1 | |
|
2 | |
|
3 | |
|
4 | |
|
5 | |
|
6 | |
|
7 | |
package org.mule.security.filters; |
8 | |
|
9 | |
import org.mule.api.EncryptionStrategy; |
10 | |
import org.mule.api.MuleEvent; |
11 | |
import org.mule.api.lifecycle.InitialisationException; |
12 | |
import org.mule.api.security.Authentication; |
13 | |
import org.mule.api.security.Credentials; |
14 | |
import org.mule.api.security.CredentialsNotSetException; |
15 | |
import org.mule.api.security.CryptoFailureException; |
16 | |
import org.mule.api.security.EncryptionStrategyNotFoundException; |
17 | |
import org.mule.api.security.SecurityContext; |
18 | |
import org.mule.api.security.SecurityException; |
19 | |
import org.mule.api.security.SecurityProviderNotFoundException; |
20 | |
import org.mule.api.security.UnauthorisedException; |
21 | |
import org.mule.api.security.UnknownAuthenticationTypeException; |
22 | |
import org.mule.config.i18n.CoreMessages; |
23 | |
import org.mule.security.AbstractEndpointSecurityFilter; |
24 | |
import org.mule.security.DefaultMuleAuthentication; |
25 | |
import org.mule.security.MuleCredentials; |
26 | |
import org.mule.security.MuleHeaderCredentialsAccessor; |
27 | |
|
28 | |
|
29 | |
|
30 | |
|
31 | |
|
32 | |
public class MuleEncryptionEndpointSecurityFilter extends AbstractEndpointSecurityFilter |
33 | |
{ |
34 | |
private EncryptionStrategy strategy; |
35 | |
|
36 | |
public MuleEncryptionEndpointSecurityFilter() |
37 | 0 | { |
38 | 0 | setCredentialsAccessor(new MuleHeaderCredentialsAccessor()); |
39 | 0 | } |
40 | |
|
41 | |
@Override |
42 | |
protected final void authenticateInbound(MuleEvent event) |
43 | |
throws SecurityException, CryptoFailureException, EncryptionStrategyNotFoundException, |
44 | |
UnknownAuthenticationTypeException |
45 | |
{ |
46 | 0 | String userHeader = (String) getCredentialsAccessor().getCredentials(event); |
47 | 0 | if (userHeader == null) |
48 | |
{ |
49 | 0 | throw new CredentialsNotSetException(event, event.getSession().getSecurityContext(), this); |
50 | |
} |
51 | |
|
52 | 0 | Credentials user = new MuleCredentials(userHeader, getSecurityManager()); |
53 | |
|
54 | |
Authentication authentication; |
55 | |
try |
56 | |
{ |
57 | 0 | authentication = getSecurityManager().authenticate(new DefaultMuleAuthentication(user)); |
58 | |
} |
59 | 0 | catch (Exception e) |
60 | |
{ |
61 | |
|
62 | 0 | if (logger.isDebugEnabled()) |
63 | |
{ |
64 | 0 | logger.debug("Authentication request for user: " + user.getUsername() |
65 | |
+ " failed: " + e.toString()); |
66 | |
} |
67 | 0 | throw new UnauthorisedException( |
68 | |
CoreMessages.authFailedForUser(user.getUsername()), event, e); |
69 | 0 | } |
70 | |
|
71 | |
|
72 | 0 | if (logger.isDebugEnabled()) |
73 | |
{ |
74 | 0 | logger.debug("Authentication success: " + authentication.toString()); |
75 | |
} |
76 | |
|
77 | 0 | SecurityContext context = getSecurityManager().createSecurityContext(authentication); |
78 | 0 | context.setAuthentication(authentication); |
79 | 0 | event.getSession().setSecurityContext(context); |
80 | 0 | } |
81 | |
|
82 | |
@Override |
83 | |
protected void authenticateOutbound(MuleEvent event) |
84 | |
throws SecurityException, SecurityProviderNotFoundException, CryptoFailureException |
85 | |
{ |
86 | 0 | SecurityContext securityContext = event.getSession().getSecurityContext(); |
87 | 0 | if (securityContext == null) |
88 | |
{ |
89 | 0 | if (isAuthenticate()) |
90 | |
{ |
91 | 0 | throw new UnauthorisedException(event, securityContext, this); |
92 | |
} |
93 | |
else |
94 | |
{ |
95 | 0 | return; |
96 | |
} |
97 | |
} |
98 | |
|
99 | 0 | Authentication auth = securityContext.getAuthentication(); |
100 | 0 | if (isAuthenticate()) |
101 | |
{ |
102 | 0 | auth = getSecurityManager().authenticate(auth); |
103 | 0 | if (logger.isDebugEnabled()) |
104 | |
{ |
105 | 0 | logger.debug("Authentication success: " + auth.toString()); |
106 | |
} |
107 | |
} |
108 | |
|
109 | 0 | String token = auth.getCredentials().toString(); |
110 | 0 | String header = new String(strategy.encrypt(token.getBytes(), null)); |
111 | 0 | getCredentialsAccessor().setCredentials(event, header); |
112 | |
|
113 | 0 | } |
114 | |
|
115 | |
@Override |
116 | |
protected void doInitialise() throws InitialisationException |
117 | |
{ |
118 | 0 | if (strategy == null) |
119 | |
{ |
120 | 0 | throw new InitialisationException(CoreMessages.encryptionStrategyNotSet(), this); |
121 | |
} |
122 | 0 | } |
123 | |
|
124 | |
public EncryptionStrategy getStrategy() |
125 | |
{ |
126 | 0 | return strategy; |
127 | |
} |
128 | |
|
129 | |
public void setStrategy(EncryptionStrategy strategy) |
130 | |
{ |
131 | 0 | this.strategy = strategy; |
132 | 0 | } |
133 | |
|
134 | |
} |