package com.zeldan.security; import org.springframework.security.authentication.BadCredentialsException; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider; import org.springframework.security.core.AuthenticationException; import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.crypto.password.PasswordEncoder; import org.springframework.stereotype.Component; @Component public class AccountAuthenticationProvider extends AbstractUserDetailsAuthenticationProvider { private final CustomUserDetailsService userDetailsService; private final PasswordEncoder passwordEncoder; public AccountAuthenticationProvider(CustomUserDetailsService userDetailsService, PasswordEncoder passwordEncoder) { this.userDetailsService = userDetailsService; this.passwordEncoder = passwordEncoder; } @Override protected void additionalAuthenticationChecks(UserDetails userDetails, UsernamePasswordAuthenticationToken token) throws AuthenticationException { if (token.getCredentials() == null || userDetails.getPassword() == null) { throw new BadCredentialsException("Credentials may not be null."); } if (!passwordEncoder.matches((String) token.getCredentials(), userDetails.getPassword())) { throw new BadCredentialsException("Invalid credentials."); } } @Override protected UserDetails retrieveUser(String username, UsernamePasswordAuthenticationToken token) throws AuthenticationException { return userDetailsService.loadUserByUsername(username); } }