juddi-core/src/main/java/org/apache/juddi/api/impl/UDDISecurityImpl.java - juddi - Git at Google

 /*
  * Copyright 2001-2008 The Apache Software Foundation.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
  *      http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  *
  */

 package org.apache.juddi.api.impl;

 import java.util.Date;
 import java.util.UUID;

 import javax.jws.WebService;
 import javax.persistence.EntityManager;
 import javax.persistence.EntityTransaction;
 import javax.xml.ws.WebServiceContext;

 import org.uddi.api_v3.AuthToken;
 import org.uddi.api_v3.DiscardAuthToken;
 import org.uddi.api_v3.GetAuthToken;
 import org.uddi.v3_service.DispositionReportFaultMessage;
 import org.uddi.v3_service.UDDISecurityPortType;

 import org.apache.juddi.api.util.QueryStatus;
 import org.apache.juddi.api.util.SecurityQuery;
 import org.apache.juddi.config.PersistenceManager;
 import org.apache.juddi.mapping.MappingModelToApi;
 import org.apache.juddi.model.Publisher;
 import org.apache.juddi.v3.auth.Authenticator;
 import org.apache.juddi.v3.auth.AuthenticatorFactory;
 import org.apache.juddi.v3.error.ErrorMessage;
 import org.apache.juddi.v3.error.UnknownUserException;

 /**
  * This class implements the UDDI Security Service and basically handles all authentication requests
  * for jUDDI. These authentication requests are routed to the appropriately configured
  * authenticator for validation, then persisted in the database until they either
  * expire or are discarded.
  * @author <a href="mailto:jfaath@apache.org">Jeff Faath</a> (and many others)
  */
 @WebService(serviceName="UDDISecurityService",
 			endpointInterface="org.uddi.v3_service.UDDISecurityPortType",
 			targetNamespace = "urn:uddi-org:api_v3_portType")
 public class UDDISecurityImpl extends AuthenticatedService implements UDDISecurityPortType {

 	public static final String AUTH_TOKEN_PREFIX = "authtoken:";
         private UDDIServiceCounter serviceCounter;

         public UDDISecurityImpl() {
             super();
             serviceCounter = ServiceCounterLifecycleResource.getServiceCounter(UDDISecurityImpl.class);
         }

         /**
          * used for unit tests only
          * @param ctx
          */
         protected UDDISecurityImpl(WebServiceContext ctx) {
             super();
             this.ctx = ctx;
             serviceCounter = ServiceCounterLifecycleResource.getServiceCounter(UDDISecurityImpl.class);
         }

 	public void discardAuthToken(DiscardAuthToken body)
 			throws DispositionReportFaultMessage {
 	        long startTime = System.currentTimeMillis();

 		EntityManager em = PersistenceManager.getEntityManager();
 		EntityTransaction tx = em.getTransaction();
 		try {
 			tx.begin();

 			this.getEntityPublisher(em, body.getAuthInfo());

 			org.apache.juddi.model.AuthToken modelAuthToken = em.find(org.apache.juddi.model.AuthToken.class, body.getAuthInfo());
 			if (modelAuthToken != null) {
 				modelAuthToken.setLastUsed(new Date());
 				modelAuthToken.setNumberOfUses(modelAuthToken.getNumberOfUses() + 1);
 				modelAuthToken.setTokenState(AUTHTOKEN_RETIRED);
                                 logger.info("AUDIT: AuthToken discarded for " + modelAuthToken.getAuthorizedName() + " from " + getRequestorsIPAddress());
 			}

 			tx.commit();

                         long procTime = System.currentTimeMillis() - startTime;
                         serviceCounter.update(SecurityQuery.DISCARD_AUTHTOKEN,
                                 QueryStatus.SUCCESS, procTime);
                 } catch (DispositionReportFaultMessage drfm) {
                     logger.info("AUDIT: AuthToken discard request aborted, issued from " + getRequestorsIPAddress());
                     long procTime = System.currentTimeMillis() - startTime;
                     serviceCounter.update(SecurityQuery.DISCARD_AUTHTOKEN,
                             QueryStatus.FAILED, procTime);
                     throw drfm;
 		} finally {
 			if (tx.isActive()) {
 				tx.rollback();
 			}
 			em.close();
 		}
 	}


 	public AuthToken getAuthToken(GetAuthToken body)
 			throws DispositionReportFaultMessage {

                 logger.info("AUDIT: AuthToken request for " + body.getUserID() + " from " + getRequestorsIPAddress());
 		Authenticator authenticator = AuthenticatorFactory.getAuthenticator();

