001: /* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
002: *
003: * Licensed under the Apache License, Version 2.0 (the "License");
004: * you may not use this file except in compliance with the License.
005: * You may obtain a copy of the License at
006: *
007: * http://www.apache.org/licenses/LICENSE-2.0
008: *
009: * Unless required by applicable law or agreed to in writing, software
010: * distributed under the License is distributed on an "AS IS" BASIS,
011: * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
012: * See the License for the specific language governing permissions and
013: * limitations under the License.
014: */
015:
016: package org.acegisecurity.providers.x509.populator;
017:
018: import org.acegisecurity.AcegiMessageSource;
019: import org.acegisecurity.AuthenticationException;
020: import org.acegisecurity.BadCredentialsException;
021: import org.acegisecurity.AuthenticationServiceException;
022:
023: import org.acegisecurity.providers.x509.X509AuthoritiesPopulator;
024:
025: import org.acegisecurity.userdetails.UserDetails;
026: import org.acegisecurity.userdetails.UserDetailsService;
027:
028: import org.apache.commons.logging.Log;
029: import org.apache.commons.logging.LogFactory;
030:
031: import org.apache.oro.text.regex.MalformedPatternException;
032: import org.apache.oro.text.regex.MatchResult;
033: import org.apache.oro.text.regex.Pattern;
034: import org.apache.oro.text.regex.PatternMatcher;
035: import org.apache.oro.text.regex.Perl5Compiler;
036: import org.apache.oro.text.regex.Perl5Matcher;
037:
038: import org.springframework.beans.factory.InitializingBean;
039:
040: import org.springframework.context.MessageSource;
041: import org.springframework.context.MessageSourceAware;
042: import org.springframework.context.support.MessageSourceAccessor;
043:
044: import org.springframework.util.Assert;
045:
046: import java.security.cert.X509Certificate;
047:
048: /**
049: * Populates the X509 authorities via an {@link org.acegisecurity.userdetails.UserDetailsService}.
050: *
051: * @author Luke Taylor
052: * @version $Id: DaoX509AuthoritiesPopulator.java 1994 2007-08-30 20:55:49Z luke_t $
053: */
054: public class DaoX509AuthoritiesPopulator implements
055: X509AuthoritiesPopulator, InitializingBean, MessageSourceAware {
056: //~ Static fields/initializers =====================================================================================
057:
058: private static final Log logger = LogFactory
059: .getLog(DaoX509AuthoritiesPopulator.class);
060:
061: //~ Instance fields ================================================================================================
062:
063: protected MessageSourceAccessor messages = AcegiMessageSource
064: .getAccessor();
065: private Pattern subjectDNPattern;
066: private String subjectDNRegex = "CN=(.*?),";
067: private UserDetailsService userDetailsService;
068:
069: //~ Methods ========================================================================================================
070:
071: public void afterPropertiesSet() throws Exception {
072: Assert.notNull(userDetailsService,
073: "An authenticationDao must be set");
074: Assert.notNull(this .messages, "A message source must be set");
075:
076: Perl5Compiler compiler = new Perl5Compiler();
077:
078: try {
079: subjectDNPattern = compiler.compile(subjectDNRegex,
080: Perl5Compiler.READ_ONLY_MASK
081: | Perl5Compiler.CASE_INSENSITIVE_MASK);
082: } catch (MalformedPatternException mpe) {
083: throw new IllegalArgumentException(
084: "Malformed regular expression: " + subjectDNRegex);
085: }
086: }
087:
088: public UserDetails getUserDetails(X509Certificate clientCert)
089: throws AuthenticationException {
090: String subjectDN = clientCert.getSubjectDN().getName();
091: PatternMatcher matcher = new Perl5Matcher();
092:
093: if (!matcher.contains(subjectDN, subjectDNPattern)) {
094: throw new BadCredentialsException(messages.getMessage(
095: "DaoX509AuthoritiesPopulator.noMatching",
096: new Object[] { subjectDN },
097: "No matching pattern was found in subjectDN: {0}"));
098: }
099:
100: MatchResult match = matcher.getMatch();
101:
102: if (match.groups() != 2) { // 2 = 1 + the entire match
103: throw new IllegalArgumentException(
104: "Regular expression must contain a single group ");
105: }
106:
107: String userName = match.group(1);
108:
109: UserDetails user = this .userDetailsService
110: .loadUserByUsername(userName);
111:
112: if (user == null) {
113: throw new AuthenticationServiceException(
114: "UserDetailsService returned null, which is an interface contract violation");
115: }
116:
117: return user;
118: }
119:
120: public void setMessageSource(MessageSource messageSource) {
121: this .messages = new MessageSourceAccessor(messageSource);
122: }
123:
124: /**
125: * Sets the regular expression which will by used to extract the user name from the certificate's Subject
126: * DN.
127: * <p>It should contain a single group; for example the default expression "CN=(.?)," matches the common
128: * name field. So "CN=Jimi Hendrix, OU=..." will give a user name of "Jimi Hendrix".</p>
129: * <p>The matches are case insensitive. So "emailAddress=(.?)," will match "EMAILADDRESS=jimi@hendrix.org,
130: * CN=..." giving a user name "jimi@hendrix.org"</p>
131: *
132: * @param subjectDNRegex the regular expression to find in the subject
133: */
134: public void setSubjectDNRegex(String subjectDNRegex) {
135: this .subjectDNRegex = subjectDNRegex;
136: }
137:
138: public void setUserDetailsService(
139: UserDetailsService userDetailsService) {
140: this.userDetailsService = userDetailsService;
141: }
142: }
|