AuthenticationProviderOperationCollector.java

/**
 * Copyright (c) 2009-2011 VMware, Inc. All Rights Reserved.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *         http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package com.springsource.insight.plugin.spring.security;

import java.security.Principal;

import org.springframework.security.core.Authentication;

import com.springsource.insight.intercept.operation.Operation;
import com.springsource.insight.intercept.trace.ObscuredValueMarker;

/**
 *
 */
public class AuthenticationProviderOperationCollector extends ObscuringOperationCollector {
    public AuthenticationProviderOperationCollector() {
        super();
    }

    public AuthenticationProviderOperationCollector(ObscuredValueMarker marker) {
        super(marker);
    }

    // fill in some data from the return value
    @Override
    protected void markSensitiveReturnValueAttributes(Operation op, Object returnValue) {
        if (returnValue != null) {  // OK to return null to indicate authentication failure
            Authentication auth = (Authentication) returnValue;
            markSensitiveValues(auth);
            op.put("authenticated", auth.isAuthenticated());
            updateGrantedAuthorities(op, auth.getAuthorities());
        } else {
            op.put("authenticated", false);
        }
    }

    void markSensitiveValues(Authentication auth) {
        markSensitiveValues(obscuredMarker, auth);
    }

    static void markSensitiveValues(ObscuredValueMarker marker, Authentication auth) {
        // can happen if AuthenticationProvider#authenticate returns null to indicate a failure 
        if (auth == null) {
            return;
        }

        markSensitivePrincipalValues(marker, auth);

        Object principal = auth.getPrincipal();
        if (principal instanceof Principal) {
            markSensitivePrincipalValues(marker, (Principal) principal);
        } else {
            marker.markObscured(principal);
        }
        marker.markObscured(auth.getCredentials());
    }

    static void markSensitivePrincipalValues(ObscuredValueMarker marker, Principal principal) {
        if (principal == null) {
            return;
        }

        marker.markObscured(principal);
        marker.markObscured(principal.getName());
    }
}