@Override public Authentication authenticate(Authentication authentication) throws AuthenticationException { String username = authentication.getName(); String password = (String) authentication.getCredentials(); try { User user = userService.login(username, password); Collection<GrantedAuthority> authorities = user.getAuthorities() .stream() .map(SimpleGrantedAuthority::new) .collect(Collectors.toSet()); return new UsernamePasswordAuthenticationToken(user.getId(), null, authorities); } catch (NoSuchUserException e) { throw new UsernameNotFoundException(e.getMessage(), e); } catch (UnconfirmedUserException e) { throw new DisabledException(e.getMessage(), e); } }
@Override public User login(String emailOrScreenName, String rawPassword) throws NoSuchUserException, UnconfirmedUserException { Objects.requireNonNull(emailOrScreenName, "emailOrScreenName"); Objects.requireNonNull(rawPassword, "rawPassword"); User user = getUser(emailOrScreenName); if (!user.isConfirmed()) { throw new UnconfirmedUserException(); } if (passwordSecurity.check(user.getPassword(), rawPassword)) { // TODO: invalid all password reset tokens. userEventEmitter.emit(new UserEvent(user.getId(), SIGNIN_SUCCEEDED)); return user; } userEventEmitter.emit(new UserEvent(user.getId(), SIGNIN_FAILED)); throw new NoSuchUserException(); }