@Override
 protected UserDetails retrieveUser(
     String username, UsernamePasswordAuthenticationToken authentication)
     throws AuthenticationException {
   return MySQLSecurityRealm.this.authenticate(
       username, authentication.getCredentials().toString());
 }
  /**
   * @param authentication null if we are just retrieving the said user, instead of trying to
   *     authenticate.
   */
  private UserDetails retrieveUser(
      String username, UsernamePasswordAuthenticationToken authentication, String domainName)
      throws AuthenticationException {
    // when we use custom socket factory below, every LDAP operations result
    // in a classloading via context classloader, so we need it to resolve.
    ClassLoader ccl = Thread.currentThread().getContextClassLoader();
    Thread.currentThread().setContextClassLoader(getClass().getClassLoader());
    try {
      String password = NO_AUTHENTICATION;
      if (authentication != null) password = (String) authentication.getCredentials();

      return retrieveUser(username, password, domainName, obtainLDAPServers(domainName));
    } finally {
      Thread.currentThread().setContextClassLoader(ccl);
    }
  }
Exemple #3
0
  /** 具体验证用户登陆的方法 */
  protected void additionalAuthenticationChecks(
      UserDetails userDetails, UsernamePasswordAuthenticationToken authentication)
      throws AuthenticationException {

    this.isVailedSystemAdmin = this.isSystemAdmin(userDetails);
    SecurityMessageInfo smi = new SecurityMessageInfo();

    // add by zhangpengf for sso in 2009-12-15 begin
    if ("SP_SSO".equals(authentication.getCredentials().toString().trim())) {
      String username =
          (authentication.getPrincipal() == null) ? "NONE_PROVIDED" : authentication.getName();
      if ("NONE_PROVIDED".equals(username)) {
        String msg = messages.getMessage("system.security.ssoExpired", "未找到该用户,请检查是否输入正确!");
        smi.setMessage(msg);
        UserContext.setLoginMessage("loginerror", smi);
        throw new BadCredentialsException(msg, userDetails);
      } else if (!username.trim().toLowerCase().equals(userDetails.getUsername().toLowerCase())) {
        String msg = messages.getMessage("system.security.ssoExpired", "未找到该用户,请检查是否输入正确!");
        smi.setMessage(msg);
        UserContext.setLoginMessage("loginerror", smi);
        throw new BadCredentialsException(msg, userDetails);
      }
    } else {
      if (userDetails.isSpecialUser() || !Boolean.valueOf(this.isLdap).booleanValue()) {
        Object salt = null;
        if (this.saltSource != null) {
          salt = this.saltSource.getSalt(userDetails);
        }

        if (!passwordEncoder.isPasswordValid(
            userDetails.getPassword(), authentication.getCredentials().toString(), salt)) {
          String msg =
              messages.getMessage(
                  "system.security.dbExpired", "验证错误,请检查您输入的用户名密码是您在本系统中设定的用户名以及密码!");
          smi.setMessage(msg);
          UserContext.setLoginMessage("loginerror", smi);
          throw new BadCredentialsException(msg, userDetails);
        }
      } else if (Boolean.valueOf(this.isLdap).booleanValue()) {
        try {
          boolean isAuth = false;
          System.out.println(
              "The User Check Type Is : "
                  + this.messages.getMessage("system.security.authtype", "ldap"));

          if ("ldap"
              .equalsIgnoreCase(this.messages.getMessage("system.security.authtype", "ldap"))) {

            isAuth =
                ldap.IsAuthenticatedByLdap(
                    authentication.getName().toLowerCase(),
                    authentication.getCredentials().toString());
          } else if ("notes"
              .equalsIgnoreCase(this.messages.getMessage("system.security.authtype", "ldap"))) {
            isAuth =
                ldap.IsAuthenticated(
                    authentication.getName().toLowerCase(),
                    authentication.getCredentials().toString());
          }
          if (!isAuth) {
            if (isVailedSystemAdmin) {
              Object salt = null;
              if (this.saltSource != null) {
                salt = this.saltSource.getSalt(userDetails);
              }

              if (!passwordEncoder.isPasswordValid(
                  userDetails.getPassword(), authentication.getCredentials().toString(), salt)) {
                String msg =
                    messages.getMessage(
                        "system.security.dbExpired", "验证错误,请检查您输入的用户名密码是您在本系统中设定的用户名以及密码!");
                smi.setMessage(msg);
                UserContext.setLoginMessage("loginerror", smi);
                throw new BadCredentialsException(msg, userDetails);
              }
            } else {
              String msg =
                  messages.getMessage(
                      "system.security.ldapExpired", "Ldap验证错误,请检查您输入的用户名密码是您的Notes用户名以及密码!");
              smi.setMessage(msg);
              UserContext.setLoginMessage("loginerror", smi);
              throw new BadCredentialsException(msg, userDetails);
            }
          }
        } catch (Exception e) {
          String msg = messages.getMessage("system.security.unknowExpired", "登陆验证发生错误,请联系管理员!");
          smi.setMessage(msg);
          UserContext.setLoginMessage("loginerror", smi);
          throw new BadCredentialsException(msg, userDetails);
        }
      }
    }
    // add by zhangpengf for sso in 2009-12-15 end
  }