View Javadoc

1   /*
2    * Copyright 2002-2009 the original author or authors.
3    *
4    * Licensed under the Apache License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    *      http://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   */
16  
17  package org.springframework.ws.soap.security.wss4j.callback;
18  
19  import java.io.IOException;
20  import java.util.Iterator;
21  import java.util.Map;
22  import java.util.Properties;
23  import javax.security.auth.callback.UnsupportedCallbackException;
24  
25  import org.apache.ws.security.WSPasswordCallback;
26  import org.apache.ws.security.WSSecurityException;
27  
28  import org.springframework.beans.factory.InitializingBean;
29  import org.springframework.util.Assert;
30  
31  /**
32   * Simple callback handler that validates passwords agains a in-memory <code>Properties</code> object. Password
33   * validation is done on a case-sensitive basis.
34   *
35   * @author Tareq Abed Rabbo
36   * @author Arjen Poutsma
37   * @see #setUsers(java.util.Properties)
38   * @since 1.5.0
39   */
40  public class SimplePasswordValidationCallbackHandler extends AbstractWsPasswordCallbackHandler
41          implements InitializingBean {
42  
43      private Properties users = new Properties();
44  
45      /** Sets the users to validate against. Property names are usernames, property values are passwords. */
46      public void setUsers(Properties users) {
47          this.users = users;
48      }
49  
50      public void setUsersMap(Map users) {
51          for (Iterator iterator = users.keySet().iterator(); iterator.hasNext();) {
52              String username = (String) iterator.next();
53              String password = (String) users.get(username);
54              this.users.setProperty(username, password);
55          }
56      }
57  
58      public void afterPropertiesSet() throws Exception {
59          Assert.notNull(users, "users is required");
60      }
61  
62      protected void handleUsernameToken(WSPasswordCallback callback) throws IOException, UnsupportedCallbackException {
63          String identifier = callback.getIdentifier();
64          callback.setPassword(users.getProperty(identifier));
65      }
66  
67      protected void handleUsernameTokenUnknown(WSPasswordCallback callback)
68              throws IOException, UnsupportedCallbackException {
69          String identifier = callback.getIdentifier();
70          String storedPassword = users.getProperty(identifier);
71          String givenPassword = callback.getPassword();
72          if (storedPassword == null || !storedPassword.equals(givenPassword)) {
73              throw new WSSecurityException(WSSecurityException.FAILED_AUTHENTICATION);
74          }
75      }
76  
77  }