public Authentication getAuthentication(HttpServletRequest request) {
String token = request.getHeader(HEADER_STRING);
if (token != null) {
// parse the token.
String user = getUsername(token);
String roles = getBody(token).get("roles", String.class);
List<GrantedAuthority> grantedAuths =
AuthorityUtils.commaSeparatedStringToAuthorityList(roles);
return user != null ?
new UsernamePasswordAuthenticationToken(user, null,
grantedAuths) :
null;
}
return null;
}
java类org.springframework.security.authentication.UsernamePasswordAuthenticationToken的实例源码
JwtTokenUtil.java 文件源码
项目:MicroServiceDemo
阅读 26
收藏 0
点赞 0
评论 0
CalendarUserAuthenticationProvider.java 文件源码
项目:Spring-Security-Third-Edition
阅读 35
收藏 0
点赞 0
评论 0
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
UsernamePasswordAuthenticationToken token = (UsernamePasswordAuthenticationToken) authentication;
String email = token.getName();
CalendarUser user = email == null ? null : calendarService.findUserByEmail(email);
if(user == null) {
throw new UsernameNotFoundException("Invalid username/password");
}
// Database Password already encrypted:
String password = user.getPassword();
boolean passwordsMatch = passwordEncoder.matches(token.getCredentials().toString(), password);
if(!passwordsMatch) {
throw new BadCredentialsException("Invalid username/password");
}
Collection<? extends GrantedAuthority> authorities = CalendarUserAuthorityUtils.createAuthorities(user);
UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = new UsernamePasswordAuthenticationToken(user, password, authorities);
return usernamePasswordAuthenticationToken;
}
UserJWTController.java 文件源码
项目:devoxxus-jhipster-microservices-demo
阅读 33
收藏 0
点赞 0
评论 0
@PostMapping("/authenticate")
@Timed
public ResponseEntity authorize(@Valid @RequestBody LoginVM loginVM, HttpServletResponse response) {
UsernamePasswordAuthenticationToken authenticationToken =
new UsernamePasswordAuthenticationToken(loginVM.getUsername(), loginVM.getPassword());
try {
Authentication authentication = this.authenticationManager.authenticate(authenticationToken);
SecurityContextHolder.getContext().setAuthentication(authentication);
boolean rememberMe = (loginVM.isRememberMe() == null) ? false : loginVM.isRememberMe();
String jwt = tokenProvider.createToken(authentication, rememberMe);
response.addHeader(JWTConfigurer.AUTHORIZATION_HEADER, "Bearer " + jwt);
return ResponseEntity.ok(new JWTToken(jwt));
} catch (AuthenticationException ae) {
log.trace("Authentication exception trace: {}", ae);
return new ResponseEntity<>(Collections.singletonMap("AuthenticationException",
ae.getLocalizedMessage()), HttpStatus.UNAUTHORIZED);
}
}
UserJWTController.java 文件源码
项目:klask-io
阅读 31
收藏 0
点赞 0
评论 0
@RequestMapping(value = "/authenticate", method = RequestMethod.POST)
@Timed
public ResponseEntity<?> authorize(@Valid @RequestBody LoginDTO loginDTO, HttpServletResponse response) {
UsernamePasswordAuthenticationToken authenticationToken =
new UsernamePasswordAuthenticationToken(loginDTO.getUsername(), loginDTO.getPassword());
try {
Authentication authentication = this.authenticationManager.authenticate(authenticationToken);
SecurityContextHolder.getContext().setAuthentication(authentication);
boolean rememberMe = (loginDTO.isRememberMe() == null) ? false : loginDTO.isRememberMe();
String jwt = tokenProvider.createToken(authentication, rememberMe);
response.addHeader(JWTConfigurer.AUTHORIZATION_HEADER, "Bearer " + jwt);
return ResponseEntity.ok(new JWTToken(jwt));
} catch (AuthenticationException exception) {
return new ResponseEntity<>(Collections.singletonMap("AuthenticationException",exception.getLocalizedMessage()), HttpStatus.UNAUTHORIZED);
}
}
DigestPasswordValidationCallbackHandler.java 文件源码
项目:bdf2
阅读 34
收藏 0
点赞 0
评论 0
@Override
protected void handleUsernameTokenPrincipal(UsernameTokenPrincipalCallback callback) throws IOException,
UnsupportedCallbackException {
UserDetails user = loadUserDetails(callback.getPrincipal().getName());
WSUsernameTokenPrincipal principal = callback.getPrincipal();
UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(
principal, principal.getPassword(), user.getAuthorities());
if (logger.isDebugEnabled()) {
logger.debug("Authentication success: " + authRequest.toString());
}
SecurityContextHolder.getContext().setAuthentication(authRequest);
if (user instanceof IUser) {
HttpSession session=ContextHolder.getHttpSession();
session.setAttribute(ContextHolder.LOGIN_USER_SESSION_KEY, user);
session.setAttribute(ContextHolder.USER_LOGIN_WAY_KEY,IWebservice.WS_LOGIN_WAY);
}
}
MyUserController.java 文件源码
项目:AngularAndSpring
阅读 34
收藏 0
点赞 0
评论 0
private MyUser loginHelp(MyUser user, String passwd, HttpSession session) {
