Source code

001/*
002 * Licensed to DuraSpace under one or more contributor license agreements.
003 * See the NOTICE file distributed with this work for additional information
004 * regarding copyright ownership.
005 *
006 * DuraSpace licenses this file to you under the Apache License,
007 * Version 2.0 (the "License"); you may not use this file except in
008 * compliance with the License.  You may obtain a copy of the License at
009 *
010 *     http://www.apache.org/licenses/LICENSE-2.0
011 *
012 * Unless required by applicable law or agreed to in writing, software
013 * distributed under the License is distributed on an "AS IS" BASIS,
014 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
015 * See the License for the specific language governing permissions and
016 * limitations under the License.
017 */
018package org.fcrepo.auth.common;
019
020import static org.slf4j.LoggerFactory.getLogger;
021
022import java.util.Set;
023
024import org.apache.shiro.authc.AuthenticationException;
025import org.apache.shiro.authc.AuthenticationInfo;
026import org.apache.shiro.authc.AuthenticationToken;
027import org.apache.shiro.authc.SimpleAuthenticationInfo;
028import org.apache.shiro.realm.AuthenticatingRealm;
029import org.apache.shiro.subject.SimplePrincipalCollection;
030import org.fcrepo.auth.common.ContainerRolesPrincipalProvider.ContainerRolesPrincipal;
031import org.slf4j.Logger;
032
033/**
034 * @author peichman
035 */
036public class ServletContainerAuthenticatingRealm extends AuthenticatingRealm {
037
038    private static final Logger log = getLogger(ServletContainerAuthenticatingRealm.class);
039
040    @Override
041    public String getName() {
042        return "servlet container authentication";
043    }
044
045    @Override
046    protected AuthenticationInfo doGetAuthenticationInfo(final AuthenticationToken token)
047            throws AuthenticationException {
048        final ContainerAuthToken authToken = (ContainerAuthToken) token;
049        final SimplePrincipalCollection principals = new SimplePrincipalCollection();
050        log.debug("Creating principals from servlet container principal and roles");
051        // container-managed auth username
052        principals.add(authToken.getPrincipal(), getName());
053        // container-managed auth roles
054        final Set<ContainerRolesPrincipal> roles = authToken.getRoles();
055        if (!roles.isEmpty()) {
056            principals.addAll(roles, getName());
057        }
058        return new SimpleAuthenticationInfo(principals, ContainerAuthToken.AUTHORIZED);
059    }
060
061    @Override
062    public boolean supports(final AuthenticationToken token) {
063        return token instanceof ContainerAuthToken;
064    }
065
066}