package com.astarte.commons.security.apikey;import com.astarte.commons.db.mo

1. package com.astarte.commons.security.apikey;
2.  
3. import com.astarte.commons.db.model.Device;
4. import com.astarte.commons.db.repository.DeviceJpaRepository;
5. import org.slf4j.Logger;
6. import org.slf4j.LoggerFactory;
7. import org.springframework.beans.factory.annotation.Autowired;
8. import org.springframework.security.authentication.AuthenticationProvider;
9. import org.springframework.security.authentication.BadCredentialsException;
10. import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
11. import org.springframework.security.core.Authentication;
12. import org.springframework.security.core.AuthenticationException;
13. import org.springframework.security.core.GrantedAuthority;
14. import org.springframework.stereotype.Component;
15.  
16. import java.util.Collection;
17.  
18.  
19. @Component
20. public class DeviceApiKeyAuthenticationProvider implements AuthenticationProvider {
21.  
22.     final static Logger logger = LoggerFactory.getLogger(DeviceApiKeyAuthenticationProvider.class);
23.  
24.     @Autowired
25.     DeviceJpaRepository deviceJpaRepository;
26.  
27.     @Override
28.     public Authentication authenticate(Authentication authentication) throws AuthenticationException {
29.         String username = authentication.getName();
30.         String password = (String) authentication.getCredentials();
31.  
32.         logger.info("Logging in {}, {}", username, password);
33.  
34.         Device device = deviceJpaRepository.findByApiKeyAndHwId(password, username);
35.         if (device == null) {
36.             throw new BadCredentialsException("No such ID/ApiKey combination found.");
37.         }
38.  
39.         Collection<? extends GrantedAuthority> authorities = device.getAuthorities();
40.  
41.         UsernamePasswordAuthenticationToken realAuthentication =
42.                 new UsernamePasswordAuthenticationToken(username, password, authorities);
43.  
44.         // Add device data
45.         realAuthentication.setDetails(device);
46.  
47.         return realAuthentication;
48.     }
49.  
50.     @Override
51.     public boolean supports(Class<?> aClass) {
52.         return (UsernamePasswordAuthenticationToken.class.isAssignableFrom(aClass));
53.     }
54. }