01: /* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
02: *
03: * Licensed under the Apache License, Version 2.0 (the "License");
04: * you may not use this file except in compliance with the License.
05: * You may obtain a copy of the License at
06: *
07: * http://www.apache.org/licenses/LICENSE-2.0
08: *
09: * Unless required by applicable law or agreed to in writing, software
10: * distributed under the License is distributed on an "AS IS" BASIS,
11: * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12: * See the License for the specific language governing permissions and
13: * limitations under the License.
14: */
15:
16: package org.acegisecurity.providers.rememberme;
17:
18: import org.acegisecurity.AcegiMessageSource;
19: import org.acegisecurity.Authentication;
20: import org.acegisecurity.AuthenticationException;
21: import org.acegisecurity.BadCredentialsException;
22:
23: import org.acegisecurity.providers.AuthenticationProvider;
24:
25: import org.apache.commons.logging.Log;
26: import org.apache.commons.logging.LogFactory;
27:
28: import org.springframework.beans.factory.InitializingBean;
29:
30: import org.springframework.context.MessageSource;
31: import org.springframework.context.MessageSourceAware;
32: import org.springframework.context.support.MessageSourceAccessor;
33:
34: import org.springframework.util.Assert;
35:
36: /**
37: * An {@link AuthenticationProvider} implementation that validates {@link
38: * org.acegisecurity.providers.rememberme.RememberMeAuthenticationToken}s.<p>To be successfully validated, the
39: * {@link org.acegisecurity.providers.rememberme.RememberMeAuthenticationToken#getKeyHash()} must match this class'
40: * {@link #getKey()}.</p>
41: */
42: public class RememberMeAuthenticationProvider implements
43: AuthenticationProvider, InitializingBean, MessageSourceAware {
44: //~ Static fields/initializers =====================================================================================
45:
46: private static final Log logger = LogFactory
47: .getLog(RememberMeAuthenticationProvider.class);
48:
49: //~ Instance fields ================================================================================================
50:
51: protected MessageSourceAccessor messages = AcegiMessageSource
52: .getAccessor();
53: private String key;
54:
55: //~ Methods ========================================================================================================
56:
57: public void afterPropertiesSet() throws Exception {
58: Assert.hasLength(key);
59: Assert.notNull(this .messages, "A message source must be set");
60: }
61:
62: public Authentication authenticate(Authentication authentication)
63: throws AuthenticationException {
64: if (!supports(authentication.getClass())) {
65: return null;
66: }
67:
68: if (this .key.hashCode() != ((RememberMeAuthenticationToken) authentication)
69: .getKeyHash()) {
70: throw new BadCredentialsException(
71: messages
72: .getMessage(
73: "RememberMeAuthenticationProvider.incorrectKey",
74: "The presented RememberMeAuthenticationToken does not contain the expected key"));
75: }
76:
77: return authentication;
78: }
79:
80: public String getKey() {
81: return key;
82: }
83:
84: public void setKey(String key) {
85: this .key = key;
86: }
87:
88: public void setMessageSource(MessageSource messageSource) {
89: this .messages = new MessageSourceAccessor(messageSource);
90: }
91:
92: public boolean supports(Class authentication) {
93: return (RememberMeAuthenticationToken.class
94: .isAssignableFrom(authentication));
95: }
96: }
|