View Javadoc

1   /*
2    * Copyright 2002-2009 the original author or authors.
3    *
4    * Licensed under the Apache License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    *      http://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   */
16  
17  package org.springframework.ws.soap.security.xwss.callback.acegi;
18  
19  import java.io.IOException;
20  import javax.security.auth.callback.Callback;
21  import javax.security.auth.callback.UnsupportedCallbackException;
22  
23  import com.sun.xml.wss.impl.callback.PasswordValidationCallback;
24  import org.acegisecurity.Authentication;
25  import org.acegisecurity.AuthenticationException;
26  import org.acegisecurity.AuthenticationManager;
27  import org.acegisecurity.context.SecurityContextHolder;
28  import org.acegisecurity.providers.UsernamePasswordAuthenticationToken;
29  
30  import org.springframework.beans.factory.InitializingBean;
31  import org.springframework.util.Assert;
32  import org.springframework.ws.soap.security.callback.AbstractCallbackHandler;
33  import org.springframework.ws.soap.security.callback.CleanupCallback;
34  
35  /**
36   * Callback handler that validates a certificate uses an Acegi <code>AuthenticationManager</code>. Logic based on
37   * Acegi's <code>BasicProcessingFilter</code>.
38   * <p/>
39   * This handler requires an Acegi <code>AuthenticationManager</code> to operate. It can be set using the
40   * <code>authenticationManager</code> property. An Acegi <code>UsernamePasswordAuthenticationToken</code> is created
41   * with the username as principal and password as credentials.
42   * <p/>
43   * This class only handles <code>PasswordValidationCallback</code>s that contain a
44   * <code>PlainTextPasswordRequest</code>, and throws an <code>UnsupportedCallbackException</code> for others.
45   *
46   * @author Arjen Poutsma
47   * @see UsernamePasswordAuthenticationToken
48   * @see PasswordValidationCallback
49   * @see com.sun.xml.wss.impl.callback.PasswordValidationCallback.PlainTextPasswordRequest
50   * @see org.acegisecurity.ui.basicauth.BasicProcessingFilter
51   * @since 1.0.0
52   * @deprecated As of Spring-WS 1.5, in favor of Spring Security
53   */
54  public class AcegiPlainTextPasswordValidationCallbackHandler extends AbstractCallbackHandler
55          implements InitializingBean {
56  
57      private AuthenticationManager authenticationManager;
58  
59      private boolean ignoreFailure = false;
60  
61      /** Sets the Acegi authentication manager. Required. */
62      public void setAuthenticationManager(AuthenticationManager authenticationManager) {
63          this.authenticationManager = authenticationManager;
64      }
65  
66      public void setIgnoreFailure(boolean ignoreFailure) {
67          this.ignoreFailure = ignoreFailure;
68      }
69  
70      public void afterPropertiesSet() throws Exception {
71          Assert.notNull(authenticationManager, "authenticationManager is required");
72      }
73  
74      /**
75       * Handles <code>PasswordValidationCallback</code>s that contain a <code>PlainTextPasswordRequest</code>, and throws
76       * an <code>UnsupportedCallbackException</code> for others.
77       *
78       * @throws UnsupportedCallbackException when the callback is not supported
79       */
80      protected void handleInternal(Callback callback) throws IOException, UnsupportedCallbackException {
81          if (callback instanceof PasswordValidationCallback) {
82              PasswordValidationCallback validationCallback = (PasswordValidationCallback) callback;
83              if (validationCallback.getRequest() instanceof PasswordValidationCallback.PlainTextPasswordRequest) {
84                  validationCallback.setValidator(new AcegiPlainTextPasswordValidator());
85                  return;
86              }
87          }
88          else if (callback instanceof CleanupCallback) {
89              SecurityContextHolder.clearContext();
90              return;
91          }
92          throw new UnsupportedCallbackException(callback);
93      }
94  
95      private class AcegiPlainTextPasswordValidator implements PasswordValidationCallback.PasswordValidator {
96  
97          public boolean validate(PasswordValidationCallback.Request request)
98                  throws PasswordValidationCallback.PasswordValidationException {
99              PasswordValidationCallback.PlainTextPasswordRequest plainTextRequest =
100                     (PasswordValidationCallback.PlainTextPasswordRequest) request;
101             try {
102                 Authentication authResult = authenticationManager.authenticate(
103                         new UsernamePasswordAuthenticationToken(plainTextRequest.getUsername(),
104                                 plainTextRequest.getPassword()));
105                 if (logger.isDebugEnabled()) {
106                     logger.debug("Authentication success: " + authResult.toString());
107                 }
108                 SecurityContextHolder.getContext().setAuthentication(authResult);
109                 return true;
110             }
111             catch (AuthenticationException failed) {
112                 if (logger.isDebugEnabled()) {
113                     logger.debug("Authentication request for user '" + plainTextRequest.getUsername() + "' failed: " +
114                             failed.toString());
115                 }
116                 SecurityContextHolder.clearContext();
117                 return ignoreFailure;
118             }
119         }
120     }
121 
122 }