/*
* 读取登陆人员信息
*
* @see
* org.acegisecurity.providers.dao.AbstractUserDetailsAuthenticationProvider
* #retrieveUser(java.lang.String,
* org.acegisecurity.providers.UsernamePasswordAuthenticationToken)
*/
protected final UserDetails retrieveUser(
String username, UsernamePasswordAuthenticationToken authentication)
throws AuthenticationException {
UserDetails loadedUser;
try {
if (!isVailedSystemAdmin) {
loadedUser = (UserDetails) this.userDetailsService.loadUserByUsername(username);
} else {
loadedUser =
(UserDetails) this.userDetailsService.loadUserByUsername(username, isVailedSystemAdmin);
}
} catch (DataAccessException repositoryProblem) {
throw new AuthenticationServiceException(repositoryProblem.getMessage(), repositoryProblem);
}
if (loadedUser == null) {
throw new AuthenticationServiceException(
messages.getMessage("system.security.badUserName", "用户不存在,请联系管理员赠机该用户!"));
}
return loadedUser;
}
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
Assert.isInstanceOf(
UsernamePasswordAuthenticationToken.class,
authentication,
messages.getMessage("system.security.onlySupports", "只有用户名密码认证令牌被支持"));
SecurityMessageInfo smi = new SecurityMessageInfo();
// Determine username
String username =
(authentication.getPrincipal() == null) ? "NONE_PROVIDED" : authentication.getName();
boolean cacheWasUsed = true;
UserDetails user = (UserDetails) super.getUserCache().getUserFromCache(username);
System.out.println("The UserCache was get UserInf :" + user);
if (user == null) {
cacheWasUsed = false;
try {
user = retrieveUser(username, (UsernamePasswordAuthenticationToken) authentication);
} catch (UsernameNotFoundException notFound) {
if (hideUserNotFoundExceptions) {
String msg = messages.getMessage("system.security.badcredentials", "用户验证错误,用户不存在或密码错误!");
smi.setMessage(msg);
UserContext.setLoginMessage("loginerror", smi);
throw new BadCredentialsException(msg);
} else {
String msg = messages.getMessage("system.security.badUserName", "用户不存在,请联系管理员赠机该用户!");
System.out.println(msg);
UserContext.setLoginMessage("loginerror", smi);
smi.setMessage(msg);
throw notFound;
}
}
Assert.notNull(user, "retrieveUser returned null - a violation of the interface contract");
}
if (!user.isAccountNonLocked()) {
String msg = messages.getMessage("system.security.locked", "登录用户已经被锁定!");
smi.setMessage(msg);
UserContext.setLoginMessage("loginerror", smi);
throw new LockedException(msg);
}
if (!user.isEnabled()) {
String msg = messages.getMessage("system.security.disabled", "登录用户已经被禁止使用!");
smi.setMessage(msg);
UserContext.setLoginMessage("loginerror", smi);
throw new DisabledException(msg);
}
if (!user.isAccountNonExpired()) {
String msg = messages.getMessage("system.security.expired", "登陆用户帐户已经到期!");
smi.setMessage(msg);
UserContext.setLoginMessage("loginerror", smi);
throw new AccountExpiredException(msg);
}
if (!user.isCredentialsNonExpired()) {
String msg = messages.getMessage("system.security.credentialsExpired", "登陆用户的密码已经到期!");
smi.setMessage(msg);
UserContext.setLoginMessage("loginerror", smi);
throw new CredentialsExpiredException(msg);
}
// 验证用户是否符合权限!!!!
