API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Feb 20th, 2020
130
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.34 KB | None | 0 0
raw download clone embed print report
  1. /*
  2. * Copyright (c) 2019 SAP SE or an SAP affiliate company. All rights reserved.
  3. */
  4. package com.legrand.b2c.security;
  5.  
  6. import de.hybris.platform.acceleratorstorefrontcommons.security.AbstractAcceleratorAuthenticationProvider;
  7. import de.hybris.platform.core.Constants;
  8. import de.hybris.platform.core.model.user.CustomerModel;
  9. import de.hybris.platform.core.model.user.UserModel;
  10. import de.hybris.platform.europe1.enums.UserPriceGroup;
  11. import de.hybris.platform.servicelayer.config.ConfigurationService;
  12. import de.hybris.platform.servicelayer.exceptions.UnknownIdentifierException;
  13.  
  14. import org.apache.commons.lang.StringUtils;
  15. import org.apache.log4j.Logger;
  16. import org.assertj.core.util.Objects;
  17. import org.springframework.security.authentication.AbstractAuthenticationToken;
  18. import org.springframework.security.authentication.BadCredentialsException;
  19. import org.springframework.security.authentication.LockedException;
  20. import org.springframework.security.core.Authentication;
  21. import org.springframework.security.core.AuthenticationException;
  22. import org.springframework.security.core.GrantedAuthority;
  23. import org.springframework.security.core.authority.SimpleGrantedAuthority;
  24. import org.springframework.security.core.userdetails.UserDetails;
  25.  
  26.  
  27. /**
  28. * Derived authentication provider supporting additional authentication checks. See
  29. * {@link de.hybris.platform.spring.security.RejectUserPreAuthenticationChecks}.
  30. *
  31. * <ul>
  32. * <li>prevent login without password for users created via CSCockpit</li>
  33. * <li>prevent login as user in group admingroup</li>
  34. * </ul>
  35. *
  36. * any login as admin disables SearchRestrictions and therefore no page can be viewed correctly
  37. */
  38. public class AcceleratorAuthenticationProvider extends AbstractAcceleratorAuthenticationProvider
  39. {
  40. private static final String ROLE_ADMIN_GROUP = "ROLE_" + Constants.USER.ADMIN_USERGROUP.toUpperCase();
  41. private static final Logger LOG = Logger.getLogger(AcceleratorAuthenticationProvider.class);
  42. private static final String DEFAULT_USER_PRICE_GROUP_B2C = "lr.usergroup.default.B2C";
  43.  
  44. private GrantedAuthority adminAuthority = new SimpleGrantedAuthority(ROLE_ADMIN_GROUP);
  45. private ConfigurationService configurationService;
  46.  
  47. public ConfigurationService getConfigurationService() {
  48. return configurationService;
  49. }
  50.  
  51.  
  52. @Override
  53. public Authentication authenticate(final Authentication authentication) throws AuthenticationException {
  54.  
  55. final String username = (authentication.getPrincipal() == null) ? "NONE_PROVIDED" : authentication.getName();
  56.  
  57. try {
  58. CustomerModel userModel = (CustomerModel) getUserService().getUserForUID(StringUtils.lowerCase(username));
  59. UserPriceGroup userPriceGroupB2C = UserPriceGroup
  60. .valueOf(getConfigurationService().getConfiguration().getString(DEFAULT_USER_PRICE_GROUP_B2C));
  61.  
  62. if (Objects.areEqual(userModel.getEurope1PriceFactory_UPG(), userPriceGroupB2C) && !userModel.isEmailValidated())
  63. throw new LockedException("Login attempt as " + Constants.USER.ADMIN_USERGROUP + " is rejected. Email is not validated.");
  64.  
  65. } catch (final UnknownIdentifierException e) {
  66. throw new BadCredentialsException(
  67. messages.getMessage(CORE_AUTHENTICATION_PROVIDER_BAD_CREDENTIALS, BAD_CREDENTIALS), e);
  68. }
  69.  
  70. return super.authenticate(authentication);
  71. }
  72.  
  73.  
  74. /**
  75. * @see de.hybris.platform.acceleratorstorefrontcommons.security.AbstractAcceleratorAuthenticationProvider#additionalAuthenticationChecks(org.springframework.security.core.userdetails.UserDetails,
  76. * org.springframework.security.authentication.AbstractAuthenticationToken)
  77. */
  78. @Override
  79. protected void additionalAuthenticationChecks(final UserDetails details, final AbstractAuthenticationToken authentication)
  80. throws AuthenticationException
  81. {
  82. super.additionalAuthenticationChecks(details, authentication);
  83.  
  84. // Check if the user is in role admingroup
  85. if (getAdminAuthority() != null && details.getAuthorities().contains(getAdminAuthority()))
  86. {
  87. throw new LockedException("Login attempt as " + Constants.USER.ADMIN_USERGROUP + " is rejected");
  88. }
  89. }
  90.  
  91. public void setAdminGroup(final String adminGroup)
  92. {
  93. if (StringUtils.isBlank(adminGroup))
  94. {
  95. adminAuthority = null;
  96. }
  97. else
  98. {
  99. adminAuthority = new SimpleGrantedAuthority(adminGroup);
  100. }
  101. }
  102.  
  103. protected GrantedAuthority getAdminAuthority()
  104. {
  105. return adminAuthority;
  106. }
  107. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!