1 | |
|
2 | |
|
3 | |
|
4 | |
|
5 | |
|
6 | |
|
7 | |
package org.mule.module.spring.security; |
8 | |
|
9 | |
import org.mule.api.MuleEvent; |
10 | |
import org.mule.api.lifecycle.InitialisationException; |
11 | |
import org.mule.api.security.Authentication; |
12 | |
import org.mule.api.security.CryptoFailureException; |
13 | |
import org.mule.api.security.EncryptionStrategyNotFoundException; |
14 | |
import org.mule.api.security.NotPermittedException; |
15 | |
import org.mule.api.security.SecurityException; |
16 | |
import org.mule.api.security.SecurityProviderNotFoundException; |
17 | |
import org.mule.api.security.UnauthorisedException; |
18 | |
import org.mule.api.security.UnknownAuthenticationTypeException; |
19 | |
import org.mule.config.i18n.CoreMessages; |
20 | |
import org.mule.module.spring.security.i18n.SpringSecurityMessages; |
21 | |
import org.mule.security.AbstractSecurityFilter; |
22 | |
|
23 | |
import java.text.MessageFormat; |
24 | |
import java.util.Collection; |
25 | |
import java.util.HashSet; |
26 | |
|
27 | |
import edu.emory.mathcs.backport.java.util.Arrays; |
28 | |
|
29 | |
import org.apache.commons.logging.Log; |
30 | |
import org.apache.commons.logging.LogFactory; |
31 | |
import org.springframework.security.core.GrantedAuthority; |
32 | |
|
33 | |
|
34 | |
|
35 | |
|
36 | 0 | public class AuthorizationFilter extends AbstractSecurityFilter |
37 | |
{ |
38 | 0 | protected final Log logger = LogFactory.getLog(getClass()); |
39 | 0 | private Collection<String> requiredAuthorities = new HashSet<String>(); |
40 | |
|
41 | |
public void doFilter(MuleEvent event) |
42 | |
throws SecurityException, UnknownAuthenticationTypeException, CryptoFailureException, |
43 | |
SecurityProviderNotFoundException, EncryptionStrategyNotFoundException, InitialisationException |
44 | |
{ |
45 | 0 | Authentication auth = event.getSession().getSecurityContext().getAuthentication(); |
46 | 0 | if (auth == null) |
47 | |
{ |
48 | 0 | throw new UnauthorisedException(CoreMessages.authNoCredentials()); |
49 | |
} |
50 | |
|
51 | 0 | if (!(auth instanceof SpringAuthenticationAdapter)) |
52 | |
{ |
53 | 0 | throw new UnauthorisedException(SpringSecurityMessages.springAuthenticationRequired()); |
54 | |
} |
55 | |
|
56 | 0 | SpringAuthenticationAdapter springAuth = (SpringAuthenticationAdapter) auth; |
57 | |
|
58 | 0 | String principalName = springAuth.getName(); |
59 | 0 | GrantedAuthority[] authorities = springAuth.getAuthorities(); |
60 | |
|
61 | |
|
62 | |
|
63 | 0 | boolean authorized = false; |
64 | 0 | if (authorities != null) |
65 | |
{ |
66 | 0 | if (logger.isDebugEnabled()) |
67 | |
{ |
68 | 0 | logger.debug("Found authorities '" + Arrays.toString(authorities) + "' for principal '" |
69 | |
+ principalName + "'."); |
70 | |
} |
71 | |
|
72 | 0 | for (GrantedAuthority authority : authorities) |
73 | |
{ |
74 | 0 | if (requiredAuthorities.contains(authority.getAuthority())) |
75 | |
{ |
76 | 0 | authorized = true; |
77 | |
} |
78 | |
} |
79 | |
} |
80 | |
|
81 | 0 | if (!authorized) |
82 | |
{ |
83 | 0 | logger.info(MessageFormat.format("Could not find required authorities for {0}. Required authorities: {1}. Authorities found: {2}.", |
84 | |
principalName, Arrays.toString(requiredAuthorities.toArray()), Arrays.toString(authorities))); |
85 | 0 | throw new NotPermittedException(SpringSecurityMessages.noGrantedAuthority(principalName)); |
86 | |
} |
87 | 0 | } |
88 | |
|
89 | |
public Collection<String> getRequiredAuthorities() |
90 | |
{ |
91 | 0 | return requiredAuthorities; |
92 | |
} |
93 | |
|
94 | |
public void setRequiredAuthorities(Collection<String> requiredAuthorities) |
95 | |
{ |
96 | 0 | this.requiredAuthorities = requiredAuthorities; |
97 | 0 | } |
98 | |
} |