trunk/src/modules-core/ac/java/src/org/apache/lenya/ac/impl/UserAuthenticator.java - lenya - Git at Google

 /*
  * Licensed to the Apache Software Foundation (ASF) under one or more
  *  contributor license agreements.  See the NOTICE file distributed with
  *  this work for additional information regarding copyright ownership.
  *  The ASF licenses this file to You under the Apache License, Version 2.0
  *  (the "License"); you may not use this file except in compliance with
  *  the License.  You may obtain a copy of the License at
  *
  * http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software distributed under the License
  * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
  * or implied. See the License for the specific language governing permissions and limitations under
  * the License.
  *
  */

 package org.apache.lenya.ac.impl;

 import org.apache.commons.codec.binary.Base64;
 import org.apache.avalon.framework.logger.AbstractLogEnabled;
 import org.apache.cocoon.environment.Request;
 import org.apache.lenya.ac.AccessControlException;
 import org.apache.lenya.ac.AccreditableManager;
 import org.apache.lenya.ac.Authenticator;
 import org.apache.lenya.ac.Identity;
 import org.apache.lenya.ac.User;

 /**
  * User authenticator.
  * @version $Id$
  */
 public class UserAuthenticator extends AbstractLogEnabled implements Authenticator {

     /**
      * @see org.apache.lenya.ac.Authenticator#authenticate(org.apache.lenya.ac.AccreditableManager,
      *      org.apache.cocoon.environment.Request) Note that this implementation first checks if the
      *      user has authenticated over basic HTTP authentication. If yes, it uses these
      *      credentials.
      */
     public boolean authenticate(AccreditableManager accreditableManager, Request request)
             throws AccessControlException {

         String encoded = "";
         String unencoded = "";
         String username = "";
         String password = "";
         if (request.getHeader("Authorization") != null) {
             encoded = request.getHeader("Authorization");
         }
         if (encoded.indexOf("Basic") > -1) {
             encoded = encoded.trim();
             encoded = encoded.substring(encoded.indexOf(' ') + 1);
             unencoded = new String(Base64.decodeBase64(encoded.getBytes()));
         }
         if (unencoded.indexOf(":") - 1 > -1) {
             username = unencoded.substring(0, unencoded.indexOf(":"));
             password = unencoded.substring(unencoded.indexOf(":") + 1);
         }

         if (encoded.length() == 0 && request.getParameter("username") != null) {
             username = request.getParameter("username").toLowerCase();
             password = request.getParameter("password");
         }

         if (getLogger().isDebugEnabled()) {
             getLogger().debug(
                     "Authenticating username [" + username + "] with password [" + password + "]");
         }

         if (username == null || password == null) {
             throw new AccessControlException("Username or password is null!");
         }

         Identity identity = (Identity) request.getSession(false).getAttribute(
                 Identity.class.getName());

         if (identity == null) {
             throw new AccessControlException("The session does not contain the identity!");
         }

         boolean authenticated = authenticate(accreditableManager, username, password, identity);
         return authenticated;
     }

     /**
      * Authenticates a user with a given username and password. When the authentication is
      * successful, the user is added to the identity.
      * @param accreditableManager The accreditable manager.
      * @param username The username.
      * @param password The password.
      * @param identity The identity to add the user to.
      * @throws AccessControlException when something went wrong.
      * @return <code>true</code> if the user was authenticated, <code>false</code> otherwise.
      */
     protected boolean authenticate(AccreditableManager accreditableManager, String username,
             String password, Identity identity) throws AccessControlException {

         User user = accreditableManager.getUserManager().getUser(username);
         if (getLogger().isDebugEnabled()) {
             getLogger().debug("Authenticating user: [" + user + "]");
         }

         boolean authenticated = false;
         if (user != null && user.authenticate(password)) {
             if (getLogger().isDebugEnabled()) {
                 getLogger().debug("User [" + user + "] authenticated.");
             }

             if (!identity.contains(user)) {
                 User oldUser = identity.getUser();
                 if (oldUser != null) {
                     if (getLogger().isDebugEnabled()) {
                         getLogger().debug("Removing user [" + oldUser + "] from identity.");
                     }
                     identity.removeIdentifiable(oldUser);
                 }
                 identity.addIdentifiable(user);
             }
             authenticated = true;
         } else {
             if (getLogger().isDebugEnabled()) {
                 if (user == null) {
                     getLogger().debug("No such user: [" + username + "]");
                 }
                 getLogger().debug("User [" + username + "] not authenticated.");
             }
         }

