1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24 package waffle.shiro;
25
26 import org.apache.shiro.authc.AuthenticationException;
27 import org.apache.shiro.authc.AuthenticationInfo;
28 import org.apache.shiro.authc.AuthenticationToken;
29 import org.apache.shiro.authc.SimpleAuthenticationInfo;
30 import org.apache.shiro.authc.UsernamePasswordToken;
31 import org.apache.shiro.authc.credential.CredentialsMatcher;
32 import org.apache.shiro.authc.credential.HashingPasswordService;
33 import org.apache.shiro.authc.credential.PasswordMatcher;
34 import org.apache.shiro.authc.credential.PasswordService;
35 import org.apache.shiro.authz.AuthorizationInfo;
36 import org.apache.shiro.crypto.hash.Hash;
37 import org.apache.shiro.realm.AuthorizingRealm;
38 import org.apache.shiro.subject.PrincipalCollection;
39 import org.apache.shiro.util.ByteSource;
40 import org.slf4j.Logger;
41 import org.slf4j.LoggerFactory;
42
43 import waffle.windows.auth.IWindowsAuthProvider;
44 import waffle.windows.auth.IWindowsIdentity;
45 import waffle.windows.auth.impl.WindowsAuthProviderImpl;
46
47
48
49
50
51 public abstract class AbstractWaffleRealm extends AuthorizingRealm {
52
53
54 private static final Logger LOGGER = LoggerFactory.getLogger(AbstractWaffleRealm.class);
55
56
57 private static final String REALM_NAME = "WAFFLE";
58
59
60 private IWindowsAuthProvider provider = new WindowsAuthProviderImpl();
61
62 @Override
63 protected final AuthenticationInfo doGetAuthenticationInfo(final AuthenticationToken authToken) {
64 AuthenticationInfo authenticationInfo = null;
65 if (authToken instanceof UsernamePasswordToken) {
66 final UsernamePasswordToken token = (UsernamePasswordToken) authToken;
67 final String username = token.getUsername();
68 IWindowsIdentity identity = null;
69 try {
70 AbstractWaffleRealm.LOGGER.debug("Attempting login for user {}", username);
71 identity = this.provider.logonUser(username, new String(token.getPassword()));
72 if (identity.isGuest()) {
73 AbstractWaffleRealm.LOGGER.debug("Guest identity for user {}; denying access", username);
74 throw new AuthenticationException("Guest identities are not allowed access");
75 }
76 final Object principal = new WaffleFqnPrincipal(identity);
77 authenticationInfo = this.buildAuthenticationInfo(token, principal);
78 AbstractWaffleRealm.LOGGER.debug("Successful login for user {}", username);
79 } catch (final RuntimeException e) {
80 AbstractWaffleRealm.LOGGER.debug("Failed login for user {}", username);
81 throw new AuthenticationException("Login failed", e);
82 } finally {
83 if (identity != null) {
84 identity.dispose();
85 }
86 }
87 }
88 return authenticationInfo;
89 }
90
91
92
93
94
95
96
97
98
99
100
101 private AuthenticationInfo buildAuthenticationInfo(final UsernamePasswordToken token, final Object principal) {
102 AuthenticationInfo authenticationInfo;
103 final HashingPasswordService hashService = this.getHashService();
104 if (hashService != null) {
105 final Hash hash = hashService.hashPassword(token.getPassword());
106 final ByteSource salt = hash.getSalt();
107 authenticationInfo = new SimpleAuthenticationInfo(principal, hash, salt, AbstractWaffleRealm.REALM_NAME);
108 } else {
109 final Object creds = token.getCredentials();
110 authenticationInfo = new SimpleAuthenticationInfo(principal, creds, AbstractWaffleRealm.REALM_NAME);
111 }
112 return authenticationInfo;
113 }
114
115 @Override
116 protected final AuthorizationInfo doGetAuthorizationInfo(final PrincipalCollection principals) {
117 final WaffleFqnPrincipal principal = principals.oneByType(WaffleFqnPrincipal.class);
118 return principal == null ? null : this.buildAuthorizationInfo(principal);
119 }
120
121
122
123
124
125
126
127
128
129 protected abstract AuthorizationInfo buildAuthorizationInfo(final WaffleFqnPrincipal principal);
130
131
132
133
134
135
136
137
138 void setProvider(final IWindowsAuthProvider value) {
139 this.provider = value;
140 }
141
142
143
144
145
146
147 private HashingPasswordService getHashService() {
148 final CredentialsMatcher matcher = this.getCredentialsMatcher();
149 if (matcher instanceof PasswordMatcher) {
150 final PasswordMatcher passwordMatcher = (PasswordMatcher) matcher;
151 final PasswordService passwordService = passwordMatcher.getPasswordService();
152 if (passwordService instanceof HashingPasswordService) {
153 return (HashingPasswordService) passwordService;
154 }
155 }
156 return null;
157 }
158
159 }