feedback by piotr

rest-api/src/main/java/lcsb/mapviewer/api/users/UserController.java

@@ -40,7 +40,7 @@ public class UserController extends BaseController {
    */
   @GetMapping(value = "/isSessionValid")
   @PreAuthorize("isAuthenticated() and authentication.name != '" + Configuration.ANONYMOUS_LOGIN + "'")
-  public Object isSessionValid(Authentication authentication) {
+  public Object isSessionValid() {
     return new TreeMap<>();
   }
 

web/src/main/java/lcsb/mapviewer/web/config/LdapAuthenticationProvider.java

 package lcsb.mapviewer.web.config;
 
 import com.unboundid.ldap.sdk.LDAPException;
-import lcsb.mapviewer.common.Configuration;
 import lcsb.mapviewer.model.user.User;
 import lcsb.mapviewer.services.UserDTO;
 import lcsb.mapviewer.services.interfaces.ILdapService;
@@ -16,7 +15,6 @@ import org.springframework.security.core.Authentication;
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.core.userdetails.UsernameNotFoundException;
-import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.stereotype.Service;
 
 @Order(2)
@@ -26,24 +24,21 @@ public class LdapAuthenticationProvider implements AuthenticationProvider {
   private IUserService userService;
   private ILdapService ldapService;
   private UserDetailsService userDetailsService;
-  private PasswordEncoder passwordEncoder;
 
   @Autowired
   public LdapAuthenticationProvider(IUserService userService,
                                     ILdapService ldapService,
-                                    UserDetailsService userDetailsService,
-                                    PasswordEncoder passwordEncoder) {
+                                    UserDetailsService userDetailsService) {
     this.userService = userService;
     this.ldapService = ldapService;
     this.userDetailsService = userDetailsService;
-    this.passwordEncoder = passwordEncoder;
   }
 
   @Override
   public Authentication authenticate(Authentication authentication) throws AuthenticationException {
     String username = authentication.getName().toLowerCase();
     if (username.isEmpty()) {
-      throw new UsernameNotFoundException("Invalid username.");
+      throw new BadCredentialsException("Invalid username.");
     }
 
     boolean ldapLoginSuccess;
@@ -83,7 +78,6 @@ public class LdapAuthenticationProvider implements AuthenticationProvider {
     }
     User newUser = new User();
     newUser.setLogin(userDTO.getLogin());
-    newUser.setCryptedPassword(passwordEncoder.encode((String) authentication.getCredentials()));
     newUser.setConnectedToLdap(true);
     newUser.setName(userDTO.getFirstName());
     newUser.setSurname(userDTO.getLastName());

web/src/main/java/lcsb/mapviewer/web/config/LocalAuthenticationProvider.java

@@ -5,6 +5,7 @@ import lcsb.mapviewer.services.interfaces.IUserService;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.core.annotation.Order;
 import org.springframework.security.authentication.AuthenticationProvider;
+import org.springframework.security.authentication.BadCredentialsException;
 import org.springframework.security.authentication.InternalAuthenticationServiceException;
 import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
 import org.springframework.security.core.Authentication;
@@ -45,7 +46,7 @@ public class LocalAuthenticationProvider implements AuthenticationProvider {
   public Authentication authenticate(Authentication authentication) throws AuthenticationException {
     String username = authentication.getName();
     if (username.isEmpty()) {
-      throw new UsernameNotFoundException("Username must not be empty.");
+      throw new BadCredentialsException("Username must not be empty.");
     }
     User user = userService.getUserByLogin(username);
     if (user == null || user.isConnectedToLdap()) {