AuthenticationProvider.java

  1. /*
  2.  * GovWay - A customizable API Gateway 
  3.  * https://govway.org
  4.  * 
  5.  * Copyright (c) 2005-2025 Link.it srl (https://link.it). 
  6.  * 
  7.  * This program is free software: you can redistribute it and/or modify
  8.  * it under the terms of the GNU General Public License version 3, as published by
  9.  * the Free Software Foundation.
  10.  *
  11.  * This program is distributed in the hope that it will be useful,
  12.  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  13.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  14.  * GNU General Public License for more details.
  15.  *
  16.  * You should have received a copy of the GNU General Public License
  17.  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  18.  *
  19.  */

  21. package org.openspcoop2.core.monitor.rs.server.config;

  23. import java.sql.Connection;
  24. import java.util.ArrayList;
  25. import java.util.List;

  27. import org.openspcoop2.generic_project.exception.NotFoundException;
  28. import org.openspcoop2.generic_project.utils.ServiceManagerProperties;
  29. import org.openspcoop2.web.monitor.core.bean.UserDetailsBean;
  30. import org.openspcoop2.web.monitor.core.dao.DBLoginDAO;
  31. import org.slf4j.Logger;
  32. import org.springframework.security.authentication.AuthenticationCredentialsNotFoundException;
  33. import org.springframework.security.authentication.AuthenticationServiceException;
  34. import org.springframework.security.authentication.BadCredentialsException;
  35. import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
  36. import org.springframework.security.core.Authentication;
  37. import org.springframework.security.core.AuthenticationException;
  38. import org.springframework.security.core.GrantedAuthority;
  39. import org.springframework.security.core.authority.SimpleGrantedAuthority;
  40. import org.springframework.security.core.userdetails.User;


  43. /**
  44.  * AuthenticationProvider
  45.  * 
  46.  * @author Andrea Poli (poli@link.it)
  47.  * @author $Author$
  48.  * @version $Rev$, $Date$
  49.  */
  50. public class AuthenticationProvider implements org.springframework.security.authentication.AuthenticationProvider{

  52.     @SuppressWarnings("unused")
  53.     private Logger log = org.slf4j.LoggerFactory.getLogger(this.getClass());

  55.     private String operatorRoleName = "operatore";  
  56.     private String diagnosticRoleName = "diagnostica";  
  57.     private String reportRoleName = "reportistica"; 

  59.     private static String getS(String v) {
  60.         return "sec"+v+"ret";
  61.     }
  62.     
  63.     @Override
  64.     public Authentication authenticate(Authentication authentication) throws AuthenticationException {

  66.         String username = authentication.getName();
  67.         Object passwordObject = authentication.getCredentials();
  68.         String password = (String) passwordObject;

  70.         if(username==null || password==null) {
  71.             throw new AuthenticationCredentialsNotFoundException("Credentials not found");
  72.         }
  73.         
  74.         DBManager dbManager = DBManager.getInstance();
  75.         Connection connection = null;
  76.         try {
  77.             connection = dbManager.getConnectionConfig();
  78.             ServiceManagerProperties smp = dbManager.getServiceManagerPropertiesConfig();
  79.             DBLoginDAO loginService = new DBLoginDAO(connection, true, smp, LoggerProperties.getLoggerDAO());
  80.             
  81.             UserDetailsBean u = null;
  82.             try {
  83.                 u = loginService.loadUserByUsername(username, false); // il controllo e' fatto nella acl
  84.             }
  85.             catch(NotFoundException e) {
  86.                 /**throw new UsernameNotFoundException("Username '"+username+"' not found", e);*/
  87.                 // Fix security: Make sure allowing user enumeration is safe here.
  88.                 throw new BadCredentialsException("Bad credentials");
  89.             }
  90.             catch(Exception e) {
  91.                 logAndThrowAuthenticationServiceException("AuthenticationProvider,ricerca utente fallita",e);
  92.             }
  93.             
  94.             boolean correct = false;
  95.             try {
  96.                 loginService.setPasswordManager(ServerProperties.getInstance().getUtenzeCryptConfig());
  97.                 correct = loginService.login(username, password);
  98.             }catch(Exception e) {
  99.                 logAndThrowAuthenticationServiceException("Inizializzazione AuthenticationProvider fallita",e);
  100.             }
  101.             if(!correct) {
  102.                 throw new BadCredentialsException("Bad credentials");
  103.             }

  105.             List<GrantedAuthority> roles = new ArrayList<>();
  106.             if(u.getUtente()!=null && u.getUtente().getPermessi()!=null) {
  107.                 if(u.getUtente().getPermessi().isDiagnostica()) {
  108.                     GrantedAuthority grant = new SimpleGrantedAuthority(this.diagnosticRoleName);
  109.                     roles.add(grant);
  110.                 }
  111.                 if(u.getUtente().getPermessi().isReportistica()) {
  112.                     GrantedAuthority grant = new SimpleGrantedAuthority(this.reportRoleName);
  113.                     roles.add(grant);
  114.                 }
  115.                 if(roles.size()==2) {
  116.                     // operatore se li ha tutti e due
  117.                     GrantedAuthority grant = new SimpleGrantedAuthority(this.operatorRoleName);
  118.                     roles.add(grant);
  119.                 }
  120.             }
  121.             // vi sono le acl per questo
  122.             /**else {
  123.                 throw new BadCredentialsException(LoginCostanti.MESSAGGIO_ERRORE_UTENTE_NON_ABILITATO_UTILIZZO_CONSOLE);
  124.             }*/
  125.                 
  126.             // Wrap in UsernamePasswordAuthenticationToken
  127.             User user = new User(username, getS(""), true, true, true, true, roles);
  128.             UsernamePasswordAuthenticationToken userAuth = new UsernamePasswordAuthenticationToken(user, getS(""), user.getAuthorities());
  129.             userAuth.setDetails(authentication.getDetails());
  130.             return userAuth;
  131.         }
  132.         finally {
  133.             dbManager.releaseConnectionConfig(connection);
  134.         }

  136.     }
  137.     
  138.     private void logAndThrowAuthenticationServiceException(String msg, Exception e) throws AuthenticationServiceException {
  139.         LoggerProperties.getLoggerCore().error(e.getMessage(),e);
  140.         throw new AuthenticationServiceException(msg+": "+e.getMessage(),e);
  141.     }

  143.     @Override
  144.     public boolean supports(Class<?> authentication) {
  145.         return authentication.equals(UsernamePasswordAuthenticationToken.class);
  146.     }

  148.     public String getOperatorRoleName() {
  149.         return this.operatorRoleName;
  150.     }
  151.     public void setOperatorRoleName(String operatorRoleName) {
  152.         this.operatorRoleName = operatorRoleName;
  153.     }

  155.     public String getDiagnosticRoleName() {
  156.         return this.diagnosticRoleName;
  157.     }
  158.     public void setDiagnosticRoleName(String diagnosticRoleName) {
  159.         this.diagnosticRoleName = diagnosticRoleName;
  160.     }

  162.     public String getReportRoleName() {
  163.         return this.reportRoleName;
  164.     }
  165.     public void setReportRoleName(String reportRoleName) {
  166.         this.reportRoleName = reportRoleName;
  167.     }

  169. }
Created with JaCoCo 0.8.8.202204050719