Source Code Cross Referenced for SiteminderAuthenticationProvider.java in  » Security » acegi-security » org » acegisecurity » providers » siteminder » Java Source Code / Java DocumentationJava Source Code and Java Documentation

001:        /* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
002:         *
003:         * Licensed under the Apache License, Version 2.0 (the "License");
004:         * you may not use this file except in compliance with the License.
005:         * You may obtain a copy of the License at
006:         *
007:         *     http://www.apache.org/licenses/LICENSE-2.0
008:         *
009:         * Unless required by applicable law or agreed to in writing, software
010:         * distributed under the License is distributed on an "AS IS" BASIS,
011:         * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
012:         * See the License for the specific language governing permissions and
013:         * limitations under the License.
014:         */
015:
016:        package org.acegisecurity.providers.siteminder;
017:
018:        import org.acegisecurity.AccountExpiredException;
019:        import org.acegisecurity.AuthenticationException;
020:        import org.acegisecurity.AuthenticationServiceException;
021:        import org.acegisecurity.CredentialsExpiredException;
022:        import org.acegisecurity.DisabledException;
023:        import org.acegisecurity.LockedException;
024:        import org.acegisecurity.providers.AuthenticationProvider;
025:        import org.acegisecurity.providers.UsernamePasswordAuthenticationToken;
026:        import org.acegisecurity.providers.dao.AbstractUserDetailsAuthenticationProvider;
027:        import org.acegisecurity.userdetails.UserDetails;
028:        import org.acegisecurity.userdetails.UserDetailsService;
029:        import org.apache.commons.logging.Log;
030:        import org.apache.commons.logging.LogFactory;
031:        import org.springframework.dao.DataAccessException;
032:        import org.springframework.util.Assert;
033:
034:        /**
035:         * An {@link AuthenticationProvider} implementation that retrieves user details from an {@link UserDetailsService}.
036:         *
037:         * @author Scott McCrory
038:         * @version $Id: SiteminderAuthenticationProvider.java 1582 2006-07-15 15:18:51Z smccrory $
039:         */
040:        public class SiteminderAuthenticationProvider extends
041:                AbstractUserDetailsAuthenticationProvider {
042:
043:            /**
044:             * Our logging object
045:             */
046:            private static final Log logger = LogFactory
047:                    .getLog(SiteminderAuthenticationProvider.class);
048:
049:            //~ Instance fields ================================================================================================
050:
051:            /**
052:             * Our user details service (which does the real work of checking the user against a back-end user store).
053:             */
054:            private UserDetailsService userDetailsService;
055:
056:            //~ Methods ========================================================================================================
057:
058:            /**
059:             * @see org.acegisecurity.providers.dao.AbstractUserDetailsAuthenticationProvider#additionalAuthenticationChecks(org.acegisecurity.userdetails.UserDetails, org.acegisecurity.providers.UsernamePasswordAuthenticationToken)
060:             */
061:            protected void additionalAuthenticationChecks(
062:                    final UserDetails user,
063:                    final UsernamePasswordAuthenticationToken authentication)
064:                    throws AuthenticationException {
065:
066:                // No need for password authentication checks - we only expect one identifying string
067:                // from the HTTP Request header (as populated by Siteminder), but we do need to see if
068:                // the user's account is OK to let them in.
069:                if (!user.isEnabled()) {
070:                    throw new DisabledException(
071:                            messages
072:                                    .getMessage(
073:                                            "AbstractUserDetailsAuthenticationProvider.disabled",
074:                                            "Account disabled"));
075:                }
076:
077:                if (!user.isAccountNonExpired()) {
078:                    throw new AccountExpiredException(
079:                            messages
080:                                    .getMessage(
081:                                            "AbstractUserDetailsAuthenticationProvider.expired",
082:                                            "Account expired"));
083:                }
084:
085:                if (!user.isAccountNonLocked()) {
086:                    throw new LockedException(messages.getMessage(
087:                            "AbstractUserDetailsAuthenticationProvider.locked",
088:                            "Account locked"));
089:                }
090:
091:                if (!user.isCredentialsNonExpired()) {
092:                    throw new CredentialsExpiredException(
093:                            messages
094:                                    .getMessage(
095:                                            "AbstractUserDetailsAuthenticationProvider.credentialsExpired",
096:                                            "Credentials expired"));
097:                }
098:
099:            }
100:
101:            /**
102:             * @see org.acegisecurity.providers.dao.AbstractUserDetailsAuthenticationProvider#doAfterPropertiesSet()
103:             */
104:            protected void doAfterPropertiesSet() throws Exception {
105:                Assert.notNull(this .userDetailsService,
106:                        "A UserDetailsService must be set");
107:            }
108:
109:            /**
110:             * Return the user details service.
111:             * @return The user details service.
112:             */
113:            public UserDetailsService getUserDetailsService() {
114:                return userDetailsService;
115:            }
116:
117:            /**
118:             * @see org.acegisecurity.providers.dao.AbstractUserDetailsAuthenticationProvider#retrieveUser(java.lang.String, org.acegisecurity.providers.UsernamePasswordAuthenticationToken)
119:             */
120:            protected final UserDetails retrieveUser(final String username,
121:                    final UsernamePasswordAuthenticationToken authentication)
122:                    throws AuthenticationException {
123:
124:                UserDetails loadedUser;
125:
126:                try {
127:                    loadedUser = this .getUserDetailsService()
128:                            .loadUserByUsername(username);
129:                } catch (DataAccessException repositoryProblem) {
130:                    throw new AuthenticationServiceException(repositoryProblem
131:                            .getMessage(), repositoryProblem);
132:                }
133:
134:                if (loadedUser == null) {
135:                    throw new AuthenticationServiceException(
136:                            "UserDetailsService returned null, which is an interface contract violation");
137:                }
138:
139:                return loadedUser;
140:            }
141:
142:            /**
143:             * Sets the user details service.
144:             * @param userDetailsService The user details service.
145:             */
146:            public void setUserDetailsService(
147:                    final UserDetailsService userDetailsService) {
148:                this.userDetailsService = userDetailsService;
149:            }
150:
151:        }