ShiroBasicAuthInterceptor.java example

Explorer

forgestore-master
- src
  - main
    - java
      - eu
        forgestore
        ws
        impl
        FStoreJpaController.java
        model
        Category.java
        Course.java
        FIREAdapter.java
        FStoreProperty.java
        FStoreUser.java
        IFStoreRepositoryAPI.java
        Product.java
        ProductExtensionItem.java
        UserSession.java
        Widget.java
        repo
        FStoreRepository.java
        FStoreRepositoryAPIImpl.java
        util
        AjaxUserFilter.java
        EmailUtil.java
        EncryptionUtil.java
        HeadersOutInterceptor.java
        ShiroBasicAuthInterceptor.java
        ShiroUTAuthorizingRealm.java
        ShiroUTValidator.java
        Utils.java
  - test
    - java
      - eu
        forgestore
        ws
        FStoreRepoTest.java
        FStoreRepositoryIT.java

/**
 * Copyright 2014 forgestore.eu, University of Patras 
 * 
 * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
 * the License.
 * You may obtain a copy of the License at:
 * 
 * http://www.apache.org/licenses/LICENSE-2.0
 * 
 * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
 * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * 
 * See the License for the specific language governing permissions and limitations under the License.
 */

package eu.forgestore.ws.util;

import java.security.Principal;
import java.util.UUID;
import java.util.logging.Logger;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;

import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.cxf.common.security.SimplePrincipal;
import org.apache.cxf.common.security.UsernameToken;
import org.apache.cxf.configuration.security.AuthorizationPolicy;
import org.apache.cxf.helpers.DOMUtils;
import org.apache.cxf.interceptor.Fault;
import org.apache.cxf.message.Message;
import org.apache.cxf.phase.AbstractPhaseInterceptor;
import org.apache.cxf.phase.Phase;
import org.apache.cxf.security.SecurityContext;
import org.apache.cxf.transport.http.AbstractHTTPDestination;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.mgt.SessionsSecurityManager;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.web.servlet.SimpleCookie;

public class ShiroBasicAuthInterceptor extends AbstractPhaseInterceptor<Message> {
	private static final transient Log logger = LogFactory.getLog(ShiroBasicAuthInterceptor.class.getName());

	private ShiroUTValidator validator;

	public ShiroBasicAuthInterceptor() {
		this(Phase.UNMARSHAL);
	}

	public ShiroBasicAuthInterceptor(String phase) {
		super(phase);
	}

	public void handleMessage(Message message) throws Fault {

		Subject currentUser = SecurityUtils.getSubject();
		if (currentUser != null) {
			logger.info("handleMessage currentUser = " + currentUser.toString());
			logger.info("currentUser.getPrincipal() = " + currentUser.getPrincipal());
			logger.info("SecurityUtils.getSubject().getSession() = " + currentUser.getSession().getId() );
			logger.info("currentUser.getSession().getAttribute(  aKey ) = " + currentUser.getSession().getAttribute("aKey") );
			logger.info("message.getId() = " + message.getId() );
			
			
			
			// Here We are getting session from Message
		    HttpServletRequest request = (HttpServletRequest)message.get(AbstractHTTPDestination.HTTP_REQUEST);
		    HttpSession  session = request.getSession();
		   
			logger.info("HttpSession session.getId() = " + session.getId() );
			
			if (currentUser.getPrincipal() != null) {
				logger.info("User [" + currentUser.getPrincipal() + "] IS ALREADY logged in successfully. =========================");

				if (currentUser.isAuthenticated()) {
					logger.info("User [" + currentUser.getPrincipal() + "] IS isAuthenticated and logged in successfully. =========================");
					return;
				}

				if (currentUser.isRemembered()) {
					logger.info("User [" + currentUser.getPrincipal() + "] IS REMEMBERED and logged in successfully. =========================");
					return;
				}
			}
		}
		
		AuthorizationPolicy policy = message.get(AuthorizationPolicy.class);
		if (policy == null || policy.getUserName() == null || policy.getPassword() == null) {
			String name = null;
			if (policy != null) {
				name = policy.getUserName();
			}
			String error = "No user credentials are available";
			logger.warn(error + " " + "for name: " + name);
			throw new SecurityException(error);
		}

		try {

			UsernameToken token = convertPolicyToToken(policy);


			String s = validator.validate(token);
			//
			// Create a Principal/SecurityContext
			//bale principal apo to validator
//			Principal p = null;
//			if (s!=null) {
//				p = new SimplePrincipal( s );
//			}
//
//			message.put(SecurityContext.class, createSecurityContext(p));
			currentUser.getSession().setAttribute("aKey", UUID.randomUUID().toString());
			
		} catch (Exception ex) {
			throw new Fault(ex);
		}
	}

	protected UsernameToken convertPolicyToToken(AuthorizationPolicy policy) throws Exception {

		UsernameToken token = new UsernameToken(policy.getUserName(), policy.getPassword(), policy.getAuthorizationType(), false, "", "");

		return token;
	}

	protected SecurityContext createSecurityContext(final Principal p) {
		return new SecurityContext() {

			public Principal getUserPrincipal() {
				return p;
			}

			public boolean isUserInRole(String arg0) {
				return false;
			}
		};
	}

	public ShiroUTValidator getValidator() {
		return validator;
	}

	public void setValidator(ShiroUTValidator validator) {
		this.validator = validator;
	}

}