View Javadoc

1   /*
2    * Copyright 2002-2009 the original author or authors.
3    *
4    * Licensed under the Apache License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    *      http://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   */
16  
17  package org.springframework.ws.soap.security.wss4j.callback.acegi;
18  
19  import java.io.IOException;
20  import javax.security.auth.callback.UnsupportedCallbackException;
21  
22  import org.acegisecurity.context.SecurityContextHolder;
23  import org.acegisecurity.providers.UsernamePasswordAuthenticationToken;
24  import org.acegisecurity.providers.dao.UserCache;
25  import org.acegisecurity.providers.dao.cache.NullUserCache;
26  import org.acegisecurity.userdetails.UserDetails;
27  import org.acegisecurity.userdetails.UserDetailsService;
28  import org.acegisecurity.userdetails.UsernameNotFoundException;
29  import org.apache.ws.security.WSPasswordCallback;
30  import org.apache.ws.security.WSUsernameTokenPrincipal;
31  
32  import org.springframework.beans.factory.InitializingBean;
33  import org.springframework.dao.DataAccessException;
34  import org.springframework.util.Assert;
35  import org.springframework.ws.soap.security.callback.CleanupCallback;
36  import org.springframework.ws.soap.security.support.AcegiUtils;
37  import org.springframework.ws.soap.security.wss4j.callback.AbstractWsPasswordCallbackHandler;
38  import org.springframework.ws.soap.security.wss4j.callback.UsernameTokenPrincipalCallback;
39  
40  /**
41   * Callback handler that validates a password digest using an Acegi <code>UserDetailsService</code>. Logic based on
42   * Acegi's <code>DigestProcessingFilter</code>.
43   * <p/>
44   * An Acegi <code>UserDetailService</code> is used to load <code>UserDetails</code> from. The digest of the password
45   * contained in this details object is then compared with the digest in the message.
46   *
47   * @author Arjen Poutsma
48   * @see org.acegisecurity.userdetails.UserDetailsService
49   * @see org.acegisecurity.ui.digestauth.DigestProcessingFilter
50   * @since 1.5.0
51   * @deprecated As of Spring-WS 1.5, in favor of Spring Security
52   */
53  public class AcegiDigestPasswordValidationCallbackHandler extends AbstractWsPasswordCallbackHandler
54          implements InitializingBean {
55  
56      private UserCache userCache = new NullUserCache();
57  
58      private UserDetailsService userDetailsService;
59  
60      /** Sets the users cache. Not required, but can benefit performance. */
61      public void setUserCache(UserCache userCache) {
62          this.userCache = userCache;
63      }
64  
65      /** Sets the Acegi user details service. Required. */
66      public void setUserDetailsService(UserDetailsService userDetailsService) {
67          this.userDetailsService = userDetailsService;
68      }
69  
70      public void afterPropertiesSet() throws Exception {
71          Assert.notNull(userDetailsService, "userDetailsService is required");
72      }
73  
74      protected void handleUsernameToken(WSPasswordCallback callback) throws IOException, UnsupportedCallbackException {
75          String identifier = callback.getIdentifier();
76          UserDetails user = loadUserDetails(identifier);
77          if (user != null) {
78              AcegiUtils.checkUserValidity(user);
79              callback.setPassword(user.getPassword());
80          }
81      }
82  
83      protected void handleUsernameTokenPrincipal(UsernameTokenPrincipalCallback callback)
84              throws IOException, UnsupportedCallbackException {
85          UserDetails user = loadUserDetails(callback.getPrincipal().getName());
86          WSUsernameTokenPrincipal principal = callback.getPrincipal();
87          UsernamePasswordAuthenticationToken authRequest =
88                  new UsernamePasswordAuthenticationToken(principal, principal.getPassword(), user.getAuthorities());
89          if (logger.isDebugEnabled()) {
90              logger.debug("Authentication success: " + authRequest.toString());
91          }
92          SecurityContextHolder.getContext().setAuthentication(authRequest);
93      }
94  
95      protected void handleCleanup(CleanupCallback callback) throws IOException, UnsupportedCallbackException {
96          SecurityContextHolder.clearContext();
97      }
98  
99      private UserDetails loadUserDetails(String username) throws DataAccessException {
100         UserDetails user = userCache.getUserFromCache(username);
101 
102         if (user == null) {
103             try {
104                 user = userDetailsService.loadUserByUsername(username);
105             }
106             catch (UsernameNotFoundException notFound) {
107                 if (logger.isDebugEnabled()) {
108                     logger.debug("Username '" + username + "' not found");
109                 }
110                 return null;
111             }
112             userCache.putUserInCache(user);
113         }
114         return user;
115     }
116 }