Initial commit.

core/src/main/java/org/acegisecurity/ui/httpinvoker/AuthenticationSimpleHttpInvokerRequestExecutor.java

@@ -0,0 +1,103 @@
+/* Copyright 2004 Acegi Technology Pty Limited
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package net.sf.acegisecurity.ui.httpinvoker;
+
+import net.sf.acegisecurity.Authentication;
+import net.sf.acegisecurity.AuthenticationCredentialsNotFoundException;
+import net.sf.acegisecurity.context.ContextHolder;
+import net.sf.acegisecurity.context.SecureContext;
+
+import org.apache.commons.codec.binary.Base64;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+import org.springframework.remoting.httpinvoker.SimpleHttpInvokerRequestExecutor;
+
+import java.io.IOException;
+
+import java.net.HttpURLConnection;
+
+
+/**
+ * Adds BASIC authentication support to
+ * <code>SimpleHttpInvokerRequestExecutor</code>.
+ *
+ * @author Ben Alex
+ * @version $Id$
+ */
+public class AuthenticationSimpleHttpInvokerRequestExecutor
+    extends SimpleHttpInvokerRequestExecutor {
+    //~ Static fields/initializers =============================================
+
+    private static final Log logger = LogFactory.getLog(AuthenticationSimpleHttpInvokerRequestExecutor.class);
+
+    //~ Methods ================================================================
+
+    /**
+     * Called every time a HTTP invocation is made.
+     * 
+     * <P>
+     * Simply allows the parent to setup the connection, and then adds an
+     * <code>Authorization</code> HTTP header property that will be used for
+     * BASIC authentication.
+     * </p>
+     * 
+     * <P>
+     * The <code>ContextHolder</code> is used to obtain the relevant principal
+     * and credentials.
+     * </p>
+     *
+     * @param con the HTTP connection to prepare
+     * @param contentLength the length of the content to send
+     *
+     * @throws IOException if thrown by HttpURLConnection methods
+     * @throws AuthenticationCredentialsNotFoundException if the
+     *         <code>ContextHolder</code> does not contain a valid
+     *         <code>Authentication</code> with both its
+     *         <code>principal</code> and <code>credentials</code> not
+     *         <code>null</code>
+     */
+    protected void prepareConnection(HttpURLConnection con, int contentLength)
+        throws IOException, AuthenticationCredentialsNotFoundException {
+        super.prepareConnection(con, contentLength);
+
+        if ((ContextHolder.getContext() == null)
+            || !(ContextHolder.getContext() instanceof SecureContext)) {
+            throw new AuthenticationCredentialsNotFoundException(
+                "ContextHolder is null or does not contain a SecureContext");
+        }
+
+        Authentication auth = ((SecureContext) ContextHolder.getContext())
+            .getAuthentication();
+
+        if ((auth == null) || (auth.getPrincipal() == null)
+            || (auth.getCredentials() == null)) {
+            throw new AuthenticationCredentialsNotFoundException(
+                "The Authentication contained in the ContextHolder is null or the principal and/or credentials properties are null");
+        }
+
+        String base64 = auth.getPrincipal().toString() + ":"
+            + auth.getCredentials().toString();
+        con.setRequestProperty("Authorization",
+            "Basic " + new String(Base64.encodeBase64(base64.getBytes())));
+
+        if (logger.isDebugEnabled()) {
+            logger.debug(
+                "HttpInvocation now presenting via BASIC authentication ContextHolder-derived: "
+                + auth.toString());
+        }
+    }
+}

core/src/main/java/org/acegisecurity/ui/httpinvoker/package.html

@@ -0,0 +1,21 @@
+<html>
+<body>
+Enables use of Spring's <code>HttpInvoker</code> extension points to 
+present the <code>principal</code> and <code>credentials</code> located
+in the <code>ContextHolder</code> via BASIC authentication.
+
+<P>The beans are wired as follows:
+
+<P>
+<code>
+&lt;bean id="test" class="org.springframework.remoting.httpinvoker.HttpInvokerProxyFactoryBean"&gt;<BR>
+   &lt;property name="serviceUrl"&gt;&lt;value&gt;http://localhost/Test&lt;/value&gt;&lt;/property&gt;<BR>
+   &lt;property name="serviceInterface"&gt;&lt;value&gt;test.TargetInterface&lt;/value&gt;&lt;/property&gt;<BR>
+   &lt;property name="httpInvokerRequestExecutor"&gt;&lt;ref bean="httpInvokerRequestExecutor"/&gt;&lt;/property&gt;<BR>
+&lt;/bean&gt;<BR>
+<BR>
+&lt;bean id="httpInvokerRequestExecutor" class="net.sf.acegisecurity.ui.httpinvoker.AuthenticationSimpleHttpInvokerRequestExecutor"/&gt;<BR>
+</code>
+
+</body>
+</html>