• Home
• org.beangle.security
• beangle-security
• 4.3.25
• source code
• AbstractAccountRealm.scala

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

org.beangle.security.authc.AbstractAccountRealm.scala Maven / Gradle / Ivy

/*
 * Copyright (C) 2005, The Beangle Software.
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Lesser General Public License as published
 * by the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.See the
 * GNU Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public License
 * along with this program.  If not, see .
 */

package org.beangle.security.authc

import org.beangle.commons.lang.Strings
import org.beangle.commons.logging.Logging
import org.beangle.security.realm.Realm

abstract class AbstractAccountRealm extends Realm with Logging {

  protected def determinePrincipal(token: AuthenticationToken): Any = {
    if (token == null) "NONE_PROVIDED" else token.getName
  }

  override def getAccount(token: AuthenticationToken): Account = {
    val principal = determinePrincipal(token)
    if (null == principal || principal.isInstanceOf[String] && Strings.isEmpty(principal.toString)) {
      throw new AuthenticationException("cannot find username for " + token.principal, token)
    }

    if (!token.trusted) {
      if (!credentialCheck(token))
        throw new BadCredentialException("Incorrect credential", token, null)
    }

    loadAccount(principal) match {
      case Some(account) =>
        additionalCheck(token, account)
        val da = new DefaultAccount(account)
        token match {
          case p: PreauthToken => da.addRemoteToken(p.credential)
          case _ =>
        }
        da
      case None =>
        throw new UsernameNotFoundException(s"你的用户名（$token）在本系统无对应账户信息，无法继续使用，请联系系统管理员。", token)
    }
  }

  protected def additionalCheck(token: AuthenticationToken, ac: Account): Unit = {
    if ac.accountLocked then throw new LockedException("AccountStatusChecker.locked", token)
    if ac.disabled then throw new DisabledException("AccountStatusChecker.disabled", token)
    if ac.accountExpired then throw new AccountExpiredException("AccountStatusChecker.expired", token)
    token match {
      case _: PreauthToken =>
      case _ => if ac.credentialExpired then throw new CredentialExpiredException("AccountStatusChecker.credentialExpired", token)
    }
  }

  protected def loadAccount(principal: Any): Option[Account]

  protected def credentialCheck(token: AuthenticationToken): Boolean

  def supports(token: AuthenticationToken): Boolean = true

}