API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Apr 20th, 2016
174
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 8.22 KB | None | 0 0
raw download clone embed print report
  1. <http auto-config="true">
  2.  
  3. <form-login authentication-failure-handler-ref="authenticationHandler"
  4. authentication-success-handler-ref="authenticationHandler"
  5. login-page="/login" username-parameter="username" password-parameter="password"
  6. login-processing-url="/j_spring_security_check" />
  7. <logout delete-cookies="remember-me" logout-url="/logout"
  8. success-handler-ref="authenticationHandler" />
  9. <remember-me services-ref="rememberMeServices" />
  10. </http>
  11.  
  12. <global-method-security pre-post-annotations="enabled" />
  13.  
  14. <beans:bean id="rememberMeServices"
  15. class="org.springframework.security.web.authentication.rememberme.PersistentTokenBasedRememberMeServices">
  16. <beans:constructor-arg value="myAppKey" />
  17. <beans:constructor-arg ref="userDetailsServiceImpl" />
  18. <beans:constructor-arg ref="jdbcTokenRepository" />
  19. <beans:property name="cookieName" value="my-remember-me" />
  20. <beans:property name="tokenLength" value="32" />
  21. <beans:property name="parameter" value="remember-me" />
  22. </beans:bean>
  23.  
  24. <!-- <beans:bean id="tokenRepository" class="org.springframework.security.web.authentication.rememberme.InMemoryTokenRepositoryImpl">
  25. </beans:bean> -->
  26. <!-- <beans:bean class="org.springframework.security.web.session.ConcurrentSessionFilter">
  27. <beans:constructor-arg name="sessionRegistry" ref="sessionRegistry" /> <beans:constructor-arg
  28. name="expiredUrl" value="/sessionExpired" /> </beans:bean> -->
  29.  
  30. <beans:bean id="myAuthFilter"
  31. class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter">
  32.  
  33. <beans:property name="authenticationManager" ref="customAuthenticationProvider" />
  34. <beans:property name="rememberMeServices" ref="rememberMeServices"></beans:property>
  35. </beans:bean>
  36.  
  37. <beans:bean id="jdbcTokenRepository"
  38. class="org.springframework.security.web.authentication.rememberme.JdbcTokenRepositoryImpl">
  39. <beans:property name="createTableOnStartup" value="false" />
  40. <beans:property name="dataSource" ref="dataSource" />
  41. </beans:bean>
  42.  
  43. <beans:bean id="authenticationHandler"
  44. class="pl.mypackage.security.AuthenticationHandler">
  45. </beans:bean>
  46.  
  47. <authentication-manager>
  48. <authentication-provider ref="customAuthenticationProvider" />
  49. </authentication-manager>
  50.  
  51. @Component
  52.  
  53. @Autowired
  54. UserService userService;
  55.  
  56. public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
  57.  
  58. UserDetails matchingUser = userService.findByNickname(username);
  59. if (matchingUser == null) {
  60. throw new UsernameNotFoundException("Wrong username or password");
  61. }
  62.  
  63. return matchingUser;
  64. }
  65.  
  66. @Component
  67.  
  68. @Autowired
  69. StandardPasswordEncoder passwordEncoder;
  70. @Autowired
  71. UserService userService;
  72.  
  73. public Authentication authenticate(Authentication authentication) throws AuthenticationException {
  74.  
  75. System.out.println("**********************************");
  76. System.out.println("AUTHENTICATE");
  77. System.out.println("!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!");
  78. String name = authentication.getName();
  79. String password = authentication.getCredentials().toString();
  80. UserDetails user = userService.findByNickname(name);
  81.  
  82. if (user == null) {
  83.  
  84. throw new UsernameNotFoundException(name);
  85. } else if (passwordEncoder.matches(password, user.getPassword())) {
  86.  
  87. if (!user.isAccountNonLocked()) {
  88. throw new LockedException(name);
  89. } else if (!user.isEnabled()) {
  90. throw new DisabledException(name);
  91. }
  92.  
  93. Authentication auth = new UsernamePasswordAuthenticationToken(user, user.getPassword(),
  94. user.getAuthorities());
  95. return auth;
  96.  
  97. } else {
  98. throw new BadCredentialsException(name);
  99. }
  100. }
  101.  
  102. public boolean supports(Class<?> authentication) {
  103. System.out.println("**********************************");
  104. System.out.println("SUPPORTS");
  105. System.out.println("!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!");
  106. return authentication.equals(UsernamePasswordAuthenticationToken.class);
  107. }
  108.  
  109. @EnableAsync
  110.  
