1
2
3
4
5
6
7
8
9
10
11 package org.mule.module.spring.security;
12
13 import org.mule.api.MuleEvent;
14 import org.mule.api.lifecycle.InitialisationException;
15 import org.mule.api.security.Authentication;
16 import org.mule.api.security.CryptoFailureException;
17 import org.mule.api.security.EncryptionStrategyNotFoundException;
18 import org.mule.api.security.NotPermittedException;
19 import org.mule.api.security.SecurityException;
20 import org.mule.api.security.SecurityProviderNotFoundException;
21 import org.mule.api.security.UnauthorisedException;
22 import org.mule.api.security.UnknownAuthenticationTypeException;
23 import org.mule.config.i18n.CoreMessages;
24 import org.mule.module.spring.security.i18n.SpringSecurityMessages;
25 import org.mule.security.AbstractSecurityFilter;
26
27 import java.text.MessageFormat;
28 import java.util.Arrays;
29 import java.util.Collection;
30 import java.util.HashSet;
31
32 import org.apache.commons.logging.Log;
33 import org.apache.commons.logging.LogFactory;
34 import org.springframework.security.core.GrantedAuthority;
35
36
37
38
39 public class AuthorizationFilter extends AbstractSecurityFilter
40 {
41 protected final Log logger = LogFactory.getLog(getClass());
42 private Collection<String> requiredAuthorities = new HashSet<String>();
43
44 public void doFilter(MuleEvent event)
45 throws SecurityException, UnknownAuthenticationTypeException, CryptoFailureException,
46 SecurityProviderNotFoundException, EncryptionStrategyNotFoundException, InitialisationException
47 {
48 Authentication auth = event.getSession().getSecurityContext().getAuthentication();
49 if (auth == null)
50 {
51 throw new UnauthorisedException(CoreMessages.authNoCredentials());
52 }
53
54 if (!(auth instanceof SpringAuthenticationAdapter))
55 {
56 throw new UnauthorisedException(SpringSecurityMessages.springAuthenticationRequired());
57 }
58
59 SpringAuthenticationAdapter springAuth = (SpringAuthenticationAdapter) auth;
60
61 String principalName = springAuth.getName();
62 GrantedAuthority[] authorities = springAuth.getAuthorities();
63
64
65
66 boolean authorized = false;
67 if (authorities != null)
68 {
69 if (logger.isDebugEnabled())
70 {
71 logger.debug("Found authorities '" + Arrays.toString(authorities) + "' for principal '"
72 + principalName + "'.");
73 }
74
75 for (GrantedAuthority authority : authorities)
76 {
77 if (requiredAuthorities.contains(authority.getAuthority()))
78 {
79 authorized = true;
80 }
81 }
82 }
83
84 if (!authorized)
85 {
86 logger.info(MessageFormat.format("Could not find required authorities for {0}. Required authorities: {1}. Authorities found: {2}.",
87 principalName, Arrays.toString(requiredAuthorities.toArray()), Arrays.toString(authorities)));
88 throw new NotPermittedException(SpringSecurityMessages.noGrantedAuthority(principalName));
89 }
90 }
91
92 public Collection<String> getRequiredAuthorities()
93 {
94 return requiredAuthorities;
95 }
96
97 public void setRequiredAuthorities(Collection<String> requiredAuthorities)
98 {
99 this.requiredAuthorities = requiredAuthorities;
100 }
101 }