com.javaforge.tapestry.acegi.service.impl.SecurityUtilsImpl.java Source code

Java tutorial

Introduction

Here is the source code for com.javaforge.tapestry.acegi.service.impl.SecurityUtilsImpl.java

Source

/*
 * Copyright (c) 2006, Carman Consulting, Inc. All Rights Reserved.
 *
 * Licensed under the Apache License, Version 2.0 (the "License"); you may not
 * use this file except in compliance with the License. You may obtain a copy
 * of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software distributed
 * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES
 * OR CONDITIONS OF ANY KIND, either express or implied. See the License for
 * the specific language governing permissions and limitations under the
 * License.
 */

package com.javaforge.tapestry.acegi.service.impl;

import java.lang.annotation.Annotation;
import java.lang.reflect.Method;
import java.util.ArrayList;
import java.util.Collection;
import java.util.List;

import com.javaforge.tapestry.acegi.service.SecurityUtils;

import org.apache.commons.logging.Log;
import org.springframework.context.support.MessageSourceAccessor;
import org.springframework.security.access.AccessDecisionManager;
import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.access.SecurityConfig;
import org.springframework.security.access.annotation.Secured;
import org.springframework.security.access.annotation.SecuredAnnotationSecurityMetadataSource;
import org.springframework.security.access.intercept.RunAsManager;
import org.springframework.security.authentication.AuthenticationCredentialsNotFoundException;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.SpringSecurityMessageSource;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.util.Assert;

/**
 * @author James Carman
 */
@SuppressWarnings("unchecked")
public class SecurityUtilsImpl implements SecurityUtils {
    private Log log;
    //----------------------------------------------------------------------------------------------------------------------
    // Fields
    //----------------------------------------------------------------------------------------------------------------------

    protected MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor();
    private AuthenticationManager authenticationManager;
    private RunAsManager runAsManager = new NullRunAsManager();
    private AccessDecisionManager accessDecisionManager;
    private boolean alwaysReauthenticate = false;
    private SecuredAnnotationSecurityMetadataSource metadataSource = new SecuredAnnotationSecurityMetadataSource();
    //----------------------------------------------------------------------------------------------------------------------
    // SecurityUtils Implementation
    //----------------------------------------------------------------------------------------------------------------------

    public void checkSecurity(Object object, Collection<ConfigAttribute> attr) {
        Assert.notNull(object, "Object was null");

        if (attr != null) {
            if (getLog().isDebugEnabled()) {
                getLog().debug("Secure object: " + object.toString() + "; ConfigAttributes: " + attr.toString());
            }

            // We check for just the property we're interested in (we do
            // not call Context.validate() like the ContextInterceptor)
            if (SecurityContextHolder.getContext().getAuthentication() == null) {
                throw new AuthenticationCredentialsNotFoundException(
                        messages.getMessage("AbstractSecurityInterceptor.authenticationNotFound",
                                "An Authentication object was not found in the SecurityContext"));
            }

            // Attempt authentication if not already authenticated, or user always wants reauthentication
            Authentication authenticated;

            SecurityContext ctx = SecurityContextHolder.getContext();

            if (ctx.getAuthentication() == null || !ctx.getAuthentication().isAuthenticated()
                    || alwaysReauthenticate) {
                authenticated = this.authenticationManager
                        .authenticate(SecurityContextHolder.getContext().getAuthentication());

                // We don't authenticated.setAuthentication(true), because each provider should do that
                if (getLog().isDebugEnabled()) {
                    getLog().debug("Successfully Authenticated: " + authenticated.toString());
                }

                SecurityContextHolder.getContext().setAuthentication(authenticated);
            } else {
                authenticated = SecurityContextHolder.getContext().getAuthentication();

                if (getLog().isDebugEnabled()) {
                    getLog().debug("Previously Authenticated: " + authenticated.toString());
                }
            }

            // Attempt authorization
            this.accessDecisionManager.decide(authenticated, object, attr);

            if (getLog().isDebugEnabled()) {
                getLog().debug("Authorization successful");
            }

            // Attempt to run as a different user
            Authentication runAs = this.runAsManager.buildRunAs(authenticated, object, attr);

            if (runAs == null) {
                if (getLog().isDebugEnabled()) {
                    getLog().debug("RunAsManager did not change Authentication object");
                }
            } else {
                if (getLog().isDebugEnabled()) {
                    getLog().debug("Switching to RunAs Authentication: " + runAs.toString());
                }
                SecurityContextHolder.getContext().setAuthentication(runAs);
            }
        } else {
            if (getLog().isDebugEnabled()) {
                getLog().debug("Public object - authentication not attempted");
            }
        }
    }

    public Collection<ConfigAttribute> createConfigAttributeDefinition(Class securedClass) {
        Annotation a = securedClass.getAnnotation(Secured.class);
        String[] attributeTokens = ((Secured) a).value();
        List<ConfigAttribute> attributes = new ArrayList<ConfigAttribute>(attributeTokens.length);

        for (String token : attributeTokens) {
            attributes.add(new SecurityConfig(token));
        }

        return attributes;
    }

    public Collection<ConfigAttribute> createConfigAttributeDefinition(Method securedMethod) {
        return metadataSource.getAttributes(securedMethod, null);
    }

    //----------------------------------------------------------------------------------------------------------------------
    // Getter/Setter Methods
    //----------------------------------------------------------------------------------------------------------------------

    public void setAccessDecisionManager(AccessDecisionManager accessDecisionManager) {
        this.accessDecisionManager = accessDecisionManager;
    }

    public void setAlwaysReauthenticate(boolean alwaysReauthenticate) {
        this.alwaysReauthenticate = alwaysReauthenticate;
    }

    public void setAuthenticationManager(AuthenticationManager authenticationManager) {
        this.authenticationManager = authenticationManager;
    }

    public void setMessages(MessageSourceAccessor messages) {
        this.messages = messages;
    }

    public void setRunAsManager(RunAsManager runAsManager) {
        this.runAsManager = runAsManager;
    }

    //----------------------------------------------------------------------------------------------------------------------
    // Other Methods
    //----------------------------------------------------------------------------------------------------------------------

    public void setLog(Log log) {
        this.log = log;
    }

    public Log getLog() {
        return log;
    }
}