Package com.im.df.security.mechanim.novartis.iam

Class IAMAuthenticationProvider

  • All Implemented Interfaces:
    org.springframework.beans.factory.Aware, org.springframework.beans.factory.InitializingBean, org.springframework.context.MessageSourceAware, org.springframework.security.authentication.AuthenticationProvider
    public class IAMAuthenticationProvider
extends org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider
    Author:
    Masoud Kalali

    • Field Summary

      • Fields inherited from class org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider

        hideUserNotFoundExceptions, logger, messages

    • Constructor Detail

      • IAMAuthenticationProvider

        public IAMAuthenticationProvider​(String iamAuthenticationServer,
                                 String iamValidationServer)

    • Method Detail

      • authenticate

        public org.springframework.security.core.Authentication authenticate​(org.springframework.security.core.Authentication authentication)
                                                              throws org.springframework.security.core.AuthenticationException
        Specified by:
        authenticate in interface org.springframework.security.authentication.AuthenticationProvider
        Overrides:
        authenticate in class org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider
        Throws:
        org.springframework.security.core.AuthenticationException

      • supports

        public boolean supports​(Class<? extends Object> type)
        Specified by:
        supports in interface org.springframework.security.authentication.AuthenticationProvider
        Overrides:
        supports in class org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider

      • authenticate

        public String authenticate​(boolean bUseCache)
        Tries to authenticate the user with Single Sign-on (SSO) and returns an IAM Authentication Cookie, if successful. If the parameter is true it will check, if a cached cookie exists for SSO and will use it, if found.
        Parameters:
        bUseCache - Set to true to use a cached cookie, if found. Set to false to ignore caching.
        Returns:
        IAM Authentication Cookie or null, if an error occurred.

      • getUserDetails

        public String getUserDetails​(String iamAuthCookie)
        Retrieves user details for the user who was authenticated with the passed in cookie.
        The following format is returned.
        
 <?xml version="1.0" encoding="ISO-8859-1"?>
 <iam>
   <userid>SCHWAMA8</userid>
   <firstname>Manuel</firstname>
   <lastname>Schwarze</lastname>
   <displayname>Manuel Schwarze</displayname>
   <fullname>Schwarze, Manuel</fullname>
   <email>[email protected]</email>
   <location>Basel</location>
   <sitecode>chbs</sitecode>
 </iam>
        Parameters:
        iamAuthCookie - IAM Authentication Cookie. Can be null.
        Returns:
        XML formatted string with information about the user behind the cookie or null, if cookie was null or an error occurred.

      • getUserDetailsFromXml

        public Map<String,​String> getUserDetailsFromXml​(String xml)
        Extracts user details from the the xml retrieved from the validation service.
        Parameters:
        xml - XML with user details.
        Returns:
        Mapping of user details (key, value pairs). Returns null, if extraction failed.

      • getIamAuthenticationUrl

        protected URL getIamAuthenticationUrl()
                               throws MalformedURLException
        Retrieves and validates the IAM Authentication URL.
        Returns:
        URL to perform IAM Authentication.
        Throws:
        MalformedURLException - Thrown, if the found URL is invalid.

      • getIamCookieValidationUrl

        protected URL getIamCookieValidationUrl()
                                 throws MalformedURLException
        Retrieves and validates the IAM Authentication URL.
        Returns:
        URL to perform IAM Authentication.
        Throws:
        MalformedURLException - Thrown, if the found URL is invalid.

      • isValidIamCookie

        protected boolean isValidIamCookie​(String cookie)
        Determines, if the passed in cookie is a valid IAM Authentication Cookie with a concrete value. This validity check does not include expiration checks, which is impossible as the cookie is encrypted.
        Parameters:
        cookie - Potential IAM Authentication Cookie to check. Can be null.
        Returns:
        True, if cookie is considered valid. False otherwise and if null is passed in.

      • putCookie

        protected void putCookie​(String strUsername,
                         String strPassword,
                         String cookie)
        Stores an authentication cookie for later usage. Overwrites an existing cookie and recalculates the timeout using the existing system time and the configured IAM Cookie Lifetime.
        Parameters:
        strUsername - User name used for authentication. Can be null to use default.
        strPassword - Password used for authentication. Can be null to use default.
        cookie - Associated cookie to save.

      • getCookie

        protected String getCookie​(String strUsername,
                           String strPassword)
        Returns an authentication cookie, which has been stored before. Returns null, if the cookie is not found or expired.
        Parameters:
        strUsername - User name used for authentication. Can be null to use default.
        strPassword - Password used for authentication. Can be null to use default.
        Returns:
        Associated cookie or null, if not found.

      • createHash

        protected String createHash​(String str)
        Creates a SHA1 hash for the specified string and encodes it using Base64.
        Parameters:
        str - Input string to hash. Can be null.
        Returns:
        Base64 encoded SHA1 hash for the passed in string or null, if null was passed in.

      • setConnectionTimeout

        public void setConnectionTimeout​(int connectionTimeout)

      • setIamAuthenticationServer

        public void setIamAuthenticationServer​(String iamAuthenticationServer)

      • setIamCookieLifetime

        public void setIamCookieLifetime​(long iamCookieLifetime)

      • setIamCookieLoggedOutValue

        public void setIamCookieLoggedOutValue​(String iamCookieLoggedOutValue)

      • setIamTokenCookieName

        public void setIamTokenCookieName​(String iamTokenCookieName)

      • setIamValidationServer

        public void setIamValidationServer​(String iamValidationServer)

      • setReadTimeout

        public void setReadTimeout​(int readTimeout)

      • isUseCache

        public boolean isUseCache()

      • setUseCache

        public void setUseCache​(boolean useCache)

      • setAuthoritiesPopulators

        public void setAuthoritiesPopulators​(List<org.springframework.security.ldap.userdetails.LdapAuthoritiesPopulator> authoritiesPopulators)

      • additionalAuthenticationChecks

        protected void additionalAuthenticationChecks​(org.springframework.security.core.userdetails.UserDetails ud,
                                              org.springframework.security.authentication.UsernamePasswordAuthenticationToken upat)
                                       throws org.springframework.security.core.AuthenticationException
        Specified by:
        additionalAuthenticationChecks in class org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider
        Throws:
        org.springframework.security.core.AuthenticationException

      • retrieveUser

        protected org.springframework.security.core.userdetails.UserDetails retrieveUser​(String username,
                                                                                 org.springframework.security.authentication.UsernamePasswordAuthenticationToken upat)
                                                                          throws org.springframework.security.core.AuthenticationException
        Specified by:
        retrieveUser in class org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider
        Throws:
        org.springframework.security.core.AuthenticationException