package org.jboss.seam.security.management;
import java.util.Collection;
import javax.enterprise.inject.Model;
import javax.inject.Inject;
import org.jboss.solder.logging.Logger;
import org.jboss.seam.security.Authenticator;
import org.jboss.seam.security.BaseAuthenticator;
import org.jboss.seam.security.Credentials;
import org.jboss.seam.security.Identity;
import org.picketlink.idm.api.Credential;
import org.picketlink.idm.api.Group;
import org.picketlink.idm.api.IdentitySession;
import org.picketlink.idm.api.Role;
import org.picketlink.idm.api.RoleType;
import org.picketlink.idm.api.User;
import org.picketlink.idm.common.exception.FeatureNotSupportedException;
import org.picketlink.idm.common.exception.IdentityException;
import org.picketlink.idm.impl.api.model.SimpleUser;
/**
* Authenticates using Identity Management
*
* @author Shane Bryzak
*/
public
@Model
class IdmAuthenticator extends BaseAuthenticator implements Authenticator {
private static final Logger log = Logger.getLogger(IdmAuthenticator.class);
@Inject
IdentitySession identitySession;
@Inject
Credentials credentials;
@Inject
Identity identity;
public void authenticate() {
if (identitySession != null) {
User u = new SimpleUser(credentials.getUsername());
try {
boolean success = identitySession.getAttributesManager().validateCredentials(
u, new Credential[]{credentials.getCredential()});
if (success) {
Collection<RoleType> roleTypes = identitySession.getRoleManager()
.findUserRoleTypes(u);
for (RoleType roleType : roleTypes) {
for (Role role : identitySession.getRoleManager().findRoles(u, roleType)) {
identity.addRole(role.getRoleType().getName(),
role.getGroup().getName(), role.getGroup().getGroupType());
}
}
for (Group g : identitySession.getRelationshipManager().findAssociatedGroups(u)) {
identity.addGroup(g.getName(), g.getGroupType());
}
setUser(u);
setStatus(AuthenticationStatus.SUCCESS);
return;
} else {
log.info("Authentication failed for user '" + credentials.getUsername() + "'");
}
} catch (IdentityException ex) {
log.error("Authentication error", ex);
} catch (FeatureNotSupportedException ex) {
log.error("Authentication error", ex);
}
}
setStatus(AuthenticationStatus.FAILURE);
}
}