Coverage Report - org.mule.module.acegi.filters.http.HttpBasicAuthenticationFilter
 
Classes in this File Line Coverage Branch Coverage Complexity
HttpBasicAuthenticationFilter
0%
0/74
0%
0/28
0
 
 1  
 /*
 2  
  * $Id: HttpBasicAuthenticationFilter.java 19813 2010-10-04 14:27:20Z esteban.robles $
 3  
  * --------------------------------------------------------------------------------------
 4  
  * Copyright (c) MuleSoft, Inc.  All rights reserved.  http://www.mulesoft.com
 5  
  *
 6  
  * The software in this package is published under the terms of the CPAL v1.0
 7  
  * license, a copy of which has been included with this distribution in the
 8  
  * LICENSE.txt file.
 9  
  */
 10  
 
 11  
 package org.mule.module.acegi.filters.http;
 12  
 
 13  
 import org.mule.api.MuleEvent;
 14  
 import org.mule.api.MuleMessage;
 15  
 import org.mule.api.config.MuleProperties;
 16  
 import org.mule.api.lifecycle.InitialisationException;
 17  
 import org.mule.api.security.Authentication;
 18  
 import org.mule.api.security.SecurityContext;
 19  
 import org.mule.api.security.SecurityException;
 20  
 import org.mule.api.security.SecurityProviderNotFoundException;
 21  
 import org.mule.api.security.UnauthorisedException;
 22  
 import org.mule.api.security.UnknownAuthenticationTypeException;
 23  
 import org.mule.api.security.UnsupportedAuthenticationSchemeException;
 24  
 import org.mule.config.i18n.CoreMessages;
 25  
 import org.mule.module.acegi.AcegiAuthenticationAdapter;
 26  
 import org.mule.module.acegi.i18n.AcegiMessages;
 27  
 import org.mule.security.AbstractEndpointSecurityFilter;
 28  
 import org.mule.transport.http.HttpConnector;
 29  
 import org.mule.transport.http.HttpConstants;
 30  
 
 31  
 import org.acegisecurity.AuthenticationException;
 32  
 import org.acegisecurity.providers.UsernamePasswordAuthenticationToken;
 33  
 import org.apache.commons.codec.binary.Base64;
 34  
 import org.apache.commons.logging.Log;
 35  
 import org.apache.commons.logging.LogFactory;
 36  
 
 37  
 /**
 38  
  * <code>HttpBasicAuthenticationFilter</code> TODO
 39  
  */
 40  
 public class HttpBasicAuthenticationFilter extends AbstractEndpointSecurityFilter
 41  
 {
 42  
     /**
 43  
      * logger used by this class
 44  
      */
 45  0
     protected static final Log logger = LogFactory.getLog(HttpBasicAuthenticationFilter.class);
 46  
 
 47  
     private String realm;
 48  
 
 49  0
     private boolean realmRequired = true;
 50  
 
 51  
     public HttpBasicAuthenticationFilter()
 52  
     {
 53  0
         super();
 54  0
     }
 55  
 
 56  
     public HttpBasicAuthenticationFilter(String realm)
 57  0
     {
 58  0
         this.realm = realm;
 59  0
     }
 60  
 
 61  
     @Override
 62  
     protected void doInitialise() throws InitialisationException
 63  
     {
 64  0
         if (realm == null)
 65  
         {
 66  0
             if (isRealmRequired())
 67  
             {
 68  0
                 throw new InitialisationException(AcegiMessages.authRealmMustBeSetOnFilter(), this);
 69  
             }
 70  
             else
 71  
             {
 72  0
                 logger.warn("There is no security realm set, using default: null");
 73  
             }
 74  
         }
 75  0
     }
 76  
 
 77  
     public String getRealm()
 78  
     {
 79  0
         return realm;
 80  
     }
 81  
 
 82  
     public void setRealm(String realm)
 83  
     {
 84  0
         this.realm = realm;
 85  0
     }
 86  
 
 87  
     public boolean isRealmRequired()
 88  
     {
 89  0
         return realmRequired;
 90  
     }
 91  
 
 92  
     public void setRealmRequired(boolean realmRequired)
 93  
     {
 94  0
         this.realmRequired = realmRequired;
 95  0
     }
 96  
 
 97  
     /**
 98  
      * Authenticates the current message if authenticate is set to true. This method
 99  
      * will always populate the secure context in the session
 100  
      * 
 101  
      * @param event the current message recieved
 102  
      * @throws org.mule.api.security.SecurityException if authentication fails
 103  
      */
 104  
     @Override
 105  
     public void authenticateInbound(MuleEvent event)
 106  
         throws SecurityException, SecurityProviderNotFoundException, UnknownAuthenticationTypeException
 107  
     {
 108  0
         String header = event.getMessage().getInboundProperty(HttpConstants.HEADER_AUTHORIZATION);
 109  
 
