View Javadoc

1   /*
2    * $Id: MuleEncryptionEndpointSecurityFilter.java 19191 2010-08-25 21:05:23Z tcarlson $
3    * --------------------------------------------------------------------------------------
4    * Copyright (c) MuleSoft, Inc.  All rights reserved.  http://www.mulesoft.com
5    *
6    * The software in this package is published under the terms of the CPAL v1.0
7    * license, a copy of which has been included with this distribution in the
8    * LICENSE.txt file.
9    */
10  
11  package org.mule.security.filters;
12  
13  import org.mule.api.EncryptionStrategy;
14  import org.mule.api.MuleEvent;
15  import org.mule.api.lifecycle.InitialisationException;
16  import org.mule.api.security.Authentication;
17  import org.mule.api.security.Credentials;
18  import org.mule.api.security.CredentialsNotSetException;
19  import org.mule.api.security.CryptoFailureException;
20  import org.mule.api.security.EncryptionStrategyNotFoundException;
21  import org.mule.api.security.SecurityContext;
22  import org.mule.api.security.SecurityException;
23  import org.mule.api.security.SecurityProviderNotFoundException;
24  import org.mule.api.security.UnauthorisedException;
25  import org.mule.api.security.UnknownAuthenticationTypeException;
26  import org.mule.config.i18n.CoreMessages;
27  import org.mule.security.AbstractEndpointSecurityFilter;
28  import org.mule.security.DefaultMuleAuthentication;
29  import org.mule.security.MuleCredentials;
30  import org.mule.security.MuleHeaderCredentialsAccessor;
31  
32  /**
33   * <code>MuleEncryptionEndpointSecurityFilter</code> provides password-based
34   * encryption
35   */
36  public class MuleEncryptionEndpointSecurityFilter extends AbstractEndpointSecurityFilter
37  {
38      private EncryptionStrategy strategy;
39  
40      public MuleEncryptionEndpointSecurityFilter()
41      {
42          setCredentialsAccessor(new MuleHeaderCredentialsAccessor());
43      }
44  
45      @Override
46      protected final void authenticateInbound(MuleEvent event)
47          throws SecurityException, CryptoFailureException, EncryptionStrategyNotFoundException,
48          UnknownAuthenticationTypeException
49      {
50          String userHeader = (String) getCredentialsAccessor().getCredentials(event);
51          if (userHeader == null)
52          {
53              throw new CredentialsNotSetException(event, event.getSession().getSecurityContext(),
54                  event.getEndpoint(), this);
55          }
56  
57          Credentials user = new MuleCredentials(userHeader, getSecurityManager());
58  
59          Authentication authentication;
60          try
61          {
62              authentication = getSecurityManager().authenticate(new DefaultMuleAuthentication(user));
63          }
64          catch (Exception e)
65          {
66              // Authentication failed
67              if (logger.isDebugEnabled())
68              {
69                  logger.debug("Authentication request for user: " + user.getUsername() 
70                      + " failed: " + e.toString());
71              }
72              throw new UnauthorisedException(
73                  CoreMessages.authFailedForUser(user.getUsername()), event, e);
74          }
75  
76          // Authentication success
77          if (logger.isDebugEnabled())
78          {
79              logger.debug("Authentication success: " + authentication.toString());
80          }
81  
82          SecurityContext context = getSecurityManager().createSecurityContext(authentication);
83          context.setAuthentication(authentication);
84          event.getSession().setSecurityContext(context);
85      }
86  
87      @Override
88      protected void authenticateOutbound(MuleEvent event)
89          throws SecurityException, SecurityProviderNotFoundException, CryptoFailureException
90      {
91          if (event.getSession().getSecurityContext() == null)
92          {
93              if (isAuthenticate())
94              {
95                  throw new UnauthorisedException(event, event.getSession().getSecurityContext(),
96                      event.getEndpoint(), this);
97              }
98              else
99              {
100                 return;
101             }
102         }
103         Authentication auth = event.getSession().getSecurityContext().getAuthentication();
104         if (isAuthenticate())
105         {
106             auth = getSecurityManager().authenticate(auth);
107             if (logger.isDebugEnabled())
108             {
109                 logger.debug("Authentication success: " + auth.toString());
110             }
111         }
112 
113         String token = auth.getCredentials().toString();
114         String header = new String(strategy.encrypt(token.getBytes(), null));
115         getCredentialsAccessor().setCredentials(event, header);
116 
117     }
118 
119     @Override
120     protected void doInitialise() throws InitialisationException
121     {
122         if (strategy == null)
123         {
124             throw new InitialisationException(CoreMessages.encryptionStrategyNotSet(), this);
125         }
126     }
127 
128     public EncryptionStrategy getStrategy()
129     {
130         return strategy;
131     }
132 
133     public void setStrategy(EncryptionStrategy strategy)
134     {
135         this.strategy = strategy;
136     }
137 
138 }