Freitag, 1. November 2013

CAS (Central Authentication Service) mit Spring Security - Teil 3

Beispiel Klasse: /src/java/cas/MyUserDetails.java


 package de.test.cas;  
 import java.io.Serializable;  
 import java.util.Collection;  
 import java.util.HashSet;  
 import java.util.Set;  
 import javax.persistence.EntityManager;  
 import org.apache.log4j.Logger;  
 import org.springframework.security.core.GrantedAuthority;  
 import org.springframework.security.core.authority.SimpleGrantedAuthority;  
 import org.springframework.security.core.userdetails.UserDetails;  
 /*  
  *   
  * Assign all authenticated users ROLE_AUTHENTICATED  
  *   
  */  
 public class MyUserDetails implements Serializable, UserDetails {  
      private static final long serialVersionUID = 1L;  
      private final String username;  
      private final Set<Long> permissionsForUsers;  
      static final Logger logger = Logger.getLogger(MyUserDetails.class);  
      private final Collection<GrantedAuthority> authorities;  
      public MyUserDetails(Collection<GrantedAuthority> authorities, String username, Set<Long> permissionsForUsers) {  
           this.username=username;  
           this.authorities = authorities;  
           this.permissionsForUsers = permissionsForUsers;  
      }  
      @Override  
      public String toString() {  
           return this.username;  
      }  
      public Set<Long> getPermissionsForUsers() {  
           return permissionsForUsers;  
      }  
      @Override  
      public Collection<GrantedAuthority> getAuthorities() {  
           return authorities;  
      }  
      @Override  
      public String getPassword() {  
           return null;  
      }  
      @Override  
      public String getUsername() {  
           return username;  
      }  
      @Override  
      public boolean isAccountNonExpired() {  
           return true;  
      }  
      @Override  
      public boolean isAccountNonLocked() {  
           return true;  
      }  
      @Override  
      public boolean isCredentialsNonExpired() {  
           return true;  
      }  
      @Override  
      public boolean isEnabled() {  
           return true;  
      }  
 }  


Beispiel Klasse: /src/java/cas/MyUserService.java


 package de.test.cas;  
 import java.math.BigDecimal;  
 import java.util.HashSet;  
 import java.util.List;  
 import java.util.Set;  
 import javax.persistence.EntityManager;  
 import javax.persistence.NoResultException;  
 import javax.persistence.PersistenceContext;  
 import javax.persistence.Query;  
 import javax.persistence.criteria.CriteriaBuilder;  
 import javax.persistence.criteria.CriteriaQuery;  
 import javax.persistence.criteria.Root;  
 import org.apache.log4j.Logger;  
 import org.springframework.dao.DataAccessException;  
 import org.springframework.security.core.GrantedAuthority;  
 import org.springframework.security.core.authority.SimpleGrantedAuthority;  
 import org.springframework.security.core.userdetails.UserDetails;  
 import org.springframework.security.core.userdetails.UserDetailsService;  
 import org.springframework.security.core.userdetails.UsernameNotFoundException;  
 import de.test.db.domain.Assistant;  
 import de.test.db.domain.Transformable;  
 import de.test.db.domain.User;  
 public class MyUserService implements UserDetailsService {  
      private List<String> predefinedAdminAccounts = null;  
      static final Logger logger = Logger.getLogger(UserDetailsService.class);  
      private EntityManager entityManager = null;  
      public EntityManager getEntityManager() {  
           return entityManager;  
      }  
      @PersistenceContext  
      public void setEntityManager(EntityManager entityManager) {  
           this.entityManager = entityManager;  
      }  
      public List<String> getPredefinedAdminAccounts() {  
           return predefinedAdminAccounts;  
      }  
      public void setPredefinedAdminAccounts(List<String> predefinedAdminAccounts) {  
           this.predefinedAdminAccounts = predefinedAdminAccounts;  
      }  
      @Override  
      public UserDetails loadUserByUsername(String username)  
                throws UsernameNotFoundException, DataAccessException, NoResultException {  
           logger.info("!!! loadUserByUsername !!!");  
           Set<GrantedAuthority> authorities = new HashSet<GrantedAuthority>();   
           Set<Long> permissionsForUsers = new HashSet<Long>();  
           if(predefinedAdminAccounts.contains(username)) {  
                authorities.add(new SimpleGrantedAuthority("ROLE_ADMIN"));  
           } else {  
                CriteriaBuilder cb = entityManager.getCriteriaBuilder();  
                CriteriaQuery<User> uq = cb.createQuery(User.class);  
                Root<User> ur = uq.from(User.class);  
                uq.select(ur).where(cb.equal(ur.get("accountName"), username));  
                List<User> uresult = entityManager.createQuery(uq).getResultList();  
                User user = null;  
                if(!uresult.isEmpty()) {  
                     user = uresult.get(0);  
                }  
                if(user != null) {  
                     permissionsForUsers.add(user.getId());  
                     logger.info(user.getAccountName() + " " + user.getId());  
                     authorities.add(new SimpleGrantedAuthority("ROLE_USER"));  
                }  
                CriteriaQuery<Assistant> aq = cb.createQuery(Assistant.class);  
                Root<Assistant> ar = aq.from(Assistant.class);  
                aq.select(ar).where(cb.equal(ar.get("accountName"), username));  
                List<Assistant> aresult = entityManager.createQuery(aq).getResultList();  
                Assistant assistant = null;  
                if(!aresult.isEmpty()) {  
                     assistant = aresult.get(0);  
                }  
                if(assistant != null) {  
                     authorities.add(new SimpleGrantedAuthority("ROLE_ASSISTANT"));  
                     Query queryForPrincipals = getEntityManager().createNativeQuery("select userId from USERS_ASSISTANTS where assistantId=:assistantId");  
                     queryForPrincipals.setParameter("assistantId", assistant.getId());  
                     List<BigDecimal> ids = queryForPrincipals.getResultList();  
                     for(BigDecimal b : ids)  
                          permissionsForUsers.add(b.longValue());  
                }  
           }  
           return      new MyUserDetails(authorities, username, permissionsForUsers);  
      }  
      private <T extends Transformable<Long>> T getPrincipal(Class<T> c, String username) {  
           CriteriaBuilder cb = entityManager.getCriteriaBuilder();  
           CriteriaQuery<T> cq = cb.createQuery(c);  
           Root<T> r = cq.from(c);  
           cq.select(r).where(cb.equal(r.get("accountName"), username));  
           List<T> result = entityManager.createQuery(cq).getResultList();  
           if(!result.isEmpty()) {  
                return result.get(0);  
           }  
           else  
                return null;  
      }  
 }  

Keine Kommentare:

Kommentar veröffentlichen