View Javadoc

1   package org.appfuse.webapp;
2   
3   import org.apache.wicket.authroles.authorization.strategies.role.Roles;
4   import org.apache.wicket.injection.Injector;
5   import org.apache.wicket.request.Request;
6   import org.apache.wicket.authroles.authentication.AuthenticatedWebSession;
7   import org.apache.wicket.spring.injection.annot.SpringBean;
8   import org.appfuse.model.User;
9   import org.slf4j.Logger;
10  import org.slf4j.LoggerFactory;
11  import org.springframework.security.authentication.AuthenticationManager;
12  import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
13  import org.springframework.security.core.Authentication;
14  import org.springframework.security.core.AuthenticationException;
15  import org.springframework.security.core.GrantedAuthority;
16  import org.springframework.security.core.context.SecurityContextHolder;
17  import org.springframework.security.core.session.SessionRegistry;
18  
19  import java.util.ArrayList;
20  import java.util.List;
21  
22  /**
23   * AuthenticatedWebSession implementation using Spring Security.
24   *
25   * Based on: https://cwiki.apache.org/confluence/display/WICKET/Spring+Security+and+Wicket-auth-roles
26   *
27   * @author Marcin ZajÄ…czkowski, 2011-02-05
28   */
29  public class SSAuthenticatedWebSession extends AuthenticatedWebSession {
30  
31      protected final Logger log = LoggerFactory.getLogger(getClass());
32  
33      @SpringBean(name = "authenticationManager")
34      private AuthenticationManager authenticationManager;
35  
36      @SpringBean
37      private SessionRegistry sessionRegistry;
38  
39      public SSAuthenticatedWebSession(Request request) {
40          super(request);
41  
42          Injector.get().inject(this);
43          if (authenticationManager == null) {
44              throw new IllegalStateException("Injection of AuthenticationManager failed.");
45          }
46          
47      }
48  
49      @Override
50      public boolean authenticate(String username, String password) {
51          boolean authenticated;
52          try {
53              Authentication authentication = authenticationManager.authenticate(
54                      new UsernamePasswordAuthenticationToken(username, password));
55              SecurityContextHolder.getContext().setAuthentication(authentication);
56              //A hack to allow to track logged users without using SessionManagementFilter which is problematic in Wicket
57              sessionRegistry.registerNewSession(getId(), authentication.getPrincipal());
58              authenticated = authentication.isAuthenticated();
59          } catch (AuthenticationException e) {
60              log.warn("User '{}' failed to login. Reason: {}", username, e.getMessage());
61              authenticated = false;
62          }
63          return authenticated;
64      }
65  
66      //FIXME: MZA: Modification of returning object - it would be better if roles were returned
67      @Override
68      public Roles getRoles() {
69          Roles roles = new Roles();
70          getRolesIfSignedIn(roles);
71          return roles;
72      }
73  
74      private void getRolesIfSignedIn(Roles roles) {
75          if (isSignedIn()) {
76              Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
77              addRolesFromAuthentication(roles, authentication);
78          }
79      }
80  
81      private void addRolesFromAuthentication(Roles roles, Authentication authentication) {
82          for (GrantedAuthority authority : authentication.getAuthorities()) {
83              roles.add(authority.getAuthority());
84          }
85      }
86  
87      public List<User> getActiveUsers() {
88          //RequestLogger is an alternative, but it keeps only session, not related principals
89          List<Object> allPrincipals = sessionRegistry.getAllPrincipals();
90          List<User> users = new ArrayList<User>(allPrincipals.size());
91          for (Object principal : allPrincipals) {
92              users.add((User)principal);
93          }
94          return users;
95      }
96  }