Source Code Cross Referenced for ResinAcegiAuthenticator.java in  » Security » acegi-security » org » acegisecurity » adapters » resin » Java Source Code / Java DocumentationJava Source Code and Java Documentation

001:        /* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
002:         *
003:         * Licensed under the Apache License, Version 2.0 (the "License");
004:         * you may not use this file except in compliance with the License.
005:         * You may obtain a copy of the License at
006:         *
007:         *     http://www.apache.org/licenses/LICENSE-2.0
008:         *
009:         * Unless required by applicable law or agreed to in writing, software
010:         * distributed under the License is distributed on an "AS IS" BASIS,
011:         * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
012:         * See the License for the specific language governing permissions and
013:         * limitations under the License.
014:         */
015:
016:        package org.acegisecurity.adapters.resin;
017:
018:        import com.caucho.http.security.AbstractAuthenticator;
019:
020:        import org.acegisecurity.Authentication;
021:        import org.acegisecurity.AuthenticationException;
022:        import org.acegisecurity.AuthenticationManager;
023:
024:        import org.acegisecurity.adapters.PrincipalAcegiUserToken;
025:
026:        import org.acegisecurity.providers.UsernamePasswordAuthenticationToken;
027:
028:        import org.apache.commons.logging.Log;
029:        import org.apache.commons.logging.LogFactory;
030:
031:        import org.springframework.context.support.ClassPathXmlApplicationContext;
032:
033:        import java.security.Principal;
034:
035:        import java.util.Map;
036:
037:        import javax.servlet.ServletContext;
038:        import javax.servlet.ServletException;
039:        import javax.servlet.http.HttpServletRequest;
040:        import javax.servlet.http.HttpServletResponse;
041:
042:        /**
043:         * Adapter to enable Resin to authenticate via the Acegi Security System for Spring.<p>Returns a {@link
044:         * PrincipalAcegiUserToken} to Resin's authentication system, which is subsequently available via
045:         * <code>HttpServletRequest.getUserPrincipal()</code>.</p>
046:         *
047:         * @author Ben Alex
048:         * @version $Id: ResinAcegiAuthenticator.java 1496 2006-05-23 13:38:33Z benalex $
049:         */
050:        public class ResinAcegiAuthenticator extends AbstractAuthenticator {
051:            //~ Static fields/initializers =====================================================================================
052:
053:            private static final Log logger = LogFactory
054:                    .getLog(ResinAcegiAuthenticator.class);
055:
056:            //~ Instance fields ================================================================================================
057:
058:            private AuthenticationManager authenticationManager;
059:            private String appContextLocation;
060:            private String key;
061:
062:            //~ Methods ========================================================================================================
063:
064:            public String getAppContextLocation() {
065:                return appContextLocation;
066:            }
067:
068:            public String getKey() {
069:                return key;
070:            }
071:
072:            public void init() throws ServletException {
073:                super .init();
074:
075:                if ((appContextLocation == null)
076:                        || "".equals(appContextLocation)) {
077:                    throw new ServletException(
078:                            "appContextLocation must be defined");
079:                }
080:
081:                if ((key == null) || "".equals(key)) {
082:                    throw new ServletException("key must be defined");
083:                }
084:
085:                if (Thread.currentThread().getContextClassLoader().getResource(
086:                        appContextLocation) == null) {
087:                    throw new ServletException("Cannot locate "
088:                            + appContextLocation);
089:                }
090:
091:                ClassPathXmlApplicationContext ctx = new ClassPathXmlApplicationContext(
092:                        appContextLocation);
093:                Map beans = ctx.getBeansOfType(AuthenticationManager.class,
094:                        true, true);
095:
096:                if (beans.size() == 0) {
097:                    throw new ServletException(
098:                            "Bean context must contain at least one bean of type AuthenticationManager");
099:                }
100:
101:                String beanName = (String) beans.keySet().iterator().next();
102:                authenticationManager = (AuthenticationManager) beans
103:                        .get(beanName);
104:                logger.info("ResinAcegiAuthenticator Started");
105:            }
106:
107:            public boolean isUserInRole(HttpServletRequest request,
108:                    HttpServletResponse response, ServletContext application,
109:                    Principal principal, String role) {
110:                if (!(principal instanceof  PrincipalAcegiUserToken)) {
111:                    if (logger.isWarnEnabled()) {
112:                        logger
113:                                .warn("Expected passed principal to be of type PrincipalAcegiUserToken");
114:                    }
115:
116:                    return false;
117:                }
118:
119:                PrincipalAcegiUserToken test = (PrincipalAcegiUserToken) principal;
120:
121:                return test.isUserInRole(role);
122:            }
123:
124:            protected Principal loginImpl(String username, String credentials) {
125:                if (username == null) {
126:                    return null;
127:                }
128:
129:                if (credentials == null) {
130:                    credentials = "";
131:                }
132:
133:                Authentication request = new UsernamePasswordAuthenticationToken(
134:                        username, credentials);
135:                Authentication response = null;
136:
137:                try {
138:                    response = authenticationManager.authenticate(request);
139:                } catch (AuthenticationException failed) {
140:                    if (logger.isDebugEnabled()) {
141:                        logger.debug("Authentication request for user: "
142:                                + username + " failed: " + failed.toString());
143:                    }
144:
145:                    return null;
146:                }
147:
148:                return new PrincipalAcegiUserToken(this .key, response
149:                        .getPrincipal().toString(), response.getCredentials()
150:                        .toString(), response.getAuthorities(), response
151:                        .getPrincipal());
152:            }
153:
154:            protected Principal loginImpl(HttpServletRequest request,
155:                    HttpServletResponse response, ServletContext application,
156:                    String userName, String password) throws ServletException {
157:                return loginImpl(userName, password);
158:            }
159:
160:            public void setAppContextLocation(String appContextLocation) {
161:                this .appContextLocation = appContextLocation;
162:            }
163:
164:            public void setKey(String key) {
165:                this.key = key;
166:            }
167:        }