 110  0
         if (logger.isDebugEnabled())
 111  
         {
 112  0
             logger.debug("Authorization header: " + header);
 113  
         }
 114  
 
 115  0
         if ((header != null) && header.startsWith("Basic "))
 116  
         {
 117  0
             String base64Token = header.substring(6);
 118  0
             String token = new String(Base64.decodeBase64(base64Token.getBytes()));
 119  
 
 120  0
             String username = "";
 121  0
             String password = "";
 122  0
             int delim = token.indexOf(":");
 123  
 
 124  0
             if (delim != -1)
 125  
             {
 126  0
                 username = token.substring(0, delim);
 127  0
                 password = token.substring(delim + 1);
 128  
             }
 129  
 
 130  0
             UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(
 131  
                 username, password);
 132  0
             authRequest.setDetails(event.getMessage().getInboundProperty(MuleProperties.MULE_ENDPOINT_PROPERTY));
 133  
 
 134  
             Authentication authResult;
 135  
 
 136  0
             Authentication authentication = new AcegiAuthenticationAdapter(authRequest);
 137  
 
 138  
             try
 139  
             {
 140  0
                 authResult = getSecurityManager().authenticate(authentication);
 141  
             }
 142  0
             catch (UnauthorisedException e)
 143  
             {
 144  
                 // Authentication failed
 145  0
                 if (logger.isDebugEnabled())
 146  
                 {
 147  0
                     logger.debug("Authentication request for user: " + username + " failed: " + e.toString());
 148  
                 }
 149  0
                 setUnauthenticated(event);
 150  0
                 throw new UnauthorisedException(CoreMessages.authFailedForUser(username), e);
 151  0
             }
 152  
 
 153  
             // Authentication success
 154  0
             if (logger.isDebugEnabled())
 155  
             {
 156  0
                 logger.debug("Authentication success: " + authResult.toString());
 157  
             }
 158  
 
 159  0
             SecurityContext context = getSecurityManager().createSecurityContext(authResult);
 160  0
             context.setAuthentication(authResult);
 161  0
             event.getSession().setSecurityContext(context);
 162  0
         }
 163  0
         else if (header == null)
 164  
         {
 165  0
             setUnauthenticated(event);
 166  0
             throw new UnauthorisedException(event, event.getSession().getSecurityContext(),
 167  
                 getEndpoint(), this);
 168  
         }
 169  
         else
 170  
         {
 171  0
             setUnauthenticated(event);
 172  0
             throw new UnsupportedAuthenticationSchemeException(
 173  
                 AcegiMessages.basicFilterCannotHandleHeader(header),event);
 174  
         }
 175  0
     }
 176  
 
 177  
     protected void setUnauthenticated(MuleEvent event)
 178  
     {
 179  0
         String realmHeader = "Basic realm=";
 180  0
         if (realm != null)
 181  
         {
 182  0
             realmHeader += "\"" + realm + "\"";
 183  
         }
 184  0
         MuleMessage msg = event.getMessage();
 185  0
         msg.setOutboundProperty(HttpConstants.HEADER_WWW_AUTHENTICATE, realmHeader);
 186  0
         msg.setOutboundProperty(HttpConnector.HTTP_STATUS_PROPERTY, HttpConstants.SC_UNAUTHORIZED);
 187  0
     }
 188  
 
 189  
     /**
 190  
      * Authenticates the current message if authenticate is set to true. This method
 191  
      * will always populate the secure context in the session
 192  
      * 
 193  
      * @param event the current event being dispatched
 194  
      * @throws org.mule.api.security.SecurityException if authentication fails
 195  
      */
 196  
     @Override
 197  
     public void authenticateOutbound(MuleEvent event)
 198  
         throws SecurityException, SecurityProviderNotFoundException
 199  
     {
 200  0
         if (event.getSession().getSecurityContext() == null)
 201  
         {
 202  0
             if (isAuthenticate())
 203  
             {
 204  0
                 throw new UnauthorisedException(event, event.getSession().getSecurityContext(),
 205  
                     event.getEndpoint(), this);
 206  
             }
 207  
             else
 208  
             {
 209  0
                 return;
 210  
             }
 211  
         }
 212  
 
 213  0
         Authentication auth = event.getSession().getSecurityContext().getAuthentication();
 214  0
         if (isAuthenticate())
 215  
         {
 216  0
             auth = getSecurityManager().authenticate(auth);
 217  0
             if (logger.isDebugEnabled())
 218  
             {
 219  0
                 logger.debug("Authentication success: " + auth.toString());
 220  
             }
 221  
         }
 222  
 
 223  0
         StringBuffer header = new StringBuffer(128);
 224  0
         header.append("Basic ");
 225  0
         String token = auth.getCredentials().toString();
 226  0
         header.append(new String(Base64.encodeBase64(token.getBytes())));
 227  
 
 228  0
         event.getMessage().setOutboundProperty(HttpConstants.HEADER_AUTHORIZATION, header.toString());
 229  0
     }
 230  
 
 231  
 }