Coverage Report

Coverage Report - org.acegisecurity.providers.x509.populator.DaoX509AuthoritiesPopulator

Classes in this File

Line Coverage

Branch Coverage

Complexity

DaoX509AuthoritiesPopulator

90%

100%

2.6

 /* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
 
 package org.acegisecurity.providers.x509.populator;
 
 import org.acegisecurity.AcegiMessageSource;
 import org.acegisecurity.AuthenticationException;
 import org.acegisecurity.BadCredentialsException;
 import org.acegisecurity.AuthenticationServiceException;
 
 import org.acegisecurity.providers.x509.X509AuthoritiesPopulator;
 
 import org.acegisecurity.userdetails.UserDetails;
 import org.acegisecurity.userdetails.UserDetailsService;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
 import org.apache.oro.text.regex.MalformedPatternException;
 import org.apache.oro.text.regex.MatchResult;
 import org.apache.oro.text.regex.Pattern;
 import org.apache.oro.text.regex.PatternMatcher;
 import org.apache.oro.text.regex.Perl5Compiler;
 import org.apache.oro.text.regex.Perl5Matcher;
 
 import org.springframework.beans.factory.InitializingBean;
 
 import org.springframework.context.MessageSource;
 import org.springframework.context.MessageSourceAware;
 import org.springframework.context.support.MessageSourceAccessor;
 
 import org.springframework.util.Assert;
 
 import java.security.cert.X509Certificate;
 
 
 /**
  * Populates the X509 authorities via an {@link org.acegisecurity.userdetails.UserDetailsService}.
  *
  * @author Luke Taylor
  * @version $Id: DaoX509AuthoritiesPopulator.java 1994 2007-08-30 20:55:49Z luke_t $
  */
 public class DaoX509AuthoritiesPopulator implements X509AuthoritiesPopulator, InitializingBean, MessageSourceAware {
     //~ Static fields/initializers =====================================================================================
 
     private static final Log logger = LogFactory.getLog(DaoX509AuthoritiesPopulator.class);
 
     //~ Instance fields ================================================================================================
 
     protected MessageSourceAccessor messages = AcegiMessageSource.getAccessor();
     private Pattern subjectDNPattern;
     private String subjectDNRegex = "CN=(.*?),";
     private UserDetailsService userDetailsService;
 
     //~ Methods ========================================================================================================
 
     public void afterPropertiesSet() throws Exception {
         Assert.notNull(userDetailsService, "An authenticationDao must be set");
         Assert.notNull(this.messages, "A message source must be set");
 
         Perl5Compiler compiler = new Perl5Compiler();
 
         try {
             subjectDNPattern = compiler.compile(subjectDNRegex,
                     Perl5Compiler.READ_ONLY_MASK | Perl5Compiler.CASE_INSENSITIVE_MASK);
         } catch (MalformedPatternException mpe) {
             throw new IllegalArgumentException("Malformed regular expression: " + subjectDNRegex);
         }
     }
 
     public UserDetails getUserDetails(X509Certificate clientCert) throws AuthenticationException {
         String subjectDN = clientCert.getSubjectDN().getName();
         PatternMatcher matcher = new Perl5Matcher();
 
         if (!matcher.contains(subjectDN, subjectDNPattern)) {
             throw new BadCredentialsException(messages.getMessage("DaoX509AuthoritiesPopulator.noMatching",
                     new Object[] {subjectDN}, "No matching pattern was found in subjectDN: {0}"));
         }
 
         MatchResult match = matcher.getMatch();
 
         if (match.groups() != 2) { // 2 = 1 + the entire match
             throw new IllegalArgumentException("Regular expression must contain a single group ");
         }
 
         String userName = match.group(1);
 
         UserDetails user = this.userDetailsService.loadUserByUsername(userName);
 
         if (user == null) {
             throw new AuthenticationServiceException(
                 "UserDetailsService returned null, which is an interface contract violation");
         }
 
         return user;
     }
 
     public void setMessageSource(MessageSource messageSource) {
         this.messages = new MessageSourceAccessor(messageSource);
     }
 
     /**
      * Sets the regular expression which will by used to extract the user name from the certificate's Subject
      * DN.
      * <p>It should contain a single group; for example the default expression "CN=(.?)," matches the common
      * name field. So "CN=Jimi Hendrix, OU=..." will give a user name of "Jimi Hendrix".</p>
      * <p>The matches are case insensitive. So "emailAddress=(.?)," will match "EMAILADDRESS=jimi@hendrix.org,
      * CN=..." giving a user name "jimi@hendrix.org"</p>
      *
      * @param subjectDNRegex the regular expression to find in the subject
      */
     public void setSubjectDNRegex(String subjectDNRegex) {
         this.subjectDNRegex = subjectDNRegex;
     }
 
     public void setUserDetailsService(UserDetailsService userDetailsService) {
         this.userDetailsService = userDetailsService;
     }
 }

