View Javadoc
1   /*
2    * MIT License
3    *
4    * Copyright (c) 2010-2024 The Waffle Project Contributors: https://github.com/Waffle/waffle/graphs/contributors
5    *
6    * Permission is hereby granted, free of charge, to any person obtaining a copy
7    * of this software and associated documentation files (the "Software"), to deal
8    * in the Software without restriction, including without limitation the rights
9    * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
10   * copies of the Software, and to permit persons to whom the Software is
11   * furnished to do so, subject to the following conditions:
12   *
13   * The above copyright notice and this permission notice shall be included in all
14   * copies or substantial portions of the Software.
15   *
16   * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17   * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18   * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
19   * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20   * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
21   * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
22   * SOFTWARE.
23   */
24  package waffle.spring;
25  
26  import com.sun.jna.platform.win32.Win32Exception;
27  
28  import java.util.Locale;
29  
30  import org.slf4j.Logger;
31  import org.slf4j.LoggerFactory;
32  import org.springframework.security.authentication.AuthenticationProvider;
33  import org.springframework.security.authentication.AuthenticationServiceException;
34  import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
35  import org.springframework.security.core.Authentication;
36  import org.springframework.security.core.GrantedAuthority;
37  
38  import waffle.servlet.WindowsPrincipal;
39  import waffle.windows.auth.IWindowsAuthProvider;
40  import waffle.windows.auth.IWindowsIdentity;
41  import waffle.windows.auth.PrincipalFormat;
42  
43  /**
44   * A Waffle authentication provider for Spring-security.
45   */
46  public class WindowsAuthenticationProvider implements AuthenticationProvider {
47  
48      /** The Constant LOGGER. */
49      private static final Logger LOGGER = LoggerFactory.getLogger(WindowsAuthenticationProvider.class);
50  
51      /** The principal format. */
52      private PrincipalFormat principalFormat = PrincipalFormat.FQN;
53  
54      /** The role format. */
55      private PrincipalFormat roleFormat = PrincipalFormat.FQN;
56  
57      /** The allow guest login. */
58      private boolean allowGuestLogin = true;
59  
60      /** The auth provider. */
61      private IWindowsAuthProvider authProvider;
62  
63      /** The granted authority factory. */
64      private GrantedAuthorityFactory grantedAuthorityFactory = WindowsAuthenticationToken.DEFAULT_GRANTED_AUTHORITY_FACTORY;
65  
66      /** The default granted authority. */
67      private GrantedAuthority defaultGrantedAuthority = WindowsAuthenticationToken.DEFAULT_GRANTED_AUTHORITY;
68  
69      /**
70       * Instantiates a new windows authentication provider.
71       */
72      public WindowsAuthenticationProvider() {
73          WindowsAuthenticationProvider.LOGGER.debug("[waffle.spring.WindowsAuthenticationProvider] loaded");
74      }
75  
76      @Override
77      public Authentication authenticate(final Authentication authentication) {
78          final UsernamePasswordAuthenticationToken auth = (UsernamePasswordAuthenticationToken) authentication;
79          IWindowsIdentity windowsIdentity;
80          try {
81              windowsIdentity = this.authProvider.logonUser(auth.getName(), auth.getCredentials().toString());
82          } catch (final Win32Exception e) {
83              throw new AuthenticationServiceException(e.getMessage(), e);
84          }
85          WindowsAuthenticationProvider.LOGGER.debug("logged in user: {} ({})", windowsIdentity.getFqn(),
86                  windowsIdentity.getSidString());
87  
88          if (!this.allowGuestLogin && windowsIdentity.isGuest()) {
89              WindowsAuthenticationProvider.LOGGER.warn("guest login disabled: {}", windowsIdentity.getFqn());
90              throw new GuestLoginDisabledAuthenticationException(windowsIdentity.getFqn());
91          }
92  
93          final WindowsPrincipal windowsPrincipal = new WindowsPrincipal(windowsIdentity, this.principalFormat,
94                  this.roleFormat);
95          WindowsAuthenticationProvider.LOGGER.debug("roles: {}", windowsPrincipal.getRolesString());
96  
97          final WindowsAuthenticationToken token = new WindowsAuthenticationToken(windowsPrincipal,
98                  this.grantedAuthorityFactory, this.defaultGrantedAuthority);
99  
100         WindowsAuthenticationProvider.LOGGER.info("successfully logged in user: {}", windowsIdentity.getFqn());
101         return token;
102     }
103 
104     /**
105      * Supports.
