eu.forgestore.ws.util.ShiroBasicAuthInterceptor.java Source code

Java tutorial

  1. HOME
  2. Java
  3. eu.forgestore.ws.util.ShiroBasicAuthInterceptor.java

Introduction

Here is the source code for eu.forgestore.ws.util.ShiroBasicAuthInterceptor.java

Source

/**
 * Copyright 2014 forgestore.eu, University of Patras 
 * 
 * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
 * the License.
 * You may obtain a copy of the License at:
 * 
 * http://www.apache.org/licenses/LICENSE-2.0
 * 
 * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
 * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * 
 * See the License for the specific language governing permissions and limitations under the License.
 */

package eu.forgestore.ws.util;

import java.security.Principal;
import java.util.UUID;
import java.util.logging.Logger;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;

import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.cxf.common.security.SimplePrincipal;
import org.apache.cxf.common.security.UsernameToken;
import org.apache.cxf.configuration.security.AuthorizationPolicy;
import org.apache.cxf.helpers.DOMUtils;
import org.apache.cxf.interceptor.Fault;
import org.apache.cxf.message.Message;
import org.apache.cxf.phase.AbstractPhaseInterceptor;
import org.apache.cxf.phase.Phase;
import org.apache.cxf.security.SecurityContext;
import org.apache.cxf.transport.http.AbstractHTTPDestination;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.mgt.SessionsSecurityManager;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.web.servlet.SimpleCookie;

public class ShiroBasicAuthInterceptor extends AbstractPhaseInterceptor<Message> {
    private static final transient Log logger = LogFactory.getLog(ShiroBasicAuthInterceptor.class.getName());

    private ShiroUTValidator validator;

    public ShiroBasicAuthInterceptor() {
        this(Phase.UNMARSHAL);
    }

    public ShiroBasicAuthInterceptor(String phase) {
        super(phase);
    }

    public void handleMessage(Message message) throws Fault {

        Subject currentUser = SecurityUtils.getSubject();
        if (currentUser != null) {
            logger.info("handleMessage currentUser = " + currentUser.toString());
            logger.info("currentUser.getPrincipal() = " + currentUser.getPrincipal());
            logger.info("SecurityUtils.getSubject().getSession() = " + currentUser.getSession().getId());
            logger.info("currentUser.getSession().getAttribute(  aKey ) = "
                    + currentUser.getSession().getAttribute("aKey"));
            logger.info("message.getId() = " + message.getId());

            // Here We are getting session from Message
            HttpServletRequest request = (HttpServletRequest) message.get(AbstractHTTPDestination.HTTP_REQUEST);
            HttpSession session = request.getSession();

            logger.info("HttpSession session.getId() = " + session.getId());

            if (currentUser.getPrincipal() != null) {
                logger.info("User [" + currentUser.getPrincipal()
                        + "] IS ALREADY logged in successfully. =========================");

                if (currentUser.isAuthenticated()) {
                    logger.info("User [" + currentUser.getPrincipal()
                            + "] IS isAuthenticated and logged in successfully. =========================");
                    return;
                }

                if (currentUser.isRemembered()) {
                    logger.info("User [" + currentUser.getPrincipal()
                            + "] IS REMEMBERED and logged in successfully. =========================");
                    return;
                }
            }
        }

        AuthorizationPolicy policy = message.get(AuthorizationPolicy.class);
        if (policy == null || policy.getUserName() == null || policy.getPassword() == null) {
            String name = null;
            if (policy != null) {
                name = policy.getUserName();
            }
            String error = "No user credentials are available";
            logger.warn(error + " " + "for name: " + name);
            throw new SecurityException(error);
        }

        try {

            UsernameToken token = convertPolicyToToken(policy);

            String s = validator.validate(token);
            //
            // Create a Principal/SecurityContext
            //bale principal apo to validator
            //         Principal p = null;
            //         if (s!=null) {
            //            p = new SimplePrincipal( s );
            //         }
            //
            //         message.put(SecurityContext.class, createSecurityContext(p));
            currentUser.getSession().setAttribute("aKey", UUID.randomUUID().toString());

        } catch (Exception ex) {
            throw new Fault(ex);
        }
    }

    protected UsernameToken convertPolicyToToken(AuthorizationPolicy policy) throws Exception {

        UsernameToken token = new UsernameToken(policy.getUserName(), policy.getPassword(),
                policy.getAuthorizationType(), false, "", "");

        return token;
    }

    protected SecurityContext createSecurityContext(final Principal p) {
        return new SecurityContext() {

            public Principal getUserPrincipal() {
                return p;
            }

            public boolean isUserInRole(String arg0) {
                return false;
            }
        };
    }

    public ShiroUTValidator getValidator() {
        return validator;
    }

    public void setValidator(ShiroUTValidator validator) {
        this.validator = validator;
    }

}