com.telefonica.euro_iaas.sdc.rest.auth.OpenStackAuthenticationProvider.java Source code

Java tutorial

Introduction

Here is the source code for com.telefonica.euro_iaas.sdc.rest.auth.OpenStackAuthenticationProvider.java

Source

/**
 * Copyright 2014 Telefonica Investigacin y Desarrollo, S.A.U <br>
 * This file is part of FI-WARE project.
 * <p>
 * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
 * the License.
 * </p>
 * <p>
 * You may obtain a copy of the License at:<br>
 * <br>
 * http://www.apache.org/licenses/LICENSE-2.0
 * </p>
 * <p>
 * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
 * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * </p>
 * <p>
 * See the License for the specific language governing permissions and limitations under the License.
 * </p>
 * <p>
 * For those usages not covered by the Apache version 2.0 License please contact with opensource@tid.es
 * </p>
 */

package com.telefonica.euro_iaas.sdc.rest.auth;

import java.util.ArrayList;
import java.util.HashSet;
import java.util.Set;

import javax.xml.namespace.QName;

import org.apache.http.impl.client.DefaultHttpClient;
import org.apache.log4j.Logger;
import org.openstack.docs.identity.api.v2.AuthenticateResponse;
import org.openstack.docs.identity.api.v2.Role;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.GrantedAuthorityImpl;
import org.springframework.security.core.userdetails.UserDetails;

import com.sun.jersey.api.client.Client;
import com.sun.jersey.api.client.UniformInterfaceException;
import com.sun.jersey.api.client.WebResource;
import com.telefonica.euro_iaas.sdc.model.dto.PaasManagerUser;
import com.telefonica.euro_iaas.sdc.util.SystemPropertiesProvider;

/**
 * The Class OpenStackAuthenticationProvider.
 */
public class OpenStackAuthenticationProvider extends AbstractUserDetailsAuthenticationProvider {

    /**
     * The system properties provider.
     */
    private SystemPropertiesProvider systemPropertiesProvider;
    /**
     * The Constant SYSTEM_FIWARE.
     */
    public static final String SYSTEM_FIWARE = "FIWARE";
    /**
     * The Constant SYSTEM_FASTTRACK.
     */
    public static final String SYSTEM_FASTTRACK = "FASTTRACK";
    /**
     * The Constant CODE_401.
     */
    public static final int CODE_401 = 401;
    /**
     * The Constant CODE_403.
     */
    public static final int CODE_403 = 403;
    /**
     * The Constant CODE_404.
     */
    public static final int CODE_404 = 404;
    /**
     * The max number of reintent.
     */
    public static final int MAX_REINTENT = 5;
    /**
     * The log.
     */
    private static Logger log = Logger.getLogger(OpenStackAuthenticationProvider.class);
    /**
     * Thread to recover a valid X-Auth-Token each 24 hour
     */
    OpenStackAuthenticationToken oSAuthToken = null;

    /*
     * (non-Javadoc) @seeorg.springframework.security.authentication.dao. AbstractUserDetailsAuthenticationProvider
     * #additionalAuthenticationChecks( org.springframework.security.core.userdetails.UserDetails, org.springframework
     * .security.authentication.UsernamePasswordAuthenticationToken)
     */
    @Override
    protected void additionalAuthenticationChecks(UserDetails userDetails,
            UsernamePasswordAuthenticationToken authentication) {
    }

    /**
     * Authentication fast track.
     * 
     * @param username
     *            the username
     * @param tenantId
     *            the tenantId
     * @return the open stack user
     */
    private PaasManagerUser authenticationFastTrack(String username, String tenantId) {
        return null;

    }

    /**
     * Authentication fiware.
     * 
     * @param token
     *            the token
     * @param tenantId
     *            the tenantId
     * @return the open stack user
     */
    @SuppressWarnings("deprecation")
    private PaasManagerUser authenticationFiware(String token, String tenantId) {

        String keystoneURL = systemPropertiesProvider.getProperty(SystemPropertiesProvider.KEYSTONE_URL);

        String adminUser = systemPropertiesProvider.getProperty(SystemPropertiesProvider.KEYSTONE_USER);

