-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathCustomAuthenticationProvider.java
More file actions
119 lines (88 loc) · 4.85 KB
/
CustomAuthenticationProvider.java
File metadata and controls
119 lines (88 loc) · 4.85 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
package hello;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.web.authentication.WebAuthenticationDetails;
import org.springframework.stereotype.Component;
import lombok.extern.slf4j.Slf4j;
/**
* create an customer auth provider to replace the UserDetailsService which just return the UserDetails
* @author Fu
*
*/
@Component
@Slf4j
public class CustomAuthenticationProvider implements AuthenticationProvider {
/**
* simulate an API call to get the user detail from database or external system
* @param name
* @return
*/
private UserModel loadExternalUserDetailsApi(String name) {
if (name.equalsIgnoreCase("admin")) {
// $2a$04$tAb.OGi36U/yLEmfO1BQQuiybeY3ryEk1bSmd8TpO1kWwVOM1Tm6q = 123456 after encode
// $2a$12$UDK4wH58oja2kL8koUypF.AqfEBVge4..eGyC70aqEhwVWhnrMMj6 = abcd@1234 after encode
return new UserModel(name, "abcd@1234", "ROLE_ADMIN");
}
if(name.equalsIgnoreCase("user")) {
return new UserModel(name, "abcd@1234", "ROLE_USER");
}
return null;
}
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
// this authentication is passed from the UsernamePasswordAuthenticationFilter if default form login and default UsernamePassword Filter are used
// when we need to implement our custom authentication filter, we need to create a custom authentication token as
// the Authentication Instance
// AbstractAuthenticationProcessingFilter.doFilter ->
// UsernamePasswordAuthenticationFilter.attempAuthentication -> (pass the newly created UsernamePasswordAuthenticationToken as Authentication instance)
// ProviderManager.authenticate -> (verify the token is supported or not)
// CustomAuthenticationProvider.authenticate
String name = authentication.getName();
String password = authentication.getCredentials().toString();
// if need to pass more information for the authentication, it is required to implement a customer authentication details source and
// build a custom authentication details object
// 1. create CustomWebAuthenticationDetails extends WebAuthenticationDetails and get more information from request object
// 2. create CustomAuthenticationDetailsSource implements AuthenticationDetailsSource<HttpServletRequest, WebAuthenticationDetails>
// and then create the CustomWebAuthenticationDetails object
// 3. set in configurate http -> .formLogin -> .authenticationDetailsSource(authenticationDetailsSource)
//
// however, if we implement the custom authentication filter, we could create the custom authentication token and pass more information into
// the token.
WebAuthenticationDetails details = (WebAuthenticationDetails)authentication.getDetails();
log.info("web authentication details:remoteAddress" + details.getRemoteAddress());
log.info("web authentication details:sessionid:"+details.getSessionId());
log.info("custom authentication");
log.info("auth-provider:name:" + name);
log.info("auth-provider:password:" + password);
UserModel userModel = loadExternalUserDetailsApi(name);
if(userModel == null) throw new BadCredentialsException("Bad Credentials");
// simulate to verify the client credentials is valid or not
if(userModel.getPassword().equals(password)) {
log.info("password correct");
List<GrantedAuthority> grantedAuths = new ArrayList<>();
Arrays.stream(userModel.getRoles()).forEach(x -> grantedAuths.add(new SimpleGrantedAuthority(x)));
grantedAuths.stream().forEach(x -> log.info("authority:" + x.getAuthority()));
//return new UsernamePasswordAuthenticationToken(name, password, grantedAuths);
// return the authentication token to indicate the authentication is correct
return new CustomAuthenticationToken(name, password, grantedAuths);
}else {
throw new BadCredentialsException("Bad Credentials");
}
//return null;
}
@Override
public boolean supports(Class<?> authentication) {
log.info("auth-provider:supports:"+authentication.toString());
log.info("auth-provider:supports:verify: it's UsernamePasswordAuthenticationToken or not");
return authentication.equals(
UsernamePasswordAuthenticationToken.class);
}
}