Ejemplo n.º 1
0
  public Authentication authenticate(Authentication authentication) throws AuthenticationException {
    Assert.isInstanceOf(
        UsernamePasswordAuthenticationToken.class,
        authentication,
        messages.getMessage("system.security.onlySupports", "只有用户名密码认证令牌被支持"));
    SecurityMessageInfo smi = new SecurityMessageInfo();
    // Determine username
    String username =
        (authentication.getPrincipal() == null) ? "NONE_PROVIDED" : authentication.getName();

    boolean cacheWasUsed = true;
    UserDetails user = (UserDetails) super.getUserCache().getUserFromCache(username);
    System.out.println("The UserCache was get UserInf :" + user);

    if (user == null) {
      cacheWasUsed = false;

      try {
        user = retrieveUser(username, (UsernamePasswordAuthenticationToken) authentication);

      } catch (UsernameNotFoundException notFound) {
        if (hideUserNotFoundExceptions) {

          String msg = messages.getMessage("system.security.badcredentials", "用户验证错误,用户不存在或密码错误!");
          smi.setMessage(msg);
          UserContext.setLoginMessage("loginerror", smi);
          throw new BadCredentialsException(msg);

        } else {
          String msg = messages.getMessage("system.security.badUserName", "用户不存在,请联系管理员赠机该用户!");
          System.out.println(msg);
          UserContext.setLoginMessage("loginerror", smi);

          smi.setMessage(msg);
          throw notFound;
        }
      }

      Assert.notNull(user, "retrieveUser returned null - a violation of the interface contract");
    }

    if (!user.isAccountNonLocked()) {
      String msg = messages.getMessage("system.security.locked", "登录用户已经被锁定!");
      smi.setMessage(msg);
      UserContext.setLoginMessage("loginerror", smi);
      throw new LockedException(msg);
    }

    if (!user.isEnabled()) {
      String msg = messages.getMessage("system.security.disabled", "登录用户已经被禁止使用!");
      smi.setMessage(msg);
      UserContext.setLoginMessage("loginerror", smi);
      throw new DisabledException(msg);
    }

    if (!user.isAccountNonExpired()) {
      String msg = messages.getMessage("system.security.expired", "登陆用户帐户已经到期!");
      smi.setMessage(msg);
      UserContext.setLoginMessage("loginerror", smi);
      throw new AccountExpiredException(msg);
    }

    if (!user.isCredentialsNonExpired()) {
      String msg = messages.getMessage("system.security.credentialsExpired", "登陆用户的密码已经到期!");
      smi.setMessage(msg);
      UserContext.setLoginMessage("loginerror", smi);
      throw new CredentialsExpiredException(msg);
    }

    // 验证用户是否符合权限!!!!
    // modify by zhangpeng for acegi used cache in 20081010 begin
    additionalAuthenticationChecks(user, (UsernamePasswordAuthenticationToken) authentication);
    // try {
    // additionalAuthenticationChecks(user,
    // (UsernamePasswordAuthenticationToken) authentication);
    // if (this.isVailedSystemAdmin) {
    // user = retrieveUser(username,
    // (UsernamePasswordAuthenticationToken) authentication);
    // }
    // modify by zhangpeng for acegi used cache in 20081010 end
    // } catch (AuthenticationException exception) {
    // // There was a problem, so try again after checking we're using
    // // latest data
    // System.out.println("authentication exception!");
    // cacheWasUsed = false;
    // user = retrieveUser(username,
    // (UsernamePasswordAuthenticationToken) authentication);
    // additionalAuthenticationChecks(user,
    // (UsernamePasswordAuthenticationToken) authentication);
    // }

    if (!cacheWasUsed) {
      getUserCache().putUserInCache(user);
    }

    Object principalToReturn = user;

    if (super.isForcePrincipalAsString()) {
      principalToReturn = user.getUsername();
    }

    this.isVailedSystemAdmin = false;
    return createSuccessAuthentication(principalToReturn, authentication, user);
  }
Ejemplo n.º 2
0
  /** 具体验证用户登陆的方法 */
  protected void additionalAuthenticationChecks(
      UserDetails userDetails, UsernamePasswordAuthenticationToken authentication)
      throws AuthenticationException {

    this.isVailedSystemAdmin = this.isSystemAdmin(userDetails);
    SecurityMessageInfo smi = new SecurityMessageInfo();

