public/MaxKey
1
0
Fork 0
mirror of https://gitee.com/dromara/MaxKey.git synced 2026-05-16 05:20:42 +08:00
Code Issues Packages Projects Releases Wiki Activity

v1.2.2 RC

Browse Source
This commit is contained in:
shimingxy
2020-03-30 10:32:39 +08:00
parent c70aa8df95
commit 6ce1481df5
28 changed files with 3112 additions and 1447 deletions
Download Patch File Download Diff File Expand all files Collapse all files

304
maxkey-core/src/main/java/org/maxkey/authn/AbstractAuthenticationProvider.java
View File

@@ -19,58 +19,59 @@ import org.springframework.security.authentication.UsernamePasswordAuthenticatio
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
/**
* login Authentication abstract class
*
* @author Crystal.Sea
*
*/
public abstract class AbstractAuthenticationProvider{
public abstract class AbstractAuthenticationProvider {
private static final Logger _logger = LoggerFactory.getLogger(AbstractAuthenticationProvider.class);
@Autowired
@Qualifier("applicationConfig")
protected ApplicationConfig applicationConfig;
@Autowired
@Qualifier("authenticationRealm")
protected AbstractAuthenticationRealm authenticationRealm;
@Autowired
@Qualifier("tfaOTPAuthn")
protected AbstractOTPAuthn tfaOTPAuthn;
@Autowired
@Qualifier("remeberMeService")
protected AbstractRemeberMeService remeberMeService;
@Autowired
@Qualifier("applicationConfig")
protected ApplicationConfig applicationConfig;
@Autowired
@Qualifier("authenticationRealm")
protected AbstractAuthenticationRealm authenticationRealm;
@Autowired
@Qualifier("tfaOTPAuthn")
protected AbstractOTPAuthn tfaOTPAuthn;
@Autowired
@Qualifier("remeberMeService")
protected AbstractRemeberMeService remeberMeService;
protected abstract String getProviderName();
protected abstract String getProviderName();
protected abstract Authentication doInternalAuthenticate(Authentication authentication);
@SuppressWarnings("rawtypes")
public boolean supports(Class authentication) {
public boolean supports(Class authentication) {
return (UsernamePasswordAuthenticationToken.class.isAssignableFrom(authentication));
}
/*
* authenticate
* (non-Javadoc)
* @see org.springframework.security.authentication.AuthenticationProvider#authenticate(org.springframework.security.core.Authentication)
/*
* authenticate (non-Javadoc)
*
* @see org.springframework.security.authentication.AuthenticationProvider#
* authenticate(org.springframework.security.core.Authentication)
*/
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
_logger.debug("Trying to authenticate user '{}' via {}", authentication.getPrincipal(), getProviderName());
try {
authentication = doInternalAuthenticate(authentication);
} catch (AuthenticationException e) {
e.printStackTrace();
_logger.error("Failed to authenticate user {} via {}: {}", new Object[]{authentication.getPrincipal(), getProviderName(), e.getMessage()});
e.printStackTrace();
_logger.error("Failed to authenticate user {} via {}: {}",
new Object[] { authentication.getPrincipal(), getProviderName(), e.getMessage() });
throw e;
} catch (Exception e) {
e.printStackTrace();
e.printStackTrace();
String message = "Unexpected exception in " + getProviderName() + " authentication:";
_logger.error(message, e);
throw new AuthenticationServiceException(message, e);
@@ -78,188 +79,195 @@ public abstract class AbstractAuthenticationProvider{
if (!authentication.isAuthenticated()) {
return authentication;
}
// user authenticated
_logger.debug("'{}' authenticated successfully by {}.", authentication.getPrincipal(), getProviderName());
UserInfo userInfo=WebContext.getUserInfo();
Object password_set_type=WebContext.getSession().getAttribute(WebConstants.CURRENT_LOGIN_USER_PASSWORD_SET_TYPE);
//登录完成后切换SESSION
UserInfo userInfo = WebContext.getUserInfo();
Object password_set_type = WebContext.getSession()
.getAttribute(WebConstants.CURRENT_LOGIN_USER_PASSWORD_SET_TYPE);
// 登录完成后切换SESSION
