SWS-279

Author: poutsma

security/src/main/java/org/springframework/ws/soap/security/xwss/callback/acegi/AcegiUsernamePasswordCallbackHandler.java

@@ -0,0 +1,67 @@
+/*
+ * Copyright 2008 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.ws.soap.security.xwss.callback.acegi;
+
+import java.io.IOException;
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.UnsupportedCallbackException;
+
+import com.sun.xml.wss.impl.callback.PasswordCallback;
+import com.sun.xml.wss.impl.callback.UsernameCallback;
+import org.acegisecurity.Authentication;
+import org.acegisecurity.context.SecurityContext;
+import org.acegisecurity.context.SecurityContextHolder;
+
+import org.springframework.ws.soap.security.xwss.callback.AbstractCallbackHandler;
+
+/**
+ * Callback handler that adds username/password information to a mesage using an Acegi {@link SecurityContext}.
+ * <p/>
+ * This class handles <code>UsernameCallback</code>s and <code>PasswordCallback</code>s, and throws an
+ * <code>UnsupportedCallbackException</code> for others
+ *
+ * @author Arjen Poutsma
+ * @since 1.5.0
+ */
+public class AcegiUsernamePasswordCallbackHandler extends AbstractCallbackHandler {
+
+    protected void handleInternal(Callback callback) throws IOException, UnsupportedCallbackException {
+        if (callback instanceof UsernameCallback) {
+            Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
+            if (authentication != null && authentication.getName() != null) {
+                UsernameCallback usernameCallback = (UsernameCallback) callback;
+                usernameCallback.setUsername(authentication.getName());
+                return;
+            }
+            else {
+                logger.warn("Cannot handle UsernameCallback: Acegi SecurityContext contains no Authentication");
+            }
+        }
+        else if (callback instanceof PasswordCallback) {
+            Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
+            if (authentication != null && authentication.getName() != null) {
+                PasswordCallback passwordCallback = (PasswordCallback) callback;
+                passwordCallback.setPassword(authentication.getCredentials().toString());
+                return;
+            }
+            else {
+                logger.warn("Canot handle PasswordCallback: Acegi SecurityContext contains no Authentication");
+            }
+        }
+        throw new UnsupportedCallbackException(callback);
+    }
+}

security/src/test/java/org/springframework/ws/soap/security/xwss/callback/acegi/AcegiUsernamePasswordCallbackHandlerTest.java

@@ -0,0 +1,51 @@
+/*
+ * Copyright ${YEAR} the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.ws.soap.security.xwss.callback.acegi;
+
+import com.sun.xml.wss.impl.callback.PasswordCallback;
+import com.sun.xml.wss.impl.callback.UsernameCallback;
+import junit.framework.TestCase;
+import org.acegisecurity.Authentication;
+import org.acegisecurity.context.SecurityContextHolder;
+import org.acegisecurity.providers.UsernamePasswordAuthenticationToken;
+
+public class AcegiUsernamePasswordCallbackHandlerTest extends TestCase {
+
+    private AcegiUsernamePasswordCallbackHandler handler;
+
+    protected void setUp() throws Exception {
+        handler = new AcegiUsernamePasswordCallbackHandler();
+        Authentication authentication = new UsernamePasswordAuthenticationToken("Bert", "Ernie");
+        SecurityContextHolder.getContext().setAuthentication(authentication);
+    }
+
+    protected void tearDown() throws Exception {
+        SecurityContextHolder.clearContext();
+    }
+
+    public void testUsernameCallback() throws Exception {
+        UsernameCallback usernameCallback = new UsernameCallback();
+        handler.handleInternal(usernameCallback);
+        assertEquals("Invalid username", "Bert", usernameCallback.getUsername());
+    }
+
+    public void testPasswordCallback() throws Exception {
+        PasswordCallback passwordCallback = new PasswordCallback();
+        handler.handleInternal(passwordCallback);
+        assertEquals("Invalid username", "Ernie", passwordCallback.getPassword());
+    }
+}