GeoStoreAuthenticationProvider.java

package it.geosolutions.geostore.services.security;

import it.geosolutions.geostore.core.model.User;
import it.geosolutions.geostore.services.rest.AdministratorGeoStoreClient;

import java.util.ArrayList;
import java.util.List;

import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.GrantedAuthorityImpl;
import org.springframework.security.core.userdetails.UsernameNotFoundException;

import com.sun.jersey.api.client.ClientHandlerException;
/**
 * Wrap geostore Rest Services to allow Authentication using Geostore Users
 * @author Lorenzo Natali
 *
 */
public class GeoStoreAuthenticationProvider implements AuthenticationProvider {

	/**
	 * The rest service 
	 */
	String geoStoreRestURL;
	
	/**
	 * a list of allowed Roles
	 */
	List<String> allowedRoles;
	
	
        
	
	/**
	 * Message shown if the user logged haven't got an allowed role.
	 * TODO: Localize it
	 */
        public static final String UNAUTHORIZED_MSG = "This user have not enougth permissions to access to the Admin GUI";
        
        /**
         * Message shown if the user it's not found.
         * TODO: Localize it
         */
        public static final String USER_NOT_FOUND_MSG = "User not found. Please check your credentials";
        
        /**
         * Message shown if GeoStore it's unavailable.
         * TODO: Localize it
         */
        public static final String GEOSTORE_UNAVAILABLE = "GeoStore it's not availabile. Please contact with the administrator";

	@Override
	public boolean supports(Class<? extends Object> authentication) {
		return authentication.equals(UsernamePasswordAuthenticationToken.class);
	}

	@Override
	public Authentication authenticate(Authentication authentication) {
		String pw = (String) authentication.getCredentials();
		String us = (String) authentication.getPrincipal();
		// We use the credentials for all the session in the GeoStore client

		AdministratorGeoStoreClient geoStoreClient =new AdministratorGeoStoreClient();
		geoStoreClient.setUsername(us);
		geoStoreClient.setPassword(pw);
		geoStoreClient.setGeostoreRestUrl(geoStoreRestURL);

		User user = null;
		try {
			user = geoStoreClient.getUserDetails();
		} catch (ClientHandlerException che) {
		    throw new UsernameNotFoundException(GEOSTORE_UNAVAILABLE);
                } catch (Exception e){
                    // user not found generic response.
                    user = null;
                }
		
		if (user != null) {
			String role = user.getRole().toString();
			if (!roleAllowed(role)){
			    throw new BadCredentialsException(UNAUTHORIZED_MSG);
			}
//				return null;
			List<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>();
			authorities.add(new GrantedAuthorityImpl("ROLE_" + role));
			Authentication a = new UsernamePasswordAuthenticationToken(us, pw,
					authorities);
			// a.setAuthenticated(true);
			return a;
		} else {
                    throw new UsernameNotFoundException(USER_NOT_FOUND_MSG);
		}

	}

	private boolean roleAllowed(String role) {
		for (String allowed : allowedRoles) {
			if (allowed != null) {
				if (allowed.equals(role))
					return true;
			}
		}
		return false;
	}

	// GETTERS AND SETTERS
	public List<String> getAllowedRoles() {
		return allowedRoles;
	}

	public void setAllowedRoles(List<String> roleFilter) {
		this.allowedRoles = roleFilter;
	}

	public String getGeoStoreRestURL() {
		return geoStoreRestURL;
	}

	public void setGeoStoreRestURL(String geoStoreRestURL) {
		this.geoStoreRestURL = geoStoreRestURL;
	}

}