Example 46 with User
use of won.owner.model.User in project webofneeds by researchstudio-sat.
the class OwnerPersistenceTest method createUserWithAtom.
private void createUserWithAtom(URI atomUri, String email) {
UserAtom a = new UserAtom();
a.setUri(atomUri);
a = userAtomRepository.save(a);
String password = "password";
String role = "SOMEROLE";
PasswordEncoder passwordEncoder = new BCryptPasswordEncoder();
User user = new User(email, passwordEncoder.encode(password), role);
user.setEmail(email);
// transfer only available when flag is set therefore we can just set
user.setAcceptedTermsOfService(true);
// this
// to true (i think)
KeystorePasswordHolder keystorePassword = new KeystorePasswordHolder();
// generate a password for the keystore and save it in the database, encrypted
// with a symmetric key
// derived from the user's password
keystorePassword.setPassword(KeystorePasswordUtils.generatePassword(KeystorePasswordUtils.KEYSTORE_PASSWORD_BYTES), password);
// keystorePassword = keystorePasswordRepository.save(keystorePassword);
// generate the keystore for the user
KeystoreHolder keystoreHolder = new KeystoreHolder();
try {
// create the keystore if it doesnt exist yet
keystoreHolder.getKeystore(keystorePassword.getPassword(password));
} catch (Exception e) {
throw new IllegalStateException("could not create keystore for user " + email);
}
// keystoreHolder = keystoreHolderRepository.save(keystoreHolder);
user.setKeystorePasswordHolder(keystorePassword);
user.setKeystoreHolder(keystoreHolder);
user = userRepository.save(user);
user.addUserAtom(a);
user = userRepository.save(user);
}
Also used :
UserAtom(won.owner.model.UserAtom)
User(won.owner.model.User)
BCryptPasswordEncoder(org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder)
PasswordEncoder(org.springframework.security.crypto.password.PasswordEncoder)
KeystoreHolder(won.owner.model.KeystoreHolder)
KeystorePasswordHolder(won.owner.model.KeystorePasswordHolder)
BCryptPasswordEncoder(org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder)
DataIntegrityViolationException(org.springframework.dao.DataIntegrityViolationException)
Example 47 with User
use of won.owner.model.User in project webofneeds by researchstudio-sat.
the class KeystoreEnabledDaoAuthenticationProvider method authenticate.
@Override
@Transactional
public Authentication authenticate(Authentication authentication) {
String password = (String) authentication.getCredentials();
String username = (String) authentication.getPrincipal();
UsernamePasswordAuthenticationToken auth = (UsernamePasswordAuthenticationToken) super.authenticate(authentication);
User user = (User) auth.getPrincipal();
// can't use that object as it's detached. load the user again:
user = userRepository.findById(user.getId()).get();
KeystorePasswordHolder keystorePasswordHolder = user.getKeystorePasswordHolder();
if (keystorePasswordHolder == null || keystorePasswordHolder.getEncryptedPassword() == null || keystorePasswordHolder.getEncryptedPassword().length() == 0) {
keystorePasswordHolder = new KeystorePasswordHolder();
// generate a password for the keystore and save it in the database, encrypted
// with a symmetric key
// derived from the user's password
keystorePasswordHolder.setPassword(KeystorePasswordUtils.generatePassword(KeystorePasswordUtils.KEYSTORE_PASSWORD_BYTES), password);
// keystorePasswordHolder =
// keystorePasswordRepository.save(keystorePasswordHolder);
// generate the keystore for the user
user.setKeystorePasswordHolder(keystorePasswordHolder);
}
String keystorePassword = keystorePasswordHolder.getPassword(password);
KeystoreHolder keystoreHolder = user.getKeystoreHolder();
KeyStore keystore = null;
if (keystoreHolder == null || keystoreHolder.getKeystoreBytes() == null || keystoreHolder.getKeystoreBytes().length == 0) {
// new user or legacy user that has no keystore yet: create keystoreHolder
keystoreHolder = new KeystoreHolder();
keystore = openOrCreateKeyStore(keystorePassword, auth.getName(), keystoreHolder);
// keystoreHolder = keystoreHolderRepository.save(keystoreHolder);
user.setKeystoreHolder(keystoreHolder);
} else {
try {
keystore = keystoreHolder.getKeystore(keystorePassword);
} catch (Exception e) {
throw new IllegalStateException("could not open keystore for user " + username);
}
}
userRepository.save(user);
KeystoreEnabledUserDetails ud = new KeystoreEnabledUserDetails(user, keystore, keystorePassword);
return new UsernamePasswordAuthenticationToken(ud, null, auth.getAuthorities());
}
Also used :
User(won.owner.model.User)
KeystoreHolder(won.owner.model.KeystoreHolder)
UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken)
KeystorePasswordHolder(won.owner.model.KeystorePasswordHolder)
KeyStore(java.security.KeyStore)
Transactional(javax.transaction.Transactional)
Aggregations
User (won.owner.model.User)47
Transactional (org.springframework.transaction.annotation.Transactional)19
RequestMapping (org.springframework.web.bind.annotation.RequestMapping)18
URI (java.net.URI)17
ResponseBody (org.springframework.web.bind.annotation.ResponseBody)15
KeystorePasswordHolder (won.owner.model.KeystorePasswordHolder)9
UserAtom (won.owner.model.UserAtom)8
BCryptPasswordEncoder (org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder)7
PasswordEncoder (org.springframework.security.crypto.password.PasswordEncoder)7
Draft (won.owner.model.Draft)7
KeystoreHolder (won.owner.model.KeystoreHolder)6
URISyntaxException (java.net.URISyntaxException)5
Authentication (org.springframework.security.core.Authentication)5
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)4
Autowired (org.springframework.beans.factory.annotation.Autowired)4
CreateDraftPojo (won.owner.pojo.CreateDraftPojo)4
IncorrectPasswordException (won.owner.service.impl.IncorrectPasswordException)4
UserNotFoundException (won.owner.service.impl.UserNotFoundException)4
OnRecoveryKeyGeneratedEvent (won.owner.web.events.OnRecoveryKeyGeneratedEvent)4
ExpensiveSecureRandomString (won.protocol.util.ExpensiveSecureRandomString)4