 		String publisherId = authenticator.authenticate(body.getUserID(), body.getCred());

 		return getAuthToken(publisherId);
 	}

 	public AuthToken getAuthToken(String publisherId) throws DispositionReportFaultMessage {
 	        long startTime = System.currentTimeMillis();

 		if (publisherId == null || publisherId.length() == 0)
 			throw new UnknownUserException(new ErrorMessage("errors.auth.InvalidCredentials", publisherId));

 		EntityManager em = PersistenceManager.getEntityManager();
 		EntityTransaction tx = em.getTransaction();
 		try {
 			tx.begin();
 			//Check if this publisher exists
 			Publisher publisher = em.find(Publisher.class, publisherId);
 			if (publisher == null)
 				throw new UnknownUserException(new ErrorMessage("errors.auth.InvalidCredentials", publisherId));

 			// Generate auth token and store it!
 			String authInfo = AUTH_TOKEN_PREFIX + UUID.randomUUID();
 			org.apache.juddi.model.AuthToken modelAuthToken = new org.apache.juddi.model.AuthToken();
                         modelAuthToken.setAuthToken(authInfo);
                         modelAuthToken.setCreated(new Date());
                         modelAuthToken.setLastUsed(new Date());
                         modelAuthToken.setAuthorizedName(publisherId);
                         modelAuthToken.setNumberOfUses(0);
                         modelAuthToken.setTokenState(AUTHTOKEN_ACTIVE);
                         modelAuthToken.setIPAddress(this.getRequestorsIPAddress());
                         em.persist(modelAuthToken);

 			org.uddi.api_v3.AuthToken apiAuthToken = new org.uddi.api_v3.AuthToken();

 			MappingModelToApi.mapAuthToken(modelAuthToken, apiAuthToken);

 			tx.commit();
                         logger.info("AUDIT: AuthToken issued for " + modelAuthToken.getAuthorizedName() + " from " + getRequestorsIPAddress());
 	                long procTime = System.currentTimeMillis() - startTime;
 	                serviceCounter.update(SecurityQuery.GET_AUTHTOKEN,
 	                        QueryStatus.SUCCESS, procTime);

 			return apiAuthToken;
                 } catch (DispositionReportFaultMessage drfm) {
                     long procTime = System.currentTimeMillis() - startTime;
                     serviceCounter.update(SecurityQuery.GET_AUTHTOKEN,
                             QueryStatus.FAILED, procTime);
                     logger.info("AUDIT: AuthToken issue FAILED " + publisherId + " from " + getRequestorsIPAddress());
                     throw drfm;
 		} finally {
 			if (tx.isActive()) {
 				tx.rollback();
 			}
 			em.close();
 		}
 	}
 }
	/*
	* Copyright 2001-2008 The Apache Software Foundation.
	*
	* Licensed under the Apache License, Version 2.0 (the "License");
	* you may not use this file except in compliance with the License.
	* You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*
	*/

	package org.apache.juddi.api.impl;

	import java.util.Date;
	import java.util.UUID;

	import javax.jws.WebService;
	import javax.persistence.EntityManager;
	import javax.persistence.EntityTransaction;
	import javax.xml.ws.WebServiceContext;

	import org.uddi.api_v3.AuthToken;
	import org.uddi.api_v3.DiscardAuthToken;
	import org.uddi.api_v3.GetAuthToken;
	import org.uddi.v3_service.DispositionReportFaultMessage;
	import org.uddi.v3_service.UDDISecurityPortType;

	import org.apache.juddi.api.util.QueryStatus;
	import org.apache.juddi.api.util.SecurityQuery;
	import org.apache.juddi.config.PersistenceManager;
	import org.apache.juddi.mapping.MappingModelToApi;
	import org.apache.juddi.model.Publisher;
	import org.apache.juddi.v3.auth.Authenticator;
	import org.apache.juddi.v3.auth.AuthenticatorFactory;
	import org.apache.juddi.v3.error.ErrorMessage;
	import org.apache.juddi.v3.error.UnknownUserException;

	/**
	* This class implements the UDDI Security Service and basically handles all authentication requests
	* for jUDDI. These authentication requests are routed to the appropriately configured
	* authenticator for validation, then persisted in the database until they either
	* expire or are discarded.
	* @author <a href="mailto:jfaath@apache.org">Jeff Faath</a> (and many others)
	*/
	@WebService(serviceName="UDDISecurityService",
	endpointInterface="org.uddi.v3_service.UDDISecurityPortType",
	targetNamespace = "urn:uddi-org:api_v3_portType")
	public class UDDISecurityImpl extends AuthenticatedService implements UDDISecurityPortType {

	public static final String AUTH_TOKEN_PREFIX = "authtoken:";
	private UDDIServiceCounter serviceCounter;

	public UDDISecurityImpl() {
	super();
	serviceCounter = ServiceCounterLifecycleResource.getServiceCounter(UDDISecurityImpl.class);
	}

