Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <http auto-config="true">
- <form-login authentication-failure-handler-ref="authenticationHandler"
- authentication-success-handler-ref="authenticationHandler"
- login-page="/login" username-parameter="username" password-parameter="password"
- login-processing-url="/j_spring_security_check" />
- <logout delete-cookies="remember-me" logout-url="/logout"
- success-handler-ref="authenticationHandler" />
- <remember-me services-ref="rememberMeServices" />
- </http>
- <global-method-security pre-post-annotations="enabled" />
- <beans:bean id="rememberMeServices"
- class="org.springframework.security.web.authentication.rememberme.PersistentTokenBasedRememberMeServices">
- <beans:constructor-arg value="myAppKey" />
- <beans:constructor-arg ref="userDetailsServiceImpl" />
- <beans:constructor-arg ref="jdbcTokenRepository" />
- <beans:property name="cookieName" value="my-remember-me" />
- <beans:property name="tokenLength" value="32" />
- <beans:property name="parameter" value="remember-me" />
- </beans:bean>
- <!-- <beans:bean id="tokenRepository" class="org.springframework.security.web.authentication.rememberme.InMemoryTokenRepositoryImpl">
- </beans:bean> -->
- <!-- <beans:bean class="org.springframework.security.web.session.ConcurrentSessionFilter">
- <beans:constructor-arg name="sessionRegistry" ref="sessionRegistry" /> <beans:constructor-arg
- name="expiredUrl" value="/sessionExpired" /> </beans:bean> -->
- <beans:bean id="myAuthFilter"
- class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter">
- <beans:property name="authenticationManager" ref="customAuthenticationProvider" />
- <beans:property name="rememberMeServices" ref="rememberMeServices"></beans:property>
- </beans:bean>
- <beans:bean id="jdbcTokenRepository"
- class="org.springframework.security.web.authentication.rememberme.JdbcTokenRepositoryImpl">
- <beans:property name="createTableOnStartup" value="false" />
- <beans:property name="dataSource" ref="dataSource" />
- </beans:bean>
- <beans:bean id="authenticationHandler"
- class="pl.mypackage.security.AuthenticationHandler">
- </beans:bean>
- <authentication-manager>
- <authentication-provider ref="customAuthenticationProvider" />
- </authentication-manager>
- @Component
- @Autowired
- UserService userService;
- public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
- UserDetails matchingUser = userService.findByNickname(username);
- if (matchingUser == null) {
- throw new UsernameNotFoundException("Wrong username or password");
- }
- return matchingUser;
- }
- @Component
- @Autowired
- StandardPasswordEncoder passwordEncoder;
- @Autowired
- UserService userService;
- public Authentication authenticate(Authentication authentication) throws AuthenticationException {
- System.out.println("**********************************");
- System.out.println("AUTHENTICATE");
- System.out.println("!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!");
- String name = authentication.getName();
- String password = authentication.getCredentials().toString();
- UserDetails user = userService.findByNickname(name);
- if (user == null) {
- throw new UsernameNotFoundException(name);
- } else if (passwordEncoder.matches(password, user.getPassword())) {
- if (!user.isAccountNonLocked()) {
- throw new LockedException(name);
- } else if (!user.isEnabled()) {
- throw new DisabledException(name);
- }
- Authentication auth = new UsernamePasswordAuthenticationToken(user, user.getPassword(),
- user.getAuthorities());
- return auth;
- } else {
- throw new BadCredentialsException(name);
- }
- }
- public boolean supports(Class<?> authentication) {
- System.out.println("**********************************");
- System.out.println("SUPPORTS");
- System.out.println("!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!");
- return authentication.equals(UsernamePasswordAuthenticationToken.class);
- }
- @EnableAsync
- @Autowired
- LogService logService;
- @Autowired
- BanService banService;
- @Autowired
- ApplicationConfigService applicationConfigService;
- public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response,
- AuthenticationException exception) throws IOException, ServletException {
- System.out.println("**********************************");
- System.out.println("FAILTURE");
- System.out.println("!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!");
- boolean banned = false;
- if (banService.getActiveBanForUsernameOrIpAddress(request.getRemoteUser(), request.getRemoteAddr()) != null) {
- response.sendRedirect(request.getContextPath() + "/banned");
- SecurityContextHolder.clearContext();
- request.getSession().invalidate();
- banned = true;
- }
- Log log = new Log();
- log.setUsername(exception.getMessage());
- log.setDate(new Date());
- log.setIpAddress(request.getRemoteAddr());
- ApplicationConfig appConfig = applicationConfigService.getApplicationConfig();
- DateTime from = new DateTime();
- from = from.minusSeconds(appConfig.getBanCheckSeconds());
- if (!banned) {
- if (appConfig.isBanForIp()) {
- int failedLoginAttempsIpAddr = logService.getLastFailedCountForIpAddress(request.getRemoteAddr(),
- from.toDate());
- if (failedLoginAttempsIpAddr >= appConfig.getBanLoginAttempsIp()) {
- DateTime dt = new DateTime();
- dt = dt.plusSeconds(appConfig.getBanForSeconds());
- banService.addBanForIpAddress(request.getRemoteAddr(), new Date(), dt.toDate(), "błędne logowania");
- }
- }
- if (appConfig.isBanForUsr()) {
- int failedLoginAttempsUsr = logService.getLastFailedCountForUsername(exception.getMessage(),
- from.toDate());
- if (failedLoginAttempsUsr >= appConfig.getBanLoginAttempsUsr()) {
- DateTime dt = new DateTime();
- dt = dt.plusSeconds(appConfig.getBanForSeconds());
- banService.addBanForUser(exception.getMessage(), new Date(), dt.toDate(), "błędne logowania");
- }
- }
- }
- if (exception.getClass().isAssignableFrom(UsernameNotFoundException.class))
- {
- log.setLogType(LogTypes.FAILTURE_USERNAME_NOT_FOUND);
- if (!banned)
- response.sendRedirect(request.getContextPath() + "/login/usernameNotFound");
- logService.saveLog(log);
- } else if (exception.getClass().isAssignableFrom(BadCredentialsException.class))
- {
- log.setLogType(LogTypes.FAILTURE_BAD_PASSWORD);
- if (!banned)
- response.sendRedirect(request.getContextPath() + "/login/badCredentials");
- logService.saveLog(log);
- } else if (exception.getClass().isAssignableFrom(LockedException.class))
- {
- log.setLogType(LogTypes.FAILTURE_BANNED_USER);
- request.setAttribute("username", exception.getMessage());
- if (!banned) {
- RequestDispatcher dispatcher = request.getRequestDispatcher("/login/banned");
- dispatcher.forward(request, response);
- }
- logService.saveLog(log);
- } else if (exception.getClass().isAssignableFrom(DisabledException.class))
- {
- log.setLogType(LogTypes.FAILTURE_ACCOUNT_DISABLED);
- if (!banned)
- response.sendRedirect(request.getContextPath() + "/login/accountDisabled");
- logService.saveLog(log);
- }
- }
- public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response,
- Authentication authentication) throws IOException, ServletException {
- System.out.println("**********************************");
- System.out.println("SUCCESS");
- System.out.println("!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!");
- if (banService.getActiveBanForUsernameOrIpAddress(request.getRemoteUser(), request.getRemoteAddr()) != null) {
- response.sendRedirect(request.getContextPath() + "/banned");
- SecurityContextHolder.clearContext();
- request.getSession().invalidate();
- } else {
- response.sendRedirect(request.getContextPath() + "/logged");
- }
- }
- public void onLogoutSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication)
- throws IOException, ServletException {
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement