API tools faq
paste
Advertisement
Guest User

Untitled

a guest
May 18th, 2016
66
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 7.95 KB | None | 0 0
raw download clone embed print report
  1. public class AuthenthicationServiceProvider extends AbstractUserDetailsAuthenticationProvider {
  2.  
  3.  
  4. private StaffDao staffDao ;
  5.  
  6.  
  7. @Override
  8. protected void additionalAuthenticationChecks(UserDetails userDetails, UsernamePasswordAuthenticationToken authentication) throws AuthenticationException {
  9. // TODO Auto-generated method stub
  10.  
  11. }
  12.  
  13. @Override
  14. protected UserDetails retrieveUser(String username, UsernamePasswordAuthenticationToken authentication) throws AuthenticationException {
  15. UserDetails ad = null;
  16. try {
  17. ad= getUserDetailInfo(authentication.getPrincipal().toString(), authentication.getCredentials().toString());
  18. } catch (Exception e) {
  19. throw new CustomAuthenticationException(e.getMessage()) ;
  20. }
  21. return ad;
  22.  
  23. }
  24.  
  25. private AuthUserDetail getUserDetailInfo(final String login, final String password ) throws CustomAuthenticationException{
  26. Staff user = staffDao.getStaffByLogin(login, password);
  27.  
  28. String role = "ROLE_ADMIN";
  29.  
  30. if (null == user ) {
  31. throw new CustomAuthenticationException("Invalid Username or password");
  32. }
  33.  
  34. return new AuthUserDetail(user, role);
  35. }
  36.  
  37. public StaffDao getStaffDao() {
  38. return staffDao;
  39. }
  40.  
  41. public void setStaffDao(StaffDao staffDao) {
  42. this.staffDao = staffDao;
  43. }
  44.  
  45. public class AuthUserDetail implements UserDetails,Serializable {
  46.  
  47. private static final long serialVersionUID = -3727430377858939077L;
  48.  
  49. private Staff staff;
  50. private String role;
  51. private Set<GrantedAuthority> authorities;
  52.  
  53. public AuthUserDetail(Staff pstaff, String pRole){
  54. setStaff(pstaff);
  55. setRole(pRole);
  56. }
  57.  
  58. @Override
  59. public Collection<GrantedAuthority> getAuthorities() {
  60. Collection<GrantedAuthority> a = new ArrayList<GrantedAuthority>(Arrays.asList(new GrantedAuthority(){
  61. public String getAuthority() {
  62. return role;
  63. }
  64. }));
  65. return a;
  66. }
  67.  
  68. @Override
  69. public String getPassword() {
  70. return this.staff.getPassword();
  71. }
  72.  
  73. @Override
  74. public String getUsername() {
  75. return this.staff.getLoginId();
  76. }
  77.  
  78. @Override
  79. public boolean isAccountNonExpired() {
  80. return true;
  81. }
  82.  
  83. @Override
  84. public boolean isAccountNonLocked() {
  85. return true;
  86. }
  87.  
  88. @Override
  89. public boolean isCredentialsNonExpired() {
  90. return true;
  91. }
  92.  
  93. @Override
  94. public boolean isEnabled() {
  95.  
  96. return true;
  97. }
  98.  
  99. public Staff getStaff() {
  100. return staff;
  101. }
  102.  
  103. public void setStaff(Staff staff) {
  104. this.staff = staff;
  105. }
  106.  
  107. public String getRole() {
  108. return role;
  109. }
  110.  
  111. public void setRole(String role) {
  112. this.role = role;
  113. }
  114.  
  115. @Override
  116. public boolean equals(Object rhs) {
  117. if (!(rhs instanceof AuthUserDetail) || (rhs == null)) {
  118. return false;
  119. }
  120.  
  121. AuthUserDetail user = (AuthUserDetail) rhs;
  122.  
  123. // We rely on constructor to guarantee any User has non-null
  124. // authorities
  125. if (!getAuthorities().equals(user.getAuthorities())) {
  126. return false;
  127. }
  128.  
  129. // We rely on constructor to guarantee non-null username and password
  130. return (this.getPassword().equals(user.getPassword()) && this.getUsername().equals(user.getUsername())
  131. && (this.isAccountNonExpired() == user.isAccountNonExpired())
  132. && (this.isAccountNonLocked() == user.isAccountNonLocked())
  133. && (this.isCredentialsNonExpired() == user.isCredentialsNonExpired())
  134. && (this.isEnabled() == user.isEnabled()));
  135. }
  136.  
  137. @Override
  138. public int hashCode() {
  139. int code = 9792;
  140.  
  141. for (GrantedAuthority authority : getAuthorities()) {
  142. code = code * (authority.hashCode() % 7);
  143. }
  144.  
  145. if (this.getPassword() != null) {
  146. code = code * (this.getPassword().hashCode() % 7);
  147. }
  148.  
  149. if (this.getUsername() != null) {
  150. code = code * (this.getUsername().hashCode() % 7);
  151. }
  152.  
  153. if (this.isAccountNonExpired()) {
  154. code = code * -2;
  155. }
  156.  