if (user.getUserId() != null) {
String encryptedPassword;
try {
encryptedPassword = this.passwordEncryption.getEncryptedPassword(passwd, user.getSalt());
} catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
return new MyUser();
}
if (user.getPassword().equals(encryptedPassword)) {
if(session != null) {
Authentication auth =
new UsernamePasswordAuthenticationToken(user.getUserId(), user.getPassword(), user.getAuthorities());
SecurityContextHolder.getContext().setAuthentication(auth);
session.setAttribute(WebUtils.SECURITYCONTEXT, SecurityContextHolder.getContext());
}
user.setPassword("XXX");
return user;
}
}
session.invalidate();
return new MyUser();
}
CalendarUserAuthenticationProvider.java 文件源码
项目:Spring-Security-Third-Edition
阅读 29
收藏 0
点赞 0
评论 0
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
UsernamePasswordAuthenticationToken token = (UsernamePasswordAuthenticationToken) authentication;
String email = token.getName();
CalendarUser user = email == null ? null : calendarService.findUserByEmail(email);
if(user == null) {
throw new UsernameNotFoundException("Invalid username/password");
}
// Database Password already encrypted:
String password = user.getPassword();
boolean passwordsMatch = passwordEncoder.matches(token.getCredentials().toString(), password);
if(!passwordsMatch) {
throw new BadCredentialsException("Invalid username/password");
}
Collection<? extends GrantedAuthority> authorities = CalendarUserAuthorityUtils.createAuthorities(user);
UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = new UsernamePasswordAuthenticationToken(user, password, authorities);
return usernamePasswordAuthenticationToken;
}
JJWTTokenProvider.java 文件源码
项目:jwt-security-spring-boot-starter
阅读 32
收藏 0
点赞 0
评论 0
@Override
public Authentication getAuthentication(String token) {
Claims claims = Jwts.parser()
.setSigningKey(jwtProperties.getToken().getSecret())
.parseClaimsJws(token)
.getBody();
Collection<? extends GrantedAuthority> authorities =
Try.of(() ->
Arrays.stream(claims.get(jwtProperties.getToken().getPayload().getAuthoritiesKey()).toString().split(","))
.map(SimpleGrantedAuthority::new)
.collect(Collectors.toList())
).recover(ex ->
Collections.emptyList()
).get();
User principal = new User(claims.getSubject(), "", authorities);
return new UsernamePasswordAuthenticationToken(principal, "", authorities);
}
AjaxLoginProcessingFilter.java 文件源码
项目:infotaf
阅读 45
收藏 0
点赞 0
评论 0
@Override
public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response)
throws AuthenticationException, IOException, ServletException {
if (!HttpMethod.POST.name().equals(request.getMethod()) || !WebUtil.isAjax(request)) {
if(logger.isDebugEnabled()) {
logger.debug("Authentication method not supported. Request method: " + request.getMethod());
}
throw new AuthMethodNotSupportedException("Authentication method not supported");
}
LoginRequest loginRequest = objectMapper.readValue(request.getReader(), LoginRequest.class);
if (StringUtils.isBlank(loginRequest.getUsername()) || StringUtils.isBlank(loginRequest.getPassword())) {
throw new AuthenticationServiceException("Username or Password not provided");
}
UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(loginRequest.getUsername(), loginRequest.getPassword());
return this.getAuthenticationManager().authenticate(token);
}
TestCacheProductService.java 文件源码
项目:dhus-core
阅读 31
收藏 0
点赞 0
评论 0
private void authenticate ()
{
String name = "userTest";
Set<GrantedAuthority> roles = new HashSet<> ();
roles.add (new SimpleGrantedAuthority (Role.DOWNLOAD.getAuthority ()));
roles.add (new SimpleGrantedAuthority (Role.SEARCH.getAuthority ()));
roles.add (
new SimpleGrantedAuthority (Role.DATA_MANAGER.getAuthority ()));
SandBoxUser user = new SandBoxUser (name, name, true, 0, roles);
Authentication auth = new UsernamePasswordAuthenticationToken (
user, user.getPassword (), roles);
SecurityContextHolder.getContext ().setAuthentication (auth);
logger.info ("userTest roles: " + auth.getAuthorities ());
}
UserController.java 文件源码
项目:web-framework-for-java
阅读 38
收藏 0
点赞 0
评论 0
@ApiOperation(value = "Login")
@RequestMapping(value = "/login", method = RequestMethod.POST)
public boolean login(@RequestBody User user, HttpServletRequest request) {
User u = this.userService.login(user.getUsername(), user.getPassword());
if (u != null) {
UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(
user.getUsername(), user.getPassword());
// Authenticate the user
Authentication authentication = authenticationManager.authenticate(authRequest);
SecurityContext securityContext = SecurityContextHolder.getContext();
securityContext.setAuthentication(authentication);
// Create a new session and add the security context.
