Coverage Report

Coverage Report - org.acegisecurity.providers.x509.X509AuthenticationProvider

Classes in this File

83%

100%

 /* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
 
 package org.acegisecurity.providers.x509;
 
 import org.acegisecurity.AcegiMessageSource;
 import org.acegisecurity.Authentication;
 import org.acegisecurity.AuthenticationException;
 import org.acegisecurity.BadCredentialsException;
 
 import org.acegisecurity.providers.AuthenticationProvider;
 import org.acegisecurity.providers.x509.cache.NullX509UserCache;
 
 import org.acegisecurity.userdetails.UserDetails;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
 import org.springframework.beans.factory.InitializingBean;
 
 import org.springframework.context.MessageSource;
 import org.springframework.context.MessageSourceAware;
 import org.springframework.context.support.MessageSourceAccessor;
 
 import org.springframework.util.Assert;
 
 import java.security.cert.X509Certificate;
 
 
 /**
  * Processes an X.509 authentication request.<p>The request will typically originate from {@link
  * org.acegisecurity.ui.x509.X509ProcessingFilter}).</p>
  *
  * @author Luke Taylor
  * @version $Id: X509AuthenticationProvider.java 1948 2007-08-25 00:15:30Z benalex $
  */
 public class X509AuthenticationProvider implements AuthenticationProvider, InitializingBean, MessageSourceAware {
     //~ Static fields/initializers =====================================================================================
 
     private static final Log logger = LogFactory.getLog(X509AuthenticationProvider.class);
 
     //~ Instance fields ================================================================================================
 
     protected MessageSourceAccessor messages = AcegiMessageSource.getAccessor();
     private X509AuthoritiesPopulator x509AuthoritiesPopulator;
     private X509UserCache userCache = new NullX509UserCache();
 
     //~ Methods ========================================================================================================
 
         public void afterPropertiesSet() throws Exception {
         Assert.notNull(userCache, "An x509UserCache must be set");
         Assert.notNull(x509AuthoritiesPopulator, "An X509AuthoritiesPopulator must be set");
         Assert.notNull(this.messages, "A message source must be set");
     }
 
     /**
      * If the supplied authentication token contains a certificate then this will be passed to the configured
      * {@link X509AuthoritiesPopulator} to obtain the user details and authorities for the user identified by the
      * certificate.<p>If no certificate is present (for example, if the filter is applied to an HttpRequest for
      * which client authentication hasn't been configured in the container) then a BadCredentialsException will be
      * raised.</p>
      *
      * @param authentication the authentication request.
      *
      * @return an X509AuthenticationToken containing the authorities of the principal represented by the certificate.
      *
      * @throws AuthenticationException if the {@link X509AuthoritiesPopulator} rejects the certficate.
      * @throws BadCredentialsException if no certificate was presented in the authentication request.
      */
     public Authentication authenticate(Authentication authentication)
         throws AuthenticationException {
         if (!supports(authentication.getClass())) {
             return null;
         }
 
         if (logger.isDebugEnabled()) {
             logger.debug("X509 authentication request: " + authentication);
         }
 
         X509Certificate clientCertificate = (X509Certificate) authentication.getCredentials();
 
         if (clientCertificate == null) {
             throw new BadCredentialsException(messages.getMessage("X509AuthenticationProvider.certificateNull",
                     "Certificate is null"));
         }
 
         UserDetails user = userCache.getUserFromCache(clientCertificate);
 
         if (user == null) {
             logger.debug("Authenticating with certificate " + clientCertificate);
             user = x509AuthoritiesPopulator.getUserDetails(clientCertificate);
             userCache.putUserInCache(clientCertificate, user);
         }
 
         X509AuthenticationToken result = new X509AuthenticationToken(user, clientCertificate, user.getAuthorities());
 
         result.setDetails(authentication.getDetails());
 
         return result;
     }
 
     public void setMessageSource(MessageSource messageSource) {
         this.messages = new MessageSourceAccessor(messageSource);
     }
 
     public void setX509AuthoritiesPopulator(X509AuthoritiesPopulator x509AuthoritiesPopulator) {
         this.x509AuthoritiesPopulator = x509AuthoritiesPopulator;
     }
 
     public void setX509UserCache(X509UserCache cache) {
         this.userCache = cache;
     }
 
     public boolean supports(Class authentication) {
         return X509AuthenticationToken.class.isAssignableFrom(authentication);
     }
 }

