Coverage Report

Coverage Report - org.trails.security.ExpiringKeyAuthenticationProvider

Classes in this File

91%

100%

 package org.trails.security;
 
 import java.util.Date;
 import java.util.List;
 
 import org.acegisecurity.Authentication;
 import org.acegisecurity.AuthenticationException;
 import org.acegisecurity.BadCredentialsException;
 import org.acegisecurity.providers.AuthenticationProvider;
 import org.acegisecurity.userdetails.UserDetails;
 import org.acegisecurity.userdetails.UserDetailsService;
 import org.apache.log4j.Logger;
 import org.hibernate.criterion.DetachedCriteria;
 import org.hibernate.criterion.Restrictions;
 import org.trails.persistence.HibernatePersistenceService;
 
 public class ExpiringKeyAuthenticationProvider implements AuthenticationProvider {
         private static final Logger log = Logger.getLogger(ExpiringKeyAuthenticationProvider.class);
         
         private HibernatePersistenceService persistenceService;
         private UserDetailsService userDetailsService;
 
         public void setPersistenceService(HibernatePersistenceService persistenceService) {
                 this.persistenceService = persistenceService;
         }
 
         public void setUserDetailsService(UserDetailsService userDetailsService) {
                 this.userDetailsService = userDetailsService;
         }
 
         public Authentication authenticate(Authentication authentication) throws AuthenticationException {
                 // This is called repetitively on the first request when the authentication is not yet established,
                 // but a cookie is available. Only authenticate if not authenticated (no authorities found)
                 if (authentication.getAuthorities() != null) return authentication;
                 // Only process if principal is available
                 if (authentication.getPrincipal() == null) return authentication;
                 DetachedCriteria detachedCriteria = DetachedCriteria.forClass(ExpiringKey.class);
                 detachedCriteria.add(Restrictions.eq("name", authentication.getName()) );
                 detachedCriteria.add(Restrictions.gt("expiresAfter", new Date() ) );
                 
                 List<ExpiringKey> expiringKeys = persistenceService.getInstances(ExpiringKey.class, detachedCriteria );
                 if (expiringKeys.size() <= 0) throw new BadCredentialsException("No persistent credentials found");
                 
                 
                 String providedToken = authentication.getCredentials().toString();
                 if (providedToken == null) throw new BadCredentialsException("No remember me token provided");
                 
                 for (ExpiringKey key : expiringKeys) if (providedToken.equals(key.getValue()) ) {
                         UserDetails userDetails = userDetailsService.loadUserByUsername(key.getName());
                         // TODO we should handle these specific exceptions here
                         // A DisabledException must be thrown if an account is disabled and the AuthenticationManager can test for this state.
                         // A LockedException must be thrown if an account is locked and the AuthenticationManager can test for account locking.
                         if (userDetails == null) throw new BadCredentialsException("Token found, but user doesn't exist");
             log.info("Successfully authenticated user " + authentication.getName() + " using expiring key");
                         return new UserKeyAuthenticationToken(authentication.getPrincipal(), authentication.getCredentials(), userDetails.getAuthorities() );
                 }
                 throw new BadCredentialsException("No matching token available");
         }
 
         public boolean supports(Class authenticationClass) {
                 return (UserKeyAuthenticationToken.class.isAssignableFrom(authenticationClass));
         }
 }

1		package org.trails.security;
2
3		import java.util.Date;
4		import java.util.List;
5
6		import org.acegisecurity.Authentication;
7		import org.acegisecurity.AuthenticationException;
8		import org.acegisecurity.BadCredentialsException;
9		import org.acegisecurity.providers.AuthenticationProvider;
10		import org.acegisecurity.userdetails.UserDetails;
11		import org.acegisecurity.userdetails.UserDetailsService;
12		import org.apache.log4j.Logger;
13		import org.hibernate.criterion.DetachedCriteria;
14		import org.hibernate.criterion.Restrictions;
15		import org.trails.persistence.HibernatePersistenceService;
16
17	3	public class ExpiringKeyAuthenticationProvider implements AuthenticationProvider {
18	3	private static final Logger log = Logger.getLogger(ExpiringKeyAuthenticationProvider.class);
19
20		private HibernatePersistenceService persistenceService;
21		private UserDetailsService userDetailsService;
22
23		public void setPersistenceService(HibernatePersistenceService persistenceService) {
24	3	this.persistenceService = persistenceService;
25	3	}
26
27		public void setUserDetailsService(UserDetailsService userDetailsService) {
28	3	this.userDetailsService = userDetailsService;
29	3	}
30
31		public Authentication authenticate(Authentication authentication) throws AuthenticationException {
32		// This is called repetitively on the first request when the authentication is not yet established,
33		// but a cookie is available. Only authenticate if not authenticated (no authorities found)
34	3	if (authentication.getAuthorities() != null) return authentication;
35		// Only process if principal is available
36	3	if (authentication.getPrincipal() == null) return authentication;
37	3	DetachedCriteria detachedCriteria = DetachedCriteria.forClass(ExpiringKey.class);
38	3	detachedCriteria.add(Restrictions.eq("name", authentication.getName()) );
39	3	detachedCriteria.add(Restrictions.gt("expiresAfter", new Date() ) );
40
41	3	List<ExpiringKey> expiringKeys = persistenceService.getInstances(ExpiringKey.class, detachedCriteria );
42	3	if (expiringKeys.size() <= 0) throw new BadCredentialsException("No persistent credentials found");
43
44
45	3	String providedToken = authentication.getCredentials().toString();
46	3	if (providedToken == null) throw new BadCredentialsException("No remember me token provided");
47
48	3	for (ExpiringKey key : expiringKeys) if (providedToken.equals(key.getValue()) ) {
49	3	UserDetails userDetails = userDetailsService.loadUserByUsername(key.getName());
50		// TODO we should handle these specific exceptions here
51		// A DisabledException must be thrown if an account is disabled and the AuthenticationManager can test for this state.
52		// A LockedException must be thrown if an account is locked and the AuthenticationManager can test for account locking.
53	3	if (userDetails == null) throw new BadCredentialsException("Token found, but user doesn't exist");
54	3	log.info("Successfully authenticated user " + authentication.getName() + " using expiring key");
55	3	return new UserKeyAuthenticationToken(authentication.getPrincipal(), authentication.getCredentials(), userDetails.getAuthorities() );
56		}
57	0	throw new BadCredentialsException("No matching token available");
58		}
59
60		public boolean supports(Class authenticationClass) {
61	0	return (UserKeyAuthenticationToken.class.isAssignableFrom(authenticationClass));
62		}
63		}