         return authenticated;
     }

 }
	/*
	* Licensed to the Apache Software Foundation (ASF) under one or more
	* contributor license agreements. See the NOTICE file distributed with
	* this work for additional information regarding copyright ownership.
	* The ASF licenses this file to You under the Apache License, Version 2.0
	* (the "License"); you may not use this file except in compliance with
	* the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software distributed under the License
	* is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
	* or implied. See the License for the specific language governing permissions and limitations under
	* the License.
	*
	*/

	package org.apache.lenya.ac.impl;

	import org.apache.commons.codec.binary.Base64;
	import org.apache.avalon.framework.logger.AbstractLogEnabled;
	import org.apache.cocoon.environment.Request;
	import org.apache.lenya.ac.AccessControlException;
	import org.apache.lenya.ac.AccreditableManager;
	import org.apache.lenya.ac.Authenticator;
	import org.apache.lenya.ac.Identity;
	import org.apache.lenya.ac.User;

	/**
	* User authenticator.
	* @version $Id$
	*/
	public class UserAuthenticator extends AbstractLogEnabled implements Authenticator {

	/**
	* @see org.apache.lenya.ac.Authenticator#authenticate(org.apache.lenya.ac.AccreditableManager,
	* org.apache.cocoon.environment.Request) Note that this implementation first checks if the
	* user has authenticated over basic HTTP authentication. If yes, it uses these
	* credentials.
	*/
	public boolean authenticate(AccreditableManager accreditableManager, Request request)
	throws AccessControlException {

	String encoded = "";
	String unencoded = "";
	String username = "";
	String password = "";
	if (request.getHeader("Authorization") != null) {
	encoded = request.getHeader("Authorization");
	}
	if (encoded.indexOf("Basic") > -1) {
	encoded = encoded.trim();
	encoded = encoded.substring(encoded.indexOf(' ') + 1);
	unencoded = new String(Base64.decodeBase64(encoded.getBytes()));
	}
	if (unencoded.indexOf(":") - 1 > -1) {
	username = unencoded.substring(0, unencoded.indexOf(":"));
	password = unencoded.substring(unencoded.indexOf(":") + 1);
	}

	if (encoded.length() == 0 && request.getParameter("username") != null) {
	username = request.getParameter("username").toLowerCase();
	password = request.getParameter("password");
	}

	if (getLogger().isDebugEnabled()) {
	getLogger().debug(
	"Authenticating username [" + username + "] with password [" + password + "]");
	}

	if (username == null \|\| password == null) {
	throw new AccessControlException("Username or password is null!");
	}

	Identity identity = (Identity) request.getSession(false).getAttribute(
	Identity.class.getName());

	if (identity == null) {
	throw new AccessControlException("The session does not contain the identity!");
	}

	boolean authenticated = authenticate(accreditableManager, username, password, identity);
	return authenticated;
	}

	/**
	* Authenticates a user with a given username and password. When the authentication is
	* successful, the user is added to the identity.
	* @param accreditableManager The accreditable manager.
	* @param username The username.
	* @param password The password.
	* @param identity The identity to add the user to.
	* @throws AccessControlException when something went wrong.
	* @return <code>true</code> if the user was authenticated, <code>false</code> otherwise.
	*/
	protected boolean authenticate(AccreditableManager accreditableManager, String username,
	String password, Identity identity) throws AccessControlException {

	User user = accreditableManager.getUserManager().getUser(username);
	if (getLogger().isDebugEnabled()) {
	getLogger().debug("Authenticating user: [" + user + "]");
	}

	boolean authenticated = false;
	if (user != null && user.authenticate(password)) {
	if (getLogger().isDebugEnabled()) {
	getLogger().debug("User [" + user + "] authenticated.");
	}

	if (!identity.contains(user)) {
	User oldUser = identity.getUser();
	if (oldUser != null) {
	if (getLogger().isDebugEnabled()) {
	getLogger().debug("Removing user [" + oldUser + "] from identity.");
	}
	identity.removeIdentifiable(oldUser);
	}
	identity.addIdentifiable(user);
	}
	authenticated = true;
	} else {
	if (getLogger().isDebugEnabled()) {
	if (user == null) {
	getLogger().debug("No such user: [" + username + "]");
	}
	getLogger().debug("User [" + username + "] not authenticated.");
	}
	}

	return authenticated;
	}

	}