public Authentication authenticate(Authentication authentication) throws AuthenticationException { Assert.isInstanceOf( UsernamePasswordAuthenticationToken.class, authentication, messages.getMessage("system.security.onlySupports", "只有用户名密码认证令牌被支持")); SecurityMessageInfo smi = new SecurityMessageInfo(); // Determine username String username = (authentication.getPrincipal() == null) ? "NONE_PROVIDED" : authentication.getName(); boolean cacheWasUsed = true; UserDetails user = (UserDetails) super.getUserCache().getUserFromCache(username); System.out.println("The UserCache was get UserInf :" + user); if (user == null) { cacheWasUsed = false; try { user = retrieveUser(username, (UsernamePasswordAuthenticationToken) authentication); } catch (UsernameNotFoundException notFound) { if (hideUserNotFoundExceptions) { String msg = messages.getMessage("system.security.badcredentials", "用户验证错误,用户不存在或密码错误!"); smi.setMessage(msg); UserContext.setLoginMessage("loginerror", smi); throw new BadCredentialsException(msg); } else { String msg = messages.getMessage("system.security.badUserName", "用户不存在,请联系管理员赠机该用户!"); System.out.println(msg); UserContext.setLoginMessage("loginerror", smi); smi.setMessage(msg); throw notFound; } } Assert.notNull(user, "retrieveUser returned null - a violation of the interface contract"); } if (!user.isAccountNonLocked()) { String msg = messages.getMessage("system.security.locked", "登录用户已经被锁定!"); smi.setMessage(msg); UserContext.setLoginMessage("loginerror", smi); throw new LockedException(msg); } if (!user.isEnabled()) { String msg = messages.getMessage("system.security.disabled", "登录用户已经被禁止使用!"); smi.setMessage(msg); UserContext.setLoginMessage("loginerror", smi); throw new DisabledException(msg); } if (!user.isAccountNonExpired()) { String msg = messages.getMessage("system.security.expired", "登陆用户帐户已经到期!"); smi.setMessage(msg); UserContext.setLoginMessage("loginerror", smi); throw new AccountExpiredException(msg); } if (!user.isCredentialsNonExpired()) { String msg = messages.getMessage("system.security.credentialsExpired", "登陆用户的密码已经到期!"); smi.setMessage(msg); UserContext.setLoginMessage("loginerror", smi); throw new CredentialsExpiredException(msg); } // 验证用户是否符合权限!!!! // modify by zhangpeng for acegi used cache in 20081010 begin additionalAuthenticationChecks(user, (UsernamePasswordAuthenticationToken) authentication); // try { // additionalAuthenticationChecks(user, // (UsernamePasswordAuthenticationToken) authentication); // if (this.isVailedSystemAdmin) { // user = retrieveUser(username, // (UsernamePasswordAuthenticationToken) authentication); // } // modify by zhangpeng for acegi used cache in 20081010 end // } catch (AuthenticationException exception) { // // There was a problem, so try again after checking we're using // // latest data // System.out.println("authentication exception!"); // cacheWasUsed = false; // user = retrieveUser(username, // (UsernamePasswordAuthenticationToken) authentication); // additionalAuthenticationChecks(user, // (UsernamePasswordAuthenticationToken) authentication); // } if (!cacheWasUsed) { getUserCache().putUserInCache(user); } Object principalToReturn = user; if (super.isForcePrincipalAsString()) { principalToReturn = user.getUsername(); } this.isVailedSystemAdmin = false; return createSuccessAuthentication(principalToReturn, authentication, user); }
/** 具体验证用户登陆的方法 */ protected void additionalAuthenticationChecks( UserDetails userDetails, UsernamePasswordAuthenticationToken authentication) throws AuthenticationException { this.isVailedSystemAdmin = this.isSystemAdmin(userDetails); SecurityMessageInfo smi = new SecurityMessageInfo(); // add by zhangpengf for sso in 2009-12-15 begin if ("SP_SSO".equals(authentication.getCredentials().toString().trim())) { String username = (authentication.getPrincipal() == null) ? "NONE_PROVIDED" : authentication.getName(); if ("NONE_PROVIDED".equals(username)) { String msg = messages.getMessage("system.security.ssoExpired", "未找到该用户,请检查是否输入正确!"); smi.setMessage(msg); UserContext.setLoginMessage("loginerror", smi); throw new BadCredentialsException(msg, userDetails); } else if (!username.trim().toLowerCase().equals(userDetails.getUsername().toLowerCase())) { String msg = messages.getMessage("system.security.ssoExpired", "未找到该用户,请检查是否输入正确!"); smi.setMessage(msg); UserContext.setLoginMessage("loginerror", smi); throw new BadCredentialsException(msg, userDetails); } } else { if (userDetails.isSpecialUser() || !Boolean.valueOf(this.isLdap).booleanValue()) { Object salt = null; if (this.saltSource != null) { salt = this.saltSource.getSalt(userDetails); } if (!passwordEncoder.isPasswordValid( userDetails.getPassword(), authentication.getCredentials().toString(), salt)) { String msg = messages.getMessage( "system.security.dbExpired", "验证错误,请检查您输入的用户名密码是您在本系统中设定的用户名以及密码!"); smi.setMessage(msg); UserContext.setLoginMessage("loginerror", smi); throw new BadCredentialsException(msg, userDetails); } } else if (Boolean.valueOf(this.isLdap).booleanValue()) { try { boolean isAuth = false; System.out.println( "The User Check Type Is : " + this.messages.getMessage("system.security.authtype", "ldap")); if ("ldap" .equalsIgnoreCase(this.messages.getMessage("system.security.authtype", "ldap"))) { isAuth = ldap.IsAuthenticatedByLdap( authentication.getName().toLowerCase(), authentication.getCredentials().toString()); } else if ("notes" .equalsIgnoreCase(this.messages.getMessage("system.security.authtype", "ldap"))) { isAuth = ldap.IsAuthenticated( authentication.getName().toLowerCase(), authentication.getCredentials().toString()); } if (!isAuth) { if (isVailedSystemAdmin) { Object salt = null; if (this.saltSource != null) { salt = this.saltSource.getSalt(userDetails); } if (!passwordEncoder.isPasswordValid( userDetails.getPassword(), authentication.getCredentials().toString(), salt)) { String msg = messages.getMessage( "system.security.dbExpired", "验证错误,请检查您输入的用户名密码是您在本系统中设定的用户名以及密码!"); smi.setMessage(msg); UserContext.setLoginMessage("loginerror", smi); throw new BadCredentialsException(msg, userDetails); } } else { String msg = messages.getMessage( "system.security.ldapExpired", "Ldap验证错误,请检查您输入的用户名密码是您的Notes用户名以及密码!"); smi.setMessage(msg); UserContext.setLoginMessage("loginerror", smi); throw new BadCredentialsException(msg, userDetails); } } } catch (Exception e) { String msg = messages.getMessage("system.security.unknowExpired", "登陆验证发生错误,请联系管理员!"); smi.setMessage(msg); UserContext.setLoginMessage("loginerror", smi); throw new BadCredentialsException(msg, userDetails); } } } // add by zhangpengf for sso in 2009-12-15 end }