aboutsummaryrefslogtreecommitdiff
path: root/juick-server/src/main/java/com/juick/server/security
diff options
context:
space:
mode:
Diffstat (limited to 'juick-server/src/main/java/com/juick/server/security')
-rw-r--r--juick-server/src/main/java/com/juick/server/security/JuickAuthenticationProvider.java23
-rw-r--r--juick-server/src/main/java/com/juick/server/security/entities/JuickUser.java2
2 files changed, 17 insertions, 8 deletions
diff --git a/juick-server/src/main/java/com/juick/server/security/JuickAuthenticationProvider.java b/juick-server/src/main/java/com/juick/server/security/JuickAuthenticationProvider.java
index 8d0bfddb..87908950 100644
--- a/juick-server/src/main/java/com/juick/server/security/JuickAuthenticationProvider.java
+++ b/juick-server/src/main/java/com/juick/server/security/JuickAuthenticationProvider.java
@@ -1,16 +1,18 @@
package com.juick.server.security;
+import com.juick.User;
import com.juick.server.security.entities.JuickUser;
import com.juick.service.UserService;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.authentication.AuthenticationProvider;
+import org.springframework.security.authentication.LockedException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
+import org.springframework.util.Assert;
import javax.inject.Inject;
-import java.util.Collections;
/**
* Created by vitalyster on 25.11.2016.
@@ -18,20 +20,27 @@ import java.util.Collections;
public class JuickAuthenticationProvider implements AuthenticationProvider {
private final Logger logger = LoggerFactory.getLogger(getClass());
+ private final UserService userService;
+
@Inject
- private UserService userService;
+ public JuickAuthenticationProvider(UserService userService) {
+ Assert.notNull(userService);
+ this.userService = userService;
+ }
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
String name = authentication.getName();
String password = authentication.getCredentials().toString();
- boolean isAuthenticated = userService.checkPassword(name, password) > 0;
-
- logger.info("user {} authenticated: {}", name, isAuthenticated);
+ User user = userService.getFullyUserByName(name);
+ if (user != null) {
+ if (user.isBanned())
+ throw new LockedException("Username \"" + name + "\" is banned");
- return isAuthenticated ?
- new UsernamePasswordAuthenticationToken(name, password, JuickUser.USER_AUTHORITY) : null;
+ return new UsernamePasswordAuthenticationToken(name, password, JuickUser.USER_AUTHORITY);
+ }
+ return null;
}
@Override
diff --git a/juick-server/src/main/java/com/juick/server/security/entities/JuickUser.java b/juick-server/src/main/java/com/juick/server/security/entities/JuickUser.java
index fd06b65b..3e413bf6 100644
--- a/juick-server/src/main/java/com/juick/server/security/entities/JuickUser.java
+++ b/juick-server/src/main/java/com/juick/server/security/entities/JuickUser.java
@@ -43,7 +43,7 @@ public class JuickUser implements UserDetails {
@Override
public boolean isAccountNonLocked() {
- return false;
+ return true;
}
@Override