View Javadoc

1   /*
2    * $Id: AuthorizationFilter.java 21939 2011-05-18 13:32:09Z aperepel $
3    * --------------------------------------------------------------------------------------
4    * Copyright (c) MuleSoft, Inc.  All rights reserved.  http://www.mulesoft.com
5    *
6    * The software in this package is published under the terms of the CPAL v1.0
7    * license, a copy of which has been included with this distribution in the
8    * LICENSE.txt file.
9    */
10  
11  package org.mule.module.spring.security;
12  
13  import org.mule.api.MuleEvent;
14  import org.mule.api.lifecycle.InitialisationException;
15  import org.mule.api.security.Authentication;
16  import org.mule.api.security.CryptoFailureException;
17  import org.mule.api.security.EncryptionStrategyNotFoundException;
18  import org.mule.api.security.NotPermittedException;
19  import org.mule.api.security.SecurityException;
20  import org.mule.api.security.SecurityProviderNotFoundException;
21  import org.mule.api.security.UnauthorisedException;
22  import org.mule.api.security.UnknownAuthenticationTypeException;
23  import org.mule.config.i18n.CoreMessages;
24  import org.mule.module.spring.security.i18n.SpringSecurityMessages;
25  import org.mule.security.AbstractSecurityFilter;
26  
27  import java.text.MessageFormat;
28  import java.util.Arrays;
29  import java.util.Collection;
30  import java.util.HashSet;
31  
32  import org.apache.commons.logging.Log;
33  import org.apache.commons.logging.LogFactory;
34  import org.springframework.security.core.GrantedAuthority;
35  
36  /**
37   * Authorizes user access based on the required authorities for a user.
38   */
39  public class AuthorizationFilter extends AbstractSecurityFilter
40  {
41      protected final Log logger = LogFactory.getLog(getClass());
42      private Collection<String> requiredAuthorities = new HashSet<String>();
43  
44      public void doFilter(MuleEvent event)
45          throws SecurityException, UnknownAuthenticationTypeException, CryptoFailureException,
46          SecurityProviderNotFoundException, EncryptionStrategyNotFoundException, InitialisationException
47      {
48          Authentication auth = event.getSession().getSecurityContext().getAuthentication();
49          if (auth == null)
50          {
51              throw new UnauthorisedException(CoreMessages.authNoCredentials());
52          }
53  
54          if (!(auth instanceof SpringAuthenticationAdapter))
55          {
56              throw new UnauthorisedException(SpringSecurityMessages.springAuthenticationRequired());
57          }
58  
59          SpringAuthenticationAdapter springAuth = (SpringAuthenticationAdapter) auth;
60  
61          String principalName = springAuth.getName();
62          GrantedAuthority[] authorities = springAuth.getAuthorities();
63  
64          // If the principal has at least one of the granted authorities,
65          // then return.
66          boolean authorized = false;
67          if (authorities != null)
68          {
69              if (logger.isDebugEnabled())
70              {
71                  logger.debug("Found authorities '" + Arrays.toString(authorities) + "' for principal '"
72                               + principalName + "'.");
73              }
74  
75              for (GrantedAuthority authority : authorities)
76              {
77                  if (requiredAuthorities.contains(authority.getAuthority()))
78                  {
79                      authorized = true;
80                  }
81              }
82          }
83  
84          if (!authorized)
85          {
86              logger.info(MessageFormat.format("Could not find required authorities for {0}. Required authorities: {1}. Authorities found: {2}.", 
87                  principalName, Arrays.toString(requiredAuthorities.toArray()), Arrays.toString(authorities)));
88              throw new NotPermittedException(SpringSecurityMessages.noGrantedAuthority(principalName));
89          }
90      }
91  
92      public Collection<String> getRequiredAuthorities()
93      {
94          return requiredAuthorities;
95      }
96  
97      public void setRequiredAuthorities(Collection<String> requiredAuthorities)
98      {
99          this.requiredAuthorities = requiredAuthorities;
100     }
101 }