  111. @Autowired
  112. LogService logService;
  113. @Autowired
  114. BanService banService;
  115. @Autowired
  116. ApplicationConfigService applicationConfigService;
  117.  
  118. public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response,
  119. AuthenticationException exception) throws IOException, ServletException {
  120. System.out.println("**********************************");
  121. System.out.println("FAILTURE");
  122. System.out.println("!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!");
  123. boolean banned = false;
  124.  
  125. if (banService.getActiveBanForUsernameOrIpAddress(request.getRemoteUser(), request.getRemoteAddr()) != null) {
  126. response.sendRedirect(request.getContextPath() + "/banned");
  127. SecurityContextHolder.clearContext();
  128. request.getSession().invalidate();
  129. banned = true;
  130. }
  131.  
  132. Log log = new Log();
  133. log.setUsername(exception.getMessage());
  134. log.setDate(new Date());
  135. log.setIpAddress(request.getRemoteAddr());
  136. ApplicationConfig appConfig = applicationConfigService.getApplicationConfig();
  137.  
  138. DateTime from = new DateTime();
  139. from = from.minusSeconds(appConfig.getBanCheckSeconds());
  140.  
  141. if (!banned) {
  142. if (appConfig.isBanForIp()) {
  143. int failedLoginAttempsIpAddr = logService.getLastFailedCountForIpAddress(request.getRemoteAddr(),
  144. from.toDate());
  145.  
  146. if (failedLoginAttempsIpAddr >= appConfig.getBanLoginAttempsIp()) {
  147. DateTime dt = new DateTime();
  148. dt = dt.plusSeconds(appConfig.getBanForSeconds());
  149. banService.addBanForIpAddress(request.getRemoteAddr(), new Date(), dt.toDate(), "błędne logowania");
  150. }
  151. }
  152.  
  153. if (appConfig.isBanForUsr()) {
  154. int failedLoginAttempsUsr = logService.getLastFailedCountForUsername(exception.getMessage(),
  155. from.toDate());
  156.  
  157. if (failedLoginAttempsUsr >= appConfig.getBanLoginAttempsUsr()) {
  158. DateTime dt = new DateTime();
  159. dt = dt.plusSeconds(appConfig.getBanForSeconds());
  160. banService.addBanForUser(exception.getMessage(), new Date(), dt.toDate(), "błędne logowania");
  161. }
  162. }
  163. }
  164.  
  165. if (exception.getClass().isAssignableFrom(UsernameNotFoundException.class))
  166.  
  167. {
  168.  
  169. log.setLogType(LogTypes.FAILTURE_USERNAME_NOT_FOUND);
  170. if (!banned)
  171. response.sendRedirect(request.getContextPath() + "/login/usernameNotFound");
  172. logService.saveLog(log);
  173.  
  174. } else if (exception.getClass().isAssignableFrom(BadCredentialsException.class))
  175.  
  176. {
  177.  
  178. log.setLogType(LogTypes.FAILTURE_BAD_PASSWORD);
  179. if (!banned)
  180. response.sendRedirect(request.getContextPath() + "/login/badCredentials");
  181. logService.saveLog(log);
  182.  
  183. } else if (exception.getClass().isAssignableFrom(LockedException.class))
  184.  
  185. {
  186. log.setLogType(LogTypes.FAILTURE_BANNED_USER);
  187. request.setAttribute("username", exception.getMessage());
  188. if (!banned) {
  189. RequestDispatcher dispatcher = request.getRequestDispatcher("/login/banned");
  190. dispatcher.forward(request, response);
  191. }
  192. logService.saveLog(log);
  193. } else if (exception.getClass().isAssignableFrom(DisabledException.class))
  194.  
  195. {
  196. log.setLogType(LogTypes.FAILTURE_ACCOUNT_DISABLED);
  197. if (!banned)
  198. response.sendRedirect(request.getContextPath() + "/login/accountDisabled");
  199. logService.saveLog(log);
  200. }
  201.  
  202. }
  203.  
  204. public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response,
  205. Authentication authentication) throws IOException, ServletException {
  206. System.out.println("**********************************");
  207. System.out.println("SUCCESS");
  208. System.out.println("!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!");
  209. if (banService.getActiveBanForUsernameOrIpAddress(request.getRemoteUser(), request.getRemoteAddr()) != null) {
  210. response.sendRedirect(request.getContextPath() + "/banned");
  211. SecurityContextHolder.clearContext();
  212. request.getSession().invalidate();
  213. } else {
  214. response.sendRedirect(request.getContextPath() + "/logged");
  215. }
  216. }
  217.  
  218. public void onLogoutSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication)
  219. throws IOException, ServletException {
  220.  
  221. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!