/* ====================================================================
*
* Copyright (C) 2015 GeoSolutions S.A.S.
* http://www.geo-solutions.it
*
* GPLv3 + Classpath exception
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program.
*
* ====================================================================
*
* This software consists of voluntary contributions made by developers
* of GeoSolutions. For more information on GeoSolutions, please see
* <http://www.geo-solutions.it/>.
*
*/
package it.geosolutions.geostore.services.rest.security;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import org.springframework.security.core.context.SecurityContextHolder;
/**
* Authentication filter for preauthentication through
* request headers.
*
* An header for username and one for credentials/password (optional)
* are supported.
*
* Automatic new user creation is supported, and in the case of user creation,
* attributes mapping from headers is supported through a userMapper of type
* MapExpressionUserMapper.
*
* @author Mauro Bartolomeoli
*
*/
public class GeoStoreRequestHeadersAuthenticationFilter extends GeoStoreAuthenticationFilter {
private String userNameHeader;
private String credentialsHeader;
public void setUserNameHeader(String userNameHeader) {
this.userNameHeader = userNameHeader;
}
public void setCredentialsHeader(String credentialsHeader) {
this.credentialsHeader = credentialsHeader;
}
@Override
protected void authenticate(HttpServletRequest req) {
String userName = req.getHeader(userNameHeader);
if(userName != null) {
String credentials = null;
if(credentialsHeader != null) {
credentials = req.getHeader(credentialsHeader);
if(credentials.trim().isEmpty()) {
credentials = null;
}
}
// create auth object with given user / credentials / attributes
SecurityContextHolder.getContext().setAuthentication(
createAuthenticationForUser(userName, credentials, getHeadersMap(req))
);
}
}
/**
* Transform headers into a map.
*
* @param req
* @return
*/
private Object getHeadersMap(HttpServletRequest req) {
Map<String, String> headers = new HashMap<String, String>();
Enumeration headerNames = req.getHeaderNames();
while(headerNames.hasMoreElements()) {
String headerName = headerNames.nextElement().toString();
headers.put(cleanHeaderName(headerName), req.getHeader(headerName));
}
return headers;
}
private String cleanHeaderName(String headerName) {
// create a good SpEL identifier
return headerName.replaceAll("[^a-zA-Z0-9_$]", "_");
}
}