KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > com > caucho > server > security > XmlAuthenticator


1 /*
2  * Copyright (c) 1998-2006 Caucho Technology -- all rights reserved
3  *
4  * This file is part of Resin(R) Open Source
5  *
6  * Each copy or derived work must preserve the copyright notice and this
7  * notice unmodified.
8  *
9  * Resin Open Source is free software; you can redistribute it and/or modify
10  * it under the terms of the GNU General Public License as published by
11  * the Free Software Foundation; either version 2 of the License, or
12  * (at your option) any later version.
13  *
14  * Resin Open Source is distributed in the hope that it will be useful,
15  * but WITHOUT ANY WARRANTY; without even the implied warranty of
16  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE, or any warranty
17  * of NON-INFRINGEMENT. See the GNU General Public License for more
18  * details.
19  *
20  * You should have received a copy of the GNU General Public License
21  * along with Resin Open Source; if not, write to the
22  * Free SoftwareFoundation, Inc.
23  * 59 Temple Place, Suite 330
24  * Boston, MA 02111-1307 USA
25  *
26  * @author Scott Ferguson
27  */
28
29 package com.caucho.server.security;
30
31 import com.caucho.config.Config;
32 import com.caucho.security.BasicPrincipal;
33 import com.caucho.util.Alarm;
34 import com.caucho.vfs.Depend;
35 import com.caucho.vfs.Path;
36
37 import javax.annotation.PostConstruct;
38 import javax.servlet.ServletContext JavaDoc;
39 import javax.servlet.ServletException JavaDoc;
40 import javax.servlet.http.HttpServletRequest JavaDoc;
41 import javax.servlet.http.HttpServletResponse JavaDoc;
42 import java.security.Principal JavaDoc;
43 import java.util.Hashtable JavaDoc;
44
45 /**
46  * The XML authenticator reads a static file for authentication.
47  *
48  * <p>The format of the static file is as follows:
49  *
50  * <code><pre>
51  * &lt;authenticator>
52  * &lt;user name='Harry Potter' password='quidditch'>
53  * &lt;role>user&lt;/role>
54  * &lt;role>gryffindor&lt;/role>
55  * &lt;/user>
56  * ...
57  * &lt;/authenticator>
58  * </pre></code>
59  *
60  * <p>The authenticator can also be configured in the web.xml:
61  *
62  * <code><pre>
63  * &lt;authenticator class-name='com.caucho.http.security.XmlAuthenticator'>
64  * &lt;init-param user='Harry Potter:quidditch:user,gryffindor'/>
65  * &lt;/authenticator>
66  * </pre></code>
67  */
68 public class XmlAuthenticator extends AbstractAuthenticator {
69   private Path _path;
70   private Hashtable JavaDoc<String JavaDoc,User> _userMap = new Hashtable JavaDoc<String JavaDoc,User>();
71
72   private Depend _depend;
73   private long _lastCheck;
74
75   /**
76    * Sets the path to the XML file.
77    */
78   public void setPath(Path path)
79   {
80     _path = path;
81   }
82
83   /**
84    * Gets the path to the XML file.
85    */
86   public Path getPath()
87   {
88     return _path;
89   }
90
91   /**
92    * Adds a user from the configuration.
93    *
94    * <pre>
95    * &lt;init-param user='Harry Potter:quidditch:user,webdav'/>
96    * </pre>
97    */
98   public void addUser(User user)
99   {
100     _userMap.put(user.getName(), user);
101   }
102
103   /**
104    * Initialize the XML authenticator.
105    */
106   @PostConstruct
107   public synchronized void init()
108     throws ServletException JavaDoc
109   {
110     super.init();
111
112     reload();
113   }
114
115   /**
116    * Returns the number of users that are available.
117    */
118   public int getUserCount()
119   {
120     return _userMap.size();
121   }
122
123   /**
124    * Reload the authenticator.
125    */
126   public synchronized void reload()
127     throws ServletException JavaDoc
128   {
129     if (_path == null)
130       return;
131     
132     try {
133       _lastCheck = Alarm.getCurrentTime();
134       _depend = new Depend(_path);
135       
136       _userMap = new Hashtable JavaDoc<String JavaDoc,User>();
137       
138       new Config().configureBean(this, _path);
139     } catch (Exception JavaDoc e) {
140       throw new ServletException JavaDoc(e);
141     }
142   }
143   
144   /**
145    * Authenticate (login) the user.
