case password had changed");
                }


                try {
                    user = userDetailsService.loadUserByUsername(username);
                } catch (UsernameNotFoundException notFound) {
                    // Would very rarely happen, as user existed earlier
                    fail(request, response,
                        new BadCredentialsException(messages.getMessage(
                                "DigestProcessingFilter.usernameNotFound",
                                new Object[] {username},
                                "Username {0} not found")));
                }


                userCache.putUserInCache(user);


                // Don't catch IllegalArgumentException (already checked validity)
                serverDigestMd5 = generateDigest(passwordAlreadyEncoded,
                        username, realm, user.getPassword(),
                        ((HttpServletRequest) request).getMethod(), uri, qop,
                        nonce, nc, cnonce);
            }


            // If digest is still incorrect, definitely reject authentication attempt
            if (!serverDigestMd5.equals(responseDigest)) {
                if (logger.isDebugEnabled()) {
                    logger.debug("Expected response: '" + serverDigestMd5
                        + "' but received: '" + responseDigest
                        + "'; is AuthenticationDao returning clear text passwords?");
                }


                fail(request, response,
                    new BadCredentialsException(messages.getMessage(
                            "DigestProcessingFilter.incorrectResponse",
                            "Incorrect response")));


                return;
            }


            // To get this far, the digest must have been valid
            // Check the nonce has not expired
            // We do this last so we can direct the user agent its nonce is stale
            // but the request was otherwise appearing to be valid
            if (nonceExpiryTime < System.currentTimeMillis()) {
                fail(request, response,
                    new NonceExpiredException(messages.getMessage(
                            "DigestProcessingFilter.nonceExpired",
                            "Nonce has expired/timed out")));


                return;
            }


            if (logger.isDebugEnabled()) {
                logger.debug("Authentication success for user: '" + username
                    + "' with response: '" + responseDigest + "'");
            }


            UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(user,
                    user.getPassword());
            authRequest.setDetails(new WebAuthenticationDetails(httpRequest));


            SecurityContextHolder.getContext().setAuthentication(authRequest);
        }

View Full Code Here


        // Check proxy list is trusted
        this.casProxyDecider.confirmProxyListTrusted(response.getProxyList());


        // Lookup user details
        UserDetails userDetails = this.CasAuthoritiesPopulator.getUserDetails(response
                .getUser());


        // Construct CasAuthenticationToken
        return new CasAuthenticationToken(this.key, response.getUser(),
            authentication.getCredentials(), userDetails.getauthorities(),
            userDetails, response.getProxyList(),
            response.getProxyGrantingTicketIou());
    }

View Full Code Here

        // Determine username
        String username = (authentication.getPrincipal() == null)
            ? "NONE_PROVIDED" : authentication.getName();


        boolean cacheWasUsed = true;
        UserDetails user = this.userCache.getUserFromCache(username);


        if (user == null) {
            cacheWasUsed = false;


            try {
                user = retrieveUser(username,
                    (UsernamePasswordAuthenticationToken) authentication);


            } catch (UsernameNotFoundException notFound) {
                if (hideUserNotFoundExceptions) {
                    throw new BadCredentialsException(messages.getMessage(
                            "AbstractUserDetailsAuthenticationProvider.badCredentials",
                            "Bad credentials"));
                } else {
                    throw notFound;
                }
            }


            Assert.notNull(user,
                "retrieveUser returned null - a violation of the interface contract");
        }


        if (!user.isAccountNonLocked()) {
            throw new LockedException(messages.getMessage(
                    "AbstractUserDetailsAuthenticationProvider.locked",
                    "User account is locked"));
        }


        if (!user.isEnabled()) {
            throw new DisabledException(messages.getMessage(
                    "AbstractUserDetailsAuthenticationProvider.disabled",
                    "User is disabled"));
        }


        if (!user.isAccountNonExpired()) {
            throw new AccountExpiredException(messages.getMessage(
                    "AbstractUserDetailsAuthenticationProvider.expired",
                    "User account has expired"));
        }


        // This check must come here, as we don't want to tell users
        // about account status unless they presented the correct credentials
        try {
            additionalAuthenticationChecks(user,
                (UsernamePasswordAuthenticationToken) authentication);
        } catch (AuthenticationException exception) {
            // There was a problem, so try again after checking we're using latest data
            cacheWasUsed = false;
            user = retrieveUser(username,
                    (UsernamePasswordAuthenticationToken) authentication);
            additionalAuthenticationChecks(user,
                (UsernamePasswordAuthenticationToken) authentication);
        }


        if (!user.isCredentialsNonExpired()) {
            throw new CredentialsExpiredException(messages.getMessage(
                    "AbstractUserDetailsAuthenticationProvider.credentialsExpired",
                    "User credentials have expired"));
        }


        if (!cacheWasUsed) {
            this.userCache.putUserInCache(user);
        }


        Object principalToReturn = user;


        if (forcePrincipalAsString) {
            principalToReturn = user.getUsername();
        }


        return createSuccessAuthentication(principalToReturn, authentication,
            user);
    }

View Full Code Here


            UserAttribute attr = (UserAttribute) configAttribEd.getValue();


            // Make a user object, assuming the properties were properly provided
            if (attr != null) {
                UserDetails user = new User(username, attr.getPassword(),
                        attr.isEnabled(), true, true, true,
                        attr.getauthorities());
                userMap.addUser(user);
            }
        }

View Full Code Here

0 1 2 3 4 5 6

TOP

Related Classes of org.acegisecurity.userdetails.UserDetails

$.HttpSessionContextIntegrationForCacheFilter

com.cisco.step.jenkins.plugins.jenkow.identity.JenkowUserQueryImpl

com.san.my.web.util.MarketYardAuthenticationProcessingFilter

edu.zzuli.common.security.CustomDaoAuthenticationProvider

edu.zzuli.common.security.CustomJdbcDaoImpl

edu.zzuli.common.security.CustomJdbcDaoImpl$UsersByCaidMapping

hudson.cli.ClientAuthenticationCache

hudson.model.User

hudson.plugins.im.IMConnectionProvider

hudson.plugins.mysql.MySQLSecurityRealm

All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.