_logger.debug("Login Session {}.", WebContext.getSession().getId());
WebContext.getSession().invalidate();
WebContext.getSession().invalidate();
WebContext.setAttribute(WebConstants.CURRENT_USER_SESSION_ID, WebContext.getSession().getId());
_logger.debug("Login Success Session {}.", WebContext.getSession().getId());
authenticationRealm.insertLoginHistory(userInfo,LOGINTYPE.LOCAL,"","xe00000004","success");
//认证设置
WebContext.setAuthentication(authentication);
WebContext.setUserInfo(userInfo);
WebContext.getSession().setAttribute(WebConstants.CURRENT_LOGIN_USER_PASSWORD_SET_TYPE,password_set_type);
authenticationRealm.insertLoginHistory(userInfo, LOGINTYPE.LOCAL, "", "xe00000004", "success");
// 认证设置
WebContext.setAuthentication(authentication);
WebContext.setUserInfo(userInfo);
WebContext.getSession().setAttribute(WebConstants.CURRENT_LOGIN_USER_PASSWORD_SET_TYPE, password_set_type);
// create new authentication response containing the user and it's authorities
UsernamePasswordAuthenticationToken simpleUserAuthentication = new UsernamePasswordAuthenticationToken(userInfo.getUsername(), authentication.getCredentials(), authentication.getAuthorities());
UsernamePasswordAuthenticationToken simpleUserAuthentication = new UsernamePasswordAuthenticationToken(
userInfo.getUsername(), authentication.getCredentials(), authentication.getAuthorities());
return simpleUserAuthentication;
}
/**
* session validate
*
* @param j_username
* @param j_cname
* @param sessionId
*/
protected void sessionValid(String j_sessionId){
if(j_sessionId==null || ! j_sessionId.equals(WebContext.getSession().getId())){
String message=WebContext.getI18nValue("login.error.session");
_logger.debug("login session valid error.");
throw new BadCredentialsException(message);
protected void sessionValid(String j_sessionId) {
if (j_sessionId == null || !j_sessionId.equals(WebContext.getSession().getId())) {
String message = WebContext.getI18nValue("login.error.session");
_logger.debug("login session valid error.");
throw new BadCredentialsException(message);
}
}
/**
* session validate
*
* @param j_username
* @param j_cname
* @param sessionId
*/
protected void jwtTokenValid(String j_jwtToken){
/*if(j_jwtToken!=null && ! j_jwtToken.equals("")){
if(jwtLoginService.jwtTokenValidation(j_jwtToken)){
return;
}
}*/
String message=WebContext.getI18nValue("login.error.session");
_logger.debug("login session valid error.");
throw new BadCredentialsException(message);
protected void jwtTokenValid(String j_jwtToken) {
/*
* if(j_jwtToken!=null && ! j_jwtToken.equals("")){
* if(jwtLoginService.jwtTokenValidation(j_jwtToken)){ return; } }
*/
String message = WebContext.getI18nValue("login.error.session");
_logger.debug("login session valid error.");
throw new BadCredentialsException(message);
}
protected void authTypeValid(String j_auth_type){
if(j_auth_type==null){
String message=WebContext.getI18nValue("login.error.authtype");
_logger.debug("login AuthN type can not been null .");
throw new BadCredentialsException(message);
protected void authTypeValid(String j_auth_type) {
if (j_auth_type == null) {
String message = WebContext.getI18nValue("login.error.authtype");
_logger.debug("login AuthN type can not been null .");
throw new BadCredentialsException(message);
}
}
/**
* captcha validate
*
* @param j_username
* @param j_cname
* @param captcha
*/
protected void captchaValid(String j_captcha,String j_auth_type){
if(applicationConfig.getLoginConfig().isCaptcha()){//for basic
if(j_auth_type.equalsIgnoreCase("common")){
_logger.info("captcha : "+WebContext.getSession().getAttribute(WebConstants.KAPTCHA_SESSION_KEY).toString());
if(j_captcha==null
|| !j_captcha.equals(WebContext.getSession().getAttribute(WebConstants.KAPTCHA_SESSION_KEY).toString())){
String message=WebContext.getI18nValue("login.error.captcha");
_logger.debug("login captcha valid error.");
