View Javadoc
1   /**
2    * Waffle (https://github.com/dblock/waffle)
3    *
4    * Copyright (c) 2010 - 2015 Application Security, Inc.
5    *
6    * All rights reserved. This program and the accompanying materials
7    * are made available under the terms of the Eclipse Public License v1.0
8    * which accompanies this distribution, and is available at
9    * http://www.eclipse.org/legal/epl-v10.html
10   *
11   * Contributors:
12   *     Application Security, Inc.
13   */
14  package waffle.spring;
15  
16  import java.util.ArrayList;
17  import java.util.Collection;
18  
19  import org.springframework.security.core.Authentication;
20  import org.springframework.security.core.GrantedAuthority;
21  import org.springframework.security.core.authority.SimpleGrantedAuthority;
22  
23  import waffle.servlet.WindowsPrincipal;
24  import waffle.windows.auth.WindowsAccount;
25  
26  /**
27   * A Windows authentication token.
28   * 
29   * @author dblock[at]dblock[dot]org
30   */
31  public class WindowsAuthenticationToken implements Authentication {
32  
33      /** The Constant serialVersionUID. */
34      private static final long                   serialVersionUID                  = 1L;
35  
36      /**
37       * The {@link GrantedAuthorityFactory} that is used by default if a custom one is not specified. This default
38       * {@link GrantedAuthorityFactory} is a {@link FqnGrantedAuthorityFactory} with prefix {@code "ROLE_"} and will
39       * convert the fqn to uppercase
40       */
41      public static final GrantedAuthorityFactory DEFAULT_GRANTED_AUTHORITY_FACTORY = new FqnGrantedAuthorityFactory(
42                                                                                            "ROLE_", true);
43  
44      /**
45       * The {@link GrantedAuthority} that will be added to every WindowsAuthenticationToken, unless another (or null) is
46       * specified.
47       */
48      public static final GrantedAuthority        DEFAULT_GRANTED_AUTHORITY         = new SimpleGrantedAuthority(
49                                                                                            "ROLE_USER");
50  
51      /** The principal. */
52      private final WindowsPrincipal                    principal;
53      
54      /** The authorities. */
55      private final Collection<GrantedAuthority>        authorities;
56  
57      /**
58       * Convenience constructor that calls
59       * {@link #WindowsAuthenticationToken(WindowsPrincipal, GrantedAuthorityFactory, GrantedAuthority)} with:
60       * <ul>
61       * <li>the given identity,</li>
62       * <li>the {@link #DEFAULT_GRANTED_AUTHORITY_FACTORY}</li>
63       * <li>the {@link #DEFAULT_GRANTED_AUTHORITY}</li>
64       * </ul>
65       * .
66       *
67       * @param identity
68       *            the identity
69       */
70      public WindowsAuthenticationToken(final WindowsPrincipal identity) {
71          this(identity, WindowsAuthenticationToken.DEFAULT_GRANTED_AUTHORITY_FACTORY, WindowsAuthenticationToken.DEFAULT_GRANTED_AUTHORITY);
72      }
73  
74      /**
75       * Instantiates a new windows authentication token.
76       *
77       * @param identity
78       *            The {@link WindowsPrincipal} for which this token exists.
79       * @param grantedAuthorityFactory
80       *            used to construct {@link GrantedAuthority}s for each of the groups to which the
81       *            {@link WindowsPrincipal} belongs
82       * @param defaultGrantedAuthority
83       *            if not null, this {@link GrantedAuthority} will always be added to the granted authorities list
84       */
85      public WindowsAuthenticationToken(final WindowsPrincipal identity,
86              final GrantedAuthorityFactory grantedAuthorityFactory, final GrantedAuthority defaultGrantedAuthority) {
87  
88          this.principal = identity;
89          this.authorities = new ArrayList<GrantedAuthority>();
90          if (defaultGrantedAuthority != null) {
91              this.authorities.add(defaultGrantedAuthority);
92          }
93          for (final WindowsAccount group : this.principal.getGroups().values()) {
94              this.authorities.add(grantedAuthorityFactory.createGrantedAuthority(group));
95          }
96      }
97  
98      /* (non-Javadoc)
99       * @see org.springframework.security.core.Authentication#getAuthorities()
100      */
101     @Override
102     public Collection<GrantedAuthority> getAuthorities() {
103         return this.authorities;
104     }
105 
106     /* (non-Javadoc)
107      * @see org.springframework.security.core.Authentication#getCredentials()
108      */
109     @Override
110     public Object getCredentials() {
111         return null;
112     }
113 
114     /* (non-Javadoc)
115      * @see org.springframework.security.core.Authentication#getDetails()
116      */
117     @Override
118     public Object getDetails() {
119         return null;
120     }
121 
122     /* (non-Javadoc)
123      * @see org.springframework.security.core.Authentication#getPrincipal()
124      */
125     @Override
126     public Object getPrincipal() {
127         return this.principal;
128     }
129 
130     /* (non-Javadoc)
131      * @see org.springframework.security.core.Authentication#isAuthenticated()
132      */
133     @Override
134     public boolean isAuthenticated() {
135         return this.principal != null;
136     }
137 
138     /* (non-Javadoc)
139      * @see org.springframework.security.core.Authentication#setAuthenticated(boolean)
140      */
141     @Override
142     public void setAuthenticated(final boolean authenticated) {
143         throw new IllegalArgumentException();
144     }
145 
146     /* (non-Javadoc)
147      * @see java.security.Principal#getName()
148      */
149     @Override
150     public String getName() {
151         return this.principal.getName();
152     }
153 }