/** Authenticate based on username/pass */ @Override public boolean authenticate(String username, String password) { String u = username == null ? "" : username; String p = password == null ? "" : password; UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(u, p); // Attempt authentication. try { AuthenticationManager authenticationManager = ((EhourWebApplication) getApplication()).getAuthenticationManager(); if (authenticationManager == null) { throw new AuthenticationServiceException("no authentication manager defined"); } Authentication authResult = authenticationManager.authenticate(authRequest); setAuthentication(authResult); User user = ((AuthUser) authResult.getPrincipal()).getUser(); auditService.doAudit( new Audit() .setAuditActionType(AuditActionType.LOGIN) .setUser(user) .setUserFullName(user.getFullName()) .setDate(new Date()) .setSuccess(Boolean.TRUE)); LOGGER.info("Login by user '" + username + "'."); return true; } catch (BadCredentialsException e) { LOGGER.info("Failed to login for" + " user '" + username + "': " + e.getMessage()); setAuthentication(null); return false; } catch (AuthenticationException e) { LOGGER.info("Could not authenticate a user", e); setAuthentication(null); throw e; } catch (RuntimeException e) { LOGGER.info("Unexpected exception while authenticating a user", e); setAuthentication(null); throw e; } }
private void logAndAuditStopImpersonation(User originalUser, User impUser) { StringBuilder auditMsg = new StringBuilder((originalUser != null) ? originalUser.getFullName() : "N/A"); auditMsg.append(" stopped impersonating as "); auditMsg.append(impUser.getFullName()); LOGGER.info(auditMsg.toString()); auditService.doAudit( new Audit() .setAuditActionType(AuditActionType.STOP_IMPERSONATE) .setUser(originalUser) .setUserFullName(auditMsg.toString()) .setDate(new Date()) .setSuccess(true)); }
/** Invalidate authenticated user */ public void signOut() { AuthUser user = getAuthUser(); getSession().clear(); setAuthentication(null); setUserSelectedCriteria(null); super.signOut(); auditService.doAudit( new Audit() .setAuditActionType(AuditActionType.LOGOUT) .setUser(((user != null) ? user.getUser() : null)) .setUserFullName(((user != null) ? user.getUser().getFullName() : "N/A")) .setDate(new Date()) .setSuccess(Boolean.TRUE)); Session.get().replaceSession(); }