View Javadoc
1   /*
2    * MIT License
3    *
4    * Copyright (c) 2010-2024 The Waffle Project Contributors: https://github.com/Waffle/waffle/graphs/contributors
5    *
6    * Permission is hereby granted, free of charge, to any person obtaining a copy
7    * of this software and associated documentation files (the "Software"), to deal
8    * in the Software without restriction, including without limitation the rights
9    * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
10   * copies of the Software, and to permit persons to whom the Software is
11   * furnished to do so, subject to the following conditions:
12   *
13   * The above copyright notice and this permission notice shall be included in all
14   * copies or substantial portions of the Software.
15   *
16   * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17   * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18   * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
19   * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20   * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
21   * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
22   * SOFTWARE.
23   */
24  package waffle.spring;
25  
26  import java.util.ArrayList;
27  import java.util.Collection;
28  
29  import org.springframework.security.core.Authentication;
30  import org.springframework.security.core.GrantedAuthority;
31  import org.springframework.security.core.authority.SimpleGrantedAuthority;
32  
33  import waffle.servlet.WindowsPrincipal;
34  import waffle.windows.auth.WindowsAccount;
35  
36  /**
37   * A Windows authentication token.
38   */
39  public class WindowsAuthenticationToken implements Authentication {
40  
41      /** The Constant serialVersionUID. */
42      private static final long serialVersionUID = 1L;
43  
44      /**
45       * The {@link GrantedAuthorityFactory} that is used by default if a custom one is not specified. This default
46       * {@link GrantedAuthorityFactory} is a {@link FqnGrantedAuthorityFactory} with prefix {@code "ROLE_"} and will
47       * convert the fqn to uppercase
48       */
49      public static final GrantedAuthorityFactory DEFAULT_GRANTED_AUTHORITY_FACTORY = new FqnGrantedAuthorityFactory(
50              "ROLE_", true);
51  
52      /**
53       * The {@link GrantedAuthority} that will be added to every WindowsAuthenticationToken, unless another (or null) is
54       * specified.
55       */
56      public static final GrantedAuthority DEFAULT_GRANTED_AUTHORITY = new SimpleGrantedAuthority("ROLE_USER");
57  
58      /** The principal. */
59      private final WindowsPrincipal principal;
60  
61      /** The authorities. */
62      private final Collection<GrantedAuthority> authorities;
63  
64      /**
65       * Convenience constructor that calls
66       * {@link #WindowsAuthenticationToken(WindowsPrincipal, GrantedAuthorityFactory, GrantedAuthority)} with:
67       * <ul>
68       * <li>the given identity,</li>
69       * <li>the {@link #DEFAULT_GRANTED_AUTHORITY_FACTORY}</li>
70       * <li>the {@link #DEFAULT_GRANTED_AUTHORITY}</li>
71       * </ul>
72       * .
73       *
74       * @param identity
75       *            the identity
76       */
77      public WindowsAuthenticationToken(final WindowsPrincipal identity) {
78          this(identity, WindowsAuthenticationToken.DEFAULT_GRANTED_AUTHORITY_FACTORY,
79                  WindowsAuthenticationToken.DEFAULT_GRANTED_AUTHORITY);
80      }
81  
82      /**
83       * Instantiates a new windows authentication token.
84       *
85       * @param identity
86       *            The {@link WindowsPrincipal} for which this token exists.
87       * @param grantedAuthorityFactory
88       *            used to construct {@link GrantedAuthority}s for each of the groups to which the
89       *            {@link WindowsPrincipal} belongs
90       * @param defaultGrantedAuthority
91       *            if not null, this {@link GrantedAuthority} will always be added to the granted authorities list
92       */
93      public WindowsAuthenticationToken(final WindowsPrincipal identity,
94              final GrantedAuthorityFactory grantedAuthorityFactory, final GrantedAuthority defaultGrantedAuthority) {
95  
96          this.principal = identity;
97          this.authorities = new ArrayList<>();
98          if (defaultGrantedAuthority != null) {
99              this.authorities.add(defaultGrantedAuthority);
100         }
101         for (final WindowsAccount group : this.principal.getGroups().values()) {
102             this.authorities.add(grantedAuthorityFactory.createGrantedAuthority(group));
103         }
104     }
105 
106     @Override
107     public Collection<GrantedAuthority> getAuthorities() {
108         return this.authorities;
109     }
110 
111     @Override
112     public Object getCredentials() {
113         return null;
114     }
115 
116     @Override
117     public Object getDetails() {
118         return null;
119     }
120 
121     @Override
122     public Object getPrincipal() {
123         return this.principal;
124     }
125 
126     @Override
127     public boolean isAuthenticated() {
128         return this.principal != null;
129     }
130 
131     @Override
132     public void setAuthenticated(final boolean authenticated) {
133         throw new IllegalArgumentException();
134     }
135 
136     @Override
137     public String getName() {
138         return this.principal.getName();
139     }
140 
141 }