CrowdAuthenticationProviderWrapper.java
/*
* Copyright (C) 2011-2014 eXo Platform SAS.
*
* This file is part of eXo Acceptance Webapp.
*
* eXo Acceptance Webapp is free software; you can redistribute it and/or modify it
* under the terms of the GNU Lesser General Public License as
* published by the Free Software Foundation; either version 3 of
* the License, or (at your option) any later version.
*
* eXo Acceptance Webapp software is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with eXo Acceptance Webapp; if not, write to the Free
* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
* 02110-1301 USA, or see <http://www.gnu.org/licenses/>.
*/
package org.exoplatform.acceptance.security;
import com.atlassian.crowd.integration.springsecurity.RemoteCrowdAuthenticationProvider;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
/**
* This authentication provider is wrapping the one used by Crowd to replace Crowd groups by Application Roles from {@link org.exoplatform.acceptance.security.AppAuthority}
*
* @author Arnaud Héritier ( aheritier@exoplatform.com )
* @see CrowdGrantedAuthoritiesMapper
* @since 2.0.0
*/
public class CrowdAuthenticationProviderWrapper implements AuthenticationProvider {
private final RemoteCrowdAuthenticationProvider crowdAuthenticationProvider;
private final CrowdGrantedAuthoritiesMapper grantedAuthoritiesMapper;
/**
* <p>Constructor for CrowdAuthenticationProviderWrapper.</p>
*
* @param crowdAuthenticationProvider a {@link com.atlassian.crowd.integration.springsecurity.RemoteCrowdAuthenticationProvider} object.
* @param grantedAuthoritiesMapper a {@link org.exoplatform.acceptance.security.CrowdGrantedAuthoritiesMapper} object.
*/
public CrowdAuthenticationProviderWrapper(RemoteCrowdAuthenticationProvider crowdAuthenticationProvider, CrowdGrantedAuthoritiesMapper grantedAuthoritiesMapper) {
this.crowdAuthenticationProvider = crowdAuthenticationProvider;
this.grantedAuthoritiesMapper = grantedAuthoritiesMapper;
}
/**
* {@inheritDoc}
* Performs authentication with the same contract as {@link
* org.springframework.security.authentication.AuthenticationManager#authenticate(Authentication)}.
*/
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
Authentication crowdAuthentication = crowdAuthenticationProvider.authenticate(authentication);
return new UsernamePasswordAuthenticationToken(
crowdAuthentication.getPrincipal(),
crowdAuthentication.getCredentials(),
grantedAuthoritiesMapper.mapAuthorities(crowdAuthentication.getAuthorities()));
}
/**
* {@inheritDoc}
* Returns <code>true</code> if this <Code>AuthenticationProvider</code> supports the indicated
* <Code>Authentication</code> object.
* <p>
* Returning <code>true</code> does not guarantee an <code>AuthenticationProvider</code> will be able to
* authenticate the presented instance of the <code>Authentication</code> class. It simply indicates it can support
* closer evaluation of it. An <code>AuthenticationProvider</code> can still return <code>null</code> from the
* {@link #authenticate(Authentication)} method to indicate another <code>AuthenticationProvider</code> should be
* tried.
* </p>
* <p>Selection of an <code>AuthenticationProvider</code> capable of performing authentication is
* conducted at runtime the <code>ProviderManager</code>.</p>
*/
@Override
public boolean supports(Class<?> authentication) {
return crowdAuthenticationProvider.supports(authentication);
}
}