From 6d7fd2548f4b5434bc1663bc9438a51150a115c1 Mon Sep 17 00:00:00 2001 From: Christian Corsano Date: Wed, 6 Feb 2008 10:04:13 +0000 Subject: [PATCH] Ajout des fonctions de rafraichissement de l'authentification (y compris nouveau mot de passe) --- .../web/system/session/SessionService.java | 38 ++++++++++++++----- 1 file changed, 29 insertions(+), 9 deletions(-) diff --git a/YACOSWeb/src/org/yacos/web/system/session/SessionService.java b/YACOSWeb/src/org/yacos/web/system/session/SessionService.java index c7f5c7c..bac5f8f 100644 --- a/YACOSWeb/src/org/yacos/web/system/session/SessionService.java +++ b/YACOSWeb/src/org/yacos/web/system/session/SessionService.java @@ -9,9 +9,9 @@ import org.acegisecurity.Authentication; import org.acegisecurity.context.SecurityContextHolder; import org.acegisecurity.providers.UsernamePasswordAuthenticationToken; import org.acegisecurity.providers.dao.DaoAuthenticationProvider; -import org.acegisecurity.providers.encoding.ShaPasswordEncoder; +import org.acegisecurity.providers.dao.UserCache; +import org.springframework.web.servlet.support.RequestContextUtils; import org.springframework.web.util.WebUtils; -import org.yacos.auth.UserDetailsService; import org.yacos.core.conferences.Conference; import org.yacos.core.conferences.IConferenceManager; import org.yacos.core.users.IUserManager; @@ -108,13 +108,7 @@ public class SessionService { currentConference = conferenceManager.getConference(currentConferenceId); request.setAttribute("currentConference", currentConference); // Refreshing user credentials - Authentication currentAuthentication = SecurityContextHolder.getContext().getAuthentication(); - if(currentAuthentication instanceof UsernamePasswordAuthenticationToken){ - DaoAuthenticationProvider authProvider = new DaoAuthenticationProvider(); - authProvider.setPasswordEncoder(new ShaPasswordEncoder(256)); - authProvider.setUserDetailsService(new UserDetailsService()); - SecurityContextHolder.getContext().setAuthentication(authProvider.authenticate(currentAuthentication)); - } + refreshAuthentication(); } /** @@ -232,4 +226,30 @@ public class SessionService { public Object getSessionAttribute(String name){ return WebUtils.getSessionAttribute(request, name); } + + public void refreshAuthentication(){ + refreshAuthentication(null); + } + + public void refreshAuthentication(String newPassword) { + // First step : remove user from the cache + DaoAuthenticationProvider authProvider = (DaoAuthenticationProvider) RequestContextUtils.getWebApplicationContext(request).getBean("daoAuthenticationProvider"); + UserCache userCache = authProvider.getUserCache(); + + if(userCache != null){ + userCache.removeUserFromCache(getCurrentUserLogin()); + } + + // Second step : Refreshing user credentials + Authentication currentAuthentication = SecurityContextHolder.getContext().getAuthentication(); + if(currentAuthentication instanceof UsernamePasswordAuthenticationToken){ + + if(newPassword != null){ + // Setting the new password in the authentication token + currentAuthentication = new UsernamePasswordAuthenticationToken(currentAuthentication.getPrincipal(),newPassword); + } + + SecurityContextHolder.getContext().setAuthentication(authProvider.authenticate(currentAuthentication)); + } + } }