View Javadoc
1   /*
2    * Copyright (c) MuleSoft, Inc.  All rights reserved.  http://www.mulesoft.com
3    * The software in this package is published under the terms of the CPAL v1.0
4    * license, a copy of which has been included with this distribution in the
5    * LICENSE.txt file.
6    */
7   package org.mule.security.filters;
8   
9   import org.mule.api.EncryptionStrategy;
10  import org.mule.api.MuleEvent;
11  import org.mule.api.lifecycle.InitialisationException;
12  import org.mule.api.security.Authentication;
13  import org.mule.api.security.Credentials;
14  import org.mule.api.security.CredentialsNotSetException;
15  import org.mule.api.security.CryptoFailureException;
16  import org.mule.api.security.EncryptionStrategyNotFoundException;
17  import org.mule.api.security.SecurityContext;
18  import org.mule.api.security.SecurityException;
19  import org.mule.api.security.SecurityProviderNotFoundException;
20  import org.mule.api.security.UnauthorisedException;
21  import org.mule.api.security.UnknownAuthenticationTypeException;
22  import org.mule.config.i18n.CoreMessages;
23  import org.mule.security.AbstractEndpointSecurityFilter;
24  import org.mule.security.DefaultMuleAuthentication;
25  import org.mule.security.MuleCredentials;
26  import org.mule.security.MuleHeaderCredentialsAccessor;
27  
28  /**
29   * <code>MuleEncryptionEndpointSecurityFilter</code> provides password-based
30   * encryption
31   */
32  public class MuleEncryptionEndpointSecurityFilter extends AbstractEndpointSecurityFilter
33  {
34      private EncryptionStrategy strategy;
35  
36      public MuleEncryptionEndpointSecurityFilter()
37      {
38          setCredentialsAccessor(new MuleHeaderCredentialsAccessor());
39      }
40  
41      @Override
42      protected final void authenticateInbound(MuleEvent event)
43          throws SecurityException, CryptoFailureException, EncryptionStrategyNotFoundException,
44          UnknownAuthenticationTypeException
45      {
46          String userHeader = (String) getCredentialsAccessor().getCredentials(event);
47          if (userHeader == null)
48          {
49              throw new CredentialsNotSetException(event, event.getSession().getSecurityContext(), this);
50          }
51  
52          Credentials user = new MuleCredentials(userHeader, getSecurityManager());
53  
54          Authentication authentication;
55          try
56          {
57              authentication = getSecurityManager().authenticate(new DefaultMuleAuthentication(user));
58          }
59          catch (Exception e)
60          {
61              // Authentication failed
62              if (logger.isDebugEnabled())
63              {
64                  logger.debug("Authentication request for user: " + user.getUsername()
65                      + " failed: " + e.toString());
66              }
67              throw new UnauthorisedException(
68                  CoreMessages.authFailedForUser(user.getUsername()), event, e);
69          }
70  
71          // Authentication success
72          if (logger.isDebugEnabled())
73          {
74              logger.debug("Authentication success: " + authentication.toString());
75          }
76  
77          SecurityContext context = getSecurityManager().createSecurityContext(authentication);
78          context.setAuthentication(authentication);
79          event.getSession().setSecurityContext(context);
80      }
81  
82      @Override
83      protected void authenticateOutbound(MuleEvent event)
84          throws SecurityException, SecurityProviderNotFoundException, CryptoFailureException
85      {
86          SecurityContext securityContext = event.getSession().getSecurityContext();
87          if (securityContext == null)
88          {
89              if (isAuthenticate())
90              {
91                  throw new UnauthorisedException(event, securityContext, this);
92              }
93              else
94              {
95                  return;
96              }
97          }
98  
99          Authentication auth = securityContext.getAuthentication();
100         if (isAuthenticate())
101         {
102             auth = getSecurityManager().authenticate(auth);
103             if (logger.isDebugEnabled())
104             {
105                 logger.debug("Authentication success: " + auth.toString());
106             }
107         }
108 
109         String token = auth.getCredentials().toString();
110         String header = new String(strategy.encrypt(token.getBytes(), null));
111         getCredentialsAccessor().setCredentials(event, header);
112 
113     }
114 
115     @Override
116     protected void doInitialise() throws InitialisationException
117     {
118         if (strategy == null)
119         {
120             throw new InitialisationException(CoreMessages.encryptionStrategyNotSet(), this);
121         }
122     }
123 
124     public EncryptionStrategy getStrategy()
125     {
126         return strategy;
127     }
128 
129     public void setStrategy(EncryptionStrategy strategy)
130     {
131         this.strategy = strategy;
132     }
133 
134 }