106      *
107      * @param authentication
108      *            the authentication
109      *
110      * @return true, if successful
111      */
112     @Override
113     public boolean supports(final Class<? extends Object> authentication) {
114         return UsernamePasswordAuthenticationToken.class.isAssignableFrom(authentication);
115     }
116 
117     /**
118      * Gets the principal format.
119      *
120      * @return the principal format
121      */
122     public PrincipalFormat getPrincipalFormat() {
123         return this.principalFormat;
124     }
125 
126     /**
127      * Sets the principal format enum.
128      *
129      * @param value
130      *            the new principal format enum
131      */
132     public void setPrincipalFormatEnum(final PrincipalFormat value) {
133         this.principalFormat = value;
134     }
135 
136     /**
137      * Sets the principal format.
138      *
139      * @param value
140      *            the new principal format
141      */
142     public void setPrincipalFormat(final String value) {
143         this.setPrincipalFormatEnum(PrincipalFormat.valueOf(value.toUpperCase(Locale.ENGLISH)));
144     }
145 
146     /**
147      * Gets the role format.
148      *
149      * @return the role format
150      */
151     public PrincipalFormat getRoleFormat() {
152         return this.roleFormat;
153     }
154 
155     /**
156      * Sets the role format enum.
157      *
158      * @param value
159      *            the new role format enum
160      */
161     public void setRoleFormatEnum(final PrincipalFormat value) {
162         this.roleFormat = value;
163     }
164 
165     /**
166      * Sets the role format.
167      *
168      * @param value
169      *            the new role format
170      */
171     public void setRoleFormat(final String value) {
172         this.setRoleFormatEnum(PrincipalFormat.valueOf(value.toUpperCase(Locale.ENGLISH)));
173     }
174 
175     /**
176      * Checks if is allow guest login.
177      *
178      * @return true, if is allow guest login
179      */
180     public boolean isAllowGuestLogin() {
181         return this.allowGuestLogin;
182     }
183 
184     /**
185      * Sets the allow guest login.
186      *
187      * @param value
188      *            the new allow guest login
189      */
190     public void setAllowGuestLogin(final boolean value) {
191         this.allowGuestLogin = value;
192     }
193 
194     /**
195      * Gets the auth provider.
196      *
197      * @return the auth provider
198      */
199     public IWindowsAuthProvider getAuthProvider() {
200         return this.authProvider;
201     }
202 
203     /**
204      * Sets the auth provider.
205      *
206      * @param value
207      *            the new auth provider
208      */
209     public void setAuthProvider(final IWindowsAuthProvider value) {
210         this.authProvider = value;
211     }
212 
213     /**
214      * Gets the granted authority factory.
215      *
216      * @return the granted authority factory
217      */
218     public GrantedAuthorityFactory getGrantedAuthorityFactory() {
219         return this.grantedAuthorityFactory;
220     }
221 
222     /**
223      * Sets the granted authority factory.
224      *
225      * @param value
226      *            the new granted authority factory
227      */
228     public void setGrantedAuthorityFactory(final GrantedAuthorityFactory value) {
229         this.grantedAuthorityFactory = value;
230     }
231 
232     /**
233      * Gets the default granted authority.
234      *
235      * @return the default granted authority
236      */
237     public GrantedAuthority getDefaultGrantedAuthority() {
238         return this.defaultGrantedAuthority;
239     }
240 
241     /**
242      * Sets the default granted authority.
243      *
244      * @param value
245      *            the new default granted authority
246      */
247     public void setDefaultGrantedAuthority(final GrantedAuthority value) {
248         this.defaultGrantedAuthority = value;
249     }
250 }