Coverage Report - org.mule.module.acegi.filters.http.HttpBasicAuthenticationFilter
 
Classes in this File Line Coverage Branch Coverage Complexity
HttpBasicAuthenticationFilter
59%
44/74
36%
10/28
3
 
 1  
 /*
 2  
  * $Id: HttpBasicAuthenticationFilter.java 10789 2008-02-12 20:04:43Z dfeist $
 3  
  * --------------------------------------------------------------------------------------
 4  
  * Copyright (c) MuleSource, Inc.  All rights reserved.  http://www.mulesource.com
 5  
  *
 6  
  * The software in this package is published under the terms of the CPAL v1.0
 7  
  * license, a copy of which has been included with this distribution in the
 8  
  * LICENSE.txt file.
 9  
  */
 10  
 
 11  
 package org.mule.module.acegi.filters.http;
 12  
 
 13  
 import org.mule.api.MuleEvent;
 14  
 import org.mule.api.MuleMessage;
 15  
 import org.mule.api.config.MuleProperties;
 16  
 import org.mule.api.lifecycle.InitialisationException;
 17  
 import org.mule.api.security.Authentication;
 18  
 import org.mule.api.security.SecurityException;
 19  
 import org.mule.api.security.SecurityProviderNotFoundException;
 20  
 import org.mule.api.security.SecurityContext;
 21  
 import org.mule.api.security.UnauthorisedException;
 22  
 import org.mule.api.security.UnknownAuthenticationTypeException;
 23  
 import org.mule.api.security.UnsupportedAuthenticationSchemeException;
 24  
 import org.mule.config.i18n.CoreMessages;
 25  
 import org.mule.module.acegi.AcegiAuthenticationAdapter;
 26  
 import org.mule.module.acegi.i18n.AcegiMessages;
 27  
 import org.mule.security.AbstractEndpointSecurityFilter;
 28  
 import org.mule.transport.http.HttpConnector;
 29  
 import org.mule.transport.http.HttpConstants;
 30  
 
 31  
 import org.acegisecurity.AuthenticationException;
 32  
 import org.acegisecurity.providers.UsernamePasswordAuthenticationToken;
 33  
 import org.apache.commons.codec.binary.Base64;
 34  
 import org.apache.commons.logging.Log;
 35  
 import org.apache.commons.logging.LogFactory;
 36  
 
 37  
 /**
 38  
  * <code>HttpBasicAuthenticationFilter</code> TODO
 39  
  */
 40  
 public class HttpBasicAuthenticationFilter extends AbstractEndpointSecurityFilter
 41  
 {
 42  
     /**
 43  
      * logger used by this class
 44  
      */
 45  2
     protected static final Log logger = LogFactory.getLog(HttpBasicAuthenticationFilter.class);
 46  
 
 47  
     private String realm;
 48  
 
 49  14
     private boolean realmRequired = true;
 50  
 
 51  
     public HttpBasicAuthenticationFilter()
 52  
     {
 53  14
         super();
 54  14
     }
 55  
 
 56  
     public HttpBasicAuthenticationFilter(String realm)
 57  0
     {
 58  0
         this.realm = realm;
 59  0
     }
 60  
 
 61  
     protected void doInitialise() throws InitialisationException
 62  
     {
 63  14
         if (realm == null)
 64  
         {
 65  0
             if (isRealmRequired())
 66  
             {
 67  0
                 throw new InitialisationException(AcegiMessages.authRealmMustBeSetOnFilter(), this);
 68  
             }
 69  
             else
 70  
             {
 71  0
                 logger.warn("There is no security realm set, using default: null");
 72  
             }
 73  
         }
 74  14
     }
 75  
 
 76  
     public String getRealm()
 77  
     {
 78  0
         return realm;
 79  
     }
 80  
 
 81  
     public void setRealm(String realm)
 82  
     {
 83  14
         this.realm = realm;
 84  14
     }
 85  
 
 86  
     public boolean isRealmRequired()
 87  
     {
 88  0
         return realmRequired;
 89  
     }
 90  
 
 91  
     public void setRealmRequired(boolean realmRequired)
 92  
     {
 93  0
         this.realmRequired = realmRequired;
 94  0
     }
 95  
 
 96  
     /**
 97  
      * Authenticates the current message if authenticate is set to true. This method
 98  
      * will always populate the secure context in the session
 99  
      * 
 100  
      * @param event the current message recieved
 101  
      * @throws org.mule.api.security.SecurityException if authentication fails
 102  
      */
 103  
     public void authenticateInbound(MuleEvent event)
 104  
         throws SecurityException, SecurityProviderNotFoundException, UnknownAuthenticationTypeException
 105  
     {
 106  22
         String header = event.getMessage().getStringProperty(HttpConstants.HEADER_AUTHORIZATION, null);
 107  
 
 108  22
         if (logger.isDebugEnabled())
 109  
         {
 110  0
             logger.debug("Authorization header: " + header);
 111  
         }
 112  
 