HttpSession session = request.getSession(true);
session.setAttribute("SPRING_SECURITY_CONTEXT", securityContext);
return true;
}
return false;
}
JwtAuthorizationFilterTest.java 文件源码
项目:qpp-conversion-tool
阅读 34
收藏 0
点赞 0
评论 0
@Test
public void testDoFilterInternal() throws IOException, ServletException {
JwtPayloadHelper payload = new JwtPayloadHelper()
.withName(JwtAuthorizationFilter.ORG_NAME)
.withOrgType(ORG_TYPE);
request.addHeader("Authorization", JwtTestHelper.createJwt(payload));
JwtAuthorizationFilter testJwtAuthFilter = new JwtAuthorizationFilter(authenticationManager);
PowerMockito.mockStatic(SecurityContextHolder.class);
SecurityContext mockSecurityContext = PowerMockito.mock(SecurityContext.class);
PowerMockito.when(SecurityContextHolder.getContext()).thenReturn(mockSecurityContext);
testJwtAuthFilter.doFilterInternal(request, response, filterChain);
verify(filterChain, times(1)).doFilter(any(MockHttpServletRequest.class), any(MockHttpServletResponse.class));
verify(SecurityContextHolder.getContext(), times(1)).setAuthentication(any(UsernamePasswordAuthenticationToken.class));
}
JwtAuthorizationFilterTest.java 文件源码
项目:qpp-conversion-tool
阅读 29
收藏 0
点赞 0
评论 0
@Test
public void testDoFilterInternalWithInvalidOrgName() throws IOException, ServletException {
JwtPayloadHelper payload = new JwtPayloadHelper()
.withName("invalid-name")
.withOrgType(ORG_TYPE);
request.addHeader("Authorization", JwtTestHelper.createJwt(payload));
JwtAuthorizationFilter testJwtAuthFilter = new JwtAuthorizationFilter(authenticationManager);
PowerMockito.mockStatic(SecurityContextHolder.class);
SecurityContext mockSecurityContext = PowerMockito.mock(SecurityContext.class);
PowerMockito.when(SecurityContextHolder.getContext()).thenReturn(mockSecurityContext);
testJwtAuthFilter.doFilterInternal(request, response, filterChain);
verify(filterChain, times(1)).doFilter(any(MockHttpServletRequest.class), any(MockHttpServletResponse.class));
verify(SecurityContextHolder.getContext(), times(0)).setAuthentication(any(UsernamePasswordAuthenticationToken.class));
}
JWTLoginFilter.java 文件源码
项目:attendance-manager-back
阅读 38
收藏 0
点赞 0
评论 0
@Override
public Authentication attemptAuthentication(HttpServletRequest req, HttpServletResponse res) throws AuthenticationException, IOException, ServletException {
User creds = new ObjectMapper()
.readValue(req.getInputStream(), User.class);
List<Role> authorities = new ArrayList<>();
authorities.add(Role.ROLE_MANAGER);
authorities.add(Role.ROLE_EMPLOYE);
authorities.add(Role.ROLE_ADMIN);
return getAuthenticationManager().authenticate(
new UsernamePasswordAuthenticationToken(
creds.getMatricule(),
creds.getPassword(),
Collections.emptyList()
)
);
}
CalendarUserAuthenticationProvider.java 文件源码
项目:Spring-Security-Third-Edition
阅读 31
收藏 0
点赞 0
评论 0
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
UsernamePasswordAuthenticationToken token = (UsernamePasswordAuthenticationToken) authentication;
String email = token.getName();
CalendarUser user = email == null ? null : calendarService.findUserByEmail(email);
if(user == null) {
throw new UsernameNotFoundException("Invalid username/password");
}
// Database Password already encrypted:
String password = user.getPassword();
boolean passwordsMatch = passwordEncoder.matches(token.getCredentials().toString(), password);
if(!passwordsMatch) {
throw new BadCredentialsException("Invalid username/password");
