RampartUsernameTokenValidator.java

/*
 * Copyright 2004,2013 The Apache Software Foundation.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package org.apache.rampart.handler;

import java.io.IOException;

import javax.security.auth.callback.Callback;
import javax.security.auth.callback.UnsupportedCallbackException;

import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.rampart.RampartConstants;
import org.apache.ws.security.WSPasswordCallback;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.handler.RequestData;
import org.apache.ws.security.message.token.UsernameToken;
import org.apache.ws.security.validate.UsernameTokenValidator;

/**
 * Overriding the default UsernameTokenValidator provided by WSS4J because the
 * default implementation expects the user to provide the plain text password to
 * WSS4J for validation.
 * 
 */
public class RampartUsernameTokenValidator extends UsernameTokenValidator {

	private static Log mlog = LogFactory.getLog(RampartConstants.MESSAGE_LOG);

	@Override
	protected void verifyPlaintextPassword(UsernameToken usernameToken,
			RequestData data) throws WSSecurityException {

		String user = usernameToken.getName();
		String password = usernameToken.getPassword();
		String pwType = usernameToken.getPasswordType();

		// Provide the password to the user for validation
		WSPasswordCallback pwCb = new WSPasswordCallback(user, password,
				pwType, WSPasswordCallback.USERNAME_TOKEN, data);
		try {
			data.getCallbackHandler().handle(new Callback[] { pwCb });
		} catch (IOException e) {
			if (mlog.isDebugEnabled()) {
				mlog.debug(e);
			}
			throw new WSSecurityException(
					WSSecurityException.FAILED_AUTHENTICATION);
		} catch (UnsupportedCallbackException e) {
			if (mlog.isDebugEnabled()) {
				mlog.debug(e);
			}
			throw new WSSecurityException(
					WSSecurityException.FAILED_AUTHENTICATION);
		}

	}
}