trunk/src/modules-core/ac/java/src/org/apache/lenya/ac/impl/AnonymousAuthenticator.java

/*
 * Licensed to the Apache Software Foundation (ASF) under one or more
 *  contributor license agreements.  See the NOTICE file distributed with
 *  this work for additional information regarding copyright ownership.
 *  The ASF licenses this file to You under the Apache License, Version 2.0
 *  (the "License"); you may not use this file except in compliance with
 *  the License.  You may obtain a copy of the License at
 * 
 * http://www.apache.org/licenses/LICENSE-2.0
 * 
 * Unless required by applicable law or agreed to in writing, software distributed under the License
 * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
 * or implied. See the License for the specific language governing permissions and limitations under
 * the License.
 *  
 */

package org.apache.lenya.ac.impl;

import org.apache.avalon.framework.logger.AbstractLogEnabled;
import org.apache.cocoon.environment.Request;
import org.apache.lenya.ac.AccessControlException;
import org.apache.lenya.ac.AccreditableManager;
import org.apache.lenya.ac.Authenticator;
import org.apache.lenya.ac.Identity;
import org.apache.lenya.ac.User;


/**
 * The anonymous authenticator authenticates to an anonymous user with no password 
 * (you just have to add a user named 'anonymous' with an arbitrary password and the permissions
 * you'd like via the admin screen). This is useful in conjunction with client certificates.
 * @version $Id$
 */
public class AnonymousAuthenticator extends AbstractLogEnabled implements Authenticator {

    
    /**
     * @see org.apache.lenya.ac.Authenticator#authenticate(org.apache.lenya.ac.AccreditableManager,
     *      org.apache.cocoon.environment.Request)
     */
    public boolean authenticate(AccreditableManager accreditableManager, Request request)
            throws AccessControlException {

	String username = "anonymous";

        if (getLogger().isDebugEnabled()) {
            getLogger().debug(
                    "Authenticating username [" + username + "]");
        }

        Identity identity = (Identity) request.getSession(false).getAttribute(Identity.class.getName());

        User user = accreditableManager.getUserManager().getUser(username);

        boolean authenticated = false;
        if (user != null) {
            if (getLogger().isDebugEnabled()) {
                getLogger().debug("User [" + user + "] authenticated.");
            }

            if (!identity.contains(user)) {
                User oldUser = identity.getUser();
                if (oldUser != null) {
                    if (getLogger().isDebugEnabled()) {
                        getLogger().debug("Removing user [" + oldUser + "] from identity.");
                    }
                    identity.removeIdentifiable(oldUser);
                }
                identity.addIdentifiable(user);
            }
            authenticated = true;
        } else {
            if (getLogger().isDebugEnabled()) {
                if (user == null) {
                    getLogger().debug("No such user: [" + username + "]");
                }
                getLogger().debug("User [" + username + "] not authenticated.");
            }
        }
        return authenticated;
    }
}