}
Collection<? extends GrantedAuthority> authorities = CalendarUserAuthorityUtils.createAuthorities(user);
UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = new UsernamePasswordAuthenticationToken(user, password, authorities);
return usernamePasswordAuthenticationToken;
}
UserService.java 文件源码
项目:spring-boot-jwt
阅读 33
收藏 0
点赞 0
评论 0
public String signin(String username, String password) {
try {
authenticationManager.authenticate(new UsernamePasswordAuthenticationToken(username, password));
return jwtTokenProvider.createToken(username, userRepository.findByUsername(username).getRoles());
} catch (AuthenticationException e) {
throw new CustomException("Invalid username/password supplied", HttpStatus.UNPROCESSABLE_ENTITY);
}
}
AppAuthenticationFilter.java 文件源码
项目:Spring-5.0-Cookbook
阅读 24
收藏 0
点赞 0
评论 0
@Override
protected void successfulAuthentication(HttpServletRequest request, HttpServletResponse response, FilterChain chain,
Authentication authResult) throws IOException, ServletException {
System.out.println("AUTH FILTER");
Collection<? extends GrantedAuthority> authorities = authResult.getAuthorities();
List<String> roles = new ArrayList<String>();
for (GrantedAuthority a : authorities) {
roles.add(a.getAuthority());
}
System.out.println(roles);
String name = obtainPassword(request);
String password = obtainUsername(request);
UsernamePasswordAuthenticationToken userDetails = new UsernamePasswordAuthenticationToken(name, password, authorities);
setDetails(request, userDetails);
chain.doFilter(request, response);
}
CustomSignInAdapter.java 文件源码
项目:Code4Health-Platform
阅读 39
收藏 0
点赞 0
评论 0
@Override
public String signIn(String userId, Connection<?> connection, NativeWebRequest request){
try {
UserDetails user = userDetailsService.loadUserByUsername(userId);
UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken(
user,
null,
user.getAuthorities());
SecurityContextHolder.getContext().setAuthentication(authenticationToken);
String jwt = tokenProvider.createToken(authenticationToken, false);
ServletWebRequest servletWebRequest = (ServletWebRequest) request;
servletWebRequest.getResponse().addCookie(getSocialAuthenticationCookie(jwt));
} catch (AuthenticationException exception) {
log.error("Social authentication error");
}
return jHipsterProperties.getSocial().getRedirectAfterSignIn();
}
JwtAuthenticationTokenFilter.java 文件源码
项目:ponto-inteligente-api
阅读 34
收藏 0
点赞 0
评论 0
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws ServletException, IOException {
String token = request.getHeader(AUTH_HEADER);
if (token != null && token.startsWith(BEARER_PREFIX)) {
token = token.substring(7);
}
String username = jwtTokenUtil.getUsernameFromToken(token);
if (username != null && SecurityContextHolder.getContext().getAuthentication() == null) {
UserDetails userDetails = this.userDetailsService.loadUserByUsername(username);
if (jwtTokenUtil.tokenValido(token)) {
UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(userDetails, null, userDetails.getAuthorities());
authentication.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
SecurityContextHolder.getContext().setAuthentication(authentication);
}
}
chain.doFilter(request, response);
}
MeasureUserActivityFilterTestBase.java 文件源码
项目:tqdev-metrics
阅读 35
收藏 0
点赞 0
评论 0
/**
* Simulate a request with authenticated user with specified username for a
* specified duration in nanoseconds.
