Пример #1
0
  /** Authenticate based on username/pass */
  @Override
  public boolean authenticate(String username, String password) {
    String u = username == null ? "" : username;
    String p = password == null ? "" : password;

    UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(u, p);

    // Attempt authentication.
    try {
      AuthenticationManager authenticationManager =
          ((EhourWebApplication) getApplication()).getAuthenticationManager();

      if (authenticationManager == null) {
        throw new AuthenticationServiceException("no authentication manager defined");
      }

      Authentication authResult = authenticationManager.authenticate(authRequest);
      setAuthentication(authResult);

      User user = ((AuthUser) authResult.getPrincipal()).getUser();

      auditService.doAudit(
          new Audit()
              .setAuditActionType(AuditActionType.LOGIN)
              .setUser(user)
              .setUserFullName(user.getFullName())
              .setDate(new Date())
              .setSuccess(Boolean.TRUE));

      LOGGER.info("Login by user '" + username + "'.");
      return true;

    } catch (BadCredentialsException e) {
      LOGGER.info("Failed to login for" + " user '" + username + "': " + e.getMessage());
      setAuthentication(null);
      return false;

    } catch (AuthenticationException e) {
      LOGGER.info("Could not authenticate a user", e);
      setAuthentication(null);
      throw e;

    } catch (RuntimeException e) {
      LOGGER.info("Unexpected exception while authenticating a user", e);
      setAuthentication(null);
      throw e;
    }
  }
Пример #2
0
  private void logAndAuditStopImpersonation(User originalUser, User impUser) {
    StringBuilder auditMsg =
        new StringBuilder((originalUser != null) ? originalUser.getFullName() : "N/A");
    auditMsg.append(" stopped impersonating as ");
    auditMsg.append(impUser.getFullName());

    LOGGER.info(auditMsg.toString());

    auditService.doAudit(
        new Audit()
            .setAuditActionType(AuditActionType.STOP_IMPERSONATE)
            .setUser(originalUser)
            .setUserFullName(auditMsg.toString())
            .setDate(new Date())
            .setSuccess(true));
  }
Пример #3
0
  /** Invalidate authenticated user */
  public void signOut() {
    AuthUser user = getAuthUser();

    getSession().clear();

    setAuthentication(null);
    setUserSelectedCriteria(null);

    super.signOut();

    auditService.doAudit(
        new Audit()
            .setAuditActionType(AuditActionType.LOGOUT)
            .setUser(((user != null) ? user.getUser() : null))
            .setUserFullName(((user != null) ? user.getUser().getFullName() : "N/A"))
            .setDate(new Date())
            .setSuccess(Boolean.TRUE));
    Session.get().replaceSession();
  }