1
2
3
4
5
6
7 package org.mule.security;
8
9 import org.mule.api.MuleEvent;
10 import org.mule.api.MuleMessage;
11 import org.mule.api.expression.ExpressionManager;
12 import org.mule.api.security.Authentication;
13 import org.mule.api.security.SecurityContext;
14 import org.mule.api.security.SecurityException;
15 import org.mule.api.security.SecurityManager;
16 import org.mule.api.security.SecurityProviderNotFoundException;
17 import org.mule.api.security.UnauthorisedException;
18 import org.mule.api.security.UnknownAuthenticationTypeException;
19 import org.mule.config.i18n.CoreMessages;
20
21 import org.apache.commons.logging.Log;
22 import org.apache.commons.logging.LogFactory;
23
24
25
26
27
28
29
30 public class UsernamePasswordAuthenticationFilter extends AbstractAuthenticationFilter
31 {
32
33
34
35 protected static final Log logger = LogFactory.getLog(UsernamePasswordAuthenticationFilter.class);
36
37 private String username = "#[header:inbound:username]";
38 private String password = "#[header:inbound:password]";
39
40 public UsernamePasswordAuthenticationFilter()
41 {
42 super();
43 }
44
45
46
47
48
49
50
51 @Override
52 public void authenticateInbound(MuleEvent event)
53 throws SecurityException, SecurityProviderNotFoundException, UnknownAuthenticationTypeException
54 {
55 Authentication authentication = getAuthenticationToken(event);
56 Authentication authResult;
57 try
58 {
59 authResult = getSecurityManager().authenticate(authentication);
60 }
61 catch (UnauthorisedException e)
62 {
63
64 if (logger.isDebugEnabled())
65 {
66 logger.debug("Authentication request for user: " + username + " failed: " + e.toString());
67 }
68 throw new UnauthorisedException(CoreMessages.authFailedForUser(authentication.getPrincipal().toString()), e);
69 }
70
71
72 if (logger.isDebugEnabled())
73 {
74 logger.debug("Authentication success: " + authResult.toString());
75 }
76
77 SecurityContext context = getSecurityManager().createSecurityContext(authResult);
78 context.setAuthentication(authResult);
79 event.getSession().setSecurityContext(context);
80
81 }
82
83 protected Authentication getAuthenticationToken(MuleEvent event) throws UnauthorisedException
84 {
85 ExpressionManager expressionManager = event.getMuleContext().getExpressionManager();
86
87 Object usernameEval = expressionManager.evaluate(username, event.getMessage());
88 Object passwordEval = expressionManager.evaluate(password, event.getMessage());
89
90 if (usernameEval == null) {
91 throw new UnauthorisedException(CoreMessages.authNoCredentials());
92 }
93
94 if (passwordEval == null) {
95 throw new UnauthorisedException(CoreMessages.authNoCredentials());
96 }
97
98 return new DefaultMuleAuthentication(new MuleCredentials(usernameEval.toString(), passwordEval.toString().toCharArray()));
99 }
100
101
102
103
104
105
106
107
108
109 @Override
110 public void authenticateOutbound(MuleEvent event)
111 throws SecurityException, SecurityProviderNotFoundException
112 {
113 }
114
115 public String getUsername()
116 {
117 return username;
118 }
119
120 public void setUsername(String username)
121 {
122 this.username = username;
123 }
124
125 public String getPassword()
126 {
127 return password;
128 }
129
130 public void setPassword(String password)
131 {
132 this.password = password;
133 }
134
135 }