forked from seedstack/seed
-
Notifications
You must be signed in to change notification settings - Fork 1
/
ConfigurationRealm.java
139 lines (126 loc) · 5.29 KB
/
ConfigurationRealm.java
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
/*
* Copyright © 2013-2019, The SeedStack authors <http://seedstack.org>
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*/
package org.seedstack.seed.security.internal.realms;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import javax.inject.Inject;
import javax.inject.Named;
import org.seedstack.seed.security.AuthenticationException;
import org.seedstack.seed.security.AuthenticationInfo;
import org.seedstack.seed.security.AuthenticationToken;
import org.seedstack.seed.security.IncorrectCredentialsException;
import org.seedstack.seed.security.Realm;
import org.seedstack.seed.security.RoleMapping;
import org.seedstack.seed.security.RolePermissionResolver;
import org.seedstack.seed.security.SecurityConfig;
import org.seedstack.seed.security.UnknownAccountException;
import org.seedstack.seed.security.UnsupportedTokenException;
import org.seedstack.seed.security.UsernamePasswordToken;
import org.seedstack.seed.security.principals.PrincipalProvider;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
/**
* A realm that authenticate users and gives authorities using SeedStack configuration.
*/
public class ConfigurationRealm implements Realm {
private static final Logger LOGGER = LoggerFactory.getLogger(ConfigurationRealm.class);
private final Set<ConfigurationUser> users = new HashSet<>();
private final RoleMapping roleMapping;
private final RolePermissionResolver rolePermissionResolver;
@Inject
protected ConfigurationRealm(@Named("ConfigurationRealm-role-mapping") RoleMapping roleMapping,
@Named("ConfigurationRealm-role-permission-resolver") RolePermissionResolver rolePermissionResolver,
SecurityConfig securityConfig) {
this.roleMapping = roleMapping;
this.rolePermissionResolver = rolePermissionResolver;
if (securityConfig.getUsers().isEmpty()) {
LOGGER.warn("{} is enabled, but no user is defined in configuration", getClass().getSimpleName());
} else {
for (Map.Entry<String, SecurityConfig.UserConfig> entry : securityConfig.getUsers().entrySet()) {
SecurityConfig.UserConfig userConfig = entry.getValue();
users.add(new ConfigurationUser(entry.getKey(), userConfig.getPassword(), userConfig.getRoles()));
}
}
}
@Override
public Set<String> getRealmRoles(PrincipalProvider<?> identityPrincipal,
Collection<PrincipalProvider<?>> otherPrincipals) {
ConfigurationUser user = findUser(identityPrincipal.get().toString());
if (user != null) {
return user.roles;
}
return Collections.emptySet();
}
@Override
public AuthenticationInfo getAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
if (!(token instanceof UsernamePasswordToken)) {
throw new UnsupportedTokenException("ConfigurationRealm only supports UsernamePasswordToken");
}
UsernamePasswordToken userNamePasswordToken = (UsernamePasswordToken) token;
ConfigurationUser user = findUser(userNamePasswordToken.getUsername());
if (user == null) {
throw new UnknownAccountException("Unknown user " + userNamePasswordToken.getUsername());
}
if (!user.password.equals(new String(userNamePasswordToken.getPassword()))) {
throw new IncorrectCredentialsException();
}
return new AuthenticationInfo(userNamePasswordToken.getUsername(), userNamePasswordToken.getPassword());
}
@Override
public RoleMapping getRoleMapping() {
return this.roleMapping;
}
@Override
public RolePermissionResolver getRolePermissionResolver() {
return this.rolePermissionResolver;
}
@Override
public Class<? extends AuthenticationToken> supportedToken() {
return UsernamePasswordToken.class;
}
private ConfigurationUser findUser(String username) {
for (ConfigurationUser user : users) {
if (user.username.equals(username)) {
return user;
}
}
return null;
}
/**
* Class to represent a user from the configuration. In the file, key is the name, first value is the password,
* following values are the roles.
*/
private static class ConfigurationUser {
private final String username;
private final String password;
private final Set<String> roles;
ConfigurationUser(String username, String password, Set<String> roles) {
this.username = username;
this.password = password;
this.roles = new HashSet<>(roles);
}
@Override
public boolean equals(Object o) {
if (this == o) {
return true;
}
if (o == null || getClass() != o.getClass()) {
return false;
}
ConfigurationUser configurationUser = (ConfigurationUser) o;
return username.equals(configurationUser.username);
}
@Override
public int hashCode() {
return username.hashCode();
}
}
}