PreAuthTokenAuthenticationProvider.java

package cn.home1.oss.lib.security.internal.preauth;

import static cn.home1.oss.lib.security.internal.preauth.PreAuthTokenFilter.PERMITED;

import cn.home1.oss.lib.security.api.GenericUser;
import cn.home1.oss.lib.security.internal.AuthenticationTokens;

import lombok.extern.slf4j.Slf4j;

import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken;

@Slf4j
public class PreAuthTokenAuthenticationProvider implements AuthenticationProvider {

  private final Boolean bypass;

  public PreAuthTokenAuthenticationProvider(final Boolean bypass) {
    this.bypass = bypass;
  }

  @Override
  public Authentication authenticate(final Authentication authentication) throws AuthenticationException {
    final Authentication result;
    if (authentication != null && this.supports(authentication.getClass())) {
      final PreAuthenticatedAuthenticationToken token = (PreAuthenticatedAuthenticationToken) authentication;
      final Object principal = token.getPrincipal();
      final Object credentials = token.getCredentials();

      if (this.bypass || PERMITED.equals(credentials)) {
        result = AuthenticationTokens.authenticated(token);
      } else {
        if (!GenericUser.isGenericUser(principal)) {
          if (log.isDebugEnabled()) {
            log.debug("not containsUserInfo");
          }
          throw new BadCredentialsException( //
            "The presented AuthenticationToken does not contain the expected principal or credentials");
        }

        if (!GenericUser.isGenericUserLogin((GenericUser) principal)) {
          if (log.isDebugEnabled()) {
            log.debug("not login");
          }
          throw new BadCredentialsException("login needed");
        }

        result = AuthenticationTokens.authenticated(token);
      }
    } else {
      result = null;
    }

    return result;
  }

  @Override
  public boolean supports(final Class<?> authentication) {
    return PreAuthenticatedAuthenticationToken.class.isAssignableFrom(authentication);
  }
}