1		/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
2		*
3		* Licensed under the Apache License, Version 2.0 (the "License");
4		* you may not use this file except in compliance with the License.
5		* You may obtain a copy of the License at
6		*
7		* http://www.apache.org/licenses/LICENSE-2.0
8		*
9		* Unless required by applicable law or agreed to in writing, software
10		* distributed under the License is distributed on an "AS IS" BASIS,
11		* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12		* See the License for the specific language governing permissions and
13		* limitations under the License.
14		*/
15
16		package org.acegisecurity.providers.x509;
17
18		import org.acegisecurity.AcegiMessageSource;
19		import org.acegisecurity.Authentication;
20		import org.acegisecurity.AuthenticationException;
21		import org.acegisecurity.BadCredentialsException;
22
23		import org.acegisecurity.providers.AuthenticationProvider;
24		import org.acegisecurity.providers.x509.cache.NullX509UserCache;
25
26		import org.acegisecurity.userdetails.UserDetails;
27
28		import org.apache.commons.logging.Log;
29		import org.apache.commons.logging.LogFactory;
30
31		import org.springframework.beans.factory.InitializingBean;
32
33		import org.springframework.context.MessageSource;
34		import org.springframework.context.MessageSourceAware;
35		import org.springframework.context.support.MessageSourceAccessor;
36
37		import org.springframework.util.Assert;
38
39		import java.security.cert.X509Certificate;
40
41
42		/**
43		* Processes an X.509 authentication request.<p>The request will typically originate from {@link
44		* org.acegisecurity.ui.x509.X509ProcessingFilter}).</p>
45		*
46		* @author Luke Taylor
47		* @version $Id: X509AuthenticationProvider.java 1948 2007-08-25 00:15:30Z benalex $
48		*/
49	5	public class X509AuthenticationProvider implements AuthenticationProvider, InitializingBean, MessageSourceAware {
50		//~ Static fields/initializers =====================================================================================
51
52	3	private static final Log logger = LogFactory.getLog(X509AuthenticationProvider.class);
53
54		//~ Instance fields ================================================================================================
55
56	5	protected MessageSourceAccessor messages = AcegiMessageSource.getAccessor();
57		private X509AuthoritiesPopulator x509AuthoritiesPopulator;
58	5	private X509UserCache userCache = new NullX509UserCache();
59
60		//~ Methods ========================================================================================================
61
62		public void afterPropertiesSet() throws Exception {
63	2	Assert.notNull(userCache, "An x509UserCache must be set");
64	2	Assert.notNull(x509AuthoritiesPopulator, "An X509AuthoritiesPopulator must be set");
65	1	Assert.notNull(this.messages, "A message source must be set");
66	1	}
67
68		/**
69		* If the supplied authentication token contains a certificate then this will be passed to the configured
70		* {@link X509AuthoritiesPopulator} to obtain the user details and authorities for the user identified by the
71		* certificate.<p>If no certificate is present (for example, if the filter is applied to an HttpRequest for
72		* which client authentication hasn't been configured in the container) then a BadCredentialsException will be
73		* raised.</p>
74		*
75		* @param authentication the authentication request.
76		*
77		* @return an X509AuthenticationToken containing the authorities of the principal represented by the certificate.
78		*
79		* @throws AuthenticationException if the {@link X509AuthoritiesPopulator} rejects the certficate.
80		* @throws BadCredentialsException if no certificate was presented in the authentication request.
81		*/
82		public Authentication authenticate(Authentication authentication)
83		throws AuthenticationException {
84	4	if (!supports(authentication.getClass())) {
85	1	return null;
86		}
87
88	3	if (logger.isDebugEnabled()) {
89	0	logger.debug("X509 authentication request: " + authentication);
90		}
91
92	3	X509Certificate clientCertificate = (X509Certificate) authentication.getCredentials();
93
94	3	if (clientCertificate == null) {
95	1	throw new BadCredentialsException(messages.getMessage("X509AuthenticationProvider.certificateNull",
96		"Certificate is null"));
97		}
98
99	2	UserDetails user = userCache.getUserFromCache(clientCertificate);
100
101	2	if (user == null) {
102	2	logger.debug("Authenticating with certificate " + clientCertificate);
103	2	user = x509AuthoritiesPopulator.getUserDetails(clientCertificate);
104	1	userCache.putUserInCache(clientCertificate, user);
105		}
106
107	1	X509AuthenticationToken result = new X509AuthenticationToken(user, clientCertificate, user.getAuthorities());
108
109	1	result.setDetails(authentication.getDetails());
110
111	1	return result;
112		}
113
114		public void setMessageSource(MessageSource messageSource) {
115	0	this.messages = new MessageSourceAccessor(messageSource);
116	0	}
117
118		public void setX509AuthoritiesPopulator(X509AuthoritiesPopulator x509AuthoritiesPopulator) {
119	3	this.x509AuthoritiesPopulator = x509AuthoritiesPopulator;
120	3	}
121
122		public void setX509UserCache(X509UserCache cache) {
123	0	this.userCache = cache;
124	0	}
125
126		public boolean supports(Class authentication) {
127	4	return X509AuthenticationToken.class.isAssignableFrom(authentication);
128		}
129		}