SoapAuthenticationInterceptor.java

/*
 * Copyright 2019 Global Crop Diversity Trust
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *   http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package org.gringlobal.spring;

import javax.xml.transform.Result;
import javax.xml.transform.Source;
import javax.xml.transform.Transformer;
import javax.xml.transform.TransformerException;
import javax.xml.transform.dom.DOMSource;

import lombok.extern.slf4j.Slf4j;
import org.apache.commons.lang3.StringUtils;
import org.gringlobal.model.SysUser;
import org.gringlobal.service.UserService;
import org.gringlobal.soap.GGXml;
import org.jdom2.Document;
import org.jdom2.Element;
import org.jdom2.filter.Filters;
import org.jdom2.input.DOMBuilder;
import org.jdom2.transform.JDOMResult;
import org.jdom2.xpath.XPathExpression;
import org.jdom2.xpath.XPathFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.i18n.LocaleContextHolder;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.ws.context.MessageContext;
import org.springframework.ws.server.endpoint.interceptor.EndpointInterceptorAdapter;
import org.springframework.xml.transform.TransformerHelper;
import org.w3c.dom.Node;

/**
 * GRIN-Global authentication passes userName and password with every request.
 *
 * This interceptor extracts the credentials and sets the Spring Security
 * context.
 *
 * @author Matija Obreza
 *
 */
@Slf4j
public class SoapAuthenticationInterceptor extends EndpointInterceptorAdapter {

	private static XPathExpression<Element> xpRequestUserName;
	private static XPathExpression<Element> xpRequestUserPassword;

	private final TransformerHelper transformerHelper = new TransformerHelper();

	@Autowired
	public AuthenticationProvider sysUserAuthenticationProvider;

	@Autowired
	private UserService userService;

	static {
		final XPathFactory xPathFactory = XPathFactory.instance();
		xpRequestUserName = xPathFactory.compile("//gg:userName", Filters.element(), null, GGXml.NsGRINGLOBAL);
		xpRequestUserPassword = xPathFactory.compile("//gg:password", Filters.element(), null, GGXml.NsGRINGLOBAL);
	}

	@Override
	public boolean understands(final org.w3c.dom.Element header) {
		log.warn("Understands? {} {}", header.getLocalName(), header);
		return true;
	}

	@Override
	public boolean handleRequest(final MessageContext messageContext, final Object endpoint) throws Exception {
		final Source requestPayload = messageContext.getRequest().getPayloadSource();
		log.trace("Handling {}", requestPayload.getClass());

		final Element source = getSource(requestPayload);

		if (xpRequestUserName.evaluateFirst(source) != null) {
			final String username = xpRequestUserName.evaluateFirst(source).getText();
			final String password = xpRequestUserPassword.evaluateFirst(source).getText();
			log.trace("Authenticating {}:{}", username, password);

			if (StringUtils.isNotBlank(username) && StringUtils.isNotBlank(password)) {

				final SysUser user = userService.loadUserByUsername(username);
				if (user != null) {
					final UsernamePasswordAuthenticationToken request = new UsernamePasswordAuthenticationToken(username, password, user.getAuthorities());
					log.trace("User authorities: {}", user.getAuthorities());
					final Authentication authToken = sysUserAuthenticationProvider.authenticate(request);
					log.debug("Auth authorities: {}", authToken.getAuthorities());
					SecurityContextHolder.getContext().setAuthentication(authToken);
					// Setting user locale
					LocaleContextHolder.setLocale(user.getCooperator().getSysLang().toLocale());
				}
			}
		}
		return true;
	}

	private Element getSource(final Source requestPayload) throws TransformerException {
		if (requestPayload instanceof DOMSource) {
			final Node node = ((DOMSource) requestPayload).getNode();
			final DOMBuilder domBuilder = new DOMBuilder();
			if (node.getNodeType() == Node.ELEMENT_NODE) {
				return domBuilder.build((org.w3c.dom.Element) node);
			} else if (node.getNodeType() == Node.DOCUMENT_NODE) {
				final Document document = domBuilder.build((org.w3c.dom.Document) node);
				return document.getRootElement();
			}
		}
		// we have no other option than to transform
		final JDOMResult jdomResult = new JDOMResult();
		transform(requestPayload, jdomResult);
		return jdomResult.getDocument().getRootElement();
	}

	/**
	 * Transforms the given {@link Source} to the given {@link Result}. Creates a
	 * new {@link Transformer} for every call, as transformers are not thread-safe.
	 *
	 * @param source the source to transform from
	 * @param result the result to transform to
	 * @throws TransformerException if thrown by JAXP methods
	 */
	protected final void transform(final Source source, final Result result) throws TransformerException {
		transformerHelper.transform(source, result);
	}
}
Created with JaCoCo 0.8.11.202310140853