AcegiPlainTextPasswordValidationCallbackHandler xref

View Javadoc

1   /*
2    * Copyright 2002-2009 the original author or authors.
3    *
4    * Licensed under the Apache License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    *      http://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   */
16  
17  package org.springframework.ws.soap.security.wss4j.callback.acegi;
18  
19  import java.io.IOException;
20  import javax.security.auth.callback.UnsupportedCallbackException;
21  
22  import org.acegisecurity.Authentication;
23  import org.acegisecurity.AuthenticationException;
24  import org.acegisecurity.AuthenticationManager;
25  import org.acegisecurity.context.SecurityContextHolder;
26  import org.acegisecurity.providers.UsernamePasswordAuthenticationToken;
27  import org.apache.ws.security.WSPasswordCallback;
28  import org.apache.ws.security.WSSecurityException;
29  
30  import org.springframework.beans.factory.InitializingBean;
31  import org.springframework.util.Assert;
32  import org.springframework.ws.soap.security.callback.CleanupCallback;
33  import org.springframework.ws.soap.security.wss4j.callback.AbstractWsPasswordCallbackHandler;
34  
35  /**
36   * Callback handler that validates a certificate uses an Acegi <code>AuthenticationManager</code>. Logic based on
37   * Acegi's <code>BasicProcessingFilter</code>.
38   * <p/>
39   * This handler requires an Acegi <code>AuthenticationManager</code> to operate. It can be set using the
40   * <code>authenticationManager</code> property. An Acegi <code>UsernamePasswordAuthenticationToken</code> is created
41   * with the username as principal and password as credentials.
42   *
43   * @author Arjen Poutsma
44   * @see org.acegisecurity.providers.UsernamePasswordAuthenticationToken
45   * @see org.acegisecurity.ui.basicauth.BasicProcessingFilter
46   * @since 1.5.0
47   * @deprecated As of Spring-WS 1.5, in favor of Spring Security
48   */
49  public class AcegiPlainTextPasswordValidationCallbackHandler extends AbstractWsPasswordCallbackHandler
50          implements InitializingBean {
51  
52      private AuthenticationManager authenticationManager;
53  
54      private boolean ignoreFailure = false;
55  
56      /** Sets the Acegi authentication manager. Required. */
57      public void setAuthenticationManager(AuthenticationManager authenticationManager) {
58          this.authenticationManager = authenticationManager;
59      }
60  
61      public void setIgnoreFailure(boolean ignoreFailure) {
62          this.ignoreFailure = ignoreFailure;
63      }
64  
65      public void afterPropertiesSet() throws Exception {
66          Assert.notNull(authenticationManager, "authenticationManager is required");
67      }
68  
69      protected void handleCleanup(CleanupCallback callback) throws IOException, UnsupportedCallbackException {
70          SecurityContextHolder.clearContext();
71      }
72  
73      protected void handleUsernameTokenUnknown(WSPasswordCallback callback)
74              throws IOException, UnsupportedCallbackException {
75          String identifier = callback.getIdentifier();
76          try {
77              Authentication authResult = authenticationManager
78                      .authenticate(new UsernamePasswordAuthenticationToken(identifier, callback.getPassword()));
79              if (logger.isDebugEnabled()) {
80                  logger.debug("Authentication success: " + authResult.toString());
81              }
82              SecurityContextHolder.getContext().setAuthentication(authResult);
83          }
84          catch (AuthenticationException failed) {
85              if (logger.isDebugEnabled()) {
86                  logger.debug("Authentication request for user '" + identifier + "' failed: " + failed.toString());
87              }
88              SecurityContextHolder.clearContext();
89              if (!ignoreFailure) {
90                  throw new WSSecurityException(WSSecurityException.FAILED_AUTHENTICATION);
91              }
92          }
93      }
94  }