View Javadoc

1   /*
2    * EL4J, the Extension Library for the J2EE, adds incremental enhancements to
3    * the spring framework, http://el4j.sf.net
4    * Copyright (C) 2005 by ELCA Informatique SA, Av. de la Harpe 22-24,
5    * 1000 Lausanne, Switzerland, http://www.elca.ch
6    *
7    * EL4J is published under the GNU Lesser General Public License (LGPL)
8    * Version 2.1. See http://www.gnu.org/licenses/
9    *
10   * This program is distributed in the hope that it will be useful,
11   * but WITHOUT ANY WARRANTY; without even the implied warranty of
12   * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13   * GNU Lesser General Public License for more details.
14   *
15   * For alternative licensing, please contact info@elca.ch
16   */
17  package ch.elca.el4j.services.security.authentication;
18  
19  import org.slf4j.Logger;
20  import org.slf4j.LoggerFactory;
21  import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
22  import org.springframework.security.core.Authentication;
23  import org.springframework.security.core.context.SecurityContextHolder;
24  
25  import ch.elca.el4j.services.security.encryption.AESCipher;
26  
27  /**
28   * This ContextPasser en/decrypts credentials using an AES-128 cipher such that no plain text passwords
29   * are sent over the network.
30   *
31   * @svnLink $Revision: 4091 $;$Date: 2010-01-15 12:21:07 +0100 (Fr, 15. Jan 2010) $;$Author: jonasha $;$URL: https://el4j.svn.sourceforge.net/svnroot/el4j/branches/el4j_3_1/el4j/framework/modules/security/src/main/java/ch/elca/el4j/services/security/authentication/SecureUsernamePasswordAuthenticationServiceContextPasser.java $
32   *
33   * @author Stefan Wismer (SWI)
34   */
35  public class SecureUsernamePasswordAuthenticationServiceContextPasser extends
36  	AuthenticationServiceContextPasser {
37  	
38  	/**
39  	 * Private logger of this class.
40  	 */
41  	private static Logger s_logger = LoggerFactory.getLogger(SecureUsernamePasswordAuthenticationServiceContextPasser.class);
42  	
43  	/**
44  	 * The AES cipher.
45  	 */
46  	private AESCipher m_cipher;
47  
48  	/**
49  	 * @param key Is the key to set.
50  	 */
51  	public void setKey(String key) {
52  		m_cipher = new AESCipher(key);
53  	}
54  	
55  	/** {@inheritDoc} */
56  	@Override
57  	public Object getImplicitlyPassedContext() {
58  		Authentication auth = SecurityContextHolder.getContext().getAuthentication();
59  		if (auth instanceof UsernamePasswordAuthenticationToken) {
60  			UsernamePasswordAuthenticationToken result = new UsernamePasswordAuthenticationToken(
61  				auth.getPrincipal(), m_cipher.encrypt((String) auth.getCredentials()), auth.getAuthorities());
62  			
63  			return result;
64  		} else {
65  			return auth;
66  		}
67  	}
68  	
69  	/** {@inheritDoc} */
70  	@Override
71  	public void pushImplicitlyPassedContext(Object context) {
72  		if (context == null) {
73  			s_logger.warn("Authentication == null");
74  			SecurityContextHolder.getContext().setAuthentication(null);
75  			return;
76  		}
77  		
78  		Authentication auth = (Authentication) context;
79  		if (auth instanceof UsernamePasswordAuthenticationToken) {
80  			UsernamePasswordAuthenticationToken result = new UsernamePasswordAuthenticationToken(
81  				auth.getPrincipal(), m_cipher.decrypt((String) auth.getCredentials()));
82  			
83  			SecurityContextHolder.getContext().setAuthentication(result);
84  		} else {
85  			//throw new IllegalArgumentException("Context has to be of type UsernamePasswordAuthenticationToken");
86  			SecurityContextHolder.getContext().setAuthentication(auth);
87  		}
88  	}
89  	
90  	
91  }