SEC-536: Added account status checking to Siteminder provider

2008-02-18 12:35:18 +00:00 · 2008-02-18 12:35:18 +00:00 · 6575f5af1c
parent 3c011685cd
commit 6575f5af1c
1 changed files with 6 additions and 26 deletions
--- a/core/src/main/java/org/springframework/security/providers/siteminder/SiteminderAuthenticationProvider.java
+++ b/core/src/main/java/org/springframework/security/providers/siteminder/SiteminderAuthenticationProvider.java
@ -26,6 +26,9 @@ import org.springframework.security.providers.UsernamePasswordAuthenticationToke
 import org.springframework.security.providers.dao.AbstractUserDetailsAuthenticationProvider;
 import org.springframework.security.userdetails.UserDetails;
 import org.springframework.security.userdetails.UserDetailsService;
+import org.springframework.security.userdetails.UserDetailsChecker;
+import org.springframework.security.userdetails.checker.AccountStatusUserDetailsChecker;
+
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.springframework.dao.DataAccessException;
@ -38,19 +41,14 @@ import org.springframework.util.Assert;
 * @version $Id$
 */
 public class SiteminderAuthenticationProvider extends AbstractUserDetailsAuthenticationProvider {
-
-
-    /**
-     * Our logging object
-     */
-    private static final Log logger = LogFactory.getLog(SiteminderAuthenticationProvider.class);
-
+    
    //~ Instance fields ================================================================================================

    /**
     * Our user details service (which does the real work of checking the user against a back-end user store).
     */
    private UserDetailsService userDetailsService;
+    private UserDetailsChecker userDetailsChecker = new AccountStatusUserDetailsChecker();

    //~ Methods ========================================================================================================

@ -63,26 +61,8 @@ public class SiteminderAuthenticationProvider extends AbstractUserDetailsAuthent
        // No need for password authentication checks - we only expect one identifying string
        // from the HTTP Request header (as populated by Siteminder), but we do need to see if
        // the user's account is OK to let them in.
-        if (!user.isEnabled()) {
-            throw new DisabledException(messages.getMessage("AbstractUserDetailsAuthenticationProvider.disabled",
-                    "Account disabled"));
-        }
-
-        if (!user.isAccountNonExpired()) {
-            throw new AccountExpiredException(messages.getMessage("AbstractUserDetailsAuthenticationProvider.expired",
-                    "Account expired"));
-        }
-
-        if (!user.isAccountNonLocked()) {
-            throw new LockedException(messages.getMessage("AbstractUserDetailsAuthenticationProvider.locked",
-                    "Account locked"));
-        }
-
-        if (!user.isCredentialsNonExpired()) {
-            throw new CredentialsExpiredException(messages.getMessage(
-                    "AbstractUserDetailsAuthenticationProvider.credentialsExpired", "Credentials expired"));
-        }

+        userDetailsChecker.check(user);
    }

    /**