AbstractAuthenticationComponent


1   /*
2    * Copyright (C) 2005 Alfresco, Inc.
3    *
4    * Licensed under the Mozilla Public License version 1.1 
5    * with a permitted attribution clause. You may obtain a
6    * copy of the License at
7    *
8    *   http://www.alfresco.org/legal/license.txt
9    *
10   * Unless required by applicable law or agreed to in writing,
11   * software distributed under the License is distributed on an
12   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
13   * either express or implied. See the License for the specific
14   * language governing permissions and limitations under the
15   * License.
16   */
17  package org.alfresco.repo.security.authentication;
18  
19  import net.sf.acegisecurity.Authentication;
20  import net.sf.acegisecurity.GrantedAuthority;
21  import net.sf.acegisecurity.GrantedAuthorityImpl;
22  import net.sf.acegisecurity.UserDetails;
23  import net.sf.acegisecurity.context.Context;
24  import net.sf.acegisecurity.context.ContextHolder;
25  import net.sf.acegisecurity.context.security.SecureContext;
26  import net.sf.acegisecurity.context.security.SecureContextImpl;
27  import net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken;
28  import net.sf.acegisecurity.providers.dao.User;
29  
30  import org.alfresco.error.AlfrescoRuntimeException;
31  import org.alfresco.service.cmr.security.PermissionService;
32  
33  /**
34   * This class abstract the support required to set up and query the Acegi context for security enforcement.
35   * 
36   * There are some simple default method implementations to support simple authentication.
37   * 
38   * @author Andy Hind
39   */
40  public abstract class AbstractAuthenticationComponent implements AuthenticationComponent
41  {
42  
43      // Name of the system user
44  
45      private static final String   SYSTEM_USER_NAME = "System";
46  
47      private Boolean   allowGuestLogin = null;
48  
49      public AbstractAuthenticationComponent()
50      {
51          super();
52      }
53  
54      public void setAllowGuestLogin(Boolean   allowGuestLogin)
55      {
56          this.allowGuestLogin = allowGuestLogin;
57      }
58      
59      /**
60       * Explicitly set the current user to be authenticated.
61       * 
62       * @param userName
63       *            String
64       * @return Authentication
65       */
66      public Authentication setCurrentUser(String   userName) throws AuthenticationException
67      {
68          if (userName == null)
69          {
70              throw new AuthenticationException("Null user name");
71          }
72  
73          try
74          {
75              UserDetails ud = null;
76              if (userName.equals(SYSTEM_USER_NAME))
77              {
78                  GrantedAuthority[] gas = new GrantedAuthority[1];
79                  gas[0] = new GrantedAuthorityImpl("ROLE_SYSTEM");
80                  ud = new User(SYSTEM_USER_NAME, "", true, true, true, true, gas);
81              }
82              else if (userName.equalsIgnoreCase(PermissionService.GUEST_AUTHORITY))
83              {
84                  GrantedAuthority[] gas = new GrantedAuthority[0];
85                  ud = new User(PermissionService.GUEST_AUTHORITY.toLowerCase(), "", true, true, true, true, gas);
86              }
87              else
88              {
89                  ud = getUserDetails(userName);
90              }
91  
92              UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken(ud, "", ud
93                      .getAuthorities());
94              auth.setDetails(ud);
95              auth.setAuthenticated(true);
96              return setCurrentAuthentication(auth);
97          }
98          catch (net.sf.acegisecurity.AuthenticationException ae)
99          {
100             throw new AuthenticationException(ae.getMessage(), ae);
101         }
102     }
103 
104     /**
105      * Default implementation that makes an ACEGI object on the fly
106      * 
107      * @param userName
108      * @return
109      */
110     protected UserDetails getUserDetails(String   userName)
111     {
112         GrantedAuthority[] gas = new GrantedAuthority[1];
113         gas[0] = new GrantedAuthorityImpl("ROLE_AUTHENTICATED");
114         UserDetails ud = new User(userName, "", true, true, true, true, gas);
115         return ud;
116     }
117 
118     /**
119      * Explicitly set the current authentication.
