AbstractSecurityTokenAuthenticator.java

package org.atricore.idbus.capabilities.sts.main;

import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.atricore.idbus.kernel.main.authn.Authenticator;
import org.atricore.idbus.kernel.main.authn.Constants;
import org.atricore.idbus.kernel.main.authn.Credential;
import org.atricore.idbus.kernel.main.authn.exceptions.AuthenticationFailureException;
import org.atricore.idbus.kernel.main.authn.exceptions.SSOAuthenticationException;

import javax.security.auth.Subject;

/**
 * This abstract class works as an adapter between IDBUS Authenticator (WS-Trust) and old plain JOSSO Authenticator components.
 *
 * Subclasses need to be able to transform a WS-Trust security token into a set of credentials.
 *
 *
 * @author <a href=mailto:sgonzalez@atricore.org>Sebastian Gonzalez Oyuela</a>
 */
public abstract class AbstractSecurityTokenAuthenticator implements SecurityTokenAuthenticator, Constants {

    private static Log logger = LogFactory.getLog(AbstractSecurityTokenAuthenticator.class);

    private String id;

    private Authenticator auth;

    // This is actually the scheme type, like basic-authentication, etc.
    private String scheme;

    public String getId() {
        return id;
    }

    public void setId(String id) {
        this.id = id;
    }

    public String getScheme() {
        return scheme;
    }

    public void setScheme(String scheme) {
        this.scheme = scheme;
    }

    public Authenticator getAuthenticator() {
        return auth;
    }

    public void setAuthenticator(Authenticator auth) {
        this.auth = auth;
    }


    public Subject authenticate(Object requestToken) throws SecurityTokenEmissionException {
        Credential[] credentials = null;

        try {

            // Authenticate
            if (logger.isDebugEnabled())
                logger.debug("Authenticating " + requestToken.getClass().getSimpleName() + " using '" + getScheme() + "'");

            credentials = getCredentials(requestToken);
            if (logger.isTraceEnabled())
                logger.trace("Got " + (credentials != null ? credentials.length + "" : "<null>") + " credentials");

            // Adapt authentication, use existing components
            return getAuthenticator().check(credentials, getScheme());


        } catch (AuthenticationFailureException e) {


            throw new SecurityTokenAuthenticationFailure(getScheme(), e.getSSOPolicies(), e);

        } catch (SSOAuthenticationException e) {
            throw new SecurityTokenEmissionException(e);
        }

    }

    protected abstract Credential[] getCredentials(Object requestToken) throws SSOAuthenticationException;

}