1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17 package org.springframework.ws.soap.security.xwss.callback.acegi;
18
19 import java.io.IOException;
20 import java.security.cert.X509Certificate;
21 import javax.security.auth.callback.Callback;
22 import javax.security.auth.callback.UnsupportedCallbackException;
23
24 import com.sun.xml.wss.impl.callback.CertificateValidationCallback;
25 import org.acegisecurity.Authentication;
26 import org.acegisecurity.AuthenticationException;
27 import org.acegisecurity.AuthenticationManager;
28 import org.acegisecurity.context.SecurityContextHolder;
29 import org.acegisecurity.providers.x509.X509AuthenticationToken;
30
31 import org.springframework.beans.factory.InitializingBean;
32 import org.springframework.util.Assert;
33 import org.springframework.ws.soap.security.callback.AbstractCallbackHandler;
34 import org.springframework.ws.soap.security.callback.CleanupCallback;
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53 public class AcegiCertificateValidationCallbackHandler extends AbstractCallbackHandler implements InitializingBean {
54
55 private AuthenticationManager authenticationManager;
56
57 private boolean ignoreFailure = false;
58
59
60 public void setAuthenticationManager(AuthenticationManager authenticationManager) {
61 this.authenticationManager = authenticationManager;
62 }
63
64 public void setIgnoreFailure(boolean ignoreFailure) {
65 this.ignoreFailure = ignoreFailure;
66 }
67
68 public void afterPropertiesSet() throws Exception {
69 Assert.notNull(authenticationManager, "authenticationManager is required");
70 }
71
72
73
74
75
76
77
78 protected void handleInternal(Callback callback) throws IOException, UnsupportedCallbackException {
79 if (callback instanceof CertificateValidationCallback) {
80 ((CertificateValidationCallback) callback).setValidator(new AcegiCertificateValidator());
81 }
82 else if (callback instanceof CleanupCallback) {
83 SecurityContextHolder.clearContext();
84 }
85 else {
86 throw new UnsupportedCallbackException(callback);
87 }
88 }
89
90 private class AcegiCertificateValidator implements CertificateValidationCallback.CertificateValidator {
91
92 public boolean validate(X509Certificate certificate)
93 throws CertificateValidationCallback.CertificateValidationException {
94 boolean result;
95 try {
96 Authentication authResult =
97 authenticationManager.authenticate(new X509AuthenticationToken(certificate));
98 if (logger.isDebugEnabled()) {
99 logger.debug("Authentication request for certificate with DN [" +
100 certificate.getSubjectX500Principal().getName() + "] successful");
101 }
102 SecurityContextHolder.getContext().setAuthentication(authResult);
103 return true;
104 }
105 catch (AuthenticationException failed) {
106 if (logger.isDebugEnabled()) {
107 logger.debug("Authentication request for certificate with DN [" +
108 certificate.getSubjectX500Principal().getName() + "] failed: " + failed.toString());
109 }
110 SecurityContextHolder.clearContext();
111 result = ignoreFailure;
112 }
113 return result;
114 }
115 }
116 }