120      * 
121      * @param authentication
122      *            Authentication
123      */
124     public Authentication setCurrentAuthentication(Authentication authentication)
125     {
126         Context context = ContextHolder.getContext();
127         SecureContext sc = null;
128         if ((context == null) || !(context instanceof SecureContext))
129         {
130             sc = new SecureContextImpl();
131             ContextHolder.setContext(sc);
132         }
133         else
134         {
135             sc = (SecureContext) context;
136         }
137         authentication.setAuthenticated(true);
138         sc.setAuthentication(authentication);
139         return authentication;
140     }
141 
142     /**
143      * Get the current authentication context
144      * 
145      * @return Authentication
146      * @throws AuthenticationException
147      */
148     public Authentication getCurrentAuthentication() throws AuthenticationException
149     {
150         Context context = ContextHolder.getContext();
151         if ((context == null) || !(context instanceof SecureContext))
152         {
153             return null;
154         }
155         return ((SecureContext) context).getAuthentication();
156     }
157 
158     /**
159      * Get the current user name.
160      * 
161      * @return String
162      * @throws AuthenticationException
163      */
164     public String   getCurrentUserName() throws AuthenticationException
165     {
166         Context context = ContextHolder.getContext();
167         if ((context == null) || !(context instanceof SecureContext))
168         {
169             return null;
170         }
171         return getUserName(((SecureContext) context).getAuthentication());
172     }
173 
174     /**
175      * Get the current user name
176      * 
177      * @param authentication
178      *            Authentication
179      * @return String
180      */
181     private String   getUserName(Authentication authentication)
182     {
183         String   username = authentication.getPrincipal().toString();
184 
185         if (authentication.getPrincipal() instanceof UserDetails)
186         {
187             username = ((UserDetails) authentication.getPrincipal()).getUsername();
188         }
189 
190         return username;
191     }
192 
193     /**
194      * Set the system user as the current user.
195      * 
196      * @return Authentication
197      */
198     public Authentication setSystemUserAsCurrentUser()
199     {
200         return setCurrentUser(SYSTEM_USER_NAME);
201     }
202 
203     /**
204      * Get the name of the system user
205      * 
206      * @return String
207      */
208     public String   getSystemUserName()
209     {
210         return SYSTEM_USER_NAME;
211     }
212 
213     /**
214      * Get the name of the Guest User
215      */
216     public String   getGuestUserName()
217     {
218         return PermissionService.GUEST_AUTHORITY.toLowerCase();
219     }
220 
221     /**
222      * Set the guest user as the current user.
223      */
224     public Authentication setGuestUserAsCurrentUser() throws AuthenticationException
225     {
226         if (allowGuestLogin == null)
227         {
228             if(implementationAllowsGuestLogin())
229             {
230                 return setCurrentUser(PermissionService.GUEST_AUTHORITY);
231             }
232             else
233             {
234                 throw new AuthenticationException("Guest authentication is not allowed");  
235             }
236         }
237         else
238         {
239             if(allowGuestLogin.booleanValue())
240             {
241                 return setCurrentUser(PermissionService.GUEST_AUTHORITY);
242             }
243             else
244             {
245                 throw new AuthenticationException("Guest authentication is not allowed"); 
246             }
247             
248         }
249     }
250 
251     protected abstract boolean implementationAllowsGuestLogin();
252 
253     /**
254      * Remove the current security information
255      */
256     public void clearCurrentSecurityContext()
257     {
258         ContextHolder.setContext(null);
259     }
260 
261     /**
262      * The default is not to support Authentication token base authentication
263      */
264     public Authentication authenticate(Authentication token) throws AuthenticationException
265     {
266         throw new AlfrescoRuntimeException("Authentication via token not supported");
267     }
268 
269     /**
270      * The should only be supported if getNTLMMode() is NTLMMode.MD4_PROVIDER.
271      */
272     public String   getMD4HashedPassword(String   userName)
273     {
274         throw new UnsupportedOperationException  ();
275     }
276 
277     /**
278      * Get the NTML mode - none - supports MD4 hash to integrate - or it can asct as an NTLM authentication
279      */
280     public NTLMMode getNTLMMode()
281     {
282         return NTLMMode.NONE;
283     }
284 
285 }
286
A to Z: JavaDoc & Examples Daily Java News & Articles Open Source Projects Open Source Codes Free Computer Books Remove Frame
Popular Tags