throw new BadCredentialsException(message);
}
}
protected void captchaValid(String j_captcha, String j_auth_type) {
if (applicationConfig.getLoginConfig().isCaptcha()) {// for basic
if (j_auth_type.equalsIgnoreCase("common")) {
_logger.info("captcha : "
+ WebContext.getSession().getAttribute(WebConstants.KAPTCHA_SESSION_KEY).toString());
if (j_captcha == null || !j_captcha
.equals(WebContext.getSession().getAttribute(WebConstants.KAPTCHA_SESSION_KEY).toString())) {
String message = WebContext.getI18nValue("login.error.captcha");
_logger.debug("login captcha valid error.");
throw new BadCredentialsException(message);
}
}
}
}
/**
* captcha validate
*
* @param j_username
* @param j_cname
* @param j_otp_captcha
*/
protected void tftcaptchaValid(String j_otp_captcha,String j_auth_type,UserInfo userInfo){
if(applicationConfig.getLoginConfig().isOneTimePwd()){//for one time password 2 factor
if(j_auth_type.equalsIgnoreCase("tfa")){
UserInfo validUserInfo=new UserInfo();
validUserInfo.setUsername(userInfo.getUsername());
String sharedSecret=PasswordReciprocal.getInstance().decoder(userInfo.getSharedSecret());
validUserInfo.setSharedSecret(sharedSecret);
validUserInfo.setSharedCounter(userInfo.getSharedCounter());
validUserInfo.setId(userInfo.getId());
if(j_otp_captcha==null||!tfaOTPAuthn.validate(validUserInfo, j_otp_captcha)){
String message=WebContext.getI18nValue("login.error.captcha");
_logger.debug("login captcha valid error.");
throw new BadCredentialsException(message);
}
}
}
protected void tftcaptchaValid(String j_otp_captcha, String j_auth_type, UserInfo userInfo) {
if (applicationConfig.getLoginConfig().isOneTimePwd()) {// for one time password 2 factor
if (j_auth_type.equalsIgnoreCase("tfa")) {
UserInfo validUserInfo = new UserInfo();
validUserInfo.setUsername(userInfo.getUsername());
String sharedSecret = PasswordReciprocal.getInstance().decoder(userInfo.getSharedSecret());
validUserInfo.setSharedSecret(sharedSecret);
validUserInfo.setSharedCounter(userInfo.getSharedCounter());
validUserInfo.setId(userInfo.getId());
if (j_otp_captcha == null || !tfaOTPAuthn.validate(validUserInfo, j_otp_captcha)) {
String message = WebContext.getI18nValue("login.error.captcha");
_logger.debug("login captcha valid error.");
throw new BadCredentialsException(message);
}
}
}
}
/**
* login user by j_username and j_cname
* first query user by j_cname
* if first step userinfo is null,query user from system
* login user by j_username and j_cname first query user by j_cname if first
* step userinfo is null,query user from system
*
* @param j_username
* @param j_cname
* @return
*/
protected UserInfo loadUserInfo(String j_username,String j_password){
UserInfo userInfo = authenticationRealm.loadUserInfo(j_username,j_password);
if(userInfo != null){
if(userInfo.getUserType()=="SYSTEM"){
_logger.debug("SYSTEM User Login. ");
}else{
_logger.debug("User Login. ");
}
}
protected UserInfo loadUserInfo(String j_username, String j_password) {
UserInfo userInfo = authenticationRealm.loadUserInfo(j_username, j_password);
return userInfo;
if (userInfo != null) {
if (userInfo.getUserType() == "SYSTEM") {
_logger.debug("SYSTEM User Login. ");
} else {
_logger.debug("User Login. ");
}
}
return userInfo;
}
/**
* check input password empty
* check input password empty
*
* @param password
* @return
*/
protected boolean emptyPasswordValid(String j_password){
if(null==j_password||"".equals(j_password)){
throw new BadCredentialsException(WebContext.getI18nValue("login.error.password.null"));
}
return true;
protected boolean emptyPasswordValid(String j_password) {
if (null == j_password || "".equals(j_password)) {
throw new BadCredentialsException(WebContext.getI18nValue("login.error.password.null"));
}
return true;
}
/**
* check input username or password empty
* check input username or password empty
*
* @param j_username
* @param password
* @return
*/
