AuthenticationProvider.java

  1. /*
  2.  * GovWay - A customizable API Gateway 
  3.  * https://govway.org
  4.  * 
  5.  * Copyright (c) 2005-2025 Link.it srl (https://link.it). 
  6.  * 
  7.  * This program is free software: you can redistribute it and/or modify
  8.  * it under the terms of the GNU General Public License version 3, as published by
  9.  * the Free Software Foundation.
  10.  *
  11.  * This program is distributed in the hope that it will be useful,
  12.  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  13.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  14.  * GNU General Public License for more details.
  15.  *
  16.  * You should have received a copy of the GNU General Public License
  17.  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  18.  *
  19.  */

  21. package org.openspcoop2.core.config.rs.server.config;

  23. import java.util.ArrayList;
  24. import java.util.List;

  26. import org.openspcoop2.core.config.rs.server.api.impl.Helper;
  27. import org.openspcoop2.utils.UtilsException;
  28. import org.openspcoop2.utils.crypt.CryptConfig;
  29. import org.openspcoop2.utils.crypt.CryptFactory;
  30. import org.openspcoop2.utils.crypt.ICrypt;
  31. import org.openspcoop2.utils.service.beans.utils.BaseHelper;
  32. import org.openspcoop2.web.ctrlstat.core.ControlStationCore;
  33. import org.openspcoop2.web.ctrlstat.servlet.utenti.UtentiCore;
  34. import org.slf4j.Logger;
  35. import org.springframework.security.authentication.AuthenticationCredentialsNotFoundException;
  36. import org.springframework.security.authentication.AuthenticationServiceException;
  37. import org.springframework.security.authentication.BadCredentialsException;
  38. import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
  39. import org.springframework.security.core.Authentication;
  40. import org.springframework.security.core.AuthenticationException;
  41. import org.springframework.security.core.GrantedAuthority;
  42. import org.springframework.security.core.authority.SimpleGrantedAuthority;
  43. import org.springframework.security.core.userdetails.User;


  46. /**
  47.  * AuthenticationProvider
  48.  * 
  49.  * @author Andrea Poli (poli@link.it)
  50.  * @author $Author$
  51.  * @version $Rev$, $Date$
  52.  */
  53. public class AuthenticationProvider implements org.springframework.security.authentication.AuthenticationProvider{

  55.     private Logger log = org.slf4j.LoggerFactory.getLogger(this.getClass());

  57.     private String configuratorRoleName = "configuratore";  

  59.     private static ICrypt passwordManager = null;
  60.     private static ICrypt passwordManagerBackwardCompatibility = null;
  61.     private static synchronized void initPasswordManager(Logger log, CryptConfig config) throws UtilsException {
  62.         if(passwordManager==null) {
  63.             passwordManager = CryptFactory.getCrypt(log, config);
  64.             if(config.isBackwardCompatibility()) {
  65.                 passwordManagerBackwardCompatibility = CryptFactory.getOldMD5Crypt(log);
  66.             }
  67.         }
  68.     }
  69.     
  70.     private static String getS(String v) {
  71.         return "sec"+v+"ret";
  72.     }
  73.     
  74.     @Override
  75.     public Authentication authenticate(Authentication authentication) throws AuthenticationException {

  77.         String username = authentication.getName();
  78.         Object passwordObject = authentication.getCredentials();
  79.         String password = (String) passwordObject;

  81.         if(username==null || password==null) {
  82.             throw new AuthenticationCredentialsNotFoundException("Credentials not found");
  83.         }
  84.         
  85.         String tipoProtocollo = null;
  86.         ControlStationCore core = null;
  87.         UtentiCore utentiCore = null;
  88.         try {
  89.             tipoProtocollo = BaseHelper.tipoProtocolloFromProfilo.get(Helper.getProfiloDefault());
  90.             core = new ControlStationCore(true, ServerProperties.getInstance().getConfDirectory() ,tipoProtocollo);
  91.             utentiCore = new UtentiCore(core);
  92.         }catch(Exception e) {
  93.             throw new AuthenticationServiceException("Inizializzazione AuthenticationProvider fallita: "+e.getMessage(),e);
  94.         }
  95.         
  96.         boolean trovato = false;
  97.         org.openspcoop2.web.lib.users.dao.User u = null;
  98.         try {
  99.             trovato = utentiCore.existsUser(username);
  100.             if(trovato) {
  101.                 u = utentiCore.getUser(username);
  102.             }
  103.         }catch(Exception e) {
  104.             throw new AuthenticationServiceException("AuthenticationProvider,ricerca utente fallita: "+e.getMessage(),e);
  105.         }
  106.         if(!trovato) {
  107.             /**throw new UsernameNotFoundException("Username '"+username+"' not found");*/
  108.             // Fix security: Make sure allowing user enumeration is safe here.
  109.             throw new BadCredentialsException("Bad credentials");
  110.         }
  111.         String pwcrypt = u.getPassword();
  112.         
  113.         try {
  114.             if(passwordManager==null) {
  115.                 initPasswordManager(this.log, ServerProperties.getInstance().getUtenzeCryptConfig());
  116.             }
  117.         }catch(Exception e) {
  118.             throw new AuthenticationServiceException("Inizializzazione AuthenticationProvider fallita: "+e.getMessage(),e);
  119.         }
  120.         
  121.         boolean match = passwordManager.check(password, pwcrypt);
  122.         if(!match && passwordManagerBackwardCompatibility!=null) {
  123.             match = passwordManagerBackwardCompatibility.check(password, pwcrypt);
  124.         }
  125.         if(!match) {
  126.             throw new BadCredentialsException("Bad credentials");
  127.         }

  129.         List<GrantedAuthority> roles = new ArrayList<>();
  130.         if(u.getPermessi()!=null && u.getPermessi().isServizi()) {
  131.             GrantedAuthority grant = new SimpleGrantedAuthority(this.configuratorRoleName);
  132.             roles.add(grant);
  133.         }
  134.         // vi sono le acl per questo
  135.         /**else {
  136.             throw new BadCredentialsException(LoginCostanti.MESSAGGIO_ERRORE_UTENTE_NON_ABILITATO_UTILIZZO_CONSOLE);
  137.         }*/
  138.     
  139.         // Wrap in UsernamePasswordAuthenticationToken
  140.         User user = new User(username, getS(""), true, true, true, true, roles);
  141.         UsernamePasswordAuthenticationToken userAuth = new UsernamePasswordAuthenticationToken(user, getS(""), user.getAuthorities());
  142.         userAuth.setDetails(authentication.getDetails());
  143.         return userAuth;
  144.         
  145.         

  147.     }

  149.     @Override
  150.     public boolean supports(Class<?> authentication) {
  151.         return authentication.equals(UsernamePasswordAuthenticationToken.class);
  152.     }

  154.     public String getConfiguratorRoleName() {
  155.         return this.configuratorRoleName;
  156.     }
  157.     public void setConfiguratorRoleName(String configuratorRoleName) {
  158.         this.configuratorRoleName = configuratorRoleName;
  159.     }
  160. }
Created with JaCoCo 0.8.8.202204050719