View Javadoc

1   /*
2    * $Id: UsernamePasswordAuthenticationFilter.java 22156 2011-06-08 21:36:30Z dfeist $
3    * --------------------------------------------------------------------------------------
4    * Copyright (c) MuleSoft, Inc.  All rights reserved.  http://www.mulesoft.com
5    *
6    * The software in this package is published under the terms of the CPAL v1.0
7    * license, a copy of which has been included with this distribution in the
8    * LICENSE.txt file.
9    */
10  
11  package org.mule.security;
12  
13  import org.mule.api.MuleEvent;
14  import org.mule.api.MuleMessage;
15  import org.mule.api.expression.ExpressionManager;
16  import org.mule.api.security.Authentication;
17  import org.mule.api.security.SecurityContext;
18  import org.mule.api.security.SecurityException;
19  import org.mule.api.security.SecurityManager;
20  import org.mule.api.security.SecurityProviderNotFoundException;
21  import org.mule.api.security.UnauthorisedException;
22  import org.mule.api.security.UnknownAuthenticationTypeException;
23  import org.mule.config.i18n.CoreMessages;
24  
25  import org.apache.commons.logging.Log;
26  import org.apache.commons.logging.LogFactory;
27  
28  /**
29   * Performs authentication based on a username and password. The username and password are retrieved from the 
30   * {@link MuleMessage} based on expressions specified via the username and password setters. These
31   * are then used to create a DefaultMuleAuthentication object which is passed to the authenticate method of the
32   * {@link SecurityManager}.
33   */
34  public class UsernamePasswordAuthenticationFilter extends AbstractAuthenticationFilter
35  {
36      /**
37       * logger used by this class
38       */
39      protected static final Log logger = LogFactory.getLog(UsernamePasswordAuthenticationFilter.class);
40  
41      private String username = "#[header:inbound:username]";
42      private String password = "#[header:inbound:password]";
43  
44      public UsernamePasswordAuthenticationFilter()
45      {
46          super();
47      }
48  
49      /**
50       * Authenticates the current message.
51       * 
52       * @param event the current message recieved
53       * @throws org.mule.api.security.SecurityException if authentication fails
54       */
55      @Override
56      public void authenticate(MuleEvent event)
57          throws SecurityException, SecurityProviderNotFoundException, UnknownAuthenticationTypeException
58      {
59          Authentication authentication = getAuthenticationToken(event);
60          Authentication authResult;
61          try
62          {
63              authResult = getSecurityManager().authenticate(authentication);
64          }
65          catch (UnauthorisedException e)
66          {
67              // Authentication failed
68              if (logger.isDebugEnabled())
69              {
70                  logger.debug("Authentication request for user: " + username + " failed: " + e.toString());
71              }
72              throw new UnauthorisedException(CoreMessages.authFailedForUser(authentication.getPrincipal().toString()), e);
73          }
74  
75          // Authentication success
76          if (logger.isDebugEnabled())
77          {
78              logger.debug("Authentication success: " + authResult.toString());
79          }
80  
81          SecurityContext context = getSecurityManager().createSecurityContext(authResult);
82          context.setAuthentication(authResult);
83          event.getSession().setSecurityContext(context);
84          
85      }
86  
87      protected Authentication getAuthenticationToken(MuleEvent event) throws UnauthorisedException
88      {   
89          ExpressionManager expressionManager = event.getMuleContext().getExpressionManager();
90          
91          Object usernameEval = expressionManager.evaluate(username, event.getMessage());
92          Object passwordEval = expressionManager.evaluate(password, event.getMessage());
93       
94          if (usernameEval == null) {
95              throw new UnauthorisedException(CoreMessages.authNoCredentials());
96          }
97          
98          if (passwordEval == null) {
99              throw new UnauthorisedException(CoreMessages.authNoCredentials());
100         }
101         
102         return new DefaultMuleAuthentication(new MuleCredentials(usernameEval.toString(), passwordEval.toString().toCharArray()));
103     }
104     
105     public String getUsername()
106     {
107         return username;
108     }
109 
110     public void setUsername(String username)
111     {
112         this.username = username;
113     }
114 
115     public String getPassword()
116     {
117         return password;
118     }
119 
120     public void setPassword(String password)
121     {
122         this.password = password;
123     }
124 
125 }