protected boolean emptyEmailValid(String j_email){
if(null==j_email||"".equals(j_email)){
throw new BadCredentialsException("login.error.email.null");
}
return true;
protected boolean emptyEmailValid(String j_email) {
if (null == j_email || "".equals(j_email)) {
throw new BadCredentialsException("login.error.email.null");
}
return true;
}
/**
* check input username empty
* check input username empty
*
* @param j_username
* @return
*/
protected boolean emptyUsernameValid(String j_username){
if(null==j_username||"".equals(j_username)){
throw new BadCredentialsException(WebContext.getI18nValue("login.error.username.null"));
}
return true;
protected boolean emptyUsernameValid(String j_username) {
if (null == j_username || "".equals(j_username)) {
throw new BadCredentialsException(WebContext.getI18nValue("login.error.username.null"));
}
return true;
}
protected boolean userinfoValid(UserInfo userInfo,String j_username){
if(null==userInfo){
String message=WebContext.getI18nValue("login.error.username");
_logger.debug("login user "+j_username+" not in this System ."+message);
UserInfo loginUser=new UserInfo(j_username);
loginUser.setId(loginUser.generateId());
loginUser.setDisplayName("not exist");
loginUser.setLoginCount(0);
authenticationRealm.insertLoginHistory(loginUser,LOGINTYPE.LOCAL,"",WebContext.getI18nValue("login.error.username"),"user not exist");
throw new BadCredentialsException(WebContext.getI18nValue("login.error.username"));
}
return true;
protected boolean userinfoValid(UserInfo userInfo, String j_username) {
if (null == userInfo) {
String message = WebContext.getI18nValue("login.error.username");
_logger.debug("login user " + j_username + " not in this System ." + message);
UserInfo loginUser = new UserInfo(j_username);
loginUser.setId(loginUser.generateId());
loginUser.setDisplayName("not exist");
loginUser.setLoginCount(0);
authenticationRealm.insertLoginHistory(loginUser, LOGINTYPE.LOCAL, "",
WebContext.getI18nValue("login.error.username"), "user not exist");
throw new BadCredentialsException(WebContext.getI18nValue("login.error.username"));
}
return true;
}
}

223
maxkey-core/src/main/java/org/maxkey/authn/BasicAuthentication.java
View File

@@ -6,13 +6,13 @@ import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
public class BasicAuthentication implements Authentication{
/**
*
*/
private static final long serialVersionUID = -110742975439268030L;
String j_username ;
String j_password ;
public class BasicAuthentication implements Authentication {
/**
*
*/
private static final long serialVersionUID = -110742975439268030L;
String j_username;
String j_password;
String j_sessionid;
String j_captcha;
String j_otp_captcha;
@@ -21,135 +21,134 @@ public class BasicAuthentication implements Authentication{
String j_jwt_token;
ArrayList<GrantedAuthority> grantedAuthority;
boolean authenticated;
public BasicAuthentication() {
grantedAuthority = new ArrayList<GrantedAuthority>();
grantedAuthority.add(new SimpleGrantedAuthority("ROLE_USER"));
grantedAuthority.add(new SimpleGrantedAuthority("ORDINARY_USER"));
}
@Override
public String getName() {
return "Basic Authentication";
}
public BasicAuthentication() {
grantedAuthority = new ArrayList<GrantedAuthority>();
grantedAuthority.add(new SimpleGrantedAuthority("ROLE_USER"));
grantedAuthority.add(new SimpleGrantedAuthority("ORDINARY_USER"));
}
@Override
public Collection<? extends GrantedAuthority> getAuthorities() {
return grantedAuthority;
}
@Override
public String getName() {
return "Basic Authentication";
}
@Override
public Object getCredentials() {
return this.getJ_password();
}
@Override
public Collection<? extends GrantedAuthority> getAuthorities() {
return grantedAuthority;
}
@Override
public Object getDetails() {
return null;
}
@Override
public Object getCredentials() {
return this.getJ_password();
}
@Override
public Object getPrincipal() {
return this.getJ_username();
