AuthenticationProvider.java
/*
* GovWay - A customizable API Gateway
* https://govway.org
*
* Copyright (c) 2005-2024 Link.it srl (https://link.it).
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 3, as published by
* the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
*/
package org.openspcoop2.core.config.rs.server.config;
import java.util.ArrayList;
import java.util.List;
import org.openspcoop2.core.config.rs.server.api.impl.Helper;
import org.openspcoop2.utils.UtilsException;
import org.openspcoop2.utils.crypt.CryptConfig;
import org.openspcoop2.utils.crypt.CryptFactory;
import org.openspcoop2.utils.crypt.ICrypt;
import org.openspcoop2.utils.service.beans.utils.BaseHelper;
import org.openspcoop2.web.ctrlstat.core.ControlStationCore;
import org.openspcoop2.web.ctrlstat.servlet.utenti.UtentiCore;
import org.slf4j.Logger;
import org.springframework.security.authentication.AuthenticationCredentialsNotFoundException;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.User;
/**
* AuthenticationProvider
*
* @author Andrea Poli (poli@link.it)
* @author $Author$
* @version $Rev$, $Date$
*/
public class AuthenticationProvider implements org.springframework.security.authentication.AuthenticationProvider{
private Logger log = org.slf4j.LoggerFactory.getLogger(this.getClass());
private String configuratorRoleName = "configuratore";
private static ICrypt passwordManager = null;
private static ICrypt passwordManager_backwardCompatibility = null;
private static synchronized void initPasswordManager(Logger log, CryptConfig config) throws UtilsException {
if(passwordManager==null) {
passwordManager = CryptFactory.getCrypt(log, config);
if(config.isBackwardCompatibility()) {
passwordManager_backwardCompatibility = CryptFactory.getOldMD5Crypt(log);
}
}
}
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
String username = authentication.getName();
Object passwordObject = authentication.getCredentials();
String password = (String) passwordObject;
if(username==null || password==null) {
throw new AuthenticationCredentialsNotFoundException("Credentials not found");
}
String tipo_protocollo = null;
ControlStationCore core = null;
UtentiCore utentiCore = null;
try {
tipo_protocollo = BaseHelper.tipoProtocolloFromProfilo.get(Helper.getProfiloDefault());
core = new ControlStationCore(true, ServerProperties.getInstance().getConfDirectory() ,tipo_protocollo);
utentiCore = new UtentiCore(core);
}catch(Exception e) {
throw new AuthenticationServiceException("Inizializzazione AuthenticationProvider fallita: "+e.getMessage(),e);
}
boolean trovato = false;
org.openspcoop2.web.lib.users.dao.User u = null;
try {
trovato = utentiCore.existsUser(username);
if(trovato) {
u = utentiCore.getUser(username);
}
}catch(Exception e) {
throw new AuthenticationServiceException("AuthenticationProvider,ricerca utente fallita: "+e.getMessage(),e);
}
if(!trovato) {
//throw new UsernameNotFoundException("Username '"+username+"' not found");
// Fix security: Make sure allowing user enumeration is safe here.
throw new BadCredentialsException("Bad credentials");
}
String pwcrypt = u.getPassword();
try {
if(passwordManager==null) {
initPasswordManager(this.log, ServerProperties.getInstance().getUtenzeCryptConfig());
}
}catch(Exception e) {
throw new AuthenticationServiceException("Inizializzazione AuthenticationProvider fallita: "+e.getMessage(),e);
}
boolean match = passwordManager.check(password, pwcrypt);
if(!match && passwordManager_backwardCompatibility!=null) {
match = passwordManager_backwardCompatibility.check(password, pwcrypt);
}
if(!match) {
throw new BadCredentialsException("Bad credentials");
}
List<GrantedAuthority> roles = new ArrayList<>();
if(u.getPermessi()!=null && u.getPermessi().isServizi()) {
GrantedAuthority grant = new SimpleGrantedAuthority(this.configuratorRoleName);
roles.add(grant);
}
// vi sono le acl per questo
// else {
// throw new BadCredentialsException(LoginCostanti.MESSAGGIO_ERRORE_UTENTE_NON_ABILITATO_UTILIZZO_CONSOLE);
// }
// Wrap in UsernamePasswordAuthenticationToken
User user = new User(username, "secret", true, true, true, true, roles);
UsernamePasswordAuthenticationToken userAuth = new UsernamePasswordAuthenticationToken(user, "secret", user.getAuthorities());
userAuth.setDetails(authentication.getDetails());
return userAuth;
}
@Override
public boolean supports(Class<?> authentication) {
return authentication.equals(UsernamePasswordAuthenticationToken.class);
}
public String getConfiguratorRoleName() {
return this.configuratorRoleName;
}
public void setConfiguratorRoleName(String configuratorRoleName) {
this.configuratorRoleName = configuratorRoleName;
}
}