public Authentication authenticate(Authentication auth) throws UsernameNotFoundException {
/** Init a database user object */
try {
employeeEntity = employeeDao.findByLogin(auth.getName());
} catch (RuntimeException e) {
throw new BadCredentialsException(
this.messageSource.getMessage(
"auth.no_user", new Object[] {"userName"}, "Access denied", Locale.getDefault()));
}
/** Checking if user account is active */
if (employeeEntity.getActive() == 0) {
throw new BadCredentialsException(
this.messageSource.getMessage(
"auth.expired", new Object[] {"active"}, "Access denied", Locale.getDefault()));
}
/** Compare passwords Make sure to encode the password first before comparing */
if (!passwordEncoder.isPasswordValid(
employeeEntity.getPassword(), (String) auth.getCredentials(), null)) {
throw new BadCredentialsException(
this.messageSource.getMessage(
"auth.wrong", new Object[] {"password"}, "Access denied", Locale.getDefault()));
}
/**
* main logic of Authentication manager
*
* @return UsernamePasswordAuthenticationToken
*/
userAccessLogger.debug("User is located!");
return new UsernamePasswordAuthenticationToken(
auth.getName(), auth.getCredentials(), getAuthorities(employeeEntity.getAdmin()));
}
/**
* 比较密码是否相等
*
* @param encodePass 加密密码
* @param rawPass 原密码
* @return true相等,false不等
*/
private boolean passEqual(String encodePass, String rawPass) {
boolean passEqual = shaPasswordEncoder.isPasswordValid(encodePass, rawPass, KeyValue.PASS_SALT);
return passEqual;
}