AuthenticationManager.java example

Explorer
cagrid2-master
package org.cagrid.gaards.authentication.service;

import gov.nih.nci.cagrid.authentication.bean.BasicAuthenticationCredential;
import gov.nih.nci.cagrid.common.FaultHelper;
import gov.nih.nci.cagrid.common.Utils;
import gov.nih.nci.cagrid.opensaml.SAMLAssertion;

import java.io.File;
import java.rmi.RemoteException;
import java.util.Set;

import javax.xml.namespace.QName;

import org.cagrid.gaards.authentication.BasicAuthentication;
import org.cagrid.gaards.authentication.Credential;
import org.cagrid.gaards.authentication.common.AuthenticationProfile;
import org.cagrid.gaards.authentication.common.InsufficientAttributeException;
import org.cagrid.gaards.authentication.common.InvalidCredentialException;
import org.cagrid.gaards.authentication.faults.AuthenticationProviderFault;
import org.cagrid.gaards.authentication.faults.CredentialNotSupportedFault;
import org.cagrid.gaards.authentication.faults.InsufficientAttributeFault;
import org.cagrid.gaards.authentication.faults.InvalidCredentialFault;
import org.cagrid.gaards.saml.encoding.SAMLUtils;
import org.springframework.core.io.AbstractResource;
import org.springframework.core.io.FileSystemResource;

public class AuthenticationManager {

	private AuthenticationProvider auth;

	public AuthenticationManager(File properties, File configuration)
			throws RemoteException {
		this(new FileSystemResource(
				properties), new FileSystemResource(configuration));
	}

	public AuthenticationManager(AbstractResource properties,
			AbstractResource configuration) throws RemoteException {
		try {
			BeanUtils utils = new BeanUtils(configuration, properties);
			this.auth = utils.getAuthenticationProvider();
			Set<QName> set = this.auth.getSupportedAuthenticationProfiles();
			if ((set == null) || (set.size() < 1)) {
				throw new Exception(
						"The authentication provider must support at least 1 valid authentication profile.");
			} else if (!AuthenticationProfile.isValid(set)) {
				throw new Exception(
						"The authentication provider supports an unknown authentication profile.");
			}
		} catch (Exception ex) {
			throw new RemoteException(
					"Error instantiating AuthenticationProvider: "
							+ ex.getMessage(), ex);
		}
	}

	public SAMLAssertion authenticate(Credential credential)
			throws RemoteException, AuthenticationProviderFault,
			CredentialNotSupportedFault, InsufficientAttributeFault,
			InvalidCredentialFault {
		if (!AuthenticationProfile.isSupported(this.auth
				.getSupportedAuthenticationProfiles(), credential)) {
			CredentialNotSupportedFault fault = new CredentialNotSupportedFault();
			fault
					.setFaultString("The credential provided is not accepted by this service.");
			throw fault;
		}

		try {
			return this.auth.authenticate(credential);
		} catch (InvalidCredentialException ex) {
			InvalidCredentialFault fault = new InvalidCredentialFault();
			fault.setFaultString(ex.getMessage());
			FaultHelper fh = new FaultHelper(fault);
			fh.addFaultCause(ex);
			fault = (InvalidCredentialFault) fh.getFault();
			throw fault;
		} catch (InsufficientAttributeException ex) {
			InsufficientAttributeFault fault = new InsufficientAttributeFault();
			fault.setFaultString(ex.getMessage());
			FaultHelper fh = new FaultHelper(fault);
			fh.addFaultCause(ex);
			fault = (InsufficientAttributeFault) fh.getFault();
			throw fault;
		} catch (Exception ex) {
			AuthenticationProviderFault fault = new AuthenticationProviderFault();
			fault.setFaultString(ex.getMessage());
			FaultHelper fh = new FaultHelper(fault);
			fh.addFaultCause(ex);
			fault = (AuthenticationProviderFault) fh.getFault();
			throw fault;
		}
	}

	public gov.nih.nci.cagrid.authentication.bean.SAMLAssertion authenticate(
			gov.nih.nci.cagrid.authentication.bean.Credential credential)
			throws RemoteException,
			gov.nih.nci.cagrid.authentication.stubs.types.InvalidCredentialFault,
			gov.nih.nci.cagrid.authentication.stubs.types.InsufficientAttributeFault,
			gov.nih.nci.cagrid.authentication.stubs.types.AuthenticationProviderFault {
		if (credential.getBasicAuthenticationCredential() != null) {
			if (credential.getCredentialExtension() != null) {
				gov.nih.nci.cagrid.authentication.stubs.types.InvalidCredentialFault fault = new gov.nih.nci.cagrid.authentication.stubs.types.InvalidCredentialFault();
				fault
						.setFaultString("The credential extension cannot be used to authenticate with the deprecated authenticate method, only a basic authentication credential is supported.");
				throw fault;
			} else {
				BasicAuthenticationCredential cred = credential
						.getBasicAuthenticationCredential();
				BasicAuthentication auth = new BasicAuthentication();
				auth.setUserId(cred.getUserId());
				auth.setPassword(cred.getPassword());
				try {
					SAMLAssertion saml = this.authenticate(auth);
					gov.nih.nci.cagrid.authentication.bean.SAMLAssertion assertion = new gov.nih.nci.cagrid.authentication.bean.SAMLAssertion();
					assertion.setXml(SAMLUtils.samlAssertionToString(saml));
					return assertion;
				} catch (org.cagrid.gaards.authentication.faults.InsufficientAttributeFault e) {
					gov.nih.nci.cagrid.authentication.stubs.types.InsufficientAttributeFault fault = new gov.nih.nci.cagrid.authentication.stubs.types.InsufficientAttributeFault();
					fault.setFaultString(e.getFaultString());
					FaultHelper fh = new FaultHelper(fault);
					fh.addFaultCause(e);
					fault = (gov.nih.nci.cagrid.authentication.stubs.types.InsufficientAttributeFault) fh
							.getFault();
					throw fault;
				} catch (org.cagrid.gaards.authentication.faults.InvalidCredentialFault e) {
					gov.nih.nci.cagrid.authentication.stubs.types.InvalidCredentialFault fault = new gov.nih.nci.cagrid.authentication.stubs.types.InvalidCredentialFault();
					fault.setFaultString(e.getFaultString());
					FaultHelper fh = new FaultHelper(fault);
					fh.addFaultCause(e);
					fault = (gov.nih.nci.cagrid.authentication.stubs.types.InvalidCredentialFault) fh
							.getFault();
					throw fault;
				} catch (Exception e) {
					gov.nih.nci.cagrid.authentication.stubs.types.AuthenticationProviderFault fault = new gov.nih.nci.cagrid.authentication.stubs.types.AuthenticationProviderFault();
					fault.setFaultString(Utils.getExceptionMessage(e));
					FaultHelper fh = new FaultHelper(fault);
					fh.addFaultCause(e);
					fault = (gov.nih.nci.cagrid.authentication.stubs.types.AuthenticationProviderFault) fh
							.getFault();
					throw fault;
				}
			}

		} else {
			gov.nih.nci.cagrid.authentication.stubs.types.InvalidCredentialFault fault = new gov.nih.nci.cagrid.authentication.stubs.types.InvalidCredentialFault();
			fault
					.setFaultString("No basic authentication credential was provided, a basic authentication credential is required to authenticate to this service using the deprecated authenticate method.");
			throw fault;
		}
	}

	public Set<QName> getSupportedAuthenticationProfiles() {
		return this.auth.getSupportedAuthenticationProfiles();
	}

}