*
* @param username
* the username
* @param durationInNanoseconds
* the duration in nanoseconds
*/
protected void request(String username, long durationInNanoseconds) {
long now = 1510373758000000000L;
when(registry.getNanos()).thenReturn(now, now + durationInNanoseconds);
if (username != null) {
User user = new User(username, "", new ArrayList<GrantedAuthority>());
Authentication auth = new UsernamePasswordAuthenticationToken(user, null);
SecurityContextHolder.getContext().setAuthentication(auth);
}
try {
filter.doFilterInternal(mock(HttpServletRequest.class), mock(HttpServletResponse.class),
mock(FilterChain.class));
} catch (ServletException | IOException e) {
e.printStackTrace();
}
}
UserServiceImpl.java 文件源码
项目:nixmash-blog
阅读 33
收藏 0
点赞 0
评论 0
@Transactional
@Override
public User updateHasAvatar(Long userId, boolean hasAvatar) {
User user = userRepository.findById(userId);
user.setHasAvatar(hasAvatar);
CurrentUser currentUser = new CurrentUser(user);
Authentication authentication =
new UsernamePasswordAuthenticationToken(
currentUser,
user.getPassword(),
user.getAuthorities());
SecurityContextHolder.getContext().setAuthentication(authentication);
return user;
}
AuthController.java 文件源码
项目:springboot-rest-api-skeleton
阅读 39
收藏 0
点赞 0
评论 0
@RequestMapping(value = "${jwt.route.authentication.path}", method = RequestMethod.POST)
public ResponseEntity<?> createAuthenticationToken(@RequestBody JwtAuthenticationRequest authenticationRequest, Device device)
throws AuthenticationException {
// Perform the security
final Authentication authentication = authenticationManager.authenticate(
new UsernamePasswordAuthenticationToken(
authenticationRequest.getUsername(),
authenticationRequest.getPassword()
)
);
SecurityContextHolder.getContext().setAuthentication(authentication);
// Reload password post-security so we can generate token
final UserDetails userDetails = userDetailsService.loadUserByUsername(authenticationRequest.getUsername());
final String token = jwtTokenUtil.generateToken(userDetails, device);
// Return the token
return ResponseEntity.ok(new JwtAuthenticationResponse(token));
}
CalendarUserAuthenticationProvider.java 文件源码
项目:Spring-Security-Third-Edition
阅读 33
收藏 0
点赞 0
评论 0
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
UsernamePasswordAuthenticationToken token = (UsernamePasswordAuthenticationToken) authentication;
String email = token.getName();
CalendarUser user = email == null ? null : calendarService.findUserByEmail(email);
if(user == null) {
throw new UsernameNotFoundException("Invalid username/password");
}
// Database Password already encrypted:
String password = user.getPassword();
boolean passwordsMatch = passwordEncoder.matches(token.getCredentials().toString(), password);
if(!passwordsMatch) {
throw new BadCredentialsException("Invalid username/password");
}
Collection<? extends GrantedAuthority> authorities = CalendarUserAuthorityUtils.createAuthorities(user);
UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = new UsernamePasswordAuthenticationToken(user, password, authorities);
return usernamePasswordAuthenticationToken;
}
CustomAuthenticationProvider.java 文件源码
项目:Building-Web-Apps-with-Spring-5-and-Angular
阅读 22
收藏 0
点赞 0
评论 0
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
final String username = authentication.getName();
final String password = authentication.getCredentials().toString();
User user = null;
try {
user = userService.doesUserExist(username);
} catch (UserNotFoundException e) {
}
if (user == null || !user.getEmail().equalsIgnoreCase(username)) {
throw new BadCredentialsException("Username not found.");
}
if (!password.equals(user.getPassword())) {
throw new BadCredentialsException("Wrong password.");
}
List<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>();
if(user.getRole() == 1) {
authorities.add(new SimpleGrantedAuthority("ROLE_DOCTOR"));
} else {
authorities.add(new SimpleGrantedAuthority("ROLE_USER"));
}
final UserDetails principal = new org.springframework.security.core.userdetails.User(username, password, authorities);
return new UsernamePasswordAuthenticationToken(principal, password, authorities);
}
JwtService.java 文件源码
项目:hauth-java
阅读 39
收藏 0
点赞 0
评论 0
public static Authentication getAuthentication(HttpServletRequest request) {
// 从Header中拿到token
String token = request.getHeader(HEADER_STRING);
if (token == null) {
token = getTokenFromCookis(request);
}
if (token != null && !token.isEmpty()) {
// 解析 Token
Claims claims = Jwts.parser().setSigningKey(SECRET)
.parseClaimsJws(token).getBody();
// 获取用户名
String user = claims.get("UserId").toString();
