org.wso2.carbon.identity.authenticator.iwa.ui.IWAUIAuthenticator.java Source code

Java tutorial

Introduction

Here is the source code for org.wso2.carbon.identity.authenticator.iwa.ui.IWAUIAuthenticator.java

Source

/*
 *  Copyright (c) 2005-2010, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
 *
 *  WSO2 Inc. licenses this file to you under the Apache License,
 *  Version 2.0 (the "License"); you may not use this file except
 *  in compliance with the License.
 *  You may obtain a copy of the License at
 *
 *    http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing,
 * software distributed under the License is distributed on an
 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 * KIND, either express or implied.  See the License for the
 * specific language governing permissions and limitations
 * under the License.
 */
package org.wso2.carbon.identity.authenticator.iwa.ui;

import org.apache.axis2.AxisFault;
import org.apache.axis2.client.Options;
import org.apache.axis2.client.ServiceClient;
import org.apache.axis2.context.ConfigurationContext;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.neethi.Policy;
import org.apache.rampart.RampartMessageData;
import org.wso2.carbon.CarbonConstants;
import org.wso2.carbon.core.common.AuthenticationException;
import org.wso2.carbon.core.security.AuthenticatorsConfiguration;
import org.wso2.carbon.identity.authenticator.iwa.stub.client.IWAAuthenticatorStub;
import org.wso2.carbon.identity.base.IdentityBaseUtil;
import org.wso2.carbon.identity.base.IdentityException;
import org.wso2.carbon.ui.CarbonUIUtil;
import org.wso2.carbon.ui.DefaultCarbonAuthenticator;

import javax.servlet.ServletContext;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;

public class IWAUIAuthenticator extends DefaultCarbonAuthenticator {

    public static final String NEGOTIATE = "Negotiate";
    public static final String NTLM = "NTLM";
    protected static final Log log = LogFactory.getLog(IWAUIAuthenticator.class);
    private static final int DEFAULT_PRIORITY_LEVEL = 10;
    private static final String AUTHENTICATOR_NAME = "IWAUIAuthenticator";

    /**
     * {@inheritDoc}
     */
    @Override
    public boolean canHandle(HttpServletRequest request) {

        if ((NEGOTIATE.equalsIgnoreCase(request.getAuthType()) || NTLM.equalsIgnoreCase(request.getAuthType()))
                && request.getRemoteUser() != null) {
            if (log.isDebugEnabled()) {
                log.debug("IWA request received for url: " + request.getRequestURL() + " Auth type:"
                        + request.getAuthType());
            }
            return true;
        }
        return false;
    }

    /**
     * {@inheritDoc}
     */
    @Override
    public int getPriority() {

        AuthenticatorsConfiguration authenticatorsConfiguration = AuthenticatorsConfiguration.getInstance();
        AuthenticatorsConfiguration.AuthenticatorConfig authenticatorConfig = authenticatorsConfiguration
                .getAuthenticatorConfig(AUTHENTICATOR_NAME);
        if (authenticatorConfig != null && authenticatorConfig.getPriority() > 0) {
            return authenticatorConfig.getPriority();
        }
        return DEFAULT_PRIORITY_LEVEL;
    }

    /**
     * {@inheritDoc}
     */
    public String getAuthenticatorName() {

        return AUTHENTICATOR_NAME;
    }

    /**
     * {@inheritDoc}
     */
    @Override
    public void authenticate(HttpServletRequest request) throws AuthenticationException {

        String userName = request.getRemoteUser();
        userName = userName.substring(userName.indexOf("\\") + 1);

        if (log.isDebugEnabled()) {
            log.debug(
                    "Authenticate request received : Authtype - " + request.getAuthType() + ", User - " + userName);
        }

        ServletContext servletContext = request.getSession().getServletContext();
        HttpSession session = request.getSession();
        String backendServerURL = request.getParameter("backendURL");
        if (backendServerURL == null) {
            backendServerURL = CarbonUIUtil.getServerURL(servletContext, request.getSession());
        }

        session.setAttribute(CarbonConstants.SERVER_URL, backendServerURL);
        String rememberMe = request.getParameter("rememberMe");

        handleSecurity(userName, (rememberMe != null), request);
        request.setAttribute("username", userName);
    }

    /**
     * {@inheritDoc}
     */
    @Override
    public String doAuthentication(Object credentials, boolean isRememberMe, ServiceClient client,
            HttpServletRequest request) throws AuthenticationException {

        try {

            String user = (String) credentials;

            if (user == null) {
                throw new AuthenticationException("Invalid Credentials.");
            }

            ServletContext servletContext = request.getSession().getServletContext();
            ConfigurationContext configContext = (ConfigurationContext) servletContext
                    .getAttribute(CarbonConstants.CONFIGURATION_CONTEXT);

            if (configContext == null) {
                log.error("Configuration context is null.");
            }

            HttpSession session = request.getSession();
            String backendServerURL = request.getParameter("backendURL");
            if (backendServerURL == null) {
                backendServerURL = CarbonUIUtil.getServerURL(servletContext, request.getSession());
            }

            // Back-end server URL is stored in the session, even if it is an incorrect one. This
            // value will be displayed in the server URL text box. Usability improvement.
            session.setAttribute(CarbonConstants.SERVER_URL, backendServerURL);

            if (getIWAClient(request).login(user, request.getRemoteAddr())) {
                setAdminCookie(session, client, null);
            }

            return user;

        } catch (Exception e) {
            throw new AuthenticationException("System error occured while trying to authenticate the user", e);
        }
    }

    /**
     * {@inheritDoc}
     */
    @Override
    public boolean isDisabled() {

        AuthenticatorsConfiguration authenticatorsConfiguration = AuthenticatorsConfiguration.getInstance();
        AuthenticatorsConfiguration.AuthenticatorConfig authenticatorConfig = authenticatorsConfiguration
                .getAuthenticatorConfig(AUTHENTICATOR_NAME);
        if (authenticatorConfig != null) {
            return authenticatorConfig.isDisabled();
        }
        // By default we keep this disabled.
        return true;
    }

    /**
     * {@inheritDoc}
     */
    protected boolean isAdminCookieSet() {

        return true;
    }

    /**
     * IWA does not need to login page for authentication. It will use the Windows logged in users
     * credentials.
     */
    public boolean skipLoginPage() {

        return true;
    }

    /**
     * @param request
     * @return
     * @throws AxisFault
     */
    private IWAAuthenticatorStub getIWAClient(HttpServletRequest request) throws AxisFault, IdentityException {

        HttpSession session = request.getSession();
        ServletContext servletContext = session.getServletContext();
        String backendServerURL = request.getParameter("backendURL");
        if (backendServerURL == null) {
            backendServerURL = CarbonUIUtil.getServerURL(servletContext, request.getSession());
        }

        ConfigurationContext configContext = (ConfigurationContext) servletContext
                .getAttribute(CarbonConstants.CONFIGURATION_CONTEXT);

        String serviceEPR = backendServerURL + "IWAAuthenticator";
        IWAAuthenticatorStub stub = new IWAAuthenticatorStub(configContext, serviceEPR);
        ServiceClient client = stub._getServiceClient();
        client.engageModule("rampart");
        Policy rampartConfig = IdentityBaseUtil.getDefaultRampartConfig();
        Policy signOnly = IdentityBaseUtil.getSignOnlyPolicy();
        Policy mergedPolicy = signOnly.merge(rampartConfig);
        Options options = client.getOptions();
        options.setProperty(RampartMessageData.KEY_RAMPART_POLICY, mergedPolicy);
        options.setManageSession(true);
        return stub;
    }
}