RunAsImplAuthenticationProvider xref

View Javadoc

1   /* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
2    *
3    * Licensed under the Apache License, Version 2.0 (the "License");
4    * you may not use this file except in compliance with the License.
5    * You may obtain a copy of the License at
6    *
7    *     http://www.apache.org/licenses/LICENSE-2.0
8    *
9    * Unless required by applicable law or agreed to in writing, software
10   * distributed under the License is distributed on an "AS IS" BASIS,
11   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12   * See the License for the specific language governing permissions and
13   * limitations under the License.
14   */
15  
16  package org.acegisecurity.runas;
17  
18  import org.acegisecurity.AcegiMessageSource;
19  import org.acegisecurity.Authentication;
20  import org.acegisecurity.AuthenticationException;
21  import org.acegisecurity.BadCredentialsException;
22  
23  import org.acegisecurity.providers.AuthenticationProvider;
24  
25  import org.springframework.beans.factory.InitializingBean;
26  
27  import org.springframework.context.MessageSource;
28  import org.springframework.context.MessageSourceAware;
29  import org.springframework.context.support.MessageSourceAccessor;
30  
31  import org.springframework.util.Assert;
32  
33  
34  /**
35   * An {@link AuthenticationProvider} implementation that can authenticate a {@link RunAsUserToken}.<P>Configured in
36   * the bean context with a key that should match the key used by adapters to generate the <code>RunAsUserToken</code>.
37   * It treats as valid any <code>RunAsUserToken</code> instance presenting a hash code that matches the
38   * <code>RunAsImplAuthenticationProvider</code>-configured key.</p>
39   *  <P>If the key does not match, a <code>BadCredentialsException</code> is thrown.</p>
40   */
41  public class RunAsImplAuthenticationProvider implements InitializingBean, AuthenticationProvider, MessageSourceAware {
42      //~ Instance fields ================================================================================================
43  
44      protected MessageSourceAccessor messages = AcegiMessageSource.getAccessor();
45      private String key;
46  
47      //~ Methods ========================================================================================================
48  
49  	public void afterPropertiesSet() throws Exception {
50          Assert.notNull(key, "A Key is required and should match that configured for the RunAsManagerImpl");
51      }
52  
53      public Authentication authenticate(Authentication authentication)
54          throws AuthenticationException {
55          RunAsUserToken token = (RunAsUserToken) authentication;
56  
57          if (token.getKeyHash() == key.hashCode()) {
58              return authentication;
59          } else {
60              throw new BadCredentialsException(messages.getMessage("RunAsImplAuthenticationProvider.incorrectKey",
61                      "The presented RunAsUserToken does not contain the expected key"));
62          }
63      }
64  
65      public String getKey() {
66          return key;
67      }
68  
69      public void setKey(String key) {
70          this.key = key;
71      }
72  
73      public void setMessageSource(MessageSource messageSource) {
74          this.messages = new MessageSourceAccessor(messageSource);
75      }
76  
77      public boolean supports(Class authentication) {
78          if (RunAsUserToken.class.isAssignableFrom(authentication)) {
79              return true;
80          } else {
81              return false;
82          }
83      }
84  }