View Javadoc
1   /*
2    * Copyright (c) MuleSoft, Inc.  All rights reserved.  http://www.mulesoft.com
3    * The software in this package is published under the terms of the CPAL v1.0
4    * license, a copy of which has been included with this distribution in the
5    * LICENSE.txt file.
6    */
7   package org.mule.module.cxf.support;
8   
9   import org.mule.RequestContext;
10  import org.mule.api.security.Authentication;
11  import org.mule.api.security.SecurityContext;
12  import org.mule.api.security.SecurityException;
13  import org.mule.api.security.SecurityProviderNotFoundException;
14  import org.mule.api.security.UnknownAuthenticationTypeException;
15  import org.mule.security.DefaultMuleAuthentication;
16  import org.mule.security.MuleCredentials;
17  
18  import java.io.IOException;
19  
20  import javax.security.auth.callback.Callback;
21  import javax.security.auth.callback.CallbackHandler;
22  import javax.security.auth.callback.UnsupportedCallbackException;
23  
24  import org.apache.commons.logging.Log;
25  import org.apache.commons.logging.LogFactory;
26  import org.apache.ws.security.WSPasswordCallback;
27  import org.apache.ws.security.WSSecurityException;
28  
29  public class MuleSecurityManagerCallbackHandler implements CallbackHandler
30  {
31      private static Log logger = LogFactory.getLog(MuleSecurityManagerCallbackHandler.class);
32      
33      private org.mule.api.security.SecurityManager securityManager;
34  
35      public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException
36      {
37          WSPasswordCallback pc = (WSPasswordCallback) callbacks[0];
38          
39          if (pc.getUsage() == WSPasswordCallback.USERNAME_TOKEN
40                          || pc.getUsage() == WSPasswordCallback.USERNAME_TOKEN_UNKNOWN)
41          {
42              DefaultMuleAuthentication auth = new DefaultMuleAuthentication(
43                  new MuleCredentials(pc.getIdentifer(), pc.getPassword().toCharArray()));
44              
45              try
46              {
47                  Authentication authentication = securityManager.authenticate(auth);
48                  pc.setPassword(pc.getPassword());
49  
50                  SecurityContext secContext = null;
51                  try
52                  {
53                      secContext = securityManager.createSecurityContext(authentication);
54                      secContext.setAuthentication(authentication);
55                  }
56                  catch (UnknownAuthenticationTypeException e)
57                  {
58                      logger.warn("Could not create security context after having successfully authenticated.", e);
59                  }
60                  RequestContext.getEvent().getSession().setSecurityContext(secContext);
61              }
62              catch (SecurityException e)
63              {
64                  throw new WSSecurityException(WSSecurityException.FAILED_AUTHENTICATION, null, null, e);
65              }
66              catch (SecurityProviderNotFoundException e)
67              {
68                  throw new WSSecurityException(WSSecurityException.FAILED_AUTHENTICATION, null, null, e);
69              }
70          }
71      }
72  
73      public void setSecurityManager(org.mule.api.security.SecurityManager securityManager)
74      {
75          this.securityManager = securityManager;
76      }
77  
78  }
79  
80