package it.geosolutions.geostore.services.security; import it.geosolutions.geostore.core.model.User; import it.geosolutions.geostore.services.rest.AdministratorGeoStoreClient; import java.util.ArrayList; import java.util.List; import org.springframework.security.authentication.AuthenticationProvider; import org.springframework.security.authentication.BadCredentialsException; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.core.Authentication; import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.authority.GrantedAuthorityImpl; import org.springframework.security.core.userdetails.UsernameNotFoundException; import com.sun.jersey.api.client.ClientHandlerException; /** * Wrap geostore Rest Services to allow Authentication using Geostore Users * @author Lorenzo Natali * */ public class GeoStoreAuthenticationProvider implements AuthenticationProvider { /** * The rest service */ String geoStoreRestURL; /** * a list of allowed Roles */ List<String> allowedRoles; /** * Message shown if the user logged haven't got an allowed role. * TODO: Localize it */ public static final String UNAUTHORIZED_MSG = "This user have not enougth permissions to access to the Admin GUI"; /** * Message shown if the user it's not found. * TODO: Localize it */ public static final String USER_NOT_FOUND_MSG = "User not found. Please check your credentials"; /** * Message shown if GeoStore it's unavailable. * TODO: Localize it */ public static final String GEOSTORE_UNAVAILABLE = "GeoStore it's not availabile. Please contact with the administrator"; @Override public boolean supports(Class<? extends Object> authentication) { return authentication.equals(UsernamePasswordAuthenticationToken.class); } @Override public Authentication authenticate(Authentication authentication) { String pw = (String) authentication.getCredentials(); String us = (String) authentication.getPrincipal(); // We use the credentials for all the session in the GeoStore client AdministratorGeoStoreClient geoStoreClient =new AdministratorGeoStoreClient(); geoStoreClient.setUsername(us); geoStoreClient.setPassword(pw); geoStoreClient.setGeostoreRestUrl(geoStoreRestURL); User user = null; try { user = geoStoreClient.getUserDetails(); } catch (ClientHandlerException che) { throw new UsernameNotFoundException(GEOSTORE_UNAVAILABLE); } catch (Exception e){ // user not found generic response. user = null; } if (user != null) { String role = user.getRole().toString(); if (!roleAllowed(role)){ throw new BadCredentialsException(UNAUTHORIZED_MSG); } // return null; List<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>(); authorities.add(new GrantedAuthorityImpl("ROLE_" + role)); Authentication a = new UsernamePasswordAuthenticationToken(us, pw, authorities); // a.setAuthenticated(true); return a; } else { throw new UsernameNotFoundException(USER_NOT_FOUND_MSG); } } private boolean roleAllowed(String role) { for (String allowed : allowedRoles) { if (allowed != null) { if (allowed.equals(role)) return true; } } return false; } // GETTERS AND SETTERS public List<String> getAllowedRoles() { return allowedRoles; } public void setAllowedRoles(List<String> roleFilter) { this.allowedRoles = roleFilter; } public String getGeoStoreRestURL() { return geoStoreRestURL; } public void setGeoStoreRestURL(String geoStoreRestURL) { this.geoStoreRestURL = geoStoreRestURL; } }