WildflyApplicationAuthenticationProvider.java
/*
* GovWay - A customizable API Gateway
* https://govway.org
*
* Copyright (c) 2005-2024 Link.it srl (https://link.it).
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 3, as published by
* the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
*/
package org.openspcoop2.utils.service.authentication.provider;
import java.io.File;
import java.io.FileInputStream;
import java.security.MessageDigest;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Properties;
import org.openspcoop2.utils.UtilsException;
import org.openspcoop2.utils.io.Base64Utilities;
import org.openspcoop2.utils.io.HexBinaryUtilities;
import org.slf4j.Logger;
import org.springframework.security.authentication.AuthenticationCredentialsNotFoundException;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.ProviderNotFoundException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.core.userdetails.UserDetailsService;
/**
* WildflyApplicationAuthenticationProvider
*
* Classe che utilizza le configurazioni utenti create tramite wildfly
*
* ...
* <b:bean id="wildflyApplicationAuthenticationProvider" class="org.openspcoop2.utils.jaxrs.impl.authentication.provider.WildflyApplicationAuthenticationProvider" >
* <!-- <b:property name="userDetailsService" ref="userDetailServiceUtenze"/> -->
* </b:bean>
* ...
* <authentication-manager alias="authenticationManager">
* <authentication-provider ref="wildflyApplicationAuthenticationProvider"/>
* </authentication-manager>
* ...
*
* @author Andrea Poli (poli@link.it)
* @author $Author$
* @version $Rev$, $Date$
*/
/**
* @author poli
*
*/
public class WildflyApplicationAuthenticationProvider implements AuthenticationProvider{
private Logger log = org.slf4j.LoggerFactory.getLogger(this.getClass());
private String configDir = "jboss.server.config.dir";
private String applicationUsersFileName = "application-users.properties";
private String applicationRolesFileName = "application-roles.properties";
private String realName = "ApplicationRealm";
private String hashAlgorithm = "MD5";
private String hashEncoding = "hex";
private UserDetailsService userDetailsService;
private static String getS(String v) {
return "sec"+v+"ret";
}
private static final String FILE_PREFIX = "File '";
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
String username = authentication.getName();
Object passwordObject = authentication.getCredentials();
String password = (String) passwordObject;
if(username==null || password==null) {
throw new AuthenticationCredentialsNotFoundException("Credentials not found");
}
String confDir = System.getProperty(this.configDir);
if(confDir==null) {
throw new ProviderNotFoundException("Property '"+this.configDir+"' not found");
}
File confDirJBoss = new File(confDir);
String prefixConfDirJboss = FILE_PREFIX+confDirJBoss.getAbsolutePath()+"' ";
if(!confDirJBoss.exists()) {
throw new ProviderNotFoundException(prefixConfDirJboss+"not exists");
}
if(!confDirJBoss.isDirectory()) {
throw new ProviderNotFoundException(prefixConfDirJboss+"isn't directory");
}
// check utenza da file application-users.properties
File fUsers = new File(confDirJBoss, this.applicationUsersFileName);
String prefixFUsers = FILE_PREFIX+fUsers.getAbsolutePath()+"' ";
if(!fUsers.exists()) {
throw new ProviderNotFoundException(prefixFUsers+"not exists");
}
if(!fUsers.canRead()) {
throw new ProviderNotFoundException(prefixFUsers+"cannot read");
}
Properties pUsers = new Properties();
try (FileInputStream fin = new FileInputStream(fUsers)){
pUsers.load(fin);
}catch(Exception e) {
String msg = prefixFUsers+"process error: "+e.getMessage();
this.log.error(msg,e.getMessage());
throw new ProviderNotFoundException(msg);
}
Iterator<?> itUsers = pUsers.keySet().iterator();
boolean found = false;
String passwordEncoded = null;
while (itUsers.hasNext()) {
String user = (String) itUsers.next();
passwordEncoded = pUsers.getProperty(user);
if(username.equals(user)) {
found = true;
break;
}
}
if(!found) {
/**throw new UsernameNotFoundException("Username '"+username+"' not found");*/
// Fix security: Make sure allowing user enumeration is safe here.
