GemFireAuthenticationProvider.java example

Explorer
geode-master
/*
 * Licensed to the Apache Software Foundation (ASF) under one or more contributor license
 * agreements. See the NOTICE file distributed with this work for additional information regarding
 * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the
 * "License"); you may not use this file except in compliance with the License. You may obtain a
 * copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software distributed under the License
 * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
 * or implied. See the License for the specific language governing permissions and limitations under
 * the License.
 */
package org.apache.geode.tools.pulse.internal.security;

import java.util.Collection;
import javax.management.remote.JMXConnector;

import org.apache.geode.tools.pulse.internal.data.Repository;
import org.apache.geode.tools.pulse.internal.log.PulseLogWriter;

import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.GrantedAuthority;

/**
 * Spring security AuthenticationProvider for GemFire. It connects to gemfire manager using given
 * credentials. Successful connect is treated as successful authentication and web user is
 * authenticated
 * 
 * @since GemFire version 9.0
 */
public class GemFireAuthenticationProvider implements AuthenticationProvider {

  private final static PulseLogWriter LOGGER = PulseLogWriter.getLogger();

  public GemFireAuthenticationProvider() {}

  @Override
  public Authentication authenticate(Authentication authentication) throws AuthenticationException {

    if (authentication instanceof GemFireAuthentication) {
      GemFireAuthentication gemAuth = (GemFireAuthentication) authentication;
      LOGGER.fine("GemAuthentication is connected? = " + gemAuth.getJmxc());
      if (gemAuth.getJmxc() != null && gemAuth.isAuthenticated())
        return gemAuth;
    }

    String name = authentication.getName();
    String password = authentication.getCredentials().toString();

    try {
      LOGGER.fine("Connecting to GemFire with user=" + name);
      JMXConnector jmxc = Repository.get().getCluster(name, password).connectToGemFire();
      if (jmxc != null) {
        Collection<GrantedAuthority> list = GemFireAuthentication.populateAuthorities(jmxc);
        GemFireAuthentication auth = new GemFireAuthentication(authentication.getPrincipal(),
            authentication.getCredentials(), list, jmxc);
        LOGGER.fine("For user " + name + " authList=" + list);
        return auth;
      } else {
        throw new AuthenticationServiceException("JMX Connection unavailable");
      }
    } catch (Exception e) {
      throw new BadCredentialsException("Error connecting to GemFire JMX Server", e);
    }
  }

  @Override
  public boolean supports(Class<?> authentication) {
    return authentication.equals(UsernamePasswordAuthenticationToken.class);
  }

}