AcegiUsernamePasswordCallbackHandler xref

View Javadoc

1   /*
2    * Copyright 2008 the original author or authors.
3    *
4    * Licensed under the Apache License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    *      http://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   */
16  
17  package org.springframework.ws.soap.security.xwss.callback.acegi;
18  
19  import java.io.IOException;
20  import javax.security.auth.callback.Callback;
21  import javax.security.auth.callback.UnsupportedCallbackException;
22  
23  import com.sun.xml.wss.impl.callback.PasswordCallback;
24  import com.sun.xml.wss.impl.callback.UsernameCallback;
25  import org.acegisecurity.Authentication;
26  import org.acegisecurity.context.SecurityContext;
27  import org.acegisecurity.context.SecurityContextHolder;
28  
29  import org.springframework.ws.soap.security.callback.AbstractCallbackHandler;
30  
31  /**
32   * Callback handler that adds username/password information to a mesage using an Acegi {@link SecurityContext}.
33   * <p/>
34   * This class handles <code>UsernameCallback</code>s and <code>PasswordCallback</code>s, and throws an
35   * <code>UnsupportedCallbackException</code> for others
36   *
37   * @author Arjen Poutsma
38   * @since 1.5.0
39   */
40  public class AcegiUsernamePasswordCallbackHandler extends AbstractCallbackHandler {
41  
42      protected void handleInternal(Callback callback) throws IOException, UnsupportedCallbackException {
43          if (callback instanceof UsernameCallback) {
44              Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
45              if (authentication != null && authentication.getName() != null) {
46                  UsernameCallback usernameCallback = (UsernameCallback) callback;
47                  usernameCallback.setUsername(authentication.getName());
48                  return;
49              }
50              else {
51                  logger.warn("Cannot handle UsernameCallback: Acegi SecurityContext contains no Authentication");
52              }
53          }
54          else if (callback instanceof PasswordCallback) {
55              Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
56              if (authentication != null && authentication.getName() != null) {
57                  PasswordCallback passwordCallback = (PasswordCallback) callback;
58                  passwordCallback.setPassword(authentication.getCredentials().toString());
59                  return;
60              }
61              else {
62                  logger.warn("Canot handle PasswordCallback: Acegi SecurityContext contains no Authentication");
63              }
64          }
65          throw new UnsupportedCallbackException(callback);
66      }
67  }