RememberMeAuthenticationProvider xref

View Javadoc

1   /* Copyright 2004, 2005 Acegi Technology Pty Limited
2    *
3    * Licensed under the Apache License, Version 2.0 (the "License");
4    * you may not use this file except in compliance with the License.
5    * You may obtain a copy of the License at
6    *
7    *     http://www.apache.org/licenses/LICENSE-2.0
8    *
9    * Unless required by applicable law or agreed to in writing, software
10   * distributed under the License is distributed on an "AS IS" BASIS,
11   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12   * See the License for the specific language governing permissions and
13   * limitations under the License.
14   */
15  
16  package org.acegisecurity.providers.rememberme;
17  
18  import org.acegisecurity.AcegiMessageSource;
19  import org.acegisecurity.Authentication;
20  import org.acegisecurity.AuthenticationException;
21  import org.acegisecurity.BadCredentialsException;
22  import org.acegisecurity.providers.AuthenticationProvider;
23  import org.apache.commons.logging.Log;
24  import org.apache.commons.logging.LogFactory;
25  import org.springframework.beans.factory.InitializingBean;
26  import org.springframework.context.MessageSource;
27  import org.springframework.context.MessageSourceAware;
28  import org.springframework.context.support.MessageSourceAccessor;
29  import org.springframework.util.Assert;
30  
31  
32  /***
33   * An {@link AuthenticationProvider} implementation that validates {@link
34   * org.acegisecurity.providers.rememberme.RememberMeAuthenticationToken}s.
35   * 
36   * <p>
37   * To be successfully validated, the  {@link{@link
38   * org.acegisecurity.providers.rememberme.RememberMeAuthenticationToken#getKeyHash()}
39   * must match this class' {@link #getKey()}.
40   * </p>
41   */
42  public class RememberMeAuthenticationProvider implements AuthenticationProvider,
43      InitializingBean, MessageSourceAware {
44      //~ Static fields/initializers =============================================
45  
46      private static final Log logger = LogFactory.getLog(RememberMeAuthenticationProvider.class);
47  
48      //~ Instance fields ========================================================
49  
50      protected MessageSourceAccessor messages = AcegiMessageSource.getAccessor();
51      private String key;
52  
53      //~ Methods ================================================================
54  
55      public void afterPropertiesSet() throws Exception {
56          Assert.hasLength(key);
57          Assert.notNull(this.messages, "A message source must be set");
58      }
59  
60      public Authentication authenticate(Authentication authentication)
61          throws AuthenticationException {
62          if (!supports(authentication.getClass())) {
63              return null;
64          }
65  
66          if (this.key.hashCode() != ((RememberMeAuthenticationToken) authentication)
67              .getKeyHash()) {
68              throw new BadCredentialsException(messages.getMessage(
69                      "RememberMeAuthenticationProvider.incorrectKey",
70                      "The presented RememberMeAuthenticationToken does not contain the expected key"));
71          }
72  
73          return authentication;
74      }
75  
76      public String getKey() {
77          return key;
78      }
79  
80      public void setKey(String key) {
81          this.key = key;
82      }
83  
84      public void setMessageSource(MessageSource messageSource) {
85          this.messages = new MessageSourceAccessor(messageSource);
86      }
87  
88      public boolean supports(Class authentication) {
89          return (RememberMeAuthenticationToken.class.isAssignableFrom(authentication));
90      }
91  }