// 获取权限(角色)
List<GrantedAuthority> authorities = AuthorityUtils.commaSeparatedStringToAuthorityList((String) claims.get("authorities"));
// 返回验证令牌
return user != null ? new UsernamePasswordAuthenticationToken(user, null, authorities) : null;
}
return null;
}
JWTLoginFilter.java 文件源码
项目:hauth-java
阅读 29
收藏 0
点赞 0
评论 0
@Override
public Authentication attemptAuthentication(
HttpServletRequest req, HttpServletResponse res)
throws AuthenticationException, IOException, ServletException {
String username = req.getParameter("username");
String password = req.getParameter("password");
if (password != null) {
password = aesEncrypt(password);
}
// 返回一个验证令牌
return getAuthenticationManager().authenticate(
new UsernamePasswordAuthenticationToken(
username,
password
)
);
}
UserJWTController.java 文件源码
项目:Microservices-with-JHipster-and-Spring-Boot
阅读 36
收藏 0
点赞 0
评论 0
@PostMapping("/authenticate")
@Timed
public ResponseEntity<?> authorize(@Valid @RequestBody LoginDTO loginDTO, HttpServletResponse response) {
UsernamePasswordAuthenticationToken authenticationToken =
new UsernamePasswordAuthenticationToken(loginDTO.getUsername(), loginDTO.getPassword());
try {
Authentication authentication = this.authenticationManager.authenticate(authenticationToken);
SecurityContextHolder.getContext().setAuthentication(authentication);
boolean rememberMe = (loginDTO.isRememberMe() == null) ? false : loginDTO.isRememberMe();
String jwt = tokenProvider.createToken(authentication, rememberMe);
response.addHeader(JWTConfigurer.AUTHORIZATION_HEADER, "Bearer " + jwt);
return ResponseEntity.ok(new JWTToken(jwt));
} catch (AuthenticationException exception) {
return new ResponseEntity<>(Collections.singletonMap("AuthenticationException",exception.getLocalizedMessage()), HttpStatus.UNAUTHORIZED);
}
}
MyAuthenticationProvider.java 文件源码
项目:AngularAndSpring
阅读 32
收藏 0
点赞 0
评论 0
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
String name = authentication.getName();
String password = authentication.getCredentials().toString();
Query query = new Query();
query.addCriteria(Criteria.where("userId").is(name));
MyUser user = operations.findOne(query, MyUser.class).block();
String encryptedPw = null;
try {
encryptedPw = this.passwordEncryption.getEncryptedPassword(password, user.getSalt());
} catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
log.error("Pw decrytion error: ",e);
}
if(encryptedPw == null || !encryptedPw.equals(user.getPassword())) {
throw new AuthenticationCredentialsNotFoundException("User: "+name+" not found.");
}
log.info("User: "+name+" logged in.");
return new UsernamePasswordAuthenticationToken(
name, password, user.getAuthorities());
}
CalendarUserAuthenticationProvider.java 文件源码
项目:Spring-Security-Third-Edition
阅读 32
收藏 0
点赞 0
评论 0
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
UsernamePasswordAuthenticationToken token = (UsernamePasswordAuthenticationToken) authentication;
String email = token.getName();
CalendarUser user = email == null ? null : calendarService.findUserByEmail(email);
if(user == null) {
throw new UsernameNotFoundException("Invalid username/password");
}
// Database Password already encrypted:
String password = user.getPassword();
boolean passwordsMatch = passwordEncoder.matches(token.getCredentials().toString(), password);
if(!passwordsMatch) {
throw new BadCredentialsException("Invalid username/password");
}
Collection<? extends GrantedAuthority> authorities = CalendarUserAuthorityUtils.createAuthorities(user);
UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = new UsernamePasswordAuthenticationToken(user, password, authorities);
return usernamePasswordAuthenticationToken;
}
_AuthenticationRestController.java 文件源码
项目:generator-spring-rest-jwt
阅读 29
收藏 0
点赞 0
评论 0
@RequestMapping(value = "${jwt.route.authentication.path}", method = RequestMethod.POST)
public ResponseEntity<?> createAuthenticationToken(@RequestBody JwtAuthenticationRequest authenticationRequest, Device device) throws AuthenticationException {
// Perform the security
final Authentication authentication = authenticationManager.authenticate(
new UsernamePasswordAuthenticationToken(
authenticationRequest.getUsername(),
authenticationRequest.getPassword()
)
);
SecurityContextHolder.getContext().setAuthentication(authentication);
// Reload password post-security so we can generate token
final UserDetails userDetails = userDetailsService.loadUserByUsername(authenticationRequest.getUsername());
final String token = jwtTokenUtil.generateToken(userDetails, device);
// Return the token
return ResponseEntity.ok(new JwtAuthenticationResponse(token));
}