  157. if (this.isAccountNonLocked()) {
  158. code = code * -3;
  159. }
  160.  
  161. if (this.isCredentialsNonExpired()) {
  162. code = code * -5;
  163. }
  164.  
  165. if (this.isEnabled()) {
  166. code = code * -7;
  167. }
  168.  
  169. return code;
  170. }
  171.  
  172. @Override
  173. public String toString() {
  174. StringBuilder sb = new StringBuilder();
  175. sb.append(super.toString()).append(": ");
  176. sb.append("Username: ").append(this.getUsername()).append("; ");
  177. sb.append("Password: [PROTECTED]; ");
  178. sb.append("Enabled: ").append(this.isEnabled()).append("; ");
  179. sb.append("AccountNonExpired: ").append(this.isAccountNonExpired()).append("; ");
  180. sb.append("credentialsNonExpired: ").append(this.isCredentialsNonExpired()).append("; ");
  181. sb.append("AccountNonLocked: ").append(this.isAccountNonLocked()).append("; ");
  182.  
  183. if (!authorities.isEmpty()) {
  184. sb.append("Granted Authorities: ");
  185.  
  186. boolean first = true;
  187. for (GrantedAuthority auth : authorities) {
  188. if (!first) {
  189. sb.append(",");
  190. }
  191. first = false;
  192.  
  193. sb.append(auth);
  194. }
  195. } else {
  196. sb.append("Not granted any authorities");
  197. }
  198.  
  199. return sb.toString();
  200. }
  201.  
  202. }
  203.  
  204. <?xml version="1.0" encoding="UTF-8"?>
  205.  
  206. <beans:beans xmlns="http://www.springframework.org/schema/security"
  207. xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  208. xsi:schemaLocation="http://www.springframework.org/schema/beans
  209. http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
  210. http://www.springframework.org/schema/security
  211. http://www.springframework.org/schema/security/spring-security-3.0.xsd">
  212.  
  213. <global-method-security pre-post-annotations="enabled" secured-annotations="enabled" jsr250-annotations="enabled" />
  214.  
  215. <http auto-config="true" access-denied-page="/login.xhtml">
  216.  
  217. <intercept-url pattern="/logout*" access="IS_AUTHENTICATED_ANONYMOUSLY" />
  218. <intercept-url pattern="/login*" access="IS_AUTHENTICATED_ANONYMOUSLY" />
  219. <intercept-url pattern="/error/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
  220. <intercept-url pattern="/css/**" filters="none" />
  221. <intercept-url pattern="/images/**" filters="none" />
  222. <intercept-url pattern="/js/**" filters="none" />
  223. <intercept-url pattern="/a4j/**" filters="none" />
  224.  
  225. <intercept-url pattern="/common/**" access="ROLE_ADMIN,ROLE_USER" />
  226. <intercept-url pattern="/customers/**" access="ROLE_ADMIN,ROLE_USER" />
  227. <intercept-url pattern="/journal/**" access="ROLE_ADMIN,ROLE_USER" />
  228. <intercept-url pattern="/masterCustomer/**" access="ROLE_ADMIN,ROLE_USER" />
  229. <intercept-url pattern="/report/**" access="ROLE_ADMIN,ROLE_USER" />
  230. <intercept-url pattern="/setting/**" access="ROLE_ADMIN,ROLE_USER" />
  231. <intercept-url pattern="/staffs/**" access="ROLE_ADMIN,ROLE_USER" />
  232. <intercept-url pattern="/templates/**" access="ROLE_ADMIN,ROLE_USER" />
  233. <intercept-url pattern="/transactions/**" access="ROLE_ADMIN,ROLE_USER" />
  234. <intercept-url pattern="/winloses/**" access="ROLE_ADMIN,ROLE_USER" />
  235. <intercept-url pattern="/**" access="ROLE_ADMIN,ROLE_USER" />
  236.  
  237. <form-login
  238. login-processing-url="/j_spring_security_check"
  239. login-page="/login.xhtml"
  240. default-target-url="/transactions/index.xhtml"
  241. authentication-failure-url="/login.xhtml?error=true" always-use-default-target="true" />
  242.  
  243.  
  244. <session-management session-authentication-error-url="/login.xhtml?expired=2" invalid-session-url="/login.xhtml?expired=1" session-fixation-protection="newSession">
  245. <concurrency-control session-registry-ref="sessionRegistry" max-sessions="1" error-if-maximum-exceeded="true" expired-url="/login.xhtml?errorMessage=The session is expired due to another user logging in with your user name and password."/>
  246. </session-management>
  247.  
  248. </http>
  249.  
  250. <authentication-manager >
  251. <authentication-provider ref="authenthicationServiceProvider" />
  252. </authentication-manager>
  253.  
  254. <beans:bean id="authenthicationServiceProvider" class="com.cboclub.csmweb.service.AuthenthicationServiceProvider">
  255. <beans:property name="staffDao" ref="staffDao" />
  256. </beans:bean>
  257.  
  258. <beans:bean id="sessionRegistry" class="org.springframework.security.core.session.SessionRegistryImpl" />
  259.  
  260.  
  261. </beans:beans>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!