Coverage Report - org.mule.security.filters.MuleEncryptionEndpointSecurityFilter
 
Classes in this File Line Coverage Branch Coverage Complexity
MuleEncryptionEndpointSecurityFilter
0%
0/39
0%
0/16
0
 
 1  
 /*
 2  
  * Copyright (c) MuleSoft, Inc.  All rights reserved.  http://www.mulesoft.com
 3  
  * The software in this package is published under the terms of the CPAL v1.0
 4  
  * license, a copy of which has been included with this distribution in the
 5  
  * LICENSE.txt file.
 6  
  */
 7  
 package org.mule.security.filters;
 8  
 
 9  
 import org.mule.api.EncryptionStrategy;
 10  
 import org.mule.api.MuleEvent;
 11  
 import org.mule.api.lifecycle.InitialisationException;
 12  
 import org.mule.api.security.Authentication;
 13  
 import org.mule.api.security.Credentials;
 14  
 import org.mule.api.security.CredentialsNotSetException;
 15  
 import org.mule.api.security.CryptoFailureException;
 16  
 import org.mule.api.security.EncryptionStrategyNotFoundException;
 17  
 import org.mule.api.security.SecurityContext;
 18  
 import org.mule.api.security.SecurityException;
 19  
 import org.mule.api.security.SecurityProviderNotFoundException;
 20  
 import org.mule.api.security.UnauthorisedException;
 21  
 import org.mule.api.security.UnknownAuthenticationTypeException;
 22  
 import org.mule.config.i18n.CoreMessages;
 23  
 import org.mule.security.AbstractEndpointSecurityFilter;
 24  
 import org.mule.security.DefaultMuleAuthentication;
 25  
 import org.mule.security.MuleCredentials;
 26  
 import org.mule.security.MuleHeaderCredentialsAccessor;
 27  
 
 28  
 /**
 29  
  * <code>MuleEncryptionEndpointSecurityFilter</code> provides password-based
 30  
  * encryption
 31  
  */
 32  
 public class MuleEncryptionEndpointSecurityFilter extends AbstractEndpointSecurityFilter
 33  
 {
 34  
     private EncryptionStrategy strategy;
 35  
 
 36  
     public MuleEncryptionEndpointSecurityFilter()
 37  0
     {
 38  0
         setCredentialsAccessor(new MuleHeaderCredentialsAccessor());
 39  0
     }
 40  
 
 41  
     @Override
 42  
     protected final void authenticateInbound(MuleEvent event)
 43  
         throws SecurityException, CryptoFailureException, EncryptionStrategyNotFoundException,
 44  
         UnknownAuthenticationTypeException
 45  
     {
 46  0
         String userHeader = (String) getCredentialsAccessor().getCredentials(event);
 47  0
         if (userHeader == null)
 48  
         {
 49  0
             throw new CredentialsNotSetException(event, event.getSession().getSecurityContext(), this);
 50  
         }
 51  
 
 52  0
         Credentials user = new MuleCredentials(userHeader, getSecurityManager());
 53  
 
 54  
         Authentication authentication;
 55  
         try
 56  
         {
 57  0
             authentication = getSecurityManager().authenticate(new DefaultMuleAuthentication(user));
 58  
         }
 59  0
         catch (Exception e)
 60  
         {
 61  
             // Authentication failed
 62  0
             if (logger.isDebugEnabled())
 63  
             {
 64  0
                 logger.debug("Authentication request for user: " + user.getUsername()
 65  
                     + " failed: " + e.toString());
 66  
             }
 67  0
             throw new UnauthorisedException(
 68  
                 CoreMessages.authFailedForUser(user.getUsername()), event, e);
 69  0
         }
 70  
 
 71  
         // Authentication success
 72  0
         if (logger.isDebugEnabled())
 73  
         {
 74  0
             logger.debug("Authentication success: " + authentication.toString());
 75  
         }
 76  
 
 77  0
         SecurityContext context = getSecurityManager().createSecurityContext(authentication);
 78  0
         context.setAuthentication(authentication);
 79  0
         event.getSession().setSecurityContext(context);
 80  0
     }
 81  
 
 82  
     @Override
 83  
     protected void authenticateOutbound(MuleEvent event)
 84  
         throws SecurityException, SecurityProviderNotFoundException, CryptoFailureException
 85  
     {
 86  0
         SecurityContext securityContext = event.getSession().getSecurityContext();
 87  0
         if (securityContext == null)
 88  
         {
 89  0
             if (isAuthenticate())
 90  
             {
 91  0
                 throw new UnauthorisedException(event, securityContext, this);
 92  
             }
 93  
             else
 94  
             {
 95  0
                 return;
 96  
             }
 97  
         }
 98  
 
 99  0
         Authentication auth = securityContext.getAuthentication();
 100  0
         if (isAuthenticate())
 101  
         {
 102  0
             auth = getSecurityManager().authenticate(auth);
 103  0
             if (logger.isDebugEnabled())
 104  
             {
 105  0
                 logger.debug("Authentication success: " + auth.toString());
 106  
             }
 107  
         }
 108  
 
 109  0
         String token = auth.getCredentials().toString();
 110  0
         String header = new String(strategy.encrypt(token.getBytes(), null));
 111  0
         getCredentialsAccessor().setCredentials(event, header);
 112  
 
 113  0
     }
 114  
 
 115  
     @Override
 116  
     protected void doInitialise() throws InitialisationException
 117  
     {
 118  0
         if (strategy == null)
 119  
         {
 120  0
             throw new InitialisationException(CoreMessages.encryptionStrategyNotSet(), this);
 121  
         }
 122  0
     }
 123  
 
 124  
     public EncryptionStrategy getStrategy()
 125  
     {
 126  0
         return strategy;
 127  
     }
 128  
 
 129  
     public void setStrategy(EncryptionStrategy strategy)
 130  
     {
 131  0
         this.strategy = strategy;
 132  0
     }
 133  
 
 134  
 }