/** Authenticate based on username/pass */
@Override
public boolean authenticate(String username, String password) {
String u = username == null ? "" : username;
String p = password == null ? "" : password;
UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(u, p);
// Attempt authentication.
try {
AuthenticationManager authenticationManager =
((EhourWebApplication) getApplication()).getAuthenticationManager();
if (authenticationManager == null) {
throw new AuthenticationServiceException("no authentication manager defined");
}
Authentication authResult = authenticationManager.authenticate(authRequest);
setAuthentication(authResult);
User user = ((AuthUser) authResult.getPrincipal()).getUser();
auditService.doAudit(
new Audit()
.setAuditActionType(AuditActionType.LOGIN)
.setUser(user)
.setUserFullName(user.getFullName())
.setDate(new Date())
.setSuccess(Boolean.TRUE));
LOGGER.info("Login by user '" + username + "'.");
return true;
} catch (BadCredentialsException e) {
LOGGER.info("Failed to login for" + " user '" + username + "': " + e.getMessage());
setAuthentication(null);
return false;
} catch (AuthenticationException e) {
LOGGER.info("Could not authenticate a user", e);
setAuthentication(null);
throw e;
} catch (RuntimeException e) {
LOGGER.info("Unexpected exception while authenticating a user", e);
setAuthentication(null);
throw e;
}
}
private void logAndAuditStopImpersonation(User originalUser, User impUser) {
StringBuilder auditMsg =
new StringBuilder((originalUser != null) ? originalUser.getFullName() : "N/A");
auditMsg.append(" stopped impersonating as ");
auditMsg.append(impUser.getFullName());
LOGGER.info(auditMsg.toString());
auditService.doAudit(
new Audit()
.setAuditActionType(AuditActionType.STOP_IMPERSONATE)
.setUser(originalUser)
.setUserFullName(auditMsg.toString())
.setDate(new Date())
.setSuccess(true));
}
/** Invalidate authenticated user */
public void signOut() {
AuthUser user = getAuthUser();
getSession().clear();
setAuthentication(null);
setUserSelectedCriteria(null);
super.signOut();
auditService.doAudit(
new Audit()
.setAuditActionType(AuditActionType.LOGOUT)
.setUser(((user != null) ? user.getUser() : null))
.setUserFullName(((user != null) ? user.getUser().getFullName() : "N/A"))
.setDate(new Date())
.setSuccess(Boolean.TRUE));
Session.get().replaceSession();
}