1 | |
|
2 | |
|
3 | |
|
4 | |
|
5 | |
|
6 | |
|
7 | |
|
8 | |
|
9 | |
|
10 | |
|
11 | |
package org.mule.module.spring.security.filters.http; |
12 | |
|
13 | |
import org.mule.api.MuleEvent; |
14 | |
import org.mule.api.MuleMessage; |
15 | |
import org.mule.api.config.MuleProperties; |
16 | |
import org.mule.api.lifecycle.InitialisationException; |
17 | |
import org.mule.api.security.Authentication; |
18 | |
import org.mule.api.security.SecurityContext; |
19 | |
import org.mule.api.security.SecurityException; |
20 | |
import org.mule.api.security.SecurityProviderNotFoundException; |
21 | |
import org.mule.api.security.UnauthorisedException; |
22 | |
import org.mule.api.security.UnknownAuthenticationTypeException; |
23 | |
import org.mule.api.security.UnsupportedAuthenticationSchemeException; |
24 | |
import org.mule.config.i18n.CoreMessages; |
25 | |
import org.mule.module.spring.security.SpringAuthenticationAdapter; |
26 | |
import org.mule.module.spring.security.i18n.SpringSecurityMessages; |
27 | |
import org.mule.security.AbstractEndpointSecurityFilter; |
28 | |
import org.mule.transport.http.HttpConnector; |
29 | |
import org.mule.transport.http.HttpConstants; |
30 | |
|
31 | |
import org.apache.commons.codec.binary.Base64; |
32 | |
import org.apache.commons.logging.Log; |
33 | |
import org.apache.commons.logging.LogFactory; |
34 | |
import org.springframework.security.core.AuthenticationException; |
35 | |
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; |
36 | |
|
37 | |
|
38 | |
|
39 | |
|
40 | |
|
41 | |
public class HttpBasicAuthenticationFilter extends AbstractEndpointSecurityFilter |
42 | |
{ |
43 | |
|
44 | |
|
45 | |
|
46 | 0 | protected static final Log logger = LogFactory.getLog(HttpBasicAuthenticationFilter.class); |
47 | |
|
48 | |
private String realm; |
49 | |
|
50 | 0 | private boolean realmRequired = true; |
51 | |
|
52 | |
public HttpBasicAuthenticationFilter() |
53 | |
{ |
54 | 0 | super(); |
55 | 0 | } |
56 | |
|
57 | |
public HttpBasicAuthenticationFilter(String realm) |
58 | 0 | { |
59 | 0 | this.realm = realm; |
60 | 0 | } |
61 | |
|
62 | |
@Override |
63 | |
protected void doInitialise() throws InitialisationException |
64 | |
{ |
65 | 0 | if (realm == null) |
66 | |
{ |
67 | 0 | if (isRealmRequired()) |
68 | |
{ |
69 | 0 | throw new InitialisationException(SpringSecurityMessages.authRealmMustBeSetOnFilter(), this); |
70 | |
} |
71 | |
else |
72 | |
{ |
73 | 0 | logger.warn("There is no security realm set, using default: null"); |
74 | |
} |
75 | |
} |
76 | 0 | } |
77 | |
|
78 | |
public String getRealm() |
79 | |
{ |
80 | 0 | return realm; |
81 | |
} |
82 | |
|
83 | |
public void setRealm(String realm) |
84 | |
{ |
85 | 0 | this.realm = realm; |
86 | 0 | } |
87 | |
|
88 | |
public boolean isRealmRequired() |
89 | |
{ |
90 | 0 | return realmRequired; |
91 | |
} |
92 | |
|
93 | |
public void setRealmRequired(boolean realmRequired) |
94 | |
{ |
95 | 0 | this.realmRequired = realmRequired; |
96 | 0 | } |
97 | |
|
98 | |
|
99 | |
|
100 | |
|
101 | |
|
102 | |
|
103 | |
|
104 | |
|
105 | |
@Override |
106 | |
public void authenticateInbound(MuleEvent event) |
107 | |
throws SecurityException, SecurityProviderNotFoundException, UnknownAuthenticationTypeException |
108 | |
{ |
109 | 0 | String header = event.getMessage().getInboundProperty(HttpConstants.HEADER_AUTHORIZATION); |
110 | |
|
111 | 0 | if (logger.isDebugEnabled()) |
112 | |
{ |
113 | 0 | logger.debug("Authorization header: " + header); |
114 | |
} |
115 | |
|
116 | 0 | if ((header != null) && header.startsWith("Basic ")) |
117 | |
{ |
118 | 0 | String base64Token = header.substring(6); |
119 | 0 | String token = new String(Base64.decodeBase64(base64Token.getBytes())); |
120 | |
|
121 | 0 | String username = ""; |
