package org.joget.apps.workflow.security;
import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
import org.joget.directory.model.Role;
import org.joget.directory.model.User;
import org.joget.directory.model.service.DirectoryManager;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.MessageSource;
import org.springframework.context.MessageSourceAware;
import org.springframework.context.support.MessageSourceAccessor;
import org.springframework.security.Authentication;
import org.springframework.security.AuthenticationException;
import org.springframework.security.AuthenticationServiceException;
import org.springframework.security.BadCredentialsException;
import org.springframework.security.GrantedAuthority;
import org.springframework.security.GrantedAuthorityImpl;
import org.springframework.security.SpringSecurityMessageSource;
import org.springframework.security.providers.AuthenticationProvider;
import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
import org.springframework.security.userdetails.UserDetails;
public class WorkflowAuthenticationProvider implements AuthenticationProvider, MessageSourceAware {
transient
@Autowired
@Qualifier("main")
private DirectoryManager directoryManager;
protected MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor();
public DirectoryManager getDirectoryManager() {
return directoryManager;
}
public void setDirectoryManager(DirectoryManager directoryManager) {
this.directoryManager = directoryManager;
}
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
// Determine username
String username = (authentication.getPrincipal() == null) ? "NONE_PROVIDED" : authentication.getName();
String password = authentication.getCredentials().toString();
// check credentials
boolean validLogin = false;
try {
validLogin = directoryManager.authenticate(username, password);
} catch (Exception e) {
throw new BadCredentialsException(e.getMessage());
}
if (!validLogin) {
throw new BadCredentialsException(messages.getMessage("AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials"));
}
// get authorities
Collection<Role> roles = directoryManager.getUserRoles(username);
List<GrantedAuthority> gaList = new ArrayList<GrantedAuthority>();
if (roles != null && !roles.isEmpty()) {
for (Role role : roles) {
GrantedAuthorityImpl ga = new GrantedAuthorityImpl(role.getId());
gaList.add(ga);
}
}
GrantedAuthority[] authorities = gaList.toArray(new GrantedAuthority[gaList.size()]);
// return result
User user = directoryManager.getUserByUsername(username);
UserDetails details = new WorkflowUserDetails(user);
UsernamePasswordAuthenticationToken result = new UsernamePasswordAuthenticationToken(details, password, authorities);
result.setDetails(details);
return result;
}
public boolean supports(Class authentication) {
return (UsernamePasswordAuthenticationToken.class.isAssignableFrom(authentication));
}
public void setMessageSource(MessageSource messageSource) {
this.messages = new MessageSourceAccessor(messageSource);
}
}