SimplePasswordValidationCallbackHandler xref

View Javadoc

1   /*
2    * Copyright 2006 the original author or authors.
3    *
4    * Licensed under the Apache License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    *      http://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   */
16  
17  package org.springframework.ws.soap.security.xwss.callback;
18  
19  import java.io.IOException;
20  import java.util.Iterator;
21  import java.util.Map;
22  import java.util.Properties;
23  import javax.security.auth.callback.Callback;
24  import javax.security.auth.callback.UnsupportedCallbackException;
25  
26  import com.sun.xml.wss.impl.callback.PasswordValidationCallback;
27  import com.sun.xml.wss.impl.callback.TimestampValidationCallback;
28  
29  import org.springframework.beans.factory.InitializingBean;
30  import org.springframework.util.Assert;
31  import org.springframework.ws.soap.security.callback.AbstractCallbackHandler;
32  
33  /**
34   * Simple callback handler that validates passwords agains a in-memory <code>Properties</code> object. Password
35   * validation is done on a case-sensitive basis.
36   * <p/>
37   * This class only handles <code>PasswordValidationCallback</code>s, and throws an
38   * <code>UnsupportedCallbackException</code> for others
39   *
40   * @author Arjen Poutsma
41   * @see #setUsers(java.util.Properties)
42   * @since 1.0.0
43   */
44  public class SimplePasswordValidationCallbackHandler extends AbstractCallbackHandler implements InitializingBean {
45  
46      private Properties users = new Properties();
47  
48      /** Sets the users to validate against. Property names are usernames, property values are passwords. */
49      public void setUsers(Properties users) {
50          this.users = users;
51      }
52  
53      public void afterPropertiesSet() throws Exception {
54          Assert.notNull(users, "users is required");
55      }
56  
57      protected void handleInternal(Callback callback) throws IOException, UnsupportedCallbackException {
58          if (callback instanceof PasswordValidationCallback) {
59              PasswordValidationCallback passwordCallback = (PasswordValidationCallback) callback;
60              if (passwordCallback.getRequest() instanceof PasswordValidationCallback.PlainTextPasswordRequest) {
61                  passwordCallback.setValidator(new SimplePlainTextPasswordValidator());
62              }
63              else if (passwordCallback.getRequest() instanceof PasswordValidationCallback.DigestPasswordRequest) {
64                  PasswordValidationCallback.DigestPasswordRequest digestPasswordRequest =
65                          (PasswordValidationCallback.DigestPasswordRequest) passwordCallback.getRequest();
66                  String password = users.getProperty(digestPasswordRequest.getUsername());
67                  digestPasswordRequest.setPassword(password);
68                  passwordCallback.setValidator(new PasswordValidationCallback.DigestPasswordValidator());
69              }
70          }
71          else if (callback instanceof TimestampValidationCallback) {
72              TimestampValidationCallback timestampCallback = (TimestampValidationCallback) callback;
73              timestampCallback.setValidator(new DefaultTimestampValidator());
74          }
75          else {
76              throw new UnsupportedCallbackException(callback);
77          }
78      }
79  
80      public void setUsersMap(Map users) {
81          for (Iterator iterator = users.keySet().iterator(); iterator.hasNext();) {
82              String username = (String) iterator.next();
83              String password = (String) users.get(username);
84              this.users.setProperty(username, password);
85          }
86      }
87  
88      private class SimplePlainTextPasswordValidator implements PasswordValidationCallback.PasswordValidator {
89  
90          public boolean validate(PasswordValidationCallback.Request request)
91                  throws PasswordValidationCallback.PasswordValidationException {
92              PasswordValidationCallback.PlainTextPasswordRequest plainTextPasswordRequest =
93                      (PasswordValidationCallback.PlainTextPasswordRequest) request;
94              String password = users.getProperty(plainTextPasswordRequest.getUsername());
95              return password != null && password.equals(plainTextPasswordRequest.getPassword());
96          }
97      }
98  }