1		/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
2		*
3		* Licensed under the Apache License, Version 2.0 (the "License");
4		* you may not use this file except in compliance with the License.
5		* You may obtain a copy of the License at
6		*
7		* http://www.apache.org/licenses/LICENSE-2.0
8		*
9		* Unless required by applicable law or agreed to in writing, software
10		* distributed under the License is distributed on an "AS IS" BASIS,
11		* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12		* See the License for the specific language governing permissions and
13		* limitations under the License.
14		*/
15
16		package org.acegisecurity.providers.x509.populator;
17
18		import org.acegisecurity.AcegiMessageSource;
19		import org.acegisecurity.AuthenticationException;
20		import org.acegisecurity.BadCredentialsException;
21		import org.acegisecurity.AuthenticationServiceException;
22
23		import org.acegisecurity.providers.x509.X509AuthoritiesPopulator;
24
25		import org.acegisecurity.userdetails.UserDetails;
26		import org.acegisecurity.userdetails.UserDetailsService;
27
28		import org.apache.commons.logging.Log;
29		import org.apache.commons.logging.LogFactory;
30
31		import org.apache.oro.text.regex.MalformedPatternException;
32		import org.apache.oro.text.regex.MatchResult;
33		import org.apache.oro.text.regex.Pattern;
34		import org.apache.oro.text.regex.PatternMatcher;
35		import org.apache.oro.text.regex.Perl5Compiler;
36		import org.apache.oro.text.regex.Perl5Matcher;
37
38		import org.springframework.beans.factory.InitializingBean;
39
40		import org.springframework.context.MessageSource;
41		import org.springframework.context.MessageSourceAware;
42		import org.springframework.context.support.MessageSourceAccessor;
43
44		import org.springframework.util.Assert;
45
46		import java.security.cert.X509Certificate;
47
48
49		/**
50		* Populates the X509 authorities via an {@link org.acegisecurity.userdetails.UserDetailsService}.
51		*
52		* @author Luke Taylor
53		* @version $Id: DaoX509AuthoritiesPopulator.java 1994 2007-08-30 20:55:49Z luke_t $
54		*/
55	6	public class DaoX509AuthoritiesPopulator implements X509AuthoritiesPopulator, InitializingBean, MessageSourceAware {
56		//~ Static fields/initializers =====================================================================================
57
58	2	private static final Log logger = LogFactory.getLog(DaoX509AuthoritiesPopulator.class);
59
60		//~ Instance fields ================================================================================================
61
62	6	protected MessageSourceAccessor messages = AcegiMessageSource.getAccessor();
63		private Pattern subjectDNPattern;
64	6	private String subjectDNRegex = "CN=(.*?),";
65		private UserDetailsService userDetailsService;
66
67		//~ Methods ========================================================================================================
68
69		public void afterPropertiesSet() throws Exception {
70	6	Assert.notNull(userDetailsService, "An authenticationDao must be set");
71	5	Assert.notNull(this.messages, "A message source must be set");
72
73	5	Perl5Compiler compiler = new Perl5Compiler();
74
75		try {
76	5	subjectDNPattern = compiler.compile(subjectDNRegex,
77		Perl5Compiler.READ_ONLY_MASK \| Perl5Compiler.CASE_INSENSITIVE_MASK);
78	1	} catch (MalformedPatternException mpe) {
79	1	throw new IllegalArgumentException("Malformed regular expression: " + subjectDNRegex);
80	4	}
81	4	}
82
83		public UserDetails getUserDetails(X509Certificate clientCert) throws AuthenticationException {
84	4	String subjectDN = clientCert.getSubjectDN().getName();
85	4	PatternMatcher matcher = new Perl5Matcher();
86
87	4	if (!matcher.contains(subjectDN, subjectDNPattern)) {
88	1	throw new BadCredentialsException(messages.getMessage("DaoX509AuthoritiesPopulator.noMatching",
89		new Object[] {subjectDN}, "No matching pattern was found in subjectDN: {0}"));
90		}
91
92	3	MatchResult match = matcher.getMatch();
93
94	3	if (match.groups() != 2) { // 2 = 1 + the entire match
95	1	throw new IllegalArgumentException("Regular expression must contain a single group ");
96		}
97
98	2	String userName = match.group(1);
99
100	2	UserDetails user = this.userDetailsService.loadUserByUsername(userName);
101
102	2	if (user == null) {
103	0	throw new AuthenticationServiceException(
104		"UserDetailsService returned null, which is an interface contract violation");
105		}
106
107	2	return user;
108		}
109
110		public void setMessageSource(MessageSource messageSource) {
111	0	this.messages = new MessageSourceAccessor(messageSource);
112	0	}
113
114		/**
115		* Sets the regular expression which will by used to extract the user name from the certificate's Subject
116		* DN.
117		* <p>It should contain a single group; for example the default expression "CN=(.?)," matches the common
118		* name field. So "CN=Jimi Hendrix, OU=..." will give a user name of "Jimi Hendrix".</p>
119		* <p>The matches are case insensitive. So "emailAddress=(.?)," will match "EMAILADDRESS=jimi@hendrix.org,
120		* CN=..." giving a user name "jimi@hendrix.org"</p>
121		*
122		* @param subjectDNRegex the regular expression to find in the subject
123		*/
124		public void setSubjectDNRegex(String subjectDNRegex) {
125	4	this.subjectDNRegex = subjectDNRegex;
126	4	}
127
128		public void setUserDetailsService(UserDetailsService userDetailsService) {
129	5	this.userDetailsService = userDetailsService;
130	5	}
131		}