Esempio n. 1
0
 /**
  * Tries to authenticate with given credentials
  *
  * @return User object if authentication is successful or null if not
  */
 public User authenticate(String login, String password) {
   User user = userDAO.findByLogin(login);
   if (user == null) {
     return null;
   }
   if (!passwordService.checkPassword(password, user.getPasswordSalt(), user.getPasswordHash())) {
     user.setLoginAttempts(user.getLoginAttempts() + 1);
     if (user.getLoginAttempts()
         >= configurationService.getInt(
             Constants.MAX_LOGIN_ATTEMPTS, Constants.MAX_LOGIN_ATTEMPTS_DEFAULT)) {
       user.setStatus(UserStatus.LOCKED_OUT);
     }
     return null;
   } else {
     if (user.getLoginAttempts() != 0) {
       user.setLoginAttempts(0);
     }
     if (user.getLastLogin() == null
         || System.currentTimeMillis() - user.getLastLogin().getTime()
             > configurationService.getLong(
                 Constants.LAST_LOGIN_TIMEOUT, Constants.LAST_LOGIN_TIMEOUT_DEFAULT)) {
       user.setLastLogin(timestampService.getTimestamp());
     }
     return user;
   }
 }
 @Transactional
 public AccessKey authenticate(@NotNull String key) {
   Optional<AccessKey> accessKeyOpt =
       genericDAO
           .createNamedQuery(AccessKey.class, "AccessKey.getByKey", Optional.of(CacheConfig.get()))
           .setParameter("someKey", key)
           .getResultList()
           .stream()
           .findFirst();
   if (!accessKeyOpt.isPresent()) {
     return null;
   }
   AccessKey accessKey = accessKeyOpt.get();
   final Long expirationPeriod =
       configurationService.getLong(Constants.SESSION_TIMEOUT, Constants.DEFAULT_SESSION_TIMEOUT);
   if (accessKey.getExpirationDate() != null) {
     final Long expiresIn =
         accessKey.getExpirationDate().getTime() - timestampService.getTimestamp().getTime();
     if (AccessKeyType.SESSION == accessKey.getType()
         && expiresIn > 0
         && expiresIn < expirationPeriod / 2) {
       em.refresh(accessKey, LockModeType.PESSIMISTIC_WRITE);
       accessKey.setExpirationDate(
           new Date(timestampService.getTimestamp().getTime() + expirationPeriod));
       return genericDAO.merge(accessKey);
     }
   }
   return accessKey;
 }