 113  22
         if ((header != null) && header.startsWith("Basic "))
 114  
         {
 115  12
             String base64Token = header.substring(6);
 116  12
             String token = new String(Base64.decodeBase64(base64Token.getBytes()));
 117  
 
 118  12
             String username = "";
 119  12
             String password = "";
 120  12
             int delim = token.indexOf(":");
 121  
 
 122  12
             if (delim != -1)
 123  
             {
 124  12
                 username = token.substring(0, delim);
 125  12
                 password = token.substring(delim + 1);
 126  
             }
 127  
 
 128  12
             UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(
 129  
                 username, password);
 130  12
             authRequest.setDetails(event.getMessage().getProperty(MuleProperties.MULE_ENDPOINT_PROPERTY));
 131  
 
 132  
             Authentication authResult;
 133  
 
 134  12
             Authentication umoAuthentication = new AcegiAuthenticationAdapter(authRequest);
 135  
 
 136  
             try
 137  
             {
 138  12
                 authResult = getSecurityManager().authenticate(umoAuthentication);
 139  
             }
 140  4
             catch (AuthenticationException e)
 141  
             {
 142  
                 // Authentication failed
 143  4
                 if (logger.isDebugEnabled())
 144  
                 {
 145  0
                     logger.debug("Authentication request for user: " + username + " failed: " + e.toString());
 146  
                 }
 147  4
                 setUnauthenticated(event);
 148  4
                 throw new UnauthorisedException(CoreMessages.authFailedForUser(username), e);
 149  8
             }
 150  
 
 151  
             // Authentication success
 152  8
             if (logger.isDebugEnabled())
 153  
             {
 154  0
                 logger.debug("Authentication success: " + authResult.toString());
 155  
             }
 156  
 
 157  8
             SecurityContext context = getSecurityManager().createSecurityContext(authResult);
 158  8
             context.setAuthentication(authResult);
 159  8
             event.getSession().setSecurityContext(context);
 160  8
         }
 161  10
         else if (header == null)
 162  
         {
 163  10
             setUnauthenticated(event);
 164  10
             throw new UnauthorisedException(event.getMessage(), event.getSession().getSecurityContext(),
 165  
                 getEndpoint(), this);
 166  
         }
 167  
         else
 168  
         {
 169  0
             setUnauthenticated(event);
 170  0
             throw new UnsupportedAuthenticationSchemeException(
 171  
                 AcegiMessages.basicFilterCannotHandleHeader(header),
 172  
                 event.getMessage());
 173  
         }
 174  8
     }
 175  
 
 176  
     protected void setUnauthenticated(MuleEvent event)
 177  
     {
 178  14
         String realmHeader = "Basic realm=";
 179  14
         if (realm != null)
 180  
         {
 181  14
             realmHeader += "\"" + realm + "\"";
 182  
         }
 183  14
         MuleMessage msg = event.getMessage();
 184  14
         msg.setProperty(HttpConstants.HEADER_WWW_AUTHENTICATE, realmHeader);
 185  14
         msg.setIntProperty(HttpConnector.HTTP_STATUS_PROPERTY, HttpConstants.SC_UNAUTHORIZED);
 186  14
     }
 187  
 
 188  
     /**
 189  
      * Authenticates the current message if authenticate is set to true. This method
 190  
      * will always populate the secure context in the session
 191  
      * 
 192  
      * @param event the current event being dispatched
 193  
      * @throws org.mule.api.security.SecurityException if authentication fails
 194  
      */
 195  
     public void authenticateOutbound(MuleEvent event)
 196  
         throws SecurityException, SecurityProviderNotFoundException
 197  
     {
 198  0
         if (event.getSession().getSecurityContext() == null)
 199  
         {
 200  0
             if (isAuthenticate())
 201  
             {
 202  0
                 throw new UnauthorisedException(event.getMessage(), event.getSession().getSecurityContext(),
 203  
                     event.getEndpoint(), this);
 204  
             }
 205  
             else
 206  
             {
 207  0
                 return;
 208  
             }
 209  
         }
 210  
 
 211  0
         Authentication auth = event.getSession().getSecurityContext().getAuthentication();
 212  0
         if (isAuthenticate())
 213  
         {
 214  0
             auth = getSecurityManager().authenticate(auth);
 215  0
             if (logger.isDebugEnabled())
 216  
             {
 217  0
                 logger.debug("Authentication success: " + auth.toString());
 218  
             }
 219  
         }
 220  
 
 221  0
         StringBuffer header = new StringBuffer(128);
 222  0
         header.append("Basic ");
 223  0
         String token = auth.getCredentials().toString();
 224  0
         header.append(new String(Base64.encodeBase64(token.getBytes())));
 225  
 
 226  0
         event.getMessage().setStringProperty(HttpConstants.HEADER_AUTHORIZATION, header.toString());
 227  0
     }
 228  
 
 229  
 }