        String adminPass = systemPropertiesProvider.getProperty(SystemPropertiesProvider.KEYSTONE_PASS);

        String adminTenant = systemPropertiesProvider.getProperty(SystemPropertiesProvider.KEYSTONE_TENANT);

        String thresholdString = systemPropertiesProvider
                .getProperty(SystemPropertiesProvider.VALIDATION_TIME_THRESHOLD);

        DefaultHttpClient httpClient = new DefaultHttpClient();

        if (oSAuthToken == null) {
            ArrayList<Object> params = new ArrayList();

            Long threshold = Long.parseLong(thresholdString);

            params.add(keystoneURL);
            params.add(adminTenant);
            params.add(adminUser);
            params.add(adminPass);
            params.add(httpClient);
            params.add(threshold);

            oSAuthToken = new OpenStackAuthenticationToken(params);
        }

        String[] credential = oSAuthToken.getCredentials();

        log.debug("Keystone URL : " + keystoneURL);
        log.debug("adminToken : " + credential[0]);

        Client client = Client.create();
        WebResource webResource = client.resource(keystoneURL);
        try {

            // Validate user's token
            AuthenticateResponse responseAuth = webResource.path("tokens").path(token)
                    .header("Accept", "application/xml").header("X-Auth-Token", credential[0])
                    .get(AuthenticateResponse.class);

            if (!tenantId.equals(responseAuth.getToken().getTenant().getId())) {
                throw new AuthenticationServiceException("Token " + responseAuth.getToken().getTenant().getId()
                        + " not valid for the tenantId provided:" + tenantId);
            }

            Set<GrantedAuthority> authsSet = new HashSet<GrantedAuthority>();

            if (responseAuth.getUser().getRoles() != null) {
                for (Role role : responseAuth.getUser().getRoles().getRole()) {
                    authsSet.add(new GrantedAuthorityImpl(role.getName()));
                }
            }

            PaasManagerUser user = new PaasManagerUser(
                    responseAuth.getUser().getOtherAttributes().get(new QName("username")), token, authsSet);

            user.setTenantId(tenantId);
            user.setTenantName(responseAuth.getToken().getTenant().getName());
            user.setToken(token);
            return user;

        } catch (UniformInterfaceException e) {
            // this.OSAuthToken.close();
            // this.OSAuthToken = null;

            log.error("response status:" + e.getResponse().getStatus());

            if ((e.getResponse().getStatus() == CODE_401) || (e.getResponse().getStatus() == CODE_403)
                    || (e.getResponse().getStatus() == CODE_404)) {
                throw new BadCredentialsException("Token not valid", e);
            }

            throw new AuthenticationServiceException("Token not valid", e);
        } catch (Exception e) {
            // this.OSAuthToken.close();
            // this.OSAuthToken = null;

            throw new AuthenticationServiceException("unknown problem", e);
        }
    }

    /**
     * Gets the system properties provider.
     * 
     * @return the systemPropertiesProvider
     */
    public final SystemPropertiesProvider getSystemPropertiesProvider() {
        return systemPropertiesProvider;
    }

    /*
     * (non-Javadoc) @seeorg.springframework.security.authentication.dao. AbstractUserDetailsAuthenticationProvider
     * #retrieveUser(java.lang.String, org .springframework.security.authentication.UsernamePasswordAuthenticationToken
     * )
     */
    @Override
    protected final UserDetails retrieveUser(final String username,
            final UsernamePasswordAuthenticationToken authentication) {
        String system = systemPropertiesProvider.getProperty(SystemPropertiesProvider.CLOUD_SYSTEM);

        PaasManagerUser user = null;

        String tenantId = authentication.getCredentials().toString();

        if (SYSTEM_FIWARE.equals(system)) {
            user = authenticationFiware(username, tenantId);
        } else if (SYSTEM_FASTTRACK.equals(system)) {
            user = authenticationFastTrack(username, tenantId);
        }

        return user;
    }

    /**
     * Sets the system properties provider.
     * 
     * @param pSystemPropertiesProvider
     *            the systemPropertiesProvider to set
     */
    public void setSystemPropertiesProvider(SystemPropertiesProvider pSystemPropertiesProvider) {
        this.systemPropertiesProvider = pSystemPropertiesProvider;
    }

}