throw new BadCredentialsException("Bad credentials");
}
// Check password
String clearTextPassword=username+":"+this.realName+":"+password;
String hashedPassword=null;
try {
hashedPassword=encode(clearTextPassword, this.hashAlgorithm, this.hashEncoding);
}catch(Exception e) {
String msg = "Password verifier failed: "+e.getMessage();
logAndThrowAuthenticationServiceException(msg,e);
}
if(!passwordEncoded.equals(hashedPassword)) {
throw new BadCredentialsException("Bad credentials");
}
// check ruoli utenza da file application-roles.properties
List<GrantedAuthority> roles = new ArrayList<>();
File fRoles = new File(confDirJBoss, this.applicationRolesFileName);
if(!fRoles.exists()) {
throw new ProviderNotFoundException(FILE_PREFIX+fRoles.getAbsolutePath()+"' not exists");
}
if(!fRoles.canRead()) {
throw new ProviderNotFoundException(FILE_PREFIX+fRoles.getAbsolutePath()+"' cannot read");
}
Properties pRoles = new Properties();
try (FileInputStream fin = new FileInputStream(fRoles)){
pRoles.load(fin);
}catch(Exception e) {
String msg = FILE_PREFIX+fRoles.getAbsolutePath()+"' process error: "+e.getMessage();
this.log.error(msg,e.getMessage());
throw new ProviderNotFoundException(msg);
}
Iterator<?> itRoles = pRoles.keySet().iterator();
while (itRoles.hasNext()) {
String user = (String) itRoles.next();
if(username.equals(user)) {
String userRoles = pRoles.getProperty(user);
if(userRoles!=null && !"".equals(userRoles)) {
String [] tmp = userRoles.split(",");
for (int i = 0; i < tmp.length; i++) {
GrantedAuthority grant = new SimpleGrantedAuthority(tmp[i].trim());
roles.add(grant);
}
}
break;
}
}
// Wrap in UsernamePasswordAuthenticationToken
UsernamePasswordAuthenticationToken userAuth = null;
if(this.userDetailsService!=null) {
try {
UserDetails userDetails = this.userDetailsService.loadUserByUsername(username);
userAuth = new UsernamePasswordAuthenticationToken(userDetails, password, userDetails.getAuthorities());
}catch(UsernameNotFoundException e){
String msg = "User '"+username+"' unknown: "+e.getMessage();
logAndThrowBadCredentialsException(msg,e);
}
}
else {
User user = new User(username, getS(""), true, true, true, true, roles);
userAuth = new UsernamePasswordAuthenticationToken(user, getS(""), user.getAuthorities());
}
userAuth.setDetails(authentication.getDetails());
return userAuth;
}
private void logAndThrowAuthenticationServiceException(String msg, Exception e) throws AuthenticationServiceException {
this.log.error(msg,e.getMessage());
throw new AuthenticationServiceException(msg,e);
}
private void logAndThrowBadCredentialsException(String msg, Exception e) throws BadCredentialsException {
this.log.debug(msg,e);
throw new BadCredentialsException(msg,e);
}
@Override
public boolean supports(Class<?> authentication) {
return authentication.equals(UsernamePasswordAuthenticationToken.class);
}
public static final String BASE64_ENCODING = "BASE64";
public static final String HEX_ENCODING = "HEX";
private String encode(String password, String hashAlgorithm, String hashEncoding) throws UtilsException {
String passwordHash = null;
byte[] passBytes = password.getBytes();
// calculate the hash and apply the encoding.
byte[] hash = null;
try{
MessageDigest md = MessageDigest.getInstance(hashAlgorithm);
md.update(passBytes);
hash = md.digest();
}catch(Exception e)
{
throw new UtilsException("MessageDigest processing ('"+hashAlgorithm+"') failed: "+e.getMessage(),e);
}
if(hashEncoding.equalsIgnoreCase(BASE64_ENCODING))
{
passwordHash = Base64Utilities.encodeAsString(hash);
}
else if(hashEncoding.equalsIgnoreCase(HEX_ENCODING))
{
passwordHash = HexBinaryUtilities.encodeAsString(hash);
}
else
{
throw new UtilsException("Unsupported hashAlgorithm '"+hashAlgorithm+"'");
}
return passwordHash;
}
public String getConfigDir() {
return this.configDir;
}
public void setConfigDir(String configDir) {
this.configDir = configDir;
}
public String getApplicationUsersFileName() {
return this.applicationUsersFileName;
}
public void setApplicationUsersFileName(String applicationUsersFileName) {
this.applicationUsersFileName = applicationUsersFileName;
}
public String getApplicationRolesFileName() {
return this.applicationRolesFileName;
}
public void setApplicationRolesFileName(String applicationRolesFileName) {
this.applicationRolesFileName = applicationRolesFileName;
}
public String getRealName() {
return this.realName;
}
public void setRealName(String realName) {
this.realName = realName;
}
public String getHashAlgorithm() {
return this.hashAlgorithm;
}
public void setHashAlgorithm(String hashAlgorithm) {
this.hashAlgorithm = hashAlgorithm;
}
public String getHashEncoding() {
return this.hashEncoding;
}
public void setHashEncoding(String hashEncoding) {
this.hashEncoding = hashEncoding;
}
public UserDetailsService getUserDetailsService() {
return this.userDetailsService;
}
public void setUserDetailsService(UserDetailsService userDetailsService) {
this.userDetailsService = userDetailsService;
}
}