SEC-536: Added account status checking to Siteminder provider
This commit is contained in:
parent
3c011685cd
commit
6575f5af1c
|
@ -26,6 +26,9 @@ import org.springframework.security.providers.UsernamePasswordAuthenticationToke
|
||||||
import org.springframework.security.providers.dao.AbstractUserDetailsAuthenticationProvider;
|
import org.springframework.security.providers.dao.AbstractUserDetailsAuthenticationProvider;
|
||||||
import org.springframework.security.userdetails.UserDetails;
|
import org.springframework.security.userdetails.UserDetails;
|
||||||
import org.springframework.security.userdetails.UserDetailsService;
|
import org.springframework.security.userdetails.UserDetailsService;
|
||||||
|
import org.springframework.security.userdetails.UserDetailsChecker;
|
||||||
|
import org.springframework.security.userdetails.checker.AccountStatusUserDetailsChecker;
|
||||||
|
|
||||||
import org.apache.commons.logging.Log;
|
import org.apache.commons.logging.Log;
|
||||||
import org.apache.commons.logging.LogFactory;
|
import org.apache.commons.logging.LogFactory;
|
||||||
import org.springframework.dao.DataAccessException;
|
import org.springframework.dao.DataAccessException;
|
||||||
|
@ -39,18 +42,13 @@ import org.springframework.util.Assert;
|
||||||
*/
|
*/
|
||||||
public class SiteminderAuthenticationProvider extends AbstractUserDetailsAuthenticationProvider {
|
public class SiteminderAuthenticationProvider extends AbstractUserDetailsAuthenticationProvider {
|
||||||
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Our logging object
|
|
||||||
*/
|
|
||||||
private static final Log logger = LogFactory.getLog(SiteminderAuthenticationProvider.class);
|
|
||||||
|
|
||||||
//~ Instance fields ================================================================================================
|
//~ Instance fields ================================================================================================
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Our user details service (which does the real work of checking the user against a back-end user store).
|
* Our user details service (which does the real work of checking the user against a back-end user store).
|
||||||
*/
|
*/
|
||||||
private UserDetailsService userDetailsService;
|
private UserDetailsService userDetailsService;
|
||||||
|
private UserDetailsChecker userDetailsChecker = new AccountStatusUserDetailsChecker();
|
||||||
|
|
||||||
//~ Methods ========================================================================================================
|
//~ Methods ========================================================================================================
|
||||||
|
|
||||||
|
@ -63,26 +61,8 @@ public class SiteminderAuthenticationProvider extends AbstractUserDetailsAuthent
|
||||||
// No need for password authentication checks - we only expect one identifying string
|
// No need for password authentication checks - we only expect one identifying string
|
||||||
// from the HTTP Request header (as populated by Siteminder), but we do need to see if
|
// from the HTTP Request header (as populated by Siteminder), but we do need to see if
|
||||||
// the user's account is OK to let them in.
|
// the user's account is OK to let them in.
|
||||||
if (!user.isEnabled()) {
|
|
||||||
throw new DisabledException(messages.getMessage("AbstractUserDetailsAuthenticationProvider.disabled",
|
|
||||||
"Account disabled"));
|
|
||||||
}
|
|
||||||
|
|
||||||
if (!user.isAccountNonExpired()) {
|
|
||||||
throw new AccountExpiredException(messages.getMessage("AbstractUserDetailsAuthenticationProvider.expired",
|
|
||||||
"Account expired"));
|
|
||||||
}
|
|
||||||
|
|
||||||
if (!user.isAccountNonLocked()) {
|
|
||||||
throw new LockedException(messages.getMessage("AbstractUserDetailsAuthenticationProvider.locked",
|
|
||||||
"Account locked"));
|
|
||||||
}
|
|
||||||
|
|
||||||
if (!user.isCredentialsNonExpired()) {
|
|
||||||
throw new CredentialsExpiredException(messages.getMessage(
|
|
||||||
"AbstractUserDetailsAuthenticationProvider.credentialsExpired", "Credentials expired"));
|
|
||||||
}
|
|
||||||
|
|
||||||
|
userDetailsChecker.check(user);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
Loading…
Reference in New Issue