org.acegisecurity.providers.ProviderManager Maven / Gradle / Ivy
/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.acegisecurity.providers;
import org.acegisecurity.AbstractAuthenticationManager;
import org.acegisecurity.AccountExpiredException;
import org.acegisecurity.AcegiMessageSource;
import org.acegisecurity.Authentication;
import org.acegisecurity.AuthenticationException;
import org.acegisecurity.AuthenticationServiceException;
import org.acegisecurity.BadCredentialsException;
import org.acegisecurity.CredentialsExpiredException;
import org.acegisecurity.DisabledException;
import org.acegisecurity.LockedException;
import org.acegisecurity.concurrent.ConcurrentLoginException;
import org.acegisecurity.concurrent.ConcurrentSessionController;
import org.acegisecurity.concurrent.NullConcurrentSessionController;
import org.acegisecurity.event.authentication.AbstractAuthenticationEvent;
import org.acegisecurity.event.authentication.AuthenticationFailureBadCredentialsEvent;
import org.acegisecurity.event.authentication.AuthenticationFailureConcurrentLoginEvent;
import org.acegisecurity.event.authentication.AuthenticationFailureCredentialsExpiredEvent;
import org.acegisecurity.event.authentication.AuthenticationFailureDisabledEvent;
import org.acegisecurity.event.authentication.AuthenticationFailureExpiredEvent;
import org.acegisecurity.event.authentication.AuthenticationFailureLockedEvent;
import org.acegisecurity.event.authentication.AuthenticationFailureProviderNotFoundEvent;
import org.acegisecurity.event.authentication.AuthenticationFailureProxyUntrustedEvent;
import org.acegisecurity.event.authentication.AuthenticationFailureServiceExceptionEvent;
import org.acegisecurity.event.authentication.AuthenticationSuccessEvent;
import org.acegisecurity.providers.cas.ProxyUntrustedException;
import org.acegisecurity.userdetails.UsernameNotFoundException;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.context.ApplicationEvent;
import org.springframework.context.ApplicationEventPublisher;
import org.springframework.context.ApplicationEventPublisherAware;
import org.springframework.context.MessageSource;
import org.springframework.context.MessageSourceAware;
import org.springframework.context.support.MessageSourceAccessor;
import org.springframework.util.Assert;
import java.lang.reflect.Constructor;
import java.lang.reflect.InvocationTargetException;
import java.util.Iterator;
import java.util.List;
import java.util.Properties;
/**
* Iterates an {@link Authentication} request through a list of {@link AuthenticationProvider}s.
*
* Can optionally be configured with a {@link ConcurrentSessionController} to limit the number of sessions a user can
* have.
*
* AuthenticationProvider
s are tried in order until one provides a non-null response.
* A non-null response indicates the provider had authority to decide on the authentication request and no further
* providers are tried. If an AuthenticationException
is thrown by a provider, it is retained until
* subsequent providers are tried. If a subsequent provider successfully authenticates the request, the earlier
* authentication exception is disregarded and the successful authentication will be used. If no subsequent provider
* provides a non-null response, or a new AuthenticationException
, the last
* AuthenticationException
received will be used. If no provider returns a non-null response, or indicates
* it can even process an Authentication
, the ProviderManager
will throw a
* ProviderNotFoundException
.
*
* If a valid Authentication
is returned by an AuthenticationProvider
, the
* ProviderManager
will publish an {@link
* org.acegisecurity.event.authentication.AuthenticationSuccessEvent}. If an AuthenticationException
is
* detected, the final AuthenticationException
thrown will be used to publish an appropriate failure
* event. By default ProviderManager
maps common exceptions to events, but this can be fine-tuned by
* providing a new exceptionMappings
java.util.Properties
object. In the properties object,
* each of the keys represent the fully qualified classname of the exception, and each of the values represent the
* name of an event class which subclasses {@link
* org.acegisecurity.event.authentication.AbstractAuthenticationFailureEvent} and provides its constructor.
