/**
* Copyright (C) 2012 - 2013, Grass CRM Studio
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.gcrm.security;
import java.util.Locale;
import java.util.ResourceBundle;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.authentication.encoding.Md5PasswordEncoder;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import com.gcrm.domain.User;
import com.gcrm.util.CommonUtil;
import com.gcrm.util.security.UserUtil;
/**
* Authentication filter
*/
public class AuthenticationFilter extends UsernamePasswordAuthenticationFilter {
public static final String USERNAME = "j_username";
public static final String PASSWORD = "j_password";
public static final String LANGUAGE = "j_language";
public static final String SALT = "Grass";
@Override
public Authentication attemptAuthentication(HttpServletRequest request,
HttpServletResponse response) throws AuthenticationException {
if (!request.getMethod().equals("POST")) {
throw new AuthenticationServiceException(
"Authentication method not supported: "
+ request.getMethod());
}
String username = obtainUsername(request);
String password = obtainPassword(request);
// Validates username and password
username = username.trim();
String localValue = obtainLanguage(request);
String[] locals = localValue.split("_");
Locale locale = new Locale(locals[0], locals[1]);
request.getSession().setAttribute("WW_TRANS_I18N_LOCALE", locale);
request.getSession().setAttribute("locale", localValue);
Locale.setDefault(locale);
User user = UserUtil.getUser(username);
Md5PasswordEncoder encoder = new Md5PasswordEncoder();
password = encoder.encodePassword(password, AuthenticationFilter.SALT);
if (user == null || !user.getPassword().equals(password)) {
ResourceBundle rb = CommonUtil.getResourceBundle();
String errorMessage = rb.getString("error.login.denied");
throw new AuthenticationServiceException(errorMessage);
}
UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(
username, password);
setDetails(request, authRequest);
// return authRequest;
return this.getAuthenticationManager().authenticate(authRequest);
}
@Override
protected String obtainUsername(HttpServletRequest request) {
Object obj = request.getParameter(USERNAME);
return null == obj ? "" : obj.toString();
}
@Override
protected String obtainPassword(HttpServletRequest request) {
Object obj = request.getParameter(PASSWORD);
return null == obj ? "" : obj.toString();
}
protected String obtainLanguage(HttpServletRequest request) {
Object obj = request.getParameter(LANGUAGE);
return null == obj ? "" : obj.toString();
}
}