public Authentication authenticate(Authentication auth) throws UsernameNotFoundException {

    /** Init a database user object */
    try {
      employeeEntity = employeeDao.findByLogin(auth.getName());
    } catch (RuntimeException e) {
      throw new BadCredentialsException(
          this.messageSource.getMessage(
              "auth.no_user", new Object[] {"userName"}, "Access denied", Locale.getDefault()));
    }

    /** Checking if user account is active */
    if (employeeEntity.getActive() == 0) {
      throw new BadCredentialsException(
          this.messageSource.getMessage(
              "auth.expired", new Object[] {"active"}, "Access denied", Locale.getDefault()));
    }

    /** Compare passwords Make sure to encode the password first before comparing */
    if (!passwordEncoder.isPasswordValid(
        employeeEntity.getPassword(), (String) auth.getCredentials(), null)) {
      throw new BadCredentialsException(
          this.messageSource.getMessage(
              "auth.wrong", new Object[] {"password"}, "Access denied", Locale.getDefault()));
    }

    /**
     * main logic of Authentication manager
     *
     * @return UsernamePasswordAuthenticationToken
     */
    userAccessLogger.debug("User is located!");
    return new UsernamePasswordAuthenticationToken(
        auth.getName(), auth.getCredentials(), getAuthorities(employeeEntity.getAdmin()));
  }
Example #2
0
 /**
  * 比较密码是否相等
  *
  * @param encodePass 加密密码
  * @param rawPass 原密码
  * @return true相等,false不等
  */
 private boolean passEqual(String encodePass, String rawPass) {
   boolean passEqual = shaPasswordEncoder.isPasswordValid(encodePass, rawPass, KeyValue.PASS_SALT);
   return passEqual;
 }