*
* @see ConcurrentSessionController
*/
public class ProviderManager extends AbstractAuthenticationManager implements InitializingBean,
ApplicationEventPublisherAware, MessageSourceAware {
//~ Static fields/initializers =====================================================================================
private static final Log logger = LogFactory.getLog(ProviderManager.class);
private static final Properties DEFAULT_EXCEPTION_MAPPINGS = new Properties();
//~ Instance fields ================================================================================================
private ApplicationEventPublisher applicationEventPublisher;
private ConcurrentSessionController sessionController = new NullConcurrentSessionController();
private List providers;
protected MessageSourceAccessor messages = AcegiMessageSource.getAccessor();
private Properties exceptionMappings = new Properties();
private Properties additionalExceptionMappings = new Properties();
static {
DEFAULT_EXCEPTION_MAPPINGS.put(AccountExpiredException.class.getName(),
AuthenticationFailureExpiredEvent.class.getName());
DEFAULT_EXCEPTION_MAPPINGS.put(AuthenticationServiceException.class.getName(),
AuthenticationFailureServiceExceptionEvent.class.getName());
DEFAULT_EXCEPTION_MAPPINGS.put(LockedException.class.getName(),
AuthenticationFailureLockedEvent.class.getName());
DEFAULT_EXCEPTION_MAPPINGS.put(CredentialsExpiredException.class.getName(),
AuthenticationFailureCredentialsExpiredEvent.class.getName());
DEFAULT_EXCEPTION_MAPPINGS.put(DisabledException.class.getName(),
AuthenticationFailureDisabledEvent.class.getName());
DEFAULT_EXCEPTION_MAPPINGS.put(BadCredentialsException.class.getName(),
AuthenticationFailureBadCredentialsEvent.class.getName());
DEFAULT_EXCEPTION_MAPPINGS.put(UsernameNotFoundException.class.getName(),
AuthenticationFailureBadCredentialsEvent.class.getName());
DEFAULT_EXCEPTION_MAPPINGS.put(ConcurrentLoginException.class.getName(),
AuthenticationFailureConcurrentLoginEvent.class.getName());
DEFAULT_EXCEPTION_MAPPINGS.put(ProviderNotFoundException.class.getName(),
AuthenticationFailureProviderNotFoundEvent.class.getName());
DEFAULT_EXCEPTION_MAPPINGS.put(ProxyUntrustedException.class.getName(),
AuthenticationFailureProxyUntrustedEvent.class.getName());
}
public ProviderManager() {
exceptionMappings.putAll(DEFAULT_EXCEPTION_MAPPINGS);
}
//~ Methods ========================================================================================================
public void afterPropertiesSet() throws Exception {
checkIfValidList(this.providers);
Assert.notNull(this.messages, "A message source must be set");
exceptionMappings.putAll(additionalExceptionMappings);
doAddExtraDefaultExceptionMappings(exceptionMappings);
}
private void checkIfValidList(List listToCheck) {
if ((listToCheck == null) || (listToCheck.size() == 0)) {
throw new IllegalArgumentException("A list of AuthenticationManagers is required");
}
}
/**
* Provided so subclasses can add extra exception mappings during startup if no exception mappings are
* injected by the IoC container.
*
* @param exceptionMappings the properties object, which already has entries in it
* @deprecated This method has been removed from the 2.0 series; please use the
* {@link #additionalExceptionMappings} property instead to inject additional exception
* to event mappings
*/
protected void doAddExtraDefaultExceptionMappings(Properties exceptionMappings) {}
/**
* Attempts to authenticate the passed {@link Authentication} object.The list of {@link
* AuthenticationProvider}s will be successively tried until an AuthenticationProvider
indicates it
* is capable of authenticating the type of Authentication
object passed. Authentication will then
* be attempted with that AuthenticationProvider
.
* If more than one AuthenticationProvider
supports the passed Authentication
* object, only the first AuthenticationProvider
tried will determine the result. No subsequent
* AuthenticationProvider
s will be tried.
*
* @param authentication the authentication request object.
*
* @return a fully authenticated object including credentials.
*
* @throws AuthenticationException if authentication fails.
