KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > com > caucho > server > security > AuthenticatorList


1 /*
2  * Copyright (c) 1998-2006 Caucho Technology -- all rights reserved
3  *
4  * This file is part of Resin(R) Open Source
5  *
6  * Each copy or derived work must preserve the copyright notice and this
7  * notice unmodified.
8  *
9  * Resin Open Source is free software; you can redistribute it and/or modify
10  * it under the terms of the GNU General Public License as published by
11  * the Free Software Foundation; either version 2 of the License, or
12  * (at your option) any later version.
13  *
14  * Resin Open Source is distributed in the hope that it will be useful,
15  * but WITHOUT ANY WARRANTY; without even the implied warranty of
16  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE, or any warranty
17  * of NON-INFRINGEMENT. See the GNU General Public License for more
18  * details.
19  *
20  * You should have received a copy of the GNU General Public License
21  * along with Resin Open Source; if not, write to the
22  * Free SoftwareFoundation, Inc.
23  * 59 Temple Place, Suite 330
24  * Boston, MA 02111-1307 USA
25  *
26  * @author Sam
27  */

28
29 package com.caucho.server.security;
30
31 import javax.annotation.PostConstruct;
32 import javax.servlet.ServletContext JavaDoc;
33 import javax.servlet.ServletException JavaDoc;
34 import javax.servlet.http.HttpServletRequest JavaDoc;
35 import javax.servlet.http.HttpServletResponse JavaDoc;
36 import javax.servlet.http.HttpSession JavaDoc;
37 import java.security.Principal JavaDoc;
38 import java.util.ArrayList JavaDoc;
39
40 /**
41  * The AuthenticatorList is used to configure more than one authenticators in a
42  * list, each authenticator is tried in turn and if the authentication fails the
43  * next authenticator in the list is attempted.
44  *
45  * <code><pre>
46  * &lt;authenticator type="com.caucho.server.security.AuthenticatorList"&gt;
47  * &lt;init&gt;
48  * &lt;authenticator resin:type="com.caucho.server.security.XmlAuthenticator"&gt;
49  * &lt;user&gt;admin:NIHlOSafJN2H7emQCkOQ2w==:user,admin&lt;/user&gt;
50  * &lt;/authenticator&gt;
51  *
52  * &lt;authenticator resin:type='com.caucho.server.security.JdbcAuthenticator'&gt;
53  * &lt;data-source&gt;jdbc/users&lt;/data-source&gt;
54  * &lt;password-query&gt;
55  * SELECT password FROM LOGIN WHERE username=?
56  * &lt;/password-query&gt;
57  * &lt;cookie-auth-query&gt;
58  * SELECT username FROM LOGIN WHERE cookie=?
59  * &lt;/cookie-auth-query&gt;
60  * &lt;cookie-auth-update&gt;
61  * UPDATE LOGIN SET cookie=? WHERE username=?
62  * &lt;/cookie-auth-update&gt;
63  * &lt;role-query&gt;
64  * SELECT role FROM LOGIN WHERE username=?
65  * &lt;/role-query&gt;
66  * &lt;/authenticator&gt;
67  * &lt;/init&gt;
68  * &lt;/authenticator&gt;
69  *
70  * &lt;login-config auth-method='basic'/&gt;
71  *
72  * &lt;security-constraint url-pattern='/users/*' role-name='user'/&gt;
73  * &lt;security-constraint url-pattern='/admin/*' role-name='admin'/&gt;
74  *
75  * </pre></code>
76  */

77 public class AuthenticatorList implements ServletAuthenticator {
78   private ArrayList JavaDoc<ServletAuthenticator> _authenticators
79     = new ArrayList JavaDoc<ServletAuthenticator>();
80
81   /**
82    * Sets the path to the XML file.
83    */

84   public void addAuthenticator(ServletAuthenticator authenticator)
85   {
86     _authenticators.add(authenticator);
87   }
88
89   @PostConstruct
90   public void init()
91     throws ServletException JavaDoc
92   {
93   }
94   
95   public Principal JavaDoc login(HttpServletRequest JavaDoc request,
96                          HttpServletResponse JavaDoc response,
97                          ServletContext JavaDoc application,
98                          String JavaDoc user, String JavaDoc password)
99     throws ServletException JavaDoc
100   {
101     Principal JavaDoc result = null;
102
103     for (ServletAuthenticator authenticator : _authenticators) {
104       result = authenticator.login( request,
105                                     response,
106                                     application,
107                                     user,
108                                     password );
109
110       if (result != null)
111         break;
112     }
113
114     return result;
115   }
116   
117   public Principal JavaDoc getUserPrincipal(HttpServletRequest JavaDoc request,
118                                     HttpServletResponse JavaDoc response,
119                                     ServletContext JavaDoc application)
120     throws ServletException JavaDoc
121   {
122     Principal JavaDoc result = null;
123
124     for (ServletAuthenticator authenticator : _authenticators) {
125       result = authenticator.getUserPrincipal( request,
126                                                response,
127                                                application );
128
129       if (result != null)
130         break;
131     }
132
133     return result;
134   }
135   
136   public Principal JavaDoc loginDigest(HttpServletRequest JavaDoc request,
137                                HttpServletResponse JavaDoc response,
138                                ServletContext JavaDoc app,
139                                String JavaDoc user, String JavaDoc realm,
140                                String JavaDoc nonce, String JavaDoc uri,
141                                String JavaDoc qop, String JavaDoc nc, String JavaDoc cnonce,
142                                byte []clientDigset)
143     throws ServletException JavaDoc
144   {
145     Principal JavaDoc result = null;
146
147     for (ServletAuthenticator authenticator : _authenticators) {
148       result = authenticator.loginDigest( request,
149                                           response,
150                                           app,
151                                           user,
152                                           realm,
153                                           nonce,
154                                           uri,
155                                           qop,
156                                           nc,
157                                           cnonce,
158                                           clientDigset );
159
160       if (result != null)
161         break;
162     }
163
164     return result;
165   }
166   
167   public boolean isUserInRole(HttpServletRequest JavaDoc request,
168                               HttpServletResponse JavaDoc response,
169                               ServletContext JavaDoc application,
170                               Principal JavaDoc user, String JavaDoc role)
171     throws ServletException JavaDoc
172   {
173     boolean result = false;
174
175     for (ServletAuthenticator authenticator : _authenticators) {
176       result = authenticator.isUserInRole( request,
177                                            response,
178                                            application,
179                                            user,
180                                            role );
181
182       if (result)
183         break;
184     }
185
186     return result;
187   }
188   
189   public void logout(ServletContext JavaDoc application,
190              HttpSession JavaDoc timeoutSession,
191                      String JavaDoc sessionId,
192                      Principal JavaDoc user)
193     throws ServletException JavaDoc
194   {
195     for (ServletAuthenticator authenticator : _authenticators) {
196       authenticator.logout(application,
197                timeoutSession,
198                sessionId,
199                user );
200     }
201   }
202 }
203
Popular Tags