OneTimeTokenAuthenticationProvider.java example

Explorer
abiquo-master
/**
 * Abiquo community edition
 * cloud management application for hybrid clouds
 * Copyright (C) 2008-2010 - Abiquo Holdings S.L.
 *
 * This application is free software; you can redistribute it and/or
 * modify it under the terms of the GNU LESSER GENERAL PUBLIC
 * LICENSE as published by the Free Software Foundation under
 * version 3 of the License
 *
 * This software is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * LESSER GENERAL PUBLIC LICENSE v.3 for more details.
 *
 * You should have received a copy of the GNU Lesser General Public
 * License along with this library; if not, write to the
 * Free Software Foundation, Inc., 59 Temple Place - Suite 330,
 * Boston, MA 02111-1307, USA.
 */

package com.abiquo.api.spring.security.onetimetoken.provider;

import org.springframework.beans.factory.InitializingBean;
import org.springframework.security.Authentication;
import org.springframework.security.AuthenticationException;
import org.springframework.security.BadCredentialsException;
import org.springframework.security.GrantedAuthority;
import org.springframework.security.GrantedAuthorityImpl;
import org.springframework.security.providers.AuthenticationProvider;
import org.springframework.util.Assert;

import com.abiquo.api.spring.security.AbiquoUserDetails;
import com.abiquo.api.spring.security.onetimetoken.service.OneTimeTokenDetailsService;
import com.abiquo.api.spring.security.onetimetoken.token.OneTimeTokenToken;

public class OneTimeTokenAuthenticationProvider implements InitializingBean, AuthenticationProvider
{
    /** The role granted to one-time authentication requests. */
    public static final String ONE_TIME_AUTH_ROLE = "ROLE_ONE_TIME";

    private OneTimeTokenDetailsService oneTimeTokenDetailsService;

    public OneTimeTokenDetailsService getOneTimeTokenDetailsService()
    {
        return oneTimeTokenDetailsService;
    }

    public void setOneTimeTokenDetailsService(
        final OneTimeTokenDetailsService oneTimeTokenDetailsService)
    {
        this.oneTimeTokenDetailsService = oneTimeTokenDetailsService;
    }

    /**
     * @see org.springframework.security.providers.AuthenticationProvider#authenticate(org.springframework.security.Authentication)
     */
    @Override
    public Authentication authenticate(final Authentication authentication)
        throws AuthenticationException
    {
        if (!supports(authentication.getClass()))
        {
            return null;
        }

        boolean success = this.getOneTimeTokenDetailsService().checkToken(authentication);

        if (success)
        {
            AbiquoUserDetails userDetails = new AbiquoUserDetails();
            userDetails.setActive(false);
            // userDetails.setAuthType("ONE_TIME");

            OneTimeTokenToken auth =
                new OneTimeTokenToken(((OneTimeTokenToken) authentication).getToken(),
                    userDetails,
                    new GrantedAuthority[] {new GrantedAuthorityImpl(ONE_TIME_AUTH_ROLE)});

            userDetails.setAuthorities(auth.getAuthorities());
            auth.setDetails(userDetails);

            return auth;
        }
        throw new BadCredentialsException("Token invalied");
    }

    @Override
    public boolean supports(final Class authentication)
    {
        return OneTimeTokenToken.class.isAssignableFrom(authentication);
    }

    @Override
    public void afterPropertiesSet() throws Exception
    {
        Assert.notNull(this.oneTimeTokenDetailsService, "A userDetailsService must be set");
    }

}