commit 67f750b2bb34591cbceb5d5c955f9a3ac71f26ae
author margaretha <margaretha@ids-mannheim.de> Mon Dec 11 15:01:10 2017 +0100
committer margaretha <margaretha@ids-mannheim.de> Mon Dec 11 15:01:10 2017 +0100
tree 962512f08d9c5dc9e76feedc5a7ce7872d2a3a00
parent 2afb97d7c5ab4f56cba67fce0659bfd883d6fdff

Testing spring basic authentication.

Change-Id: I1ceb0f88523ff35f5f10f01ee19000e04bfd8e83

full/src/main/java/de/ids_mannheim/korap/authentication/spring/BasicAuthenticationManager.java

diff --git a/full/src/main/java/de/ids_mannheim/korap/authentication/spring/BasicAuthenticationManager.java b/full/src/main/java/de/ids_mannheim/korap/authentication/spring/BasicAuthenticationManager.java
new file mode 100644
index 0000000..49ec065
--- /dev/null
+++ b/full/src/main/java/de/ids_mannheim/korap/authentication/spring/BasicAuthenticationManager.java
@@ -0,0 +1,66 @@
+package de.ids_mannheim.korap.authentication.spring;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.AuthenticationException;
+
+import de.ids_mannheim.korap.config.Attributes;
+import de.ids_mannheim.korap.config.KustvaktConfiguration;
+import de.ids_mannheim.korap.config.Scopes;
+import de.ids_mannheim.korap.config.TokenType;
+import de.ids_mannheim.korap.dao.UserDao;
+import de.ids_mannheim.korap.interfaces.EncryptionIface;
+import de.ids_mannheim.korap.user.KorAPUser;
+import de.ids_mannheim.korap.user.TokenContext;
+import de.ids_mannheim.korap.user.User;
+import de.ids_mannheim.korap.utils.TimeUtils;
+
+/** * Basic authentication manager is intended to be used with a database. 
+ * It is currently only used for testing using a dummy DAO (@see {@link UserDao}) 
+ * without passwords.
+ * 
+ * @author margaretha
+ *
+ */
+public class BasicAuthenticationManager implements AuthenticationManager{
+
+    @Autowired
+    private KustvaktConfiguration config;
+    @Autowired
+    private EncryptionIface crypto;
+    @Autowired
+    private UserDao dao;
+    
+    @Override
+    public Authentication authenticate (Authentication authentication)
+            throws AuthenticationException {
+
+        String username = (String) authentication.getPrincipal();
+        String password = (String) authentication.getCredentials();
+        
+        TokenContext c = new TokenContext();
+        User user = dao.getAccount(username);
+        if (user instanceof KorAPUser
+                && ((KorAPUser) user).getPassword() != null) {
+            boolean check = crypto.checkHash(password,
+                    ((KorAPUser) user).getPassword());
+
+            if (!check) return null;
+        }
+        
+        c.setUsername(username);
+        c.setExpirationTime(TimeUtils.plusSeconds(this.config.getTokenTTL())
+                .getMillis());
+        c.setTokenType(TokenType.BASIC);
+        // todo: for production mode, set true
+        c.setSecureRequired(false);
+        // EM: is this secure?
+        c.setToken(authentication.toString());
+        c.addContextParameter(Attributes.SCOPES,
+                Scopes.Scope.search.toString());
+        
+        return authentication;
+    }
+
+}