}
@Override
public Object getDetails() {
return null;
}
@Override
public boolean isAuthenticated() {
return authenticated;
}
@Override
public Object getPrincipal() {
return this.getJ_username();
}
@Override
public void setAuthenticated(boolean authenticated) throws IllegalArgumentException {
this.authenticated=authenticated;
}
@Override
public boolean isAuthenticated() {
return authenticated;
}
public String getJ_username() {
return j_username;
}
public String getUsername() {
return j_username;
}
@Override
public void setAuthenticated(boolean authenticated) throws IllegalArgumentException {
this.authenticated = authenticated;
public void setJ_username(String j_username) {
this.j_username = j_username;
}
}
public String getJ_password() {
return j_password;
}
public String getJ_username() {
return j_username;
}
public void setJ_password(String j_password) {
this.j_password = j_password;
}
public String getUsername() {
return j_username;
}
public String getJ_sessionid() {
return j_sessionid;
}
public String getSessionid() {
return j_sessionid;
}
public void setJ_username(String j_username) {
this.j_username = j_username;
}
public void setJ_sessionid(String j_sessionid) {
this.j_sessionid = j_sessionid;
}
public String getJ_password() {
return j_password;
}
public String getJ_captcha() {
return j_captcha;
}
public void setJ_password(String j_password) {
this.j_password = j_password;
}
public void setJ_captcha(String j_captcha) {
this.j_captcha = j_captcha;
}
public String getJ_sessionid() {
return j_sessionid;
}
public String getJ_otp_captcha() {
return j_otp_captcha;
}
public String getSessionid() {
return j_sessionid;
}
public void setJ_otp_captcha(String j_otp_captcha) {
this.j_otp_captcha = j_otp_captcha;
}
public void setJ_sessionid(String j_sessionid) {
this.j_sessionid = j_sessionid;
}
public String getJ_remeberme() {
return j_remeberme;
}
public String getJ_captcha() {
return j_captcha;
}
public void setJ_remeberme(String j_remeberme) {
this.j_remeberme = j_remeberme;
}
public void setJ_captcha(String j_captcha) {
this.j_captcha = j_captcha;
}
public String getJ_auth_type() {
return j_auth_type;
}
public String getJ_otp_captcha() {
return j_otp_captcha;
}
public void setJ_auth_type(String j_auth_type) {
this.j_auth_type = j_auth_type;
}
public void setJ_otp_captcha(String j_otp_captcha) {
this.j_otp_captcha = j_otp_captcha;
}
public String getJ_jwt_token() {
return j_jwt_token;
}
public String getJ_remeberme() {
return j_remeberme;
}
public void setJ_jwt_token(String j_jwt_token) {
this.j_jwt_token = j_jwt_token;
}
public ArrayList<GrantedAuthority> getGrantedAuthority() {
return grantedAuthority;
}
public void setJ_remeberme(String j_remeberme) {
this.j_remeberme = j_remeberme;
}
public void setGrantedAuthority(ArrayList<GrantedAuthority> grantedAuthority) {
this.grantedAuthority = grantedAuthority;
}
public String getJ_auth_type() {
return j_auth_type;
}
@Override
public String toString() {
return "BasicAuthentication [j_username=" + j_username + ", j_sessionId=" + j_sessionid + ", j_captcha="
+ j_captcha + ", j_otp_captcha=" + j_otp_captcha + ", j_remeberMe=" + j_remeberme + ", j_auth_type="
+ j_auth_type + ", j_jwtToken=" + j_jwt_token + ", authenticated=" + authenticated + "]";
}
public void setJ_auth_type(String j_auth_type) {
this.j_auth_type = j_auth_type;
}
public String getJ_jwt_token() {
return j_jwt_token;
}
public void setJ_jwt_token(String j_jwt_token) {
this.j_jwt_token = j_jwt_token;
}
public ArrayList<GrantedAuthority> getGrantedAuthority() {
return grantedAuthority;
}
public void setGrantedAuthority(ArrayList<GrantedAuthority> grantedAuthority) {
this.grantedAuthority = grantedAuthority;
}
@Override
public String toString() {
return "BasicAuthentication [j_username=" + j_username + ", j_sessionId=" + j_sessionid + ", j_captcha="
+ j_captcha + ", j_otp_captcha=" + j_otp_captcha + ", j_remeberMe=" + j_remeberme + ", j_auth_type="
