1 /* 2 * Copyright 2005-2010 the original author or authors. 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 package org.springframework.ws.soap.security.x509; 18 19 import java.security.cert.X509Certificate; 20 21 import org.springframework.security.core.AuthenticationException; 22 import org.springframework.security.core.userdetails.UserDetails; 23 24 25 /** 26 * Populates the <code>UserDetails</code> associated with the X.509 27 * certificate presented by a client. 28 * <p> 29 * Although the certificate will already have been validated by the web container, 30 * implementations may choose to perform additional application-specific checks on 31 * the certificate content here. If an implementation chooses to reject the certificate, 32 * it should throw a {@link org.springframework.security.authentication.BadCredentialsException}. 33 * </p> 34 * <p>Migrated from Spring Security 2 since it has been removed in Spring Security 3.</p> 35 * 36 * @author Luke Taylor 37 */ 38 public interface X509AuthoritiesPopulator { 39 //~ Methods ======================================================================================================== 40 41 /** 42 * Obtains the granted authorities for the specified user.<p>May throw any 43 * <code>AuthenticationException</code> or return <code>null</code> if the authorities are unavailable.</p> 44 * 45 * @param userCertificate the X.509 certificate supplied 46 * 47 * @return the details of the indicated user (at minimum the granted authorities and the username) 48 * 49 * @throws AuthenticationException if the user details are not available or the certificate isn't valid for the 50 * application's purpose. 51 */ 52 UserDetails getUserDetails(X509Certificate userCertificate) 53 throws AuthenticationException; 54 }