View Javadoc
1   /**
2    * Waffle (https://github.com/dblock/waffle)
3    *
4    * Copyright (c) 2010 - 2015 Application Security, Inc.
5    *
6    * All rights reserved. This program and the accompanying materials
7    * are made available under the terms of the Eclipse Public License v1.0
8    * which accompanies this distribution, and is available at
9    * http://www.eclipse.org/legal/epl-v10.html
10   *
11   * Contributors:
12   *     Application Security, Inc.
13   */
14  package waffle.spring;
15  
16  import java.util.Locale;
17  
18  import org.slf4j.Logger;
19  import org.slf4j.LoggerFactory;
20  import org.springframework.security.authentication.AuthenticationProvider;
21  import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
22  import org.springframework.security.core.Authentication;
23  import org.springframework.security.core.GrantedAuthority;
24  
25  import waffle.servlet.WindowsPrincipal;
26  import waffle.windows.auth.IWindowsAuthProvider;
27  import waffle.windows.auth.IWindowsIdentity;
28  import waffle.windows.auth.PrincipalFormat;
29  
30  /**
31   * A Waffle authentication provider for Spring-security.
32   * 
33   * @author dblock[at]dblock[dot]org
34   */
35  public class WindowsAuthenticationProvider implements AuthenticationProvider {
36  
37      /** The Constant LOGGER. */
38      private static final Logger     LOGGER                  = LoggerFactory
39                                                                      .getLogger(WindowsAuthenticationProvider.class);
40      
41      /** The principal format. */
42      private PrincipalFormat         principalFormat         = PrincipalFormat.FQN;
43      
44      /** The role format. */
45      private PrincipalFormat         roleFormat              = PrincipalFormat.FQN;
46      
47      /** The allow guest login. */
48      private boolean                 allowGuestLogin         = true;
49      
50      /** The auth provider. */
51      private IWindowsAuthProvider    authProvider;
52      
53      /** The granted authority factory. */
54      private GrantedAuthorityFactory grantedAuthorityFactory = WindowsAuthenticationToken.DEFAULT_GRANTED_AUTHORITY_FACTORY;
55      
56      /** The default granted authority. */
57      private GrantedAuthority        defaultGrantedAuthority = WindowsAuthenticationToken.DEFAULT_GRANTED_AUTHORITY;
58  
59      /**
60       * Instantiates a new windows authentication provider.
61       */
62      public WindowsAuthenticationProvider() {
63          WindowsAuthenticationProvider.LOGGER.debug("[waffle.spring.WindowsAuthenticationProvider] loaded");
64      }
65  
66      /* (non-Javadoc)
67       * @see org.springframework.security.authentication.AuthenticationProvider#authenticate(org.springframework.security.core.Authentication)
68       */
69      @Override
70      public Authentication authenticate(final Authentication authentication) {
71          final UsernamePasswordAuthenticationToken auth = (UsernamePasswordAuthenticationToken) authentication;
72          final IWindowsIdentity windowsIdentity = this.authProvider.logonUser(auth.getName(), auth.getCredentials()
73                  .toString());
74          WindowsAuthenticationProvider.LOGGER.debug("logged in user: {} ({})", windowsIdentity.getFqn(), windowsIdentity.getSidString());
75  
76          if (!this.allowGuestLogin && windowsIdentity.isGuest()) {
77              WindowsAuthenticationProvider.LOGGER.warn("guest login disabled: {}", windowsIdentity.getFqn());
78              throw new GuestLoginDisabledAuthenticationException(windowsIdentity.getFqn());
79          }
80  
81          final WindowsPrincipal windowsPrincipal = new WindowsPrincipal(windowsIdentity, this.principalFormat,
82                  this.roleFormat);
83          WindowsAuthenticationProvider.LOGGER.debug("roles: {}", windowsPrincipal.getRolesString());
84  
85          final WindowsAuthenticationToken token = new WindowsAuthenticationToken(windowsPrincipal,
86                  this.grantedAuthorityFactory, this.defaultGrantedAuthority);
87  
88          WindowsAuthenticationProvider.LOGGER.info("successfully logged in user: {}", windowsIdentity.getFqn());
89          return token;
90      }
91  
92      /**
93       * Supports.