122 | 0 | String password = ""; |
123 | 0 | int delim = token.indexOf(":"); |
124 | |
|
125 | 0 | if (delim != -1) |
126 | |
{ |
127 | 0 | username = token.substring(0, delim); |
128 | 0 | password = token.substring(delim + 1); |
129 | |
} |
130 | |
|
131 | 0 | UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken( |
132 | |
username, password); |
133 | 0 | authRequest.setDetails(event.getMessage().getInboundProperty(MuleProperties.MULE_ENDPOINT_PROPERTY)); |
134 | |
|
135 | |
Authentication authResult; |
136 | |
|
137 | 0 | Authentication authentication = new SpringAuthenticationAdapter(authRequest); |
138 | |
|
139 | |
try |
140 | |
{ |
141 | 0 | authResult = getSecurityManager().authenticate(authentication); |
142 | |
} |
143 | 0 | catch (UnauthorisedException e) |
144 | |
{ |
145 | |
|
146 | 0 | if (logger.isDebugEnabled()) |
147 | |
{ |
148 | 0 | logger.debug("Authentication request for user: " + username + " failed: " + e.toString()); |
149 | |
} |
150 | 0 | setUnauthenticated(event); |
151 | 0 | throw new UnauthorisedException(CoreMessages.authFailedForUser(username), e); |
152 | 0 | } |
153 | |
|
154 | |
|
155 | 0 | if (logger.isDebugEnabled()) |
156 | |
{ |
157 | 0 | logger.debug("Authentication success: " + authResult.toString()); |
158 | |
} |
159 | |
|
160 | 0 | SecurityContext context = getSecurityManager().createSecurityContext(authResult); |
161 | 0 | context.setAuthentication(authResult); |
162 | 0 | event.getSession().setSecurityContext(context); |
163 | 0 | } |
164 | 0 | else if (header == null) |
165 | |
{ |
166 | 0 | setUnauthenticated(event); |
167 | 0 | throw new UnauthorisedException(event, event.getSession().getSecurityContext(), |
168 | |
getEndpoint(), this); |
169 | |
} |
170 | |
else |
171 | |
{ |
172 | 0 | setUnauthenticated(event); |
173 | 0 | throw new UnsupportedAuthenticationSchemeException( |
174 | |
SpringSecurityMessages.basicFilterCannotHandleHeader(header), event); |
175 | |
} |
176 | 0 | } |
177 | |
|
178 | |
protected void setUnauthenticated(MuleEvent event) |
179 | |
{ |
180 | 0 | String realmHeader = "Basic realm="; |
181 | 0 | if (realm != null) |
182 | |
{ |
183 | 0 | realmHeader += "\"" + realm + "\""; |
184 | |
} |
185 | 0 | MuleMessage msg = event.getMessage(); |
186 | 0 | msg.setOutboundProperty(HttpConstants.HEADER_WWW_AUTHENTICATE, realmHeader); |
187 | 0 | msg.setOutboundProperty(HttpConnector.HTTP_STATUS_PROPERTY, HttpConstants.SC_UNAUTHORIZED); |
188 | 0 | } |
189 | |
|
190 | |
|
191 | |
|
192 | |
|
193 | |
|
194 | |
|
195 | |
|
196 | |
|
197 | |
@Override |
198 | |
public void authenticateOutbound(MuleEvent event) |
199 | |
throws SecurityException, SecurityProviderNotFoundException |
200 | |
{ |
201 | 0 | if (event.getSession().getSecurityContext() == null) |
202 | |
{ |
203 | 0 | if (isAuthenticate()) |
204 | |
{ |
205 | 0 | throw new UnauthorisedException(event, event.getSession().getSecurityContext(), |
206 | |
event.getEndpoint(), this); |
207 | |
} |
208 | |
else |
209 | |
{ |
210 | 0 | return; |
211 | |
} |
212 | |
} |
213 | |
|
214 | 0 | Authentication auth = event.getSession().getSecurityContext().getAuthentication(); |
215 | 0 | if (isAuthenticate()) |
216 | |
{ |
217 | 0 | auth = getSecurityManager().authenticate(auth); |
218 | 0 | if (logger.isDebugEnabled()) |
219 | |
{ |
220 | 0 | logger.debug("Authentication success: " + auth.toString()); |
221 | |
} |
222 | |
} |
223 | |
|
224 | 0 | StringBuffer header = new StringBuffer(128); |
225 | 0 | header.append("Basic "); |
226 | 0 | String token = auth.getCredentials().toString(); |
227 | 0 | header.append(new String(Base64.encodeBase64(token.getBytes()))); |
228 | |
|
229 | 0 | event.getMessage().setOutboundProperty(HttpConstants.HEADER_AUTHORIZATION, header.toString()); |
230 | 0 | } |
231 | |
|
232 | |
} |