AcegiDigestPasswordValidationCallbackHandler xref

View Javadoc

1   /*
2    * Copyright 2002-2009 the original author or authors.
3    *
4    * Licensed under the Apache License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    *      http://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   */
16  
17  package org.springframework.ws.soap.security.xwss.callback.acegi;
18  
19  import java.io.IOException;
20  import javax.security.auth.callback.Callback;
21  import javax.security.auth.callback.UnsupportedCallbackException;
22  
23  import com.sun.xml.wss.impl.callback.PasswordValidationCallback;
24  import com.sun.xml.wss.impl.callback.TimestampValidationCallback;
25  import org.acegisecurity.context.SecurityContextHolder;
26  import org.acegisecurity.providers.UsernamePasswordAuthenticationToken;
27  import org.acegisecurity.providers.dao.UserCache;
28  import org.acegisecurity.providers.dao.cache.NullUserCache;
29  import org.acegisecurity.userdetails.UserDetails;
30  import org.acegisecurity.userdetails.UserDetailsService;
31  import org.acegisecurity.userdetails.UsernameNotFoundException;
32  
33  import org.springframework.beans.factory.InitializingBean;
34  import org.springframework.dao.DataAccessException;
35  import org.springframework.util.Assert;
36  import org.springframework.ws.soap.security.callback.AbstractCallbackHandler;
37  import org.springframework.ws.soap.security.callback.CleanupCallback;
38  import org.springframework.ws.soap.security.support.AcegiUtils;
39  import org.springframework.ws.soap.security.xwss.callback.DefaultTimestampValidator;
40  
41  /**
42   * Callback handler that validates a password digest using an Acegi <code>UserDetailsService</code>. Logic based on
43   * Acegi's <code>DigestProcessingFilter</code>.
44   * <p/>
45   * An Acegi <code>UserDetailService</code> is used to load <code>UserDetails</code> from. The digest of the password
46   * contained in this details object is then compared with the digest in the message.
47   * <p/>
48   * This class only handles <code>PasswordValidationCallback</code>s that contain a <code>DigestPasswordRequest</code>,
49   * and throws an <code>UnsupportedCallbackException</code> for others.
50   *
51   * @author Arjen Poutsma
52   * @see UserDetailsService
53   * @see PasswordValidationCallback
54   * @see com.sun.xml.wss.impl.callback.PasswordValidationCallback.DigestPasswordRequest
55   * @see org.acegisecurity.ui.digestauth.DigestProcessingFilter
56   * @since 1.0.0
57   * @deprecated As of Spring-WS 1.5, in favor of Spring Security
58   */
59  public class AcegiDigestPasswordValidationCallbackHandler extends AbstractCallbackHandler implements InitializingBean {
60  
61      private UserCache userCache = new NullUserCache();
62  
63      private UserDetailsService userDetailsService;
64  
65      /** Sets the users cache. Not required, but can benefit performance. */
66      public void setUserCache(UserCache userCache) {
67          this.userCache = userCache;
68      }
69  
70      /** Sets the Acegi user details service. Required. */
71      public void setUserDetailsService(UserDetailsService userDetailsService) {
72          this.userDetailsService = userDetailsService;
73      }
74  
75      public void afterPropertiesSet() throws Exception {
76          Assert.notNull(userDetailsService, "userDetailsService is required");
77      }
78  
79      /**
80       * Handles <code>PasswordValidationCallback</code>s that contain a <code>DigestPasswordRequest</code>, and throws an
81       * <code>UnsupportedCallbackException</code> for others
82       *
83       * @throws UnsupportedCallbackException when the callback is not supported
84       */
85      protected void handleInternal(Callback callback) throws IOException, UnsupportedCallbackException {
86          if (callback instanceof PasswordValidationCallback) {
87              PasswordValidationCallback passwordCallback = (PasswordValidationCallback) callback;
88              if (passwordCallback.getRequest() instanceof PasswordValidationCallback.DigestPasswordRequest) {
89                  PasswordValidationCallback.DigestPasswordRequest request =
90                          (PasswordValidationCallback.DigestPasswordRequest) passwordCallback.getRequest();
91                  String username = request.getUsername();
92                  UserDetails user = loadUserDetails(username);
93                  if (user != null) {
94                      AcegiUtils.checkUserValidity(user);
95                      request.setPassword(user.getPassword());
96                  }
97                  AcegiDigestPasswordValidator validator = new AcegiDigestPasswordValidator(user);
98                  passwordCallback.setValidator(validator);
99                  return;
100             }
101         }
102         else if (callback instanceof TimestampValidationCallback) {
103             TimestampValidationCallback timestampCallback = (TimestampValidationCallback) callback;
104             timestampCallback.setValidator(new DefaultTimestampValidator());
105 
106         }
107         else if (callback instanceof CleanupCallback) {
108             SecurityContextHolder.clearContext();
109             return;
110         }
111         throw new UnsupportedCallbackException(callback);
112     }
113 
114     private UserDetails loadUserDetails(String username) throws DataAccessException {
115         UserDetails user = userCache.getUserFromCache(username);
116 
117         if (user == null) {
118             try {
119                 user = userDetailsService.loadUserByUsername(username);
120             }
121             catch (UsernameNotFoundException notFound) {
122                 if (logger.isDebugEnabled()) {
123                     logger.debug("Username '" + username + "' not found");
124                 }
125                 return null;
126             }
127             userCache.putUserInCache(user);
128         }
129         return user;
130     }
131 
132     private class AcegiDigestPasswordValidator extends PasswordValidationCallback.DigestPasswordValidator {
133 
134         private UserDetails user;
135 
136         private AcegiDigestPasswordValidator(UserDetails user) {
137             this.user = user;
138         }
139 
140         public boolean validate(PasswordValidationCallback.Request request)
141                 throws PasswordValidationCallback.PasswordValidationException {
142             if (super.validate(request)) {
143                 UsernamePasswordAuthenticationToken authRequest =
144                         new UsernamePasswordAuthenticationToken(user, user.getPassword());
145                 if (logger.isDebugEnabled()) {
146                     logger.debug("Authentication success: " + authRequest.toString());
147                 }
148 
149                 SecurityContextHolder.getContext().setAuthentication(authRequest);
150                 return true;
151             }
152             else {
153                 return false;
154             }
155         }
156     }
157 
158 }