    // add by zhangpengf for sso in 2009-12-15 begin
    if ("SP_SSO".equals(authentication.getCredentials().toString().trim())) {
      String username =
          (authentication.getPrincipal() == null) ? "NONE_PROVIDED" : authentication.getName();
      if ("NONE_PROVIDED".equals(username)) {
        String msg = messages.getMessage("system.security.ssoExpired", "未找到该用户,请检查是否输入正确!");
        smi.setMessage(msg);
        UserContext.setLoginMessage("loginerror", smi);
        throw new BadCredentialsException(msg, userDetails);
      } else if (!username.trim().toLowerCase().equals(userDetails.getUsername().toLowerCase())) {
        String msg = messages.getMessage("system.security.ssoExpired", "未找到该用户,请检查是否输入正确!");
        smi.setMessage(msg);
        UserContext.setLoginMessage("loginerror", smi);
        throw new BadCredentialsException(msg, userDetails);
      }
    } else {
      if (userDetails.isSpecialUser() || !Boolean.valueOf(this.isLdap).booleanValue()) {
        Object salt = null;
        if (this.saltSource != null) {
          salt = this.saltSource.getSalt(userDetails);
        }

        if (!passwordEncoder.isPasswordValid(
            userDetails.getPassword(), authentication.getCredentials().toString(), salt)) {
          String msg =
              messages.getMessage(
                  "system.security.dbExpired", "验证错误,请检查您输入的用户名密码是您在本系统中设定的用户名以及密码!");
          smi.setMessage(msg);
          UserContext.setLoginMessage("loginerror", smi);
          throw new BadCredentialsException(msg, userDetails);
        }
      } else if (Boolean.valueOf(this.isLdap).booleanValue()) {
        try {
          boolean isAuth = false;
          System.out.println(
              "The User Check Type Is : "
                  + this.messages.getMessage("system.security.authtype", "ldap"));

          if ("ldap"
              .equalsIgnoreCase(this.messages.getMessage("system.security.authtype", "ldap"))) {

            isAuth =
                ldap.IsAuthenticatedByLdap(
                    authentication.getName().toLowerCase(),
                    authentication.getCredentials().toString());
          } else if ("notes"
              .equalsIgnoreCase(this.messages.getMessage("system.security.authtype", "ldap"))) {
            isAuth =
                ldap.IsAuthenticated(
                    authentication.getName().toLowerCase(),
                    authentication.getCredentials().toString());
          }
          if (!isAuth) {
            if (isVailedSystemAdmin) {
              Object salt = null;
              if (this.saltSource != null) {
                salt = this.saltSource.getSalt(userDetails);
              }

              if (!passwordEncoder.isPasswordValid(
                  userDetails.getPassword(), authentication.getCredentials().toString(), salt)) {
                String msg =
                    messages.getMessage(
                        "system.security.dbExpired", "验证错误,请检查您输入的用户名密码是您在本系统中设定的用户名以及密码!");
                smi.setMessage(msg);
                UserContext.setLoginMessage("loginerror", smi);
                throw new BadCredentialsException(msg, userDetails);
              }
            } else {
              String msg =
                  messages.getMessage(
                      "system.security.ldapExpired", "Ldap验证错误,请检查您输入的用户名密码是您的Notes用户名以及密码!");
              smi.setMessage(msg);
              UserContext.setLoginMessage("loginerror", smi);
              throw new BadCredentialsException(msg, userDetails);
            }
          }
        } catch (Exception e) {
          String msg = messages.getMessage("system.security.unknowExpired", "登陆验证发生错误,请联系管理员!");
          smi.setMessage(msg);
          UserContext.setLoginMessage("loginerror", smi);
          throw new BadCredentialsException(msg, userDetails);
        }
      }
    }
    // add by zhangpengf for sso in 2009-12-15 end
  }