/** * Tries to authenticate with given credentials * * @return User object if authentication is successful or null if not */ public User authenticate(String login, String password) { User user = userDAO.findByLogin(login); if (user == null) { return null; } if (!passwordService.checkPassword(password, user.getPasswordSalt(), user.getPasswordHash())) { user.setLoginAttempts(user.getLoginAttempts() + 1); if (user.getLoginAttempts() >= configurationService.getInt( Constants.MAX_LOGIN_ATTEMPTS, Constants.MAX_LOGIN_ATTEMPTS_DEFAULT)) { user.setStatus(UserStatus.LOCKED_OUT); } return null; } else { if (user.getLoginAttempts() != 0) { user.setLoginAttempts(0); } if (user.getLastLogin() == null || System.currentTimeMillis() - user.getLastLogin().getTime() > configurationService.getLong( Constants.LAST_LOGIN_TIMEOUT, Constants.LAST_LOGIN_TIMEOUT_DEFAULT)) { user.setLastLogin(timestampService.getTimestamp()); } return user; } }
@Transactional public AccessKey authenticate(@NotNull String key) { Optional<AccessKey> accessKeyOpt = genericDAO .createNamedQuery(AccessKey.class, "AccessKey.getByKey", Optional.of(CacheConfig.get())) .setParameter("someKey", key) .getResultList() .stream() .findFirst(); if (!accessKeyOpt.isPresent()) { return null; } AccessKey accessKey = accessKeyOpt.get(); final Long expirationPeriod = configurationService.getLong(Constants.SESSION_TIMEOUT, Constants.DEFAULT_SESSION_TIMEOUT); if (accessKey.getExpirationDate() != null) { final Long expiresIn = accessKey.getExpirationDate().getTime() - timestampService.getTimestamp().getTime(); if (AccessKeyType.SESSION == accessKey.getType() && expiresIn > 0 && expiresIn < expirationPeriod / 2) { em.refresh(accessKey, LockModeType.PESSIMISTIC_WRITE); accessKey.setExpirationDate( new Date(timestampService.getTimestamp().getTime() + expirationPeriod)); return genericDAO.merge(accessKey); } } return accessKey; }