1
2
3
4
5
6
7 package org.mule.module.cxf.support;
8
9 import org.mule.RequestContext;
10 import org.mule.api.security.Authentication;
11 import org.mule.api.security.SecurityContext;
12 import org.mule.api.security.SecurityException;
13 import org.mule.api.security.SecurityProviderNotFoundException;
14 import org.mule.api.security.UnknownAuthenticationTypeException;
15 import org.mule.security.DefaultMuleAuthentication;
16 import org.mule.security.MuleCredentials;
17
18 import java.io.IOException;
19
20 import javax.security.auth.callback.Callback;
21 import javax.security.auth.callback.CallbackHandler;
22 import javax.security.auth.callback.UnsupportedCallbackException;
23
24 import org.apache.commons.logging.Log;
25 import org.apache.commons.logging.LogFactory;
26 import org.apache.ws.security.WSPasswordCallback;
27 import org.apache.ws.security.WSSecurityException;
28
29 public class MuleSecurityManagerCallbackHandler implements CallbackHandler
30 {
31 private static Log logger = LogFactory.getLog(MuleSecurityManagerCallbackHandler.class);
32
33 private org.mule.api.security.SecurityManager securityManager;
34
35 public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException
36 {
37 WSPasswordCallback pc = (WSPasswordCallback) callbacks[0];
38
39 if (pc.getUsage() == WSPasswordCallback.USERNAME_TOKEN
40 || pc.getUsage() == WSPasswordCallback.USERNAME_TOKEN_UNKNOWN)
41 {
42 DefaultMuleAuthentication auth = new DefaultMuleAuthentication(
43 new MuleCredentials(pc.getIdentifer(), pc.getPassword().toCharArray()));
44
45 try
46 {
47 Authentication authentication = securityManager.authenticate(auth);
48 pc.setPassword(pc.getPassword());
49
50 SecurityContext secContext = null;
51 try
52 {
53 secContext = securityManager.createSecurityContext(authentication);
54 secContext.setAuthentication(authentication);
55 }
56 catch (UnknownAuthenticationTypeException e)
57 {
58 logger.warn("Could not create security context after having successfully authenticated.", e);
59 }
60 RequestContext.getEvent().getSession().setSecurityContext(secContext);
61 }
62 catch (SecurityException e)
63 {
64 throw new WSSecurityException(WSSecurityException.FAILED_AUTHENTICATION, null, null, e);
65 }
66 catch (SecurityProviderNotFoundException e)
67 {
68 throw new WSSecurityException(WSSecurityException.FAILED_AUTHENTICATION, null, null, e);
69 }
70 }
71 }
72
73 public void setSecurityManager(org.mule.api.security.SecurityManager securityManager)
74 {
75 this.securityManager = securityManager;
76 }
77
78 }
79
80