Example 1 with UsernamePasswordAuthentication
use of com.laurentiuspilca.ssc6.security.authentications.UsernamePasswordAuthentication in project youtubechannel by lspil.
the class UsernamePasswordAuthFilter method doFilterInternal.
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
// Step 1: username & password
// Step 2: username & otp
var username = request.getHeader("username");
var password = request.getHeader("password");
var otp = request.getHeader("otp");
if (otp == null) {
// step 1
Authentication a = new UsernamePasswordAuthentication(username, password);
a = authenticationManager.authenticate(a);
// we generate an OTP
String code = String.valueOf(new Random().nextInt(9999) + 1000);
Otp otpEntity = new Otp();
otpEntity.setUsername(username);
otpEntity.setOtp(code);
otpRepository.save(otpEntity);
} else {
// step 2
Authentication a = new OtpAuthentication(username, otp);
a = authenticationManager.authenticate(a);
// we issue a token
var token = UUID.randomUUID().toString();
tokenManager.add(token);
response.setHeader("Authorization", token);
}
}
Also used :
OtpAuthentication(com.laurentiuspilca.ssc6.security.authentications.OtpAuthentication)
Random(java.util.Random)
OtpAuthentication(com.laurentiuspilca.ssc6.security.authentications.OtpAuthentication)
UsernamePasswordAuthentication(com.laurentiuspilca.ssc6.security.authentications.UsernamePasswordAuthentication)
Authentication(org.springframework.security.core.Authentication)
UsernamePasswordAuthentication(com.laurentiuspilca.ssc6.security.authentications.UsernamePasswordAuthentication)
Otp(com.laurentiuspilca.ssc6.entities.Otp)
Example 2 with UsernamePasswordAuthentication
use of com.laurentiuspilca.ssc6.security.authentications.UsernamePasswordAuthentication in project youtubechannel by lspil.
the class UsernamePasswordAuthProvider method authenticate.
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
String username = authentication.getName();
String password = (String) authentication.getCredentials();
UserDetails user = userDetailsService.loadUserByUsername(username);
if (passwordEncoder.matches(password, user.getPassword())) {
return new UsernamePasswordAuthentication(username, password, user.getAuthorities());
}
throw new BadCredentialsException(":(");
}
Also used :
UserDetails(org.springframework.security.core.userdetails.UserDetails)
UsernamePasswordAuthentication(com.laurentiuspilca.ssc6.security.authentications.UsernamePasswordAuthentication)
BadCredentialsException(org.springframework.security.authentication.BadCredentialsException)
Aggregations
UsernamePasswordAuthentication (com.laurentiuspilca.ssc6.security.authentications.UsernamePasswordAuthentication)2
Otp (com.laurentiuspilca.ssc6.entities.Otp)1
OtpAuthentication (com.laurentiuspilca.ssc6.security.authentications.OtpAuthentication)1
Random (java.util.Random)1
BadCredentialsException (org.springframework.security.authentication.BadCredentialsException)1
Authentication (org.springframework.security.core.Authentication)1
UserDetails (org.springframework.security.core.userdetails.UserDetails)1
