Source code: net/sf/acegisecurity/adapters/resin/ResinAcegiAuthenticator.java
1 /* Copyright 2004 Acegi Technology Pty Limited
2 *
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 package net.sf.acegisecurity.adapters.resin;
17
18 import com.caucho.http.security.AbstractAuthenticator;
19
20 import net.sf.acegisecurity.Authentication;
21 import net.sf.acegisecurity.AuthenticationException;
22 import net.sf.acegisecurity.AuthenticationManager;
23 import net.sf.acegisecurity.adapters.PrincipalAcegiUserToken;
24 import net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken;
25
26 import org.apache.commons.logging.Log;
27 import org.apache.commons.logging.LogFactory;
28
29 import org.springframework.context.support.ClassPathXmlApplicationContext;
30
31 import java.security.Principal;
32
33 import java.util.Map;
34
35 import javax.servlet.ServletContext;
36 import javax.servlet.ServletException;
37 import javax.servlet.http.HttpServletRequest;
38 import javax.servlet.http.HttpServletResponse;
39
40
41 /**
42 * Adapter to enable Resin to authenticate via the Acegi Security System for
43 * Spring.
44 *
45 * <p>
46 * Returns a {@link PrincipalAcegiUserToken} to Resin's authentication system,
47 * which is subsequently available via
48 * <code>HttpServletRequest.getUserPrincipal()</code>.
49 * </p>
50 *
51 * @author Ben Alex
52 * @version $Id: ResinAcegiAuthenticator.java,v 1.3 2004/03/30 04:45:39 benalex Exp $
53 */
54 public class ResinAcegiAuthenticator extends AbstractAuthenticator {
55 //~ Static fields/initializers =============================================
56
57 private static final Log logger = LogFactory.getLog(ResinAcegiAuthenticator.class);
58
59 //~ Instance fields ========================================================
60
61 private AuthenticationManager authenticationManager;
62 private String appContextLocation;
63 private String key;
64
65 //~ Methods ================================================================
66
67 public void setAppContextLocation(String appContextLocation) {
68 this.appContextLocation = appContextLocation;
69 }
70
71 public String getAppContextLocation() {
72 return appContextLocation;
73 }
74
75 public void setKey(String key) {
76 this.key = key;
77 }
78
79 public String getKey() {
80 return key;
81 }
82
83 public boolean isUserInRole(HttpServletRequest request,
84 HttpServletResponse response, ServletContext application,
85 Principal principal, String role) {
86 if (!(principal instanceof PrincipalAcegiUserToken)) {
87 if (logger.isWarnEnabled()) {
88 logger.warn(
89 "Expected passed principal to be of type PrincipalAcegiUserToken");
90 }
91
92 return false;
93 }
94
95 PrincipalAcegiUserToken test = (PrincipalAcegiUserToken) principal;
96
97 return test.isUserInRole(role);
98 }
99
100 public void init() throws ServletException {
101 super.init();
102
103 if ((appContextLocation == null) || "".equals(appContextLocation)) {
104 throw new ServletException("appContextLocation must be defined");
105 }
106
107 if ((key == null) || "".equals(key)) {
108 throw new ServletException("key must be defined");
109 }
110
111 if (Thread.currentThread().getContextClassLoader().getResource(appContextLocation) == null) {
112 throw new ServletException("Cannot locate " + appContextLocation);
113 }
114
115 ClassPathXmlApplicationContext ctx = new ClassPathXmlApplicationContext(appContextLocation);
116 Map beans = ctx.getBeansOfType(AuthenticationManager.class, true, true);
117
118 if (beans.size() == 0) {
119 throw new ServletException(
120 "Bean context must contain at least one bean of type AuthenticationManager");
121 }
122
123 String beanName = (String) beans.keySet().iterator().next();
124 authenticationManager = (AuthenticationManager) beans.get(beanName);
125 logger.info("ResinAcegiAuthenticator Started");
126 }
127
128 protected Principal loginImpl(String username, String credentials) {
129 if (username == null) {
130 return null;
131 }
132
133 if (credentials == null) {
134 credentials = "";
135 }
136
137 Authentication request = new UsernamePasswordAuthenticationToken(username,
138 credentials);
139 Authentication response = null;
140
141 try {
142 response = authenticationManager.authenticate(request);
143 } catch (AuthenticationException failed) {
144 if (logger.isDebugEnabled()) {
145 logger.debug("Authentication request for user: " + username
146 + " failed: " + failed.toString());
147 }
148
149 return null;
150 }
151
152 return new PrincipalAcegiUserToken(this.key,
153 response.getPrincipal().toString(),
154 response.getCredentials().toString(), response.getAuthorities());
155 }
156
157 protected Principal loginImpl(HttpServletRequest request,
158 HttpServletResponse response, ServletContext application,
159 String userName, String password) throws ServletException {
160 return loginImpl(userName, password);
161 }
162 }