1
2
3
4
5
6
7
8
9
10
11 package org.mule.security;
12
13 import org.mule.api.MuleEvent;
14 import org.mule.api.MuleMessage;
15 import org.mule.api.expression.ExpressionManager;
16 import org.mule.api.security.Authentication;
17 import org.mule.api.security.SecurityContext;
18 import org.mule.api.security.SecurityException;
19 import org.mule.api.security.SecurityManager;
20 import org.mule.api.security.SecurityProviderNotFoundException;
21 import org.mule.api.security.UnauthorisedException;
22 import org.mule.api.security.UnknownAuthenticationTypeException;
23 import org.mule.config.i18n.CoreMessages;
24
25 import org.apache.commons.logging.Log;
26 import org.apache.commons.logging.LogFactory;
27
28
29
30
31
32
33
34 public class UsernamePasswordAuthenticationFilter extends AbstractAuthenticationFilter
35 {
36
37
38
39 protected static final Log logger = LogFactory.getLog(UsernamePasswordAuthenticationFilter.class);
40
41 private String username = "#[header:inbound:username]";
42 private String password = "#[header:inbound:password]";
43
44 public UsernamePasswordAuthenticationFilter()
45 {
46 super();
47 }
48
49
50
51
52
53
54
55 @Override
56 public void authenticate(MuleEvent event)
57 throws SecurityException, SecurityProviderNotFoundException, UnknownAuthenticationTypeException
58 {
59 Authentication authentication = getAuthenticationToken(event);
60 Authentication authResult;
61 try
62 {
63 authResult = getSecurityManager().authenticate(authentication);
64 }
65 catch (UnauthorisedException e)
66 {
67
68 if (logger.isDebugEnabled())
69 {
70 logger.debug("Authentication request for user: " + username + " failed: " + e.toString());
71 }
72 throw new UnauthorisedException(CoreMessages.authFailedForUser(authentication.getPrincipal().toString()), e);
73 }
74
75
76 if (logger.isDebugEnabled())
77 {
78 logger.debug("Authentication success: " + authResult.toString());
79 }
80
81 SecurityContext context = getSecurityManager().createSecurityContext(authResult);
82 context.setAuthentication(authResult);
83 event.getSession().setSecurityContext(context);
84
85 }
86
87 protected Authentication getAuthenticationToken(MuleEvent event) throws UnauthorisedException
88 {
89 ExpressionManager expressionManager = event.getMuleContext().getExpressionManager();
90
91 Object usernameEval = expressionManager.evaluate(username, event.getMessage());
92 Object passwordEval = expressionManager.evaluate(password, event.getMessage());
93
94 if (usernameEval == null) {
95 throw new UnauthorisedException(CoreMessages.authNoCredentials());
96 }
97
98 if (passwordEval == null) {
99 throw new UnauthorisedException(CoreMessages.authNoCredentials());
100 }
101
102 return new DefaultMuleAuthentication(new MuleCredentials(usernameEval.toString(), passwordEval.toString().toCharArray()));
103 }
104
105 public String getUsername()
106 {
107 return username;
108 }
109
110 public void setUsername(String username)
111 {
112 this.username = username;
113 }
114
115 public String getPassword()
116 {
117 return password;
118 }
119
120 public void setPassword(String password)
121 {
122 this.password = password;
123 }
124
125 }