001/** 002 * Copyright 2014 Tampere University of Technology, Pori Department 003 * 004 * Licensed under the Apache License, Version 2.0 (the "License"); 005 * you may not use this file except in compliance with the License. 006 * You may obtain a copy of the License at 007 * 008 * http://www.apache.org/licenses/LICENSE-2.0 009 * 010 * Unless required by applicable law or agreed to in writing, software 011 * distributed under the License is distributed on an "AS IS" BASIS, 012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 013 * See the License for the specific language governing permissions and 014 * limitations under the License. 015 */ 016package service.tut.pori.users.ip; 017 018import javax.servlet.http.HttpServletRequest; 019 020import org.apache.log4j.Logger; 021import org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter; 022 023import core.tut.pori.context.ServiceInitializer; 024import core.tut.pori.users.UserIdentity; 025 026/** 027 * Provides user authentication solely by using an IP address lookup. 028 */ 029public class IPAuthenticationFilter extends AbstractPreAuthenticatedProcessingFilter { 030 private static final Logger LOGGER = Logger.getLogger(IPAuthenticationFilter.class); 031 032 @Override 033 protected Object getPreAuthenticatedCredentials(HttpServletRequest request) { 034 return null; 035 } 036 037 @Override 038 protected UserIdentity getPreAuthenticatedPrincipal(HttpServletRequest request) { 039 LOGGER.debug("Authenticating user by IP address..."); 040 String ipAddress = request.getRemoteAddr(); 041 UserIdentity userIdentity = ServiceInitializer.getDAOHandler().getSQLDAO(IPAuthenticationDAO.class).resolveUserIdentity(ipAddress); 042 if(userIdentity != null){ 043 LOGGER.debug("Granting permissions for user, id: "+userIdentity.getUserId()+" from IP address: "+ipAddress); 044 } 045 return userIdentity; 046 } 047}