// modify by zhangpeng for acegi used cache in 20081010 begin
additionalAuthenticationChecks(user, (UsernamePasswordAuthenticationToken) authentication);
// try {
// additionalAuthenticationChecks(user,
// (UsernamePasswordAuthenticationToken) authentication);
// if (this.isVailedSystemAdmin) {
// user = retrieveUser(username,
// (UsernamePasswordAuthenticationToken) authentication);
// }
// modify by zhangpeng for acegi used cache in 20081010 end
// } catch (AuthenticationException exception) {
// // There was a problem, so try again after checking we're using
// // latest data
// System.out.println("authentication exception!");
// cacheWasUsed = false;
// user = retrieveUser(username,
// (UsernamePasswordAuthenticationToken) authentication);
// additionalAuthenticationChecks(user,
// (UsernamePasswordAuthenticationToken) authentication);
// }
if (!cacheWasUsed) {
getUserCache().putUserInCache(user);
}
Object principalToReturn = user;
if (super.isForcePrincipalAsString()) {
principalToReturn = user.getUsername();
}
this.isVailedSystemAdmin = false;
return createSuccessAuthentication(principalToReturn, authentication, user);
}
/** 具体验证用户登陆的方法 */
protected void additionalAuthenticationChecks(
UserDetails userDetails, UsernamePasswordAuthenticationToken authentication)
throws AuthenticationException {
this.isVailedSystemAdmin = this.isSystemAdmin(userDetails);
SecurityMessageInfo smi = new SecurityMessageInfo();
// add by zhangpengf for sso in 2009-12-15 begin
if ("SP_SSO".equals(authentication.getCredentials().toString().trim())) {
String username =
(authentication.getPrincipal() == null) ? "NONE_PROVIDED" : authentication.getName();
if ("NONE_PROVIDED".equals(username)) {
String msg = messages.getMessage("system.security.ssoExpired", "未找到该用户,请检查是否输入正确!");
smi.setMessage(msg);
UserContext.setLoginMessage("loginerror", smi);
throw new BadCredentialsException(msg, userDetails);
} else if (!username.trim().toLowerCase().equals(userDetails.getUsername().toLowerCase())) {
String msg = messages.getMessage("system.security.ssoExpired", "未找到该用户,请检查是否输入正确!");
smi.setMessage(msg);
UserContext.setLoginMessage("loginerror", smi);
throw new BadCredentialsException(msg, userDetails);
}
} else {
if (userDetails.isSpecialUser() || !Boolean.valueOf(this.isLdap).booleanValue()) {
Object salt = null;
if (this.saltSource != null) {
salt = this.saltSource.getSalt(userDetails);
}
if (!passwordEncoder.isPasswordValid(
userDetails.getPassword(), authentication.getCredentials().toString(), salt)) {
String msg =
messages.getMessage(
"system.security.dbExpired", "验证错误,请检查您输入的用户名密码是您在本系统中设定的用户名以及密码!");
smi.setMessage(msg);
UserContext.setLoginMessage("loginerror", smi);
throw new BadCredentialsException(msg, userDetails);
}
} else if (Boolean.valueOf(this.isLdap).booleanValue()) {
try {
boolean isAuth = false;
System.out.println(
"The User Check Type Is : "
+ this.messages.getMessage("system.security.authtype", "ldap"));
if ("ldap"
.equalsIgnoreCase(this.messages.getMessage("system.security.authtype", "ldap"))) {
isAuth =
ldap.IsAuthenticatedByLdap(
authentication.getName().toLowerCase(),
authentication.getCredentials().toString());
} else if ("notes"
.equalsIgnoreCase(this.messages.getMessage("system.security.authtype", "ldap"))) {
isAuth =
ldap.IsAuthenticated(
authentication.getName().toLowerCase(),
authentication.getCredentials().toString());
}
if (!isAuth) {
if (isVailedSystemAdmin) {
Object salt = null;
if (this.saltSource != null) {
salt = this.saltSource.getSalt(userDetails);
}
if (!passwordEncoder.isPasswordValid(
userDetails.getPassword(), authentication.getCredentials().toString(), salt)) {
String msg =
messages.getMessage(
"system.security.dbExpired", "验证错误,请检查您输入的用户名密码是您在本系统中设定的用户名以及密码!");
smi.setMessage(msg);
UserContext.setLoginMessage("loginerror", smi);
throw new BadCredentialsException(msg, userDetails);
}
} else {
String msg =
messages.getMessage(
"system.security.ldapExpired", "Ldap验证错误,请检查您输入的用户名密码是您的Notes用户名以及密码!");
smi.setMessage(msg);
UserContext.setLoginMessage("loginerror", smi);
throw new BadCredentialsException(msg, userDetails);
}
}
} catch (Exception e) {
String msg = messages.getMessage("system.security.unknowExpired", "登陆验证发生错误,请联系管理员!");
smi.setMessage(msg);
UserContext.setLoginMessage("loginerror", smi);
throw new BadCredentialsException(msg, userDetails);
}
}
}
// add by zhangpengf for sso in 2009-12-15 end
}