From a159d89ffd5ffe791c6f9496fc70b8f026dde426 Mon Sep 17 00:00:00 2001 From: Ben Alex Date: Sat, 20 Nov 2004 05:24:16 +0000 Subject: [PATCH] Initial commit. --- ...ationSimpleHttpInvokerRequestExecutor.java | 103 ++++++++++++++++++ .../acegisecurity/ui/httpinvoker/package.html | 21 ++++ 2 files changed, 124 insertions(+) create mode 100644 core/src/main/java/org/acegisecurity/ui/httpinvoker/AuthenticationSimpleHttpInvokerRequestExecutor.java create mode 100644 core/src/main/java/org/acegisecurity/ui/httpinvoker/package.html diff --git a/core/src/main/java/org/acegisecurity/ui/httpinvoker/AuthenticationSimpleHttpInvokerRequestExecutor.java b/core/src/main/java/org/acegisecurity/ui/httpinvoker/AuthenticationSimpleHttpInvokerRequestExecutor.java new file mode 100644 index 0000000000..35dd65acd6 --- /dev/null +++ b/core/src/main/java/org/acegisecurity/ui/httpinvoker/AuthenticationSimpleHttpInvokerRequestExecutor.java @@ -0,0 +1,103 @@ +/* Copyright 2004 Acegi Technology Pty Limited + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package net.sf.acegisecurity.ui.httpinvoker; + +import net.sf.acegisecurity.Authentication; +import net.sf.acegisecurity.AuthenticationCredentialsNotFoundException; +import net.sf.acegisecurity.context.ContextHolder; +import net.sf.acegisecurity.context.SecureContext; + +import org.apache.commons.codec.binary.Base64; +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; + +import org.springframework.remoting.httpinvoker.SimpleHttpInvokerRequestExecutor; + +import java.io.IOException; + +import java.net.HttpURLConnection; + + +/** + * Adds BASIC authentication support to + * SimpleHttpInvokerRequestExecutor. + * + * @author Ben Alex + * @version $Id$ + */ +public class AuthenticationSimpleHttpInvokerRequestExecutor + extends SimpleHttpInvokerRequestExecutor { + //~ Static fields/initializers ============================================= + + private static final Log logger = LogFactory.getLog(AuthenticationSimpleHttpInvokerRequestExecutor.class); + + //~ Methods ================================================================ + + /** + * Called every time a HTTP invocation is made. + * + *

+ * Simply allows the parent to setup the connection, and then adds an + * Authorization HTTP header property that will be used for + * BASIC authentication. + *

+ * + *

+ * The ContextHolder is used to obtain the relevant principal + * and credentials. + *

+ * + * @param con the HTTP connection to prepare + * @param contentLength the length of the content to send + * + * @throws IOException if thrown by HttpURLConnection methods + * @throws AuthenticationCredentialsNotFoundException if the + * ContextHolder does not contain a valid + * Authentication with both its + * principal and credentials not + * null + */ + protected void prepareConnection(HttpURLConnection con, int contentLength) + throws IOException, AuthenticationCredentialsNotFoundException { + super.prepareConnection(con, contentLength); + + if ((ContextHolder.getContext() == null) + || !(ContextHolder.getContext() instanceof SecureContext)) { + throw new AuthenticationCredentialsNotFoundException( + "ContextHolder is null or does not contain a SecureContext"); + } + + Authentication auth = ((SecureContext) ContextHolder.getContext()) + .getAuthentication(); + + if ((auth == null) || (auth.getPrincipal() == null) + || (auth.getCredentials() == null)) { + throw new AuthenticationCredentialsNotFoundException( + "The Authentication contained in the ContextHolder is null or the principal and/or credentials properties are null"); + } + + String base64 = auth.getPrincipal().toString() + ":" + + auth.getCredentials().toString(); + con.setRequestProperty("Authorization", + "Basic " + new String(Base64.encodeBase64(base64.getBytes()))); + + if (logger.isDebugEnabled()) { + logger.debug( + "HttpInvocation now presenting via BASIC authentication ContextHolder-derived: " + + auth.toString()); + } + } +} diff --git a/core/src/main/java/org/acegisecurity/ui/httpinvoker/package.html b/core/src/main/java/org/acegisecurity/ui/httpinvoker/package.html new file mode 100644 index 0000000000..e4c55d359c --- /dev/null +++ b/core/src/main/java/org/acegisecurity/ui/httpinvoker/package.html @@ -0,0 +1,21 @@ + + +Enables use of Spring's HttpInvoker extension points to +present the principal and credentials located +in the ContextHolder via BASIC authentication. + +

The beans are wired as follows: + +

+ +<bean id="test" class="org.springframework.remoting.httpinvoker.HttpInvokerProxyFactoryBean">
+ <property name="serviceUrl"><value>http://localhost/Test</value></property>
+ <property name="serviceInterface"><value>test.TargetInterface</value></property>
+ <property name="httpInvokerRequestExecutor"><ref bean="httpInvokerRequestExecutor"/></property>
+</bean>
+
+<bean id="httpInvokerRequestExecutor" class="net.sf.acegisecurity.ui.httpinvoker.AuthenticationSimpleHttpInvokerRequestExecutor"/>
+ + + +