1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17 package org.springframework.ws.soap.security.xwss.callback;
18
19 import java.io.IOException;
20 import javax.security.auth.callback.Callback;
21 import javax.security.auth.callback.UnsupportedCallbackException;
22
23 import com.sun.xml.wss.impl.callback.PasswordValidationCallback;
24
25 import org.springframework.beans.factory.InitializingBean;
26 import org.springframework.security.core.Authentication;
27 import org.springframework.security.core.AuthenticationException;
28 import org.springframework.security.authentication.AuthenticationManager;
29 import org.springframework.security.core.context.SecurityContextHolder;
30 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
31 import org.springframework.util.Assert;
32 import org.springframework.ws.soap.security.callback.AbstractCallbackHandler;
33 import org.springframework.ws.soap.security.callback.CleanupCallback;
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52 public class SpringPlainTextPasswordValidationCallbackHandler extends AbstractCallbackHandler
53 implements InitializingBean {
54
55 private AuthenticationManager authenticationManager;
56
57 private boolean ignoreFailure = false;
58
59
60 public void setAuthenticationManager(AuthenticationManager authenticationManager) {
61 this.authenticationManager = authenticationManager;
62 }
63
64 public void setIgnoreFailure(boolean ignoreFailure) {
65 this.ignoreFailure = ignoreFailure;
66 }
67
68 public void afterPropertiesSet() throws Exception {
69 Assert.notNull(authenticationManager, "authenticationManager is required");
70 }
71
72
73
74
75
76
77
78
79 @Override
80 protected void handleInternal(Callback callback) throws IOException, UnsupportedCallbackException {
81 if (callback instanceof PasswordValidationCallback) {
82 PasswordValidationCallback validationCallback = (PasswordValidationCallback) callback;
83 if (validationCallback.getRequest() instanceof PasswordValidationCallback.PlainTextPasswordRequest) {
84 validationCallback.setValidator(new SpringSecurityPlainTextPasswordValidator());
85 return;
86 }
87 }
88 else if (callback instanceof CleanupCallback) {
89 SecurityContextHolder.clearContext();
90 return;
91 }
92 throw new UnsupportedCallbackException(callback);
93 }
94
95 private class SpringSecurityPlainTextPasswordValidator implements PasswordValidationCallback.PasswordValidator {
96
97 public boolean validate(PasswordValidationCallback.Request request)
98 throws PasswordValidationCallback.PasswordValidationException {
99 PasswordValidationCallback.PlainTextPasswordRequest plainTextRequest =
100 (PasswordValidationCallback.PlainTextPasswordRequest) request;
101 try {
102 Authentication authResult = authenticationManager.authenticate(new UsernamePasswordAuthenticationToken(
103 plainTextRequest.getUsername(), plainTextRequest.getPassword()));
104 if (logger.isDebugEnabled()) {
105 logger.debug("Authentication success: " + authResult.toString());
106 }
107 SecurityContextHolder.getContext().setAuthentication(authResult);
108 return true;
109 }
110 catch (AuthenticationException failed) {
111 if (logger.isDebugEnabled()) {
112 logger.debug("Authentication request for user '" + plainTextRequest.getUsername() + "' failed: " +
113 failed.toString());
114 }
115 SecurityContextHolder.clearContext();
116 return ignoreFailure;
117 }
118 }
119 }
120
121 }