Initial commit
This commit is contained in:
Zzzz
@@ -0,0 +1,69 @@
|
||||
package com.mzh.library.service.impl;
|
||||
|
||||
import com.mzh.library.dao.UserDao;
|
||||
import com.mzh.library.entity.AuthenticatedUser;
|
||||
import com.mzh.library.entity.Permission;
|
||||
import com.mzh.library.entity.User;
|
||||
import com.mzh.library.exception.DaoException;
|
||||
import com.mzh.library.service.AuthService;
|
||||
import com.mzh.library.service.AuthenticationResult;
|
||||
import com.mzh.library.service.PermissionPolicy;
|
||||
import com.mzh.library.util.PasswordHasher;
|
||||
|
||||
import java.util.Optional;
|
||||
import java.util.Set;
|
||||
import java.util.logging.Level;
|
||||
import java.util.logging.Logger;
|
||||
|
||||
public class AuthServiceImpl implements AuthService {
|
||||
private static final Logger LOGGER = Logger.getLogger(AuthServiceImpl.class.getName());
|
||||
private static final String REQUIRED_MESSAGE = "Username and password are required.";
|
||||
private static final String INVALID_MESSAGE = "Invalid username or password.";
|
||||
private static final String UNAVAILABLE_MESSAGE = "Login service is temporarily unavailable. Please try again later.";
|
||||
|
||||
private final UserDao userDao;
|
||||
private final PermissionPolicy permissionPolicy;
|
||||
|
||||
public AuthServiceImpl(UserDao userDao) {
|
||||
this(userDao, new PermissionPolicy());
|
||||
}
|
||||
|
||||
public AuthServiceImpl(UserDao userDao, PermissionPolicy permissionPolicy) {
|
||||
this.userDao = userDao;
|
||||
this.permissionPolicy = permissionPolicy;
|
||||
}
|
||||
|
||||
@Override
|
||||
public AuthenticationResult authenticate(String username, String password) {
|
||||
String normalizedUsername = normalizeUsername(username);
|
||||
if (normalizedUsername.isEmpty() || password == null || password.trim().isEmpty()) {
|
||||
return AuthenticationResult.failure(REQUIRED_MESSAGE);
|
||||
}
|
||||
|
||||
try {
|
||||
Optional<User> user = userDao.findActiveByUsername(normalizedUsername);
|
||||
if (!user.isPresent() || !PasswordHasher.verify(password, user.get().getPasswordHash())) {
|
||||
LOGGER.info("Login failed for username=" + normalizedUsername);
|
||||
return AuthenticationResult.failure(INVALID_MESSAGE);
|
||||
}
|
||||
|
||||
User authenticated = user.get();
|
||||
Set<Permission> permissions = permissionPolicy.permissionsFor(authenticated.getRole());
|
||||
AuthenticatedUser sessionUser = AuthenticatedUser.from(authenticated, permissions);
|
||||
LOGGER.info("Login success userId=" + authenticated.getId() + " role=" + authenticated.getRole().getCode());
|
||||
return AuthenticationResult.success(sessionUser);
|
||||
} catch (DaoException | IllegalStateException ex) {
|
||||
LOGGER.log(Level.SEVERE, "Login service error for username=" + normalizedUsername, ex);
|
||||
return AuthenticationResult.failure(UNAVAILABLE_MESSAGE);
|
||||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean hasPermission(AuthenticatedUser user, Permission permission) {
|
||||
return user != null && permissionPolicy.allows(user.getRole(), permission);
|
||||
}
|
||||
|
||||
private String normalizeUsername(String username) {
|
||||
return username == null ? "" : username.trim();
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user