View Javadoc
1   /*
2    * Copyright (c) MuleSoft, Inc.  All rights reserved.  http://www.mulesoft.com
3    * The software in this package is published under the terms of the CPAL v1.0
4    * license, a copy of which has been included with this distribution in the
5    * LICENSE.txt file.
6    */
7   package org.mule.security;
8   
9   import org.mule.api.MuleEvent;
10  import org.mule.api.MuleMessage;
11  import org.mule.api.expression.ExpressionManager;
12  import org.mule.api.security.Authentication;
13  import org.mule.api.security.SecurityContext;
14  import org.mule.api.security.SecurityException;
15  import org.mule.api.security.SecurityManager;
16  import org.mule.api.security.SecurityProviderNotFoundException;
17  import org.mule.api.security.UnauthorisedException;
18  import org.mule.api.security.UnknownAuthenticationTypeException;
19  import org.mule.config.i18n.CoreMessages;
20  
21  import org.apache.commons.logging.Log;
22  import org.apache.commons.logging.LogFactory;
23  
24  /**
25   * Performs authentication based on a username and password. The username and password are retrieved from the 
26   * {@link MuleMessage} based on expressions specified via the username and password setters. These
27   * are then used to create a DefaultMuleAuthentication object which is passed to the authenticate method of the
28   * {@link SecurityManager}.
29   */
30  public class UsernamePasswordAuthenticationFilter extends AbstractAuthenticationFilter
31  {
32      /**
33       * logger used by this class
34       */
35      protected static final Log logger = LogFactory.getLog(UsernamePasswordAuthenticationFilter.class);
36  
37      private String username = "#[header:inbound:username]";
38      private String password = "#[header:inbound:password]";
39  
40      public UsernamePasswordAuthenticationFilter()
41      {
42          super();
43      }
44  
45      /**
46       * Authenticates the current message.
47       * 
48       * @param event the current message recieved
49       * @throws org.mule.api.security.SecurityException if authentication fails
50       */
51      @Override
52      public void authenticateInbound(MuleEvent event)
53          throws SecurityException, SecurityProviderNotFoundException, UnknownAuthenticationTypeException
54      {
55          Authentication authentication = getAuthenticationToken(event);
56          Authentication authResult;
57          try
58          {
59              authResult = getSecurityManager().authenticate(authentication);
60          }
61          catch (UnauthorisedException e)
62          {
63              // Authentication failed
64              if (logger.isDebugEnabled())
65              {
66                  logger.debug("Authentication request for user: " + username + " failed: " + e.toString());
67              }
68              throw new UnauthorisedException(CoreMessages.authFailedForUser(authentication.getPrincipal().toString()), e);
69          }
70  
71          // Authentication success
72          if (logger.isDebugEnabled())
73          {
74              logger.debug("Authentication success: " + authResult.toString());
75          }
76  
77          SecurityContext context = getSecurityManager().createSecurityContext(authResult);
78          context.setAuthentication(authResult);
79          event.getSession().setSecurityContext(context);
80          
81      }
82  
83      protected Authentication getAuthenticationToken(MuleEvent event) throws UnauthorisedException
84      {   
85          ExpressionManager expressionManager = event.getMuleContext().getExpressionManager();
86          
87          Object usernameEval = expressionManager.evaluate(username, event.getMessage());
88          Object passwordEval = expressionManager.evaluate(password, event.getMessage());
89       
90          if (usernameEval == null) {
91              throw new UnauthorisedException(CoreMessages.authNoCredentials());
92          }
93          
94          if (passwordEval == null) {
95              throw new UnauthorisedException(CoreMessages.authNoCredentials());
96          }
97          
98          return new DefaultMuleAuthentication(new MuleCredentials(usernameEval.toString(), passwordEval.toString().toCharArray()));
99      }
100     
101 
102     /**
103      * Authenticates the current message if authenticate is set to true. This method
104      * will always populate the secure context in the session
105      * 
106      * @param event the current event being dispatched
107      * @throws org.mule.api.security.SecurityException if authentication fails
108      */
109     @Override
110     public void authenticateOutbound(MuleEvent event)
111         throws SecurityException, SecurityProviderNotFoundException
112     {
113     }
114 
115     public String getUsername()
116     {
117         return username;
118     }
119 
120     public void setUsername(String username)
121     {
122         this.username = username;
123     }
124 
125     public String getPassword()
126     {
127         return password;
128     }
129 
130     public void setPassword(String password)
131     {
132         this.password = password;
133     }
134 
135 }