Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-06-29 15:22:15 +00:00
Code Issues Packages Projects Releases Wiki Activity

First working (kind of) version.

Browse Source
This commit is contained in:
Luke Taylor 2005-03-11 00:39:36 +00:00
parent 740373ad01
commit 5c86b97f37
3 changed files with 33 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
core/src/main/java/org/acegisecurity/providers/x509/X509AuthenticationProvider.java
View File

@ -4,6 +4,7 @@ import net.sf.acegisecurity.providers.AuthenticationProvider;
import net.sf.acegisecurity.Authentication; import net.sf.acegisecurity.Authentication;
import net.sf.acegisecurity.AuthenticationException; import net.sf.acegisecurity.AuthenticationException;
import net.sf.acegisecurity.UserDetails; import net.sf.acegisecurity.UserDetails;
import net.sf.acegisecurity.BadCredentialsException;
import org.springframework.beans.factory.InitializingBean; import org.springframework.beans.factory.InitializingBean;
import org.apache.commons.logging.Log; import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory; import org.apache.commons.logging.LogFactory;
@ -11,6 +12,11 @@ import org.apache.commons.logging.LogFactory;
import java.security.cert.X509Certificate; import java.security.cert.X509Certificate;
/** /**
* Processes an X.509 authentication request.
* <p>
* The request will typically originate from
* {@link net.sf.acegisecurity.ui.x509.X509ProcessingFilter}).
*
* @author Luke Taylor * @author Luke Taylor
*/ */
public class X509AuthenticationProvider implements AuthenticationProvider, public class X509AuthenticationProvider implements AuthenticationProvider,
@ -20,6 +26,7 @@ public class X509AuthenticationProvider implements AuthenticationProvider,
private static final Log logger = LogFactory.getLog(X509AuthenticationProvider.class); private static final Log logger = LogFactory.getLog(X509AuthenticationProvider.class);
//~ Instance fields ======================================================== //~ Instance fields ========================================================
private X509AuthoritiesPopulator x509AuthoritiesPopulator; private X509AuthoritiesPopulator x509AuthoritiesPopulator;
//~ Methods ================================================================ //~ Methods ================================================================
@ -35,10 +42,19 @@ public class X509AuthenticationProvider implements AuthenticationProvider,
} }
/** /**
* If the supplied authentication token contains a certificate then this will be passed
* to the configured {@link X509AuthoritiesPopulator}
* to obtain the user details and authorities for the user identified by the certificate.
* <p>
* If no certificate is present (for example, if the filter is applied to an HttpRequest for which
* client authentication hasn't been configured in the container) then a BadCredentialsException will be raised.
* </p>
* *
* @param authentication * @param authentication the authentication request.
* @return * @return an X509AuthenticationToken containing the authorities of the principal represented by the
* @throws AuthenticationException if the {@link X509AuthoritiesPopulator} rejects the certficate * certificate.
* @throws AuthenticationException if the {@link X509AuthoritiesPopulator} rejects the certficate.
* @throws BadCredentialsException if no certificate was presented in the authentication request.
*/ */
public Authentication authenticate(Authentication authentication) throws AuthenticationException { public Authentication authenticate(Authentication authentication) throws AuthenticationException {
if (!supports(authentication.getClass())) { if (!supports(authentication.getClass())) {
@ -50,8 +66,14 @@ public class X509AuthenticationProvider implements AuthenticationProvider,
X509Certificate clientCertificate = (X509Certificate)authentication.getCredentials(); X509Certificate clientCertificate = (X509Certificate)authentication.getCredentials();
if(clientCertificate == null) {
//logger.debug("Certificate is null. Returning null Authentication.");
throw new BadCredentialsException("Certificate is null.");
}
// TODO: Cache // TODO: Cache
logger.debug("Authenticating with certificate " + clientCertificate);
// Lookup user details for the given certificate // Lookup user details for the given certificate
UserDetails userDetails = x509AuthoritiesPopulator.getUserDetails(clientCertificate); UserDetails userDetails = x509AuthoritiesPopulator.getUserDetails(clientCertificate);

1
core/src/main/java/org/acegisecurity/providers/x509/X509AuthenticationToken.java
View File

@ -3,7 +3,6 @@ package net.sf.acegisecurity.providers.x509;
import net.sf.acegisecurity.providers.AbstractAuthenticationToken; import net.sf.acegisecurity.providers.AbstractAuthenticationToken;
import net.sf.acegisecurity.GrantedAuthority; import net.sf.acegisecurity.GrantedAuthority;
import javax.security.cert.Certificate;
import java.security.cert.X509Certificate; import java.security.cert.X509Certificate;
/** /**

8
core/src/main/java/org/acegisecurity/providers/x509/populator/DaoX509AuthoritiesPopulator.java
View File

@ -21,6 +21,8 @@ import net.sf.acegisecurity.providers.dao.AuthenticationDao;
import net.sf.acegisecurity.providers.x509.X509AuthoritiesPopulator; import net.sf.acegisecurity.providers.x509.X509AuthoritiesPopulator;
import org.springframework.beans.factory.InitializingBean; import org.springframework.beans.factory.InitializingBean;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import java.security.cert.X509Certificate; import java.security.cert.X509Certificate;
@ -33,9 +35,14 @@ import java.security.cert.X509Certificate;
*/ */
public class DaoX509AuthoritiesPopulator implements X509AuthoritiesPopulator, public class DaoX509AuthoritiesPopulator implements X509AuthoritiesPopulator,
InitializingBean { InitializingBean {
//~ Static fields/initializers =============================================
private static final Log logger = LogFactory.getLog(DaoX509AuthoritiesPopulator.class);
//~ Instance fields ======================================================== //~ Instance fields ========================================================
private AuthenticationDao authenticationDao; private AuthenticationDao authenticationDao;
private String userPattern;
//~ Methods ================================================================ //~ Methods ================================================================
@ -49,6 +56,7 @@ public class DaoX509AuthoritiesPopulator implements X509AuthoritiesPopulator,
public UserDetails getUserDetails(X509Certificate clientCert) public UserDetails getUserDetails(X509Certificate clientCert)
throws AuthenticationException { throws AuthenticationException {
logger.debug("Populating authorities for " + clientCert.getSubjectDN().getName());
return this.authenticationDao.loadUserByUsername("marissa"/*clientCert.getSubjectDN().getName()*/); return this.authenticationDao.loadUserByUsername("marissa"/*clientCert.getSubjectDN().getName()*/);
} }