001/* 002 * The contents of this file are subject to the license and copyright 003 * detailed in the LICENSE and NOTICE files at the root of the source 004 * tree. 005 */ 006package org.fcrepo.auth.common; 007 008import static org.slf4j.LoggerFactory.getLogger; 009 010import java.util.Set; 011 012import org.apache.shiro.authc.AuthenticationException; 013import org.apache.shiro.authc.AuthenticationInfo; 014import org.apache.shiro.authc.AuthenticationToken; 015import org.apache.shiro.authc.SimpleAuthenticationInfo; 016import org.apache.shiro.realm.AuthenticatingRealm; 017import org.apache.shiro.subject.SimplePrincipalCollection; 018import org.fcrepo.auth.common.ContainerRolesPrincipalProvider.ContainerRolesPrincipal; 019import org.slf4j.Logger; 020 021/** 022 * @author peichman 023 */ 024public class ServletContainerAuthenticatingRealm extends AuthenticatingRealm { 025 026 private static final Logger log = getLogger(ServletContainerAuthenticatingRealm.class); 027 028 @Override 029 public String getName() { 030 return "servlet container authentication"; 031 } 032 033 @Override 034 protected AuthenticationInfo doGetAuthenticationInfo(final AuthenticationToken token) 035 throws AuthenticationException { 036 final ContainerAuthToken authToken = (ContainerAuthToken) token; 037 final SimplePrincipalCollection principals = new SimplePrincipalCollection(); 038 log.debug("Creating principals from servlet container principal and roles"); 039 // container-managed auth username 040 principals.add(authToken.getPrincipal(), getName()); 041 // container-managed auth roles 042 final Set<ContainerRolesPrincipal> roles = authToken.getRoles(); 043 if (!roles.isEmpty()) { 044 principals.addAll(roles, getName()); 045 } 046 return new SimpleAuthenticationInfo(principals, ContainerAuthToken.AUTHORIZED); 047 } 048 049 @Override 050 public boolean supports(final AuthenticationToken token) { 051 return token instanceof ContainerAuthToken; 052 } 053 054}