AutologinAuthenticationManager.java example

Explorer
uaa-master
/*******************************************************************************
 *     Cloud Foundry
 *     Copyright (c) [2009-2016] Pivotal Software, Inc. All Rights Reserved.
 *
 *     This product is licensed to you under the Apache License, Version 2.0 (the "License").
 *     You may not use this product except in compliance with the License.
 *
 *     This product includes a number of subcomponents with
 *     separate copyright notices and license terms. Your use of these
 *     subcomponents is subject to the terms and conditions of the
 *     subcomponent's license, as noted in the LICENSE file.
 *******************************************************************************/

package org.cloudfoundry.identity.uaa.authentication.manager;

import com.fasterxml.jackson.core.type.TypeReference;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.cloudfoundry.identity.uaa.authentication.AuthzAuthenticationRequest;
import org.cloudfoundry.identity.uaa.authentication.InvalidCodeException;
import org.cloudfoundry.identity.uaa.authentication.UaaAuthentication;
import org.cloudfoundry.identity.uaa.authentication.UaaAuthenticationDetails;
import org.cloudfoundry.identity.uaa.authentication.UaaPrincipal;
import org.cloudfoundry.identity.uaa.codestore.ExpiringCode;
import org.cloudfoundry.identity.uaa.codestore.ExpiringCodeStore;
import org.cloudfoundry.identity.uaa.codestore.ExpiringCodeType;
import org.cloudfoundry.identity.uaa.user.UaaAuthority;
import org.cloudfoundry.identity.uaa.user.UaaUser;
import org.cloudfoundry.identity.uaa.user.UaaUserDatabase;
import org.cloudfoundry.identity.uaa.util.JsonUtils;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.oauth2.common.util.OAuth2Utils;
import org.springframework.security.oauth2.provider.ClientDetailsService;
import org.springframework.security.oauth2.provider.NoSuchClientException;

import java.util.Map;

/**
 * @author Dave Syer
 *
 */
public class AutologinAuthenticationManager implements AuthenticationManager {

    private Log logger = LogFactory.getLog(getClass());

    private ExpiringCodeStore codeStore;
    private ClientDetailsService clientDetailsService;
    private UaaUserDatabase userDatabase;

    public void setExpiringCodeStore(ExpiringCodeStore expiringCodeStore) {
        this.codeStore= expiringCodeStore;
    }

    public void setClientDetailsService(ClientDetailsService clientDetailsService) {
        this.clientDetailsService = clientDetailsService;
    }

    public void setUserDatabase(UaaUserDatabase userDatabase) {
        this.userDatabase = userDatabase;
    }

    public ExpiringCode doRetrieveCode(String code) {
        return codeStore.retrieveCode(code);
    }



    @Override
    public Authentication authenticate(Authentication authentication) throws AuthenticationException {

        if (!(authentication instanceof AuthzAuthenticationRequest)) {
            return null;
        }

        AuthzAuthenticationRequest request = (AuthzAuthenticationRequest) authentication;
        Map<String, String> info = request.getInfo();
        String code = info.get("code");

        ExpiringCode expiringCode = doRetrieveCode(code);
        Map<String,String> codeData = null;
        try {
            if (expiringCode == null) {
                logger.debug("Autologin code has expired");
                throw new InvalidCodeException("expired_code", "Expired code", 422);
            }
            codeData = JsonUtils.readValue(expiringCode.getData(), new TypeReference<Map<String,String>>() {});
            if(!isAutologinCode(expiringCode.getIntent(), codeData.get("action"))) {
                logger.debug("Code is not meant for autologin");
                throw new InvalidCodeException("invalid_code", "Not an autologin code", 422);
            }
        } catch (JsonUtils.JsonUtilException x) {
            throw new BadCredentialsException("JsonConversion error", x);
        }

        String userId = codeData.get("user_id");
        String clientId = codeData.get(OAuth2Utils.CLIENT_ID);

        if (clientId == null) {
            throw new BadCredentialsException("Cannot redeem provided code for user, client id missing");
        }

        try {
            clientDetailsService.loadClientByClientId(clientId);
        } catch (NoSuchClientException x) {
            throw new BadCredentialsException("Cannot redeem provided code for user, client is missing");
        }

        UaaUser user = null;

        try {
            user = userDatabase.retrieveUserById(userId);
        } catch (UsernameNotFoundException e) {
            throw new BadCredentialsException("Cannot redeem provided code for user, user is missing");
        }

        UaaAuthenticationDetails details = (UaaAuthenticationDetails) authentication.getDetails();
        if (!clientId.equals(details.getClientId())) {
            throw new BadCredentialsException("Cannot redeem provided code for user, client mismatch");
        }

        UaaPrincipal principal = new UaaPrincipal(user);

        return new UaaAuthentication(
                principal,
                UaaAuthority.USER_AUTHORITIES,
                (UaaAuthenticationDetails) authentication.getDetails());
    }

    private boolean isAutologinCode(String intent, String action) {
        return (intent != null && intent.equals(ExpiringCodeType.AUTOLOGIN.name())) || (action != null && action.equals(ExpiringCodeType.AUTOLOGIN.name()));
    }
}