	/**
	* used for unit tests only
	* @param ctx
	*/
	protected UDDISecurityImpl(WebServiceContext ctx) {
	super();
	this.ctx = ctx;
	serviceCounter = ServiceCounterLifecycleResource.getServiceCounter(UDDISecurityImpl.class);
	}

	public void discardAuthToken(DiscardAuthToken body)
	throws DispositionReportFaultMessage {
	long startTime = System.currentTimeMillis();

	EntityManager em = PersistenceManager.getEntityManager();
	EntityTransaction tx = em.getTransaction();
	try {
	tx.begin();

	this.getEntityPublisher(em, body.getAuthInfo());

	org.apache.juddi.model.AuthToken modelAuthToken = em.find(org.apache.juddi.model.AuthToken.class, body.getAuthInfo());
	if (modelAuthToken != null) {
	modelAuthToken.setLastUsed(new Date());
	modelAuthToken.setNumberOfUses(modelAuthToken.getNumberOfUses() + 1);
	modelAuthToken.setTokenState(AUTHTOKEN_RETIRED);
	logger.info("AUDIT: AuthToken discarded for " + modelAuthToken.getAuthorizedName() + " from " + getRequestorsIPAddress());
	}

	tx.commit();

	long procTime = System.currentTimeMillis() - startTime;
	serviceCounter.update(SecurityQuery.DISCARD_AUTHTOKEN,
	QueryStatus.SUCCESS, procTime);
	} catch (DispositionReportFaultMessage drfm) {
	logger.info("AUDIT: AuthToken discard request aborted, issued from " + getRequestorsIPAddress());
	long procTime = System.currentTimeMillis() - startTime;
	serviceCounter.update(SecurityQuery.DISCARD_AUTHTOKEN,
	QueryStatus.FAILED, procTime);
	throw drfm;
	} finally {
	if (tx.isActive()) {
	tx.rollback();
	}
	em.close();
	}
	}


	public AuthToken getAuthToken(GetAuthToken body)
	throws DispositionReportFaultMessage {

	logger.info("AUDIT: AuthToken request for " + body.getUserID() + " from " + getRequestorsIPAddress());
	Authenticator authenticator = AuthenticatorFactory.getAuthenticator();

	String publisherId = authenticator.authenticate(body.getUserID(), body.getCred());

	return getAuthToken(publisherId);
	}

	public AuthToken getAuthToken(String publisherId) throws DispositionReportFaultMessage {
	long startTime = System.currentTimeMillis();

	if (publisherId == null \|\| publisherId.length() == 0)
	throw new UnknownUserException(new ErrorMessage("errors.auth.InvalidCredentials", publisherId));

	EntityManager em = PersistenceManager.getEntityManager();
	EntityTransaction tx = em.getTransaction();
	try {
	tx.begin();
	//Check if this publisher exists
	Publisher publisher = em.find(Publisher.class, publisherId);
	if (publisher == null)
	throw new UnknownUserException(new ErrorMessage("errors.auth.InvalidCredentials", publisherId));

	// Generate auth token and store it!
	String authInfo = AUTH_TOKEN_PREFIX + UUID.randomUUID();
	org.apache.juddi.model.AuthToken modelAuthToken = new org.apache.juddi.model.AuthToken();
	modelAuthToken.setAuthToken(authInfo);
	modelAuthToken.setCreated(new Date());
	modelAuthToken.setLastUsed(new Date());
	modelAuthToken.setAuthorizedName(publisherId);
	modelAuthToken.setNumberOfUses(0);
	modelAuthToken.setTokenState(AUTHTOKEN_ACTIVE);
	modelAuthToken.setIPAddress(this.getRequestorsIPAddress());
	em.persist(modelAuthToken);

	org.uddi.api_v3.AuthToken apiAuthToken = new org.uddi.api_v3.AuthToken();

	MappingModelToApi.mapAuthToken(modelAuthToken, apiAuthToken);

	tx.commit();
	logger.info("AUDIT: AuthToken issued for " + modelAuthToken.getAuthorizedName() + " from " + getRequestorsIPAddress());
	long procTime = System.currentTimeMillis() - startTime;
	serviceCounter.update(SecurityQuery.GET_AUTHTOKEN,
	QueryStatus.SUCCESS, procTime);

	return apiAuthToken;
	} catch (DispositionReportFaultMessage drfm) {
	long procTime = System.currentTimeMillis() - startTime;
	serviceCounter.update(SecurityQuery.GET_AUTHTOKEN,
	QueryStatus.FAILED, procTime);
	logger.info("AUDIT: AuthToken issue FAILED " + publisherId + " from " + getRequestorsIPAddress());
	throw drfm;
	} finally {
	if (tx.isActive()) {
	tx.rollback();
	}
	em.close();
	}
	}
	}