Guess what this blog is about Sherlock! :) - Jeryl Cook

Wednesday, October 20, 2010

Restlet ,Guard, Spring Security 3.0, and HTTP BASIC AUTHENTICATION o my!

Not sure what happen to this guy eshepelyuk and the project
restlet-spring-security

But I needed a clean way to integrate Spring Security 3.0.x into a Restlet Application I've been working on..

I updated the code(ServiceSpringSecurityGuard.java)
to work with Spring 3.0.x so here it is:

package org.restlet.ext.spring.security;

import org.restlet.Guard;
import org.restlet.data.ChallengeScheme;
import org.restlet.data.Request;
import org.springframework.beans.BeansException;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.context.ApplicationContext;
import org.springframework.context.ApplicationContextAware;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.config.BeanIds;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.util.Assert;

public class ServiceSpringSecurityGuard
extends Guard  implements ApplicationContextAware, InitializingBean {

 private AuthenticationManager authentificationManager;
 private ApplicationContext applicationContext;

 public ServiceSpringSecurityGuard() {
  super(null, ChallengeScheme.HTTP_BASIC, "Spring Security");
 }

 public AuthenticationManager getAuthentificationManager() {
  return authentificationManager;
 }

 public void setAuthentificationManager(AuthenticationManager authentificationManager) {
  this.authentificationManager = authentificationManager;
 }

// private AccessDecisionManager accessDecisionManager;

// public AccessDecisionManager getAccessDecisionManager() {
//  return accessDecisionManager;
// }
//
// public void setAccessDecisionManager(AccessDecisionManager accessDecisionManager) {
//  this.accessDecisionManager = accessDecisionManager;
// }

 public void setApplicationContext(ApplicationContext applicationContext) throws BeansException {
  this.applicationContext = applicationContext;
 }

 public void afterPropertiesSet() throws Exception {
  Assert.notNull(this.applicationContext, "applicationContext is null");

//  if (null == accessDecisionManager) {
//   setAccessDecisionManager((AccessDecisionManager) applicationContext.getBean(BeanIds.ACCESS_MANAGER));
//  }

  if (null == authentificationManager) {
   setAuthentificationManager((AuthenticationManager) applicationContext.getBean(BeanIds.AUTHENTICATION_MANAGER));
  }

  Assert.notNull(this.authentificationManager, "authentificationManager should be specified");
//  Assert.notNull(this.accessDecisionManager, "accessDecisionManager should be specified");
 }

 @SuppressWarnings("unused")
 public boolean checkSecret(Request request, String identifier, char[] secret) {
  try {
   Authentication auth = authentificationManager.authenticate(new UsernamePasswordAuthenticationToken(identifier, new String(secret)));
   if (auth.isAuthenticated()) {
    SecurityContextHolder.getContext().setAuthentication(auth);
   }
   return auth.isAuthenticated();
  } catch (AuthenticationException e) {
   SecurityContextHolder.getContext().setAuthentication(null);
   return false;
  }
 }
}

Labels: , , ,

posted by Jeryl Cook at 6:45 PM

4 Comments:

Anonymous Anonymous said...

Thank you very much Jeryl! This allowed us to secure our application with restlet instead of dropping it and going with Spring 3.0 Rest.

December 22, 2010 at 4:18 PM

 
Anonymous Zet said...

what's wrong with interceptors?

November 15, 2011 at 1:32 PM

 
Anonymous Jimi said...

Thanks dude, It looks vary clear..

December 6, 2011 at 3:02 AM

 
Anonymous Anonymous said...

What about interceptors? This is for Restlet.

December 10, 2011 at 6:05 AM

 

Post a Comment

Subscribe to Post Comments [Atom]

<< Home