1
2
3
4
5
6
7 package org.mule.module.spring.security;
8
9 import org.mule.api.MuleEvent;
10 import org.mule.api.lifecycle.InitialisationException;
11 import org.mule.api.security.Authentication;
12 import org.mule.api.security.CryptoFailureException;
13 import org.mule.api.security.EncryptionStrategyNotFoundException;
14 import org.mule.api.security.NotPermittedException;
15 import org.mule.api.security.SecurityException;
16 import org.mule.api.security.SecurityProviderNotFoundException;
17 import org.mule.api.security.UnauthorisedException;
18 import org.mule.api.security.UnknownAuthenticationTypeException;
19 import org.mule.config.i18n.CoreMessages;
20 import org.mule.module.spring.security.i18n.SpringSecurityMessages;
21 import org.mule.security.AbstractSecurityFilter;
22
23 import java.text.MessageFormat;
24 import java.util.Collection;
25 import java.util.HashSet;
26
27 import edu.emory.mathcs.backport.java.util.Arrays;
28
29 import org.apache.commons.logging.Log;
30 import org.apache.commons.logging.LogFactory;
31 import org.springframework.security.core.GrantedAuthority;
32
33
34
35
36 public class AuthorizationFilter extends AbstractSecurityFilter
37 {
38 protected final Log logger = LogFactory.getLog(getClass());
39 private Collection<String> requiredAuthorities = new HashSet<String>();
40
41 public void doFilter(MuleEvent event)
42 throws SecurityException, UnknownAuthenticationTypeException, CryptoFailureException,
43 SecurityProviderNotFoundException, EncryptionStrategyNotFoundException, InitialisationException
44 {
45 Authentication auth = event.getSession().getSecurityContext().getAuthentication();
46 if (auth == null)
47 {
48 throw new UnauthorisedException(CoreMessages.authNoCredentials());
49 }
50
51 if (!(auth instanceof SpringAuthenticationAdapter))
52 {
53 throw new UnauthorisedException(SpringSecurityMessages.springAuthenticationRequired());
54 }
55
56 SpringAuthenticationAdapter springAuth = (SpringAuthenticationAdapter) auth;
57
58 String principalName = springAuth.getName();
59 GrantedAuthority[] authorities = springAuth.getAuthorities();
60
61
62
63 boolean authorized = false;
64 if (authorities != null)
65 {
66 if (logger.isDebugEnabled())
67 {
68 logger.debug("Found authorities '" + Arrays.toString(authorities) + "' for principal '"
69 + principalName + "'.");
70 }
71
72 for (GrantedAuthority authority : authorities)
73 {
74 if (requiredAuthorities.contains(authority.getAuthority()))
75 {
76 authorized = true;
77 }
78 }
79 }
80
81 if (!authorized)
82 {
83 logger.info(MessageFormat.format("Could not find required authorities for {0}. Required authorities: {1}. Authorities found: {2}.",
84 principalName, Arrays.toString(requiredAuthorities.toArray()), Arrays.toString(authorities)));
85 throw new NotPermittedException(SpringSecurityMessages.noGrantedAuthority(principalName));
86 }
87 }
88
89 public Collection<String> getRequiredAuthorities()
90 {
91 return requiredAuthorities;
92 }
93
94 public void setRequiredAuthorities(Collection<String> requiredAuthorities)
95 {
96 this.requiredAuthorities = requiredAuthorities;
97 }
98 }