94       *
95       * @param authentication
96       *            the authentication
97       * @return true, if successful
98       */
99      @Override
100     public boolean supports(final Class<? extends Object> authentication) {
101         return UsernamePasswordAuthenticationToken.class.isAssignableFrom(authentication);
102     }
103 
104     /**
105      * Gets the principal format.
106      *
107      * @return the principal format
108      */
109     public PrincipalFormat getPrincipalFormat() {
110         return this.principalFormat;
111     }
112 
113     /**
114      * Sets the principal format enum.
115      *
116      * @param value
117      *            the new principal format enum
118      */
119     public void setPrincipalFormatEnum(final PrincipalFormat value) {
120         this.principalFormat = value;
121     }
122 
123     /**
124      * Sets the principal format.
125      *
126      * @param value
127      *            the new principal format
128      */
129     public void setPrincipalFormat(final String value) {
130         this.setPrincipalFormatEnum(PrincipalFormat.valueOf(value.toUpperCase(Locale.ENGLISH)));
131     }
132 
133     /**
134      * Gets the role format.
135      *
136      * @return the role format
137      */
138     public PrincipalFormat getRoleFormat() {
139         return this.roleFormat;
140     }
141 
142     /**
143      * Sets the role format enum.
144      *
145      * @param value
146      *            the new role format enum
147      */
148     public void setRoleFormatEnum(final PrincipalFormat value) {
149         this.roleFormat = value;
150     }
151 
152     /**
153      * Sets the role format.
154      *
155      * @param value
156      *            the new role format
157      */
158     public void setRoleFormat(final String value) {
159         this.setRoleFormatEnum(PrincipalFormat.valueOf(value.toUpperCase(Locale.ENGLISH)));
160     }
161 
162     /**
163      * Checks if is allow guest login.
164      *
165      * @return true, if is allow guest login
166      */
167     public boolean isAllowGuestLogin() {
168         return this.allowGuestLogin;
169     }
170 
171     /**
172      * Sets the allow guest login.
173      *
174      * @param value
175      *            the new allow guest login
176      */
177     public void setAllowGuestLogin(final boolean value) {
178         this.allowGuestLogin = value;
179     }
180 
181     /**
182      * Gets the auth provider.
183      *
184      * @return the auth provider
185      */
186     public IWindowsAuthProvider getAuthProvider() {
187         return this.authProvider;
188     }
189 
190     /**
191      * Sets the auth provider.
192      *
193      * @param value
194      *            the new auth provider
195      */
196     public void setAuthProvider(final IWindowsAuthProvider value) {
197         this.authProvider = value;
198     }
199 
200     /**
201      * Gets the granted authority factory.
202      *
203      * @return the granted authority factory
204      */
205     public GrantedAuthorityFactory getGrantedAuthorityFactory() {
206         return this.grantedAuthorityFactory;
207     }
208 
209     /**
210      * Sets the granted authority factory.
211      *
212      * @param value
213      *            the new granted authority factory
214      */
215     public void setGrantedAuthorityFactory(final GrantedAuthorityFactory value) {
216         this.grantedAuthorityFactory = value;
217     }
218 
219     /**
220      * Gets the default granted authority.
221      *
222      * @return the default granted authority
223      */
224     public GrantedAuthority getDefaultGrantedAuthority() {
225         return this.defaultGrantedAuthority;
226     }
227 
228     /**
229      * Sets the default granted authority.
230      *
231      * @param value
232      *            the new default granted authority
233      */
234     public void setDefaultGrantedAuthority(final GrantedAuthority value) {
235         this.defaultGrantedAuthority = value;
236     }
237 }