Class IAMAuthenticationProvider
- java.lang.Object
-
- org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider
-
- com.im.df.security.mechanim.novartis.iam.IAMAuthenticationProvider
-
- All Implemented Interfaces:
org.springframework.beans.factory.Aware
,org.springframework.beans.factory.InitializingBean
,org.springframework.context.MessageSourceAware
,org.springframework.security.authentication.AuthenticationProvider
public class IAMAuthenticationProvider extends org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider
- Author:
- Masoud Kalali
-
-
Constructor Summary
Constructors Constructor Description IAMAuthenticationProvider(String iamAuthenticationServer, String iamValidationServer)
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description protected void
additionalAuthenticationChecks(org.springframework.security.core.userdetails.UserDetails ud, org.springframework.security.authentication.UsernamePasswordAuthenticationToken upat)
String
authenticate(boolean bUseCache)
Tries to authenticate the user with Single Sign-on (SSO) and returns an IAM Authentication Cookie, if successful.org.springframework.security.core.Authentication
authenticate(org.springframework.security.core.Authentication authentication)
protected String
createHash(String str)
Creates a SHA1 hash for the specified string and encodes it using Base64.protected String
getCookie(String strUsername, String strPassword)
Returns an authentication cookie, which has been stored before.protected URL
getIamAuthenticationUrl()
Retrieves and validates the IAM Authentication URL.protected URL
getIamCookieValidationUrl()
Retrieves and validates the IAM Authentication URL.String
getUserDetails(String iamAuthCookie)
Retrieves user details for the user who was authenticated with the passed in cookie.
The following format is returned.Map<String,String>
getUserDetailsFromXml(String xml)
Extracts user details from the the xml retrieved from the validation service.boolean
isUseCache()
protected boolean
isValidIamCookie(String cookie)
Determines, if the passed in cookie is a valid IAM Authentication Cookie with a concrete value.protected void
putCookie(String strUsername, String strPassword, String cookie)
Stores an authentication cookie for later usage.protected org.springframework.security.core.userdetails.UserDetails
retrieveUser(String username, org.springframework.security.authentication.UsernamePasswordAuthenticationToken upat)
void
setAuthoritiesPopulators(List<org.springframework.security.ldap.userdetails.LdapAuthoritiesPopulator> authoritiesPopulators)
void
setConnectionTimeout(int connectionTimeout)
void
setIamAuthenticationServer(String iamAuthenticationServer)
void
setIamCookieLifetime(long iamCookieLifetime)
void
setIamCookieLoggedOutValue(String iamCookieLoggedOutValue)
void
setIamTokenCookieName(String iamTokenCookieName)
void
setIamValidationServer(String iamValidationServer)
void
setReadTimeout(int readTimeout)
void
setUseCache(boolean useCache)
boolean
supports(Class<? extends Object> type)
-
Methods inherited from class org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider
afterPropertiesSet, createSuccessAuthentication, doAfterPropertiesSet, getPostAuthenticationChecks, getPreAuthenticationChecks, getUserCache, isForcePrincipalAsString, isHideUserNotFoundExceptions, setAuthoritiesMapper, setForcePrincipalAsString, setHideUserNotFoundExceptions, setMessageSource, setPostAuthenticationChecks, setPreAuthenticationChecks, setUserCache
-
-
-
-
Method Detail
-
authenticate
public org.springframework.security.core.Authentication authenticate(org.springframework.security.core.Authentication authentication) throws org.springframework.security.core.AuthenticationException
- Specified by:
authenticate
in interfaceorg.springframework.security.authentication.AuthenticationProvider
- Overrides:
authenticate
in classorg.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider
- Throws:
org.springframework.security.core.AuthenticationException
-
supports
public boolean supports(Class<? extends Object> type)
- Specified by:
supports
in interfaceorg.springframework.security.authentication.AuthenticationProvider
- Overrides:
supports
in classorg.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider
-
authenticate
public String authenticate(boolean bUseCache)
Tries to authenticate the user with Single Sign-on (SSO) and returns an IAM Authentication Cookie, if successful. If the parameter is true it will check, if a cached cookie exists for SSO and will use it, if found.- Parameters:
bUseCache
- Set to true to use a cached cookie, if found. Set to false to ignore caching.- Returns:
- IAM Authentication Cookie or null, if an error occurred.
-
getUserDetails
public String getUserDetails(String iamAuthCookie)
Retrieves user details for the user who was authenticated with the passed in cookie.
The following format is returned.