+ j_auth_type + ", j_jwtToken=" + j_jwt_token + ", authenticated=" + authenticated + "]";
}
}

106
maxkey-core/src/main/java/org/maxkey/authn/RealmAuthenticationProvider.java
View File

@@ -18,67 +18,67 @@ import org.springframework.web.context.request.ServletRequestAttributes;
*
*/
public class RealmAuthenticationProvider extends AbstractAuthenticationProvider {
private static final Logger _logger = LoggerFactory.getLogger(RealmAuthenticationProvider.class);
protected String getProviderName() {
return "RealmAuthenticationProvider";
}
@Override
protected Authentication doInternalAuthenticate(Authentication authentication) {
BasicAuthentication auth =(BasicAuthentication)authentication;
BasicAuthentication auth = (BasicAuthentication)authentication;
_logger.debug("authentication "+auth);
sessionValid(auth.getJ_sessionid());
//jwtTokenValid(j_jwtToken);
authTypeValid(auth.getJ_auth_type());
captchaValid(auth.getJ_captcha(),auth.getJ_auth_type());
emptyPasswordValid(auth.getJ_password());
UserInfo userInfo = null;
emptyUsernameValid(auth.getJ_username());
userInfo= loadUserInfo(auth.getJ_username(),auth.getJ_password());
userinfoValid(userInfo, auth.getJ_password());
tftcaptchaValid(auth.getJ_otp_captcha(),auth.getJ_auth_type(),userInfo);
authenticationRealm.passwordPolicyValid(userInfo);
authenticationRealm.passwordMatches(userInfo, auth.getJ_password());
authenticationRealm.grantAuthority(userInfo);
/**
* put userInfo to current session context
*/
WebContext.setUserInfo(userInfo);
auth.setAuthenticated(true);
if(auth.isAuthenticated()&&applicationConfig.getLoginConfig().isRemeberMe()){
if(auth.getJ_remeberme()!=null&&auth.getJ_remeberme().equals("remeberMe")){
WebContext.getSession().setAttribute(WebConstants.REMEBER_ME_SESSION,auth.getJ_username());
_logger.debug("do Remeber Me");
remeberMeService.createRemeberMe(
userInfo.getUsername(),
WebContext.getRequest(),
((ServletRequestAttributes)RequestContextHolder.getRequestAttributes()).getResponse());
}
}
_logger.debug("authentication " + auth);
UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken =new UsernamePasswordAuthenticationToken(
auth,
"PASSWORD",
authenticationRealm.grantAuthority(userInfo));
usernamePasswordAuthenticationToken.setDetails(new WebAuthenticationDetails(WebContext.getRequest()));
return usernamePasswordAuthenticationToken;
sessionValid(auth.getJ_sessionid());
//jwtTokenValid(j_jwtToken);
authTypeValid(auth.getJ_auth_type());
captchaValid(auth.getJ_captcha(),auth.getJ_auth_type());
emptyPasswordValid(auth.getJ_password());
UserInfo userInfo = null;
emptyUsernameValid(auth.getJ_username());
userInfo= loadUserInfo(auth.getJ_username(),auth.getJ_password());
userinfoValid(userInfo, auth.getJ_password());
tftcaptchaValid(auth.getJ_otp_captcha(),auth.getJ_auth_type(),userInfo);
authenticationRealm.passwordPolicyValid(userInfo);
authenticationRealm.passwordMatches(userInfo, auth.getJ_password());
authenticationRealm.grantAuthority(userInfo);
/**
* put userInfo to current session context
*/
WebContext.setUserInfo(userInfo);
auth.setAuthenticated(true);
if(auth.isAuthenticated()&&applicationConfig.getLoginConfig().isRemeberMe()){
if(auth.getJ_remeberme()!=null&&auth.getJ_remeberme().equals("remeberMe")){
WebContext.getSession().setAttribute(WebConstants.REMEBER_ME_SESSION,auth.getJ_username());
_logger.debug("do Remeber Me");
remeberMeService.createRemeberMe(
userInfo.getUsername(),
WebContext.getRequest(),
((ServletRequestAttributes)RequestContextHolder.getRequestAttributes()).getResponse());
}
}
UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken =new UsernamePasswordAuthenticationToken(
auth,
"PASSWORD",
authenticationRealm.grantAuthority(userInfo));
usernamePasswordAuthenticationToken.setDetails(new WebAuthenticationDetails(WebContext.getRequest()));
return usernamePasswordAuthenticationToken;
}
}