146    */
147   protected Principal loginImpl(HttpServletRequest JavaDoc request,
148                                 HttpServletResponse JavaDoc response,
149                                 ServletContext JavaDoc application,
150                                 String JavaDoc userName, String JavaDoc password)
151     throws ServletException JavaDoc
152   {
153     if (isModified())
154       reload();
155
156     if (userName == null)
157       return null;
158
159     User user = _userMap.get(userName);
160     if (user == null)
161       return null;
162
163     if (user.getPassword().equals(password))
164       return user.getPrincipal();
165     else
166       return null;
167   }
168   
169   protected String JavaDoc getDigestPassword(HttpServletRequest JavaDoc request,
170                                      HttpServletResponse JavaDoc response,
171                                      ServletContext JavaDoc application,
172                                      String JavaDoc userName, String JavaDoc realm)
173     throws ServletException JavaDoc
174   {
175     if (isModified())
176       reload();
177
178     User user = (User) _userMap.get(userName);
179     if (user == null)
180       return null;
181     else
182       return user.getPassword();
183   }
184
185   /**
186    * Returns true if the user plays the named role.
187    *
188    * @param request the servlet request
189    * @param user the user to test
190    * @param role the role to test
191    */
192   public boolean isUserInRole(HttpServletRequest JavaDoc request,
193                               HttpServletResponse JavaDoc response,
194                               ServletContext JavaDoc application,
195                               Principal principal, String JavaDoc role)
196     throws ServletException JavaDoc
197   {
198     if (principal == null)
199       return false;
200
201     String JavaDoc name = principal.getName();
202
203     User user = (User) _userMap.get(name);
204     if (user == null)
205       return false;
206
207     String JavaDoc []roles = user.getRoles();
208
209     for (int i = roles.length - 1; i >= 0; i--)
210       // server/12h2
211 if (roles[i].equalsIgnoreCase(role))
212         return true;
213     
214     return false;
215   }
216
217   private boolean isModified()
218   {
219     if (_path == null)
220       return false;
221     else if (_depend == null)
222       return true;
223     else if (Alarm.getCurrentTime() < _lastCheck + 5000)
224       return false;
225     else {
226       _lastCheck = Alarm.getCurrentTime();
227       return _depend.isModified();
228     }
229   }
230
231   public static class User {
232     private String JavaDoc _name;
233     private String JavaDoc _password;
234     
235     private Principal _principal;
236     private String JavaDoc []_roles = new String JavaDoc[0];
237
238     public User()
239     {
240     }
241     
242     User(String JavaDoc name, String JavaDoc password, Principal principal)
243     {
244       _name = name;
245       _password = password;
246       _principal = principal;
247     }
248
249     public void setName(String JavaDoc name)
250     {
251       _name = name;
252
253       if (_principal == null)
254     _principal = new BasicPrincipal(name);
255     }
256
257     String JavaDoc getName()
258     {
259       return _name;
260     }
261
262     public void setPassword(String JavaDoc password)
263     {
264       _password = password;
265     }
266
267     String JavaDoc getPassword()
268     {
269       return _password;
270     }
271
272     public void setPassword(Principal principal)
273     {
274       _principal = principal;
275     }
276
277     Principal getPrincipal()
278     {
279       return _principal;
280     }
281
282     public void addRoles(String JavaDoc roles)
283     {
284       int head = 0;
285       int length = roles.length();
286
287       while (head < length) {
288         int ch;
289         
290         for (;
291              head < length && ((ch = roles.charAt(head)) == ' ' || ch == ',');
292              head++) {
293         }
294
295         if (head >= length)
296           return;
297
298         int tail;
299         for (tail = head;
300              tail < length &&
301                (ch = roles.charAt(tail)) != ' ' &&
302                (ch != ',');
303              tail++) {
304         }
305
306         String JavaDoc role = roles.substring(head, tail);
307
308         addRole(role);
309
310         head = tail;
311       }
312     }
313     
314     public void addRole(String JavaDoc role)
315     {
316       String JavaDoc []newRoles = new String JavaDoc[_roles.length + 1];
317       System.arraycopy(_roles, 0, newRoles, 0, _roles.length);
318       newRoles[_roles.length] = role;
319
320       _roles = newRoles;
321     }
322
323     String JavaDoc []getRoles()
324     {
325       return _roles;
326     }
327
328     public void addText(String JavaDoc userParam)
329     {
330       int p1 = userParam.indexOf(':');
331
332       if (p1 < 0)
333     return;
334
335       String JavaDoc name = userParam.substring(0, p1);
336       int p2 = userParam.indexOf(':', p1 + 1);
337       String JavaDoc password;
338       String JavaDoc roles;
339
340       if (p2 < 0) {
341     password = userParam.substring(p1 + 1);
342     roles = "user";
343       }
344       else {
345     password = userParam.substring(p1 + 1, p2);
346     roles = userParam.substring(p2 + 1);
347       }
348
349       setName(name);
350       setPassword(password);
351       addRoles(roles);
352     }
353   }
354 }
355
Popular Tags