<?xml version="1.0" encoding="ISO-8859-1"?> <iam> <userid>SCHWAMA8</userid> <firstname>Manuel</firstname> <lastname>Schwarze</lastname> <displayname>Manuel Schwarze</displayname> <fullname>Schwarze, Manuel</fullname> <email>[email protected]</email> <location>Basel</location> <sitecode>chbs</sitecode> </iam>
- Parameters:
iamAuthCookie
- IAM Authentication Cookie. Can be null.- Returns:
- XML formatted string with information about the user behind the cookie or null, if cookie was null or an error occurred.
-
getUserDetailsFromXml
public Map<String,String> getUserDetailsFromXml(String xml)
Extracts user details from the the xml retrieved from the validation service.- Parameters:
xml
- XML with user details.- Returns:
- Mapping of user details (key, value pairs). Returns null, if extraction failed.
-
getIamAuthenticationUrl
protected URL getIamAuthenticationUrl() throws MalformedURLException
Retrieves and validates the IAM Authentication URL.- Returns:
- URL to perform IAM Authentication.
- Throws:
MalformedURLException
- Thrown, if the found URL is invalid.
-
getIamCookieValidationUrl
protected URL getIamCookieValidationUrl() throws MalformedURLException
Retrieves and validates the IAM Authentication URL.- Returns:
- URL to perform IAM Authentication.
- Throws:
MalformedURLException
- Thrown, if the found URL is invalid.
-
isValidIamCookie
protected boolean isValidIamCookie(String cookie)
Determines, if the passed in cookie is a valid IAM Authentication Cookie with a concrete value. This validity check does not include expiration checks, which is impossible as the cookie is encrypted.- Parameters:
cookie
- Potential IAM Authentication Cookie to check. Can be null.- Returns:
- True, if cookie is considered valid. False otherwise and if null is passed in.
-
putCookie
protected void putCookie(String strUsername, String strPassword, String cookie)
Stores an authentication cookie for later usage. Overwrites an existing cookie and recalculates the timeout using the existing system time and the configured IAM Cookie Lifetime.- Parameters:
strUsername
- User name used for authentication. Can be null to use default.strPassword
- Password used for authentication. Can be null to use default.cookie
- Associated cookie to save.
-
getCookie
protected String getCookie(String strUsername, String strPassword)
Returns an authentication cookie, which has been stored before. Returns null, if the cookie is not found or expired.- Parameters:
strUsername
- User name used for authentication. Can be null to use default.strPassword
- Password used for authentication. Can be null to use default.- Returns:
- Associated cookie or null, if not found.
-
createHash
protected String createHash(String str)
Creates a SHA1 hash for the specified string and encodes it using Base64.- Parameters:
str
- Input string to hash. Can be null.- Returns:
- Base64 encoded SHA1 hash for the passed in string or null, if null was passed in.
-
setConnectionTimeout
public void setConnectionTimeout(int connectionTimeout)
-
setIamAuthenticationServer
public void setIamAuthenticationServer(String iamAuthenticationServer)
-
setIamCookieLifetime
public void setIamCookieLifetime(long iamCookieLifetime)
-
setIamCookieLoggedOutValue
public void setIamCookieLoggedOutValue(String iamCookieLoggedOutValue)
-
setIamTokenCookieName
public void setIamTokenCookieName(String iamTokenCookieName)
-
setIamValidationServer
public void setIamValidationServer(String iamValidationServer)
-
setReadTimeout
public void setReadTimeout(int readTimeout)
-
isUseCache
public boolean isUseCache()
-
setUseCache
public void setUseCache(boolean useCache)
-
setAuthoritiesPopulators
public void setAuthoritiesPopulators(List<org.springframework.security.ldap.userdetails.LdapAuthoritiesPopulator> authoritiesPopulators)
-
additionalAuthenticationChecks
protected void additionalAuthenticationChecks(org.springframework.security.core.userdetails.UserDetails ud, org.springframework.security.authentication.UsernamePasswordAuthenticationToken upat) throws org.springframework.security.core.AuthenticationException
- Specified by:
additionalAuthenticationChecks
in classorg.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider
- Throws:
org.springframework.security.core.AuthenticationException
-
retrieveUser
protected org.springframework.security.core.userdetails.UserDetails retrieveUser(String username, org.springframework.security.authentication.UsernamePasswordAuthenticationToken upat) throws org.springframework.security.core.AuthenticationException
- Specified by:
retrieveUser
in classorg.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider
- Throws:
org.springframework.security.core.AuthenticationException
-
-