From 5c86b97f372301d8cfe26f6ec4fedc5e42976191 Mon Sep 17 00:00:00 2001 From: Luke Taylor Date: Fri, 11 Mar 2005 00:39:36 +0000 Subject: [PATCH] First working (kind of) version. --- .../x509/X509AuthenticationProvider.java | 28 +++++++++++++++++-- .../x509/X509AuthenticationToken.java | 1 - .../DaoX509AuthoritiesPopulator.java | 8 ++++++ 3 files changed, 33 insertions(+), 4 deletions(-) diff --git a/core/src/main/java/org/acegisecurity/providers/x509/X509AuthenticationProvider.java b/core/src/main/java/org/acegisecurity/providers/x509/X509AuthenticationProvider.java index bc0574227f..806e676141 100644 --- a/core/src/main/java/org/acegisecurity/providers/x509/X509AuthenticationProvider.java +++ b/core/src/main/java/org/acegisecurity/providers/x509/X509AuthenticationProvider.java @@ -4,6 +4,7 @@ import net.sf.acegisecurity.providers.AuthenticationProvider; import net.sf.acegisecurity.Authentication; import net.sf.acegisecurity.AuthenticationException; import net.sf.acegisecurity.UserDetails; +import net.sf.acegisecurity.BadCredentialsException; import org.springframework.beans.factory.InitializingBean; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; @@ -11,6 +12,11 @@ import org.apache.commons.logging.LogFactory; import java.security.cert.X509Certificate; /** + * Processes an X.509 authentication request. + *

+ * The request will typically originate from + * {@link net.sf.acegisecurity.ui.x509.X509ProcessingFilter}). + * * @author Luke Taylor */ public class X509AuthenticationProvider implements AuthenticationProvider, @@ -20,6 +26,7 @@ public class X509AuthenticationProvider implements AuthenticationProvider, private static final Log logger = LogFactory.getLog(X509AuthenticationProvider.class); //~ Instance fields ======================================================== + private X509AuthoritiesPopulator x509AuthoritiesPopulator; //~ Methods ================================================================ @@ -35,10 +42,19 @@ public class X509AuthenticationProvider implements AuthenticationProvider, } /** + * If the supplied authentication token contains a certificate then this will be passed + * to the configured {@link X509AuthoritiesPopulator} + * to obtain the user details and authorities for the user identified by the certificate. + *

+ * If no certificate is present (for example, if the filter is applied to an HttpRequest for which + * client authentication hasn't been configured in the container) then a BadCredentialsException will be raised. + *

* - * @param authentication - * @return - * @throws AuthenticationException if the {@link X509AuthoritiesPopulator} rejects the certficate + * @param authentication the authentication request. + * @return an X509AuthenticationToken containing the authorities of the principal represented by the + * certificate. + * @throws AuthenticationException if the {@link X509AuthoritiesPopulator} rejects the certficate. + * @throws BadCredentialsException if no certificate was presented in the authentication request. */ public Authentication authenticate(Authentication authentication) throws AuthenticationException { if (!supports(authentication.getClass())) { @@ -50,8 +66,14 @@ public class X509AuthenticationProvider implements AuthenticationProvider, X509Certificate clientCertificate = (X509Certificate)authentication.getCredentials(); + if(clientCertificate == null) { + //logger.debug("Certificate is null. Returning null Authentication."); + throw new BadCredentialsException("Certificate is null."); + } + // TODO: Cache + logger.debug("Authenticating with certificate " + clientCertificate); // Lookup user details for the given certificate UserDetails userDetails = x509AuthoritiesPopulator.getUserDetails(clientCertificate); diff --git a/core/src/main/java/org/acegisecurity/providers/x509/X509AuthenticationToken.java b/core/src/main/java/org/acegisecurity/providers/x509/X509AuthenticationToken.java index 795e021bc2..7c3334efd7 100644 --- a/core/src/main/java/org/acegisecurity/providers/x509/X509AuthenticationToken.java +++ b/core/src/main/java/org/acegisecurity/providers/x509/X509AuthenticationToken.java @@ -3,7 +3,6 @@ package net.sf.acegisecurity.providers.x509; import net.sf.acegisecurity.providers.AbstractAuthenticationToken; import net.sf.acegisecurity.GrantedAuthority; -import javax.security.cert.Certificate; import java.security.cert.X509Certificate; /** diff --git a/core/src/main/java/org/acegisecurity/providers/x509/populator/DaoX509AuthoritiesPopulator.java b/core/src/main/java/org/acegisecurity/providers/x509/populator/DaoX509AuthoritiesPopulator.java index 9e50740a10..5dc82e3ac5 100644 --- a/core/src/main/java/org/acegisecurity/providers/x509/populator/DaoX509AuthoritiesPopulator.java +++ b/core/src/main/java/org/acegisecurity/providers/x509/populator/DaoX509AuthoritiesPopulator.java @@ -21,6 +21,8 @@ import net.sf.acegisecurity.providers.dao.AuthenticationDao; import net.sf.acegisecurity.providers.x509.X509AuthoritiesPopulator; import org.springframework.beans.factory.InitializingBean; +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; import java.security.cert.X509Certificate; @@ -33,9 +35,14 @@ import java.security.cert.X509Certificate; */ public class DaoX509AuthoritiesPopulator implements X509AuthoritiesPopulator, InitializingBean { + //~ Static fields/initializers ============================================= + + private static final Log logger = LogFactory.getLog(DaoX509AuthoritiesPopulator.class); + //~ Instance fields ======================================================== private AuthenticationDao authenticationDao; + private String userPattern; //~ Methods ================================================================ @@ -49,6 +56,7 @@ public class DaoX509AuthoritiesPopulator implements X509AuthoritiesPopulator, public UserDetails getUserDetails(X509Certificate clientCert) throws AuthenticationException { + logger.debug("Populating authorities for " + clientCert.getSubjectDN().getName()); return this.authenticationDao.loadUserByUsername("marissa"/*clientCert.getSubjectDN().getName()*/); }