Java tutorial
/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.sipfoundry.sipxconfig.security; import static org.sipfoundry.commons.security.Util.retrieveDomain; import static org.sipfoundry.commons.security.Util.retrieveUsername; import org.acegisecurity.AuthenticationException; import org.acegisecurity.AuthenticationServiceException; import org.acegisecurity.BadCredentialsException; import org.acegisecurity.providers.AuthenticationProvider; import org.acegisecurity.providers.UsernamePasswordAuthenticationToken; import org.acegisecurity.providers.dao.AbstractUserDetailsAuthenticationProvider; import org.acegisecurity.providers.dao.SaltSource; import org.acegisecurity.providers.encoding.PasswordEncoder; import org.acegisecurity.providers.encoding.PlaintextPasswordEncoder; import org.acegisecurity.userdetails.UserDetails; import org.acegisecurity.userdetails.UserDetailsService; import org.apache.commons.lang.StringUtils; import org.sipfoundry.sipxconfig.bulk.ldap.LdapManager; import org.sipfoundry.sipxconfig.bulk.ldap.LdapSystemSettings; import org.sipfoundry.sipxconfig.common.AbstractUser; import org.springframework.beans.factory.annotation.Required; import org.springframework.dao.DataAccessException; import org.springframework.util.Assert; /** * An {@link AuthenticationProvider} implementation that retrieves user details * from an {@link UserDetailsService}. * * @author Ben Alex * @version $Id: DaoAuthenticationProvider.java 1857 2007-05-24 00:47:12Z * benalex $ * * Code copied from org.acegisecurity.providers.dao.DaoAuthenticationProvider * Sipxconfig custom code marked inside START SIPXECS CUSTOM CODE / END SIPXECS CUSTOM CODE: * if digest auth just compare the received password with the one from db */ public class DaoAuthenticationProvider extends AbstractUserDetailsAuthenticationProvider { // ~ Instance fields // ================================================================================================ private LdapManager m_ldapManager; private PasswordEncoder passwordEncoder = new PlaintextPasswordEncoder(); private SaltSource saltSource; private UserDetailsService userDetailsService; private boolean includeDetailsObject = true; // ~ Methods // ======================================================================================================== @Override protected void additionalAuthenticationChecks(UserDetails userDetails, UsernamePasswordAuthenticationToken authentication) throws AuthenticationException { Object salt = null; if (this.saltSource != null) { salt = this.saltSource.getSalt(userDetails); } if (authentication.getCredentials() == null) { throw new BadCredentialsException(messages .getMessage("AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials"), includeDetailsObject ? userDetails : null); } String presentedPassword = authentication.getCredentials() == null ? "" : authentication.getCredentials().toString(); // START SIPXECS CUSTOM CODE: XX-8253: if digest authentication then just compare user pin token from db // with the one processed by Digest filter if (authentication instanceof DigestUsernamePasswordAuthenticationToken && userDetails.getPassword().equals(presentedPassword)) { return; } // END SIPXECS CUSTOM CODE: XX-8253 if (!passwordEncoder.isPasswordValid(userDetails.getPassword(), presentedPassword, salt)) { throw new BadCredentialsException(messages .getMessage("AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials"), includeDetailsObject ? userDetails : null); } } @Override protected void doAfterPropertiesSet() throws Exception { Assert.notNull(this.userDetailsService, "A UserDetailsService must be set"); } public PasswordEncoder getPasswordEncoder() { return passwordEncoder; } public SaltSource getSaltSource() { return saltSource; } public UserDetailsService getUserDetailsService() { return userDetailsService; } @Override protected final UserDetails retrieveUser(String username, UsernamePasswordAuthenticationToken authentication) throws AuthenticationException { UserDetailsImpl loadedUser; LdapSystemSettings settings = m_ldapManager.getSystemSettings(); if (settings.isConfigured() && settings.isLdapOnly() && !StringUtils.equals(username, AbstractUser.SUPERADMIN)) { throw new AuthenticationServiceException("Only LDAP authentication is permitted"); } String userLoginName = retrieveUsername(username); String domain = retrieveDomain(username); try { loadedUser = (UserDetailsImpl) getUserDetailsService().loadUserByUsername(userLoginName); } catch (DataAccessException repositoryProblem) { throw new AuthenticationServiceException(repositoryProblem.getMessage(), repositoryProblem); } if (loadedUser == null) { throw new AuthenticationServiceException( "UserDetailsService returned null, which is an interface contract violation"); } if (domain != null && !StringUtils.equals(loadedUser.getUserDomain(), domain)) { throw new AuthenticationServiceException("The following domain does not belong to the actual user: " + domain + " in the system - is an interface contract violation"); } return loadedUser; } /** * Sets the PasswordEncoder instance to be used to encode and validate * passwords. If not set, {@link PlaintextPasswordEncoder} will be used by * default. * * @param passwordEncoder The passwordEncoder to use */ public void setPasswordEncoder(PasswordEncoder passwordEncoder) { this.passwordEncoder = passwordEncoder; } /** * The source of salts to use when decoding passwords. <code>null</code> * is a valid value, meaning the <code>DaoAuthenticationProvider</code> * will present <code>null</code> to the relevant * <code>PasswordEncoder</code>. * * @param saltSource to use when attempting to decode passwords via the * <code>PasswordEncoder</code> */ public void setSaltSource(SaltSource saltSource) { this.saltSource = saltSource; } public void setUserDetailsService(UserDetailsService userDetailsService) { this.userDetailsService = userDetailsService; } public boolean isIncludeDetailsObject() { return includeDetailsObject; } public void setIncludeDetailsObject(boolean includeDetailsObject) { this.includeDetailsObject = includeDetailsObject; } @Required public void setLdapManager(LdapManager ldapManager) { m_ldapManager = ldapManager; } }