View Javadoc

1   /* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
2    *
3    * Licensed under the Apache License, Version 2.0 (the "License");
4    * you may not use this file except in compliance with the License.
5    * You may obtain a copy of the License at
6    *
7    *     http://www.apache.org/licenses/LICENSE-2.0
8    *
9    * Unless required by applicable law or agreed to in writing, software
10   * distributed under the License is distributed on an "AS IS" BASIS,
11   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12   * See the License for the specific language governing permissions and
13   * limitations under the License.
14   */
15  
16  package org.acegisecurity.providers.dao;
17  
18  import org.acegisecurity.AuthenticationException;
19  import org.acegisecurity.AuthenticationServiceException;
20  import org.acegisecurity.BadCredentialsException;
21  import org.acegisecurity.providers.AuthenticationProvider;
22  import org.acegisecurity.providers.UsernamePasswordAuthenticationToken;
23  import org.acegisecurity.providers.encoding.PasswordEncoder;
24  import org.acegisecurity.providers.encoding.PlaintextPasswordEncoder;
25  import org.acegisecurity.userdetails.UserDetails;
26  import org.acegisecurity.userdetails.UserDetailsService;
27  import org.springframework.dao.DataAccessException;
28  import org.springframework.util.Assert;
29  
30  /**
31   * An {@link AuthenticationProvider} implementation that retrieves user details
32   * from an {@link UserDetailsService}.
33   * 
34   * @author Ben Alex
35   * @version $Id: DaoAuthenticationProvider.java 1857 2007-05-24 00:47:12Z
36   * benalex $
37   */
38  public class DaoAuthenticationProvider extends AbstractUserDetailsAuthenticationProvider {
39  
40  	// ~ Instance fields
41  	// ================================================================================================
42  
43  	private PasswordEncoder passwordEncoder = new PlaintextPasswordEncoder();
44  
45  	private SaltSource saltSource;
46  
47  	private UserDetailsService userDetailsService;
48  
49  	private boolean includeDetailsObject = true;
50  
51  	// ~ Methods
52  	// ========================================================================================================
53  
54  	protected void additionalAuthenticationChecks(UserDetails userDetails,
55  			UsernamePasswordAuthenticationToken authentication) throws AuthenticationException {
56  		Object salt = null;
57  
58  		if (this.saltSource != null) {
59  			salt = this.saltSource.getSalt(userDetails);
60  		}
61  
62  		if (authentication.getCredentials() == null) {
63  			throw new BadCredentialsException(messages.getMessage(
64  					"AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials"),
65  					includeDetailsObject ? userDetails : null);
66  		}
67  
68  		String presentedPassword = authentication.getCredentials() == null ? "" : authentication.getCredentials()
69  				.toString();
70  
71  		if (!passwordEncoder.isPasswordValid(userDetails.getPassword(), presentedPassword, salt)) {
72  			throw new BadCredentialsException(messages.getMessage(
73  					"AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials"),
74  					includeDetailsObject ? userDetails : null);
75  		}
76  	}
77  
78  	protected void doAfterPropertiesSet() throws Exception {
79  		Assert.notNull(this.userDetailsService, "A UserDetailsService must be set");
80  	}
81  
82  	public PasswordEncoder getPasswordEncoder() {
83  		return passwordEncoder;
84  	}
85  
86  	public SaltSource getSaltSource() {
87  		return saltSource;
88  	}
89  
90  	public UserDetailsService getUserDetailsService() {
91  		return userDetailsService;
92  	}
93  
94  	protected final UserDetails retrieveUser(String username, UsernamePasswordAuthenticationToken authentication)
95  			throws AuthenticationException {
96  		UserDetails loadedUser;
97  
98  		try {
99  			loadedUser = this.getUserDetailsService().loadUserByUsername(username);
100 		}
101 		catch (DataAccessException repositoryProblem) {
102 			throw new AuthenticationServiceException(repositoryProblem.getMessage(), repositoryProblem);
103 		}
104 
105 		if (loadedUser == null) {
106 			throw new AuthenticationServiceException(
107 					"UserDetailsService returned null, which is an interface contract violation");
108 		}
109 		return loadedUser;
110 	}
111 
112 	/**
113 	 * Sets the PasswordEncoder instance to be used to encode and validate
114 	 * passwords. If not set, {@link PlaintextPasswordEncoder} will be used by
115 	 * default.
116 	 * 
117 	 * @param passwordEncoder The passwordEncoder to use
118 	 */
119 	public void setPasswordEncoder(PasswordEncoder passwordEncoder) {
120 		this.passwordEncoder = passwordEncoder;
121 	}
122 
123 	/**
124 	 * The source of salts to use when decoding passwords. <code>null</code>
125 	 * is a valid value, meaning the <code>DaoAuthenticationProvider</code>
126 	 * will present <code>null</code> to the relevant
127 	 * <code>PasswordEncoder</code>.
128 	 * 
129 	 * @param saltSource to use when attempting to decode passwords via the
130 	 * <code>PasswordEncoder</code>
131 	 */
132 	public void setSaltSource(SaltSource saltSource) {
133 		this.saltSource = saltSource;
134 	}
135 
136 	public void setUserDetailsService(UserDetailsService userDetailsService) {
137 		this.userDetailsService = userDetailsService;
138 	}
139 
140 	public boolean isIncludeDetailsObject() {
141 		return includeDetailsObject;
142 	}
143 
144 	public void setIncludeDetailsObject(boolean includeDetailsObject) {
145 		this.includeDetailsObject = includeDetailsObject;
146 	}
147 }