*/
public Authentication doAuthentication(Authentication authentication)
throws AuthenticationException {
Iterator iter = providers.iterator();
Class toTest = authentication.getClass();
AuthenticationException lastException = null;
while (iter.hasNext()) {
AuthenticationProvider provider = (AuthenticationProvider) iter.next();
if (provider.supports(toTest)) {
logger.debug("Authentication attempt using " + provider.getClass().getName());
Authentication result = null;
try {
result = provider.authenticate(authentication);
copyDetails(authentication, result);
sessionController.checkAuthenticationAllowed(result);
} catch (AuthenticationException ae) {
lastException = ae;
result = null;
}
if (result != null) {
sessionController.registerSuccessfulAuthentication(result);
publishEvent(new AuthenticationSuccessEvent(result));
return result;
}
}
}
if (lastException == null) {
lastException = new ProviderNotFoundException(messages.getMessage("ProviderManager.providerNotFound",
new Object[] {toTest.getName()}, "No AuthenticationProvider found for {0}"));
}
// Publish the event
String className = exceptionMappings.getProperty(lastException.getClass().getName());
AbstractAuthenticationEvent event = null;
if (className != null) {
try {
Class clazz = getClass().getClassLoader().loadClass(className);
Constructor constructor = clazz.getConstructor(new Class[] {
Authentication.class, AuthenticationException.class
});
Object obj = constructor.newInstance(new Object[] {authentication, lastException});
Assert.isInstanceOf(AbstractAuthenticationEvent.class, obj, "Must be an AbstractAuthenticationEvent");
event = (AbstractAuthenticationEvent) obj;
} catch (ClassNotFoundException ignored) {}
catch (NoSuchMethodException ignored) {}
catch (IllegalAccessException ignored) {}
catch (InstantiationException ignored) {}
catch (InvocationTargetException ignored) {}
}
if (event != null) {
publishEvent(event);
} else {
if (logger.isDebugEnabled()) {
logger.debug("No event was found for the exception " + lastException.getClass().getName());
}
}
// Throw the exception
throw lastException;
}
/**
* Copies the authentication details from a source Authentication object to a destination one, provided the
* latter does not already have one set.
*
* @param source source authentication
* @param dest the destination authentication object
*/
private void copyDetails(Authentication source, Authentication dest) {
if ((dest instanceof AbstractAuthenticationToken) && (dest.getDetails() == null)) {
AbstractAuthenticationToken token = (AbstractAuthenticationToken) dest;
token.setDetails(source.getDetails());
}
}
public List getProviders() {
return this.providers;
}
/**
* The configured {@link ConcurrentSessionController} is returned or the {@link
* NullConcurrentSessionController} if a specific one has not been set.
*
* @return {@link ConcurrentSessionController} instance
*/
public ConcurrentSessionController getSessionController() {
return sessionController;
}
public void setApplicationEventPublisher(ApplicationEventPublisher applicationEventPublisher) {
this.applicationEventPublisher = applicationEventPublisher;
}
public void setMessageSource(MessageSource messageSource) {
this.messages = new MessageSourceAccessor(messageSource);
}
/**
* Sets the {@link AuthenticationProvider} objects to be used for authentication.
*
* @param newList
*
* @throws IllegalArgumentException DOCUMENT ME!
*/
public void setProviders(List newList) {
checkIfValidList(newList);
Iterator iter = newList.iterator();
while (iter.hasNext()) {
Object currentObject = iter.next();
Assert.isInstanceOf(AuthenticationProvider.class, currentObject,
"Can only provide AuthenticationProvider instances");
}
this.providers = newList;
}
/**
* Set the {@link ConcurrentSessionController} to be used for limiting user's sessions. The {@link
* NullConcurrentSessionController} is used by default
*
* @param sessionController {@link ConcurrentSessionController}
*/
public void setSessionController(ConcurrentSessionController sessionController) {
this.sessionController = sessionController;
}
private void publishEvent(ApplicationEvent event) {
if (applicationEventPublisher != null) {
applicationEventPublisher.publishEvent(event);
}
}
/**
* Sets additional exception to event mappings. These are automatically merged with the default
* exception to event mappings that ProviderManager
defines.
*
* @param additionalExceptionMappings where keys are the fully-qualified string name of the
* exception class and the values are the fully-qualified string name of the event class to fire
*/
public void setAdditionalExceptionMappings(
Properties additionalExceptionMappings) {
this.additionalExceptionMappings = additionalExceptionMappings;
}
}