PlainTextSecurityServer


1   /*
2    * Copyright (c) 2001 - 2005 ivata limited.
3    * All rights reserved.
4    * -----------------------------------------------------------------------------
5    * ivata groupware may be redistributed under the GNU General Public
6    * License as published by the Free Software Foundation;
7    * version 2 of the License.
8    *
9    * These programs are free software; you can redistribute them and/or
10   * modify them under the terms of the GNU General Public License
11   * as published by the Free Software Foundation; version 2 of the License.
12   *
13   * These programs are distributed in the hope that they will be useful,
14   * but WITHOUT ANY WARRANTY; without even the implied warranty of
15   * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
16   *
17   * See the GNU General Public License in the file LICENSE.txt for more
18   * details.
19   *
20   * If you would like a copy of the GNU General Public License write to
21   *
22   * Free Software Foundation, Inc.
23   * 59 Temple Place - Suite 330
24   * Boston, MA 02111-1307, USA.
25   *
26   *
27   * To arrange commercial support and licensing, contact ivata at
28   *                  http://www.ivata.com/contact.jsp
29   * -----------------------------------------------------------------------------
30   * $Log: PlainTextSecurityServer.java,v $
31   * Revision 1.3  2005/04/10 20:09:48  colinmacleod
32   * Added new themes.
33   * Changed id type to String.
34   * Changed i tag to em and b tag to strong.
35   * Improved PicoContainerFactory with NanoContainer scripts.
36   *
37   * Revision 1.2  2005/04/09 17:19:57  colinmacleod
38   * Changed copyright text to GPL v2 explicitly.
39   *
40   * Revision 1.1.1.1  2005/03/10 17:51:41  colinmacleod
41   * Restructured ivata op around Hibernate/PicoContainer.
42   * Renamed ivata groupware.
43   *
44   * Revision 1.4  2004/11/12 18:16:07  colinmacleod
45   * Ordered imports.
46   *
47   * Revision 1.3  2004/11/12 15:57:18  colinmacleod
48   * Removed dependencies on SSLEXT.
49   * Moved Persistence classes to ivata masks.
50   *
51   * Revision 1.2  2004/11/03 16:04:58  colinmacleod
52   * Fixed persistence sessions left open.
53   *
54   * Revision 1.1  2004/09/30 15:15:58  colinmacleod
55   * Split off addressbook elements into security subproject.
56   *
57   * Revision 1.2  2004/07/13 19:41:12  colinmacleod
58   * Moved project to POJOs from EJBs.
59   * Applied PicoContainer to services layer (replacing session EJBs).
60   * Applied Hibernate to persistence layer (replacing entity EJBs).
61   *
62   * Revision 1.1  2004/03/21 20:16:24  colinmacleod
63   * First version. Plain text security server allows for open portal to function without a mail server.
64   * -----------------------------------------------------------------------------
65   */
66  package com.ivata.groupware.admin.security.server;
67  
68  import org.picocontainer.MutablePicoContainer;
69  import org.picocontainer.PicoContainer;
70  import org.picocontainer.defaults.DefaultPicoContainer;
71  
72  import com.ivata.groupware.admin.security.user.UserDO;
73  import com.ivata.groupware.container.PicoContainerFactory;
74  import com.ivata.groupware.container.persistence.QueryPersistenceManager;
75  import com.ivata.mask.persistence.PersistenceSession;
76  import com.ivata.mask.util.SystemException;
77  
78  /**
79   * Simple security server which compares passwords against plain text values in
80   * the CMP layer.
81   *
82   * <p>
83   * This security server is not very secure! You are advised not to use this but
84   * to set up an <strong>IMAP</strong> server with the  <code>MailServer</code>
85   * class from the <code>webmail</code> subproject.
86   * </p>
87   *
88   * @since 2004-05-11
89   * @version $Revision: 1.3 $
90   * @author Colin MacLeod
91   * <a HREF='mailto:colin.macleod@ivata.com'>colin.macleod@ivata.com</a>
92   */
93  public class PlainTextSecurityServer implements SecurityServer {
94      /**
95       * Persistence manger used to store/retrieve data objects, or retrieve a
96       * new persistence session.
97       */
98      private QueryPersistenceManager persistenceManager;
99  
100     /**
101      * Construct and initialize the Securtiy Server implementation.
102      *
103      * @param persistenceManager persistence manager used to store/retrieve data
104      *     objects.
105      */
106     public PlainTextSecurityServer(QueryPersistenceManager persistenceManager) {
107         this.persistenceManager = persistenceManager;
108     }
109 
110     /**
111      * Add a new user to the system.
112      *
113      * @param userName user name to add.
114      * @param fullName full name under which the user will be filed.
115      * @throws BusinessException if this user cannot be added.
116      */
117     public void addUser(final SecuritySession securitySession,
118             final String   userName,
119             final String   fullName) throws SystemException {
120         // this server does not need to do anything additional to add a user
121     }
122     /**
123      * Check the password for a user is correct.
124      *
125      * @param userName name of the user for whom to check the password.
126      * @param password the new password value to check against the system.
127      * @throws BusinessException if the password cannot be checked for any
128      *     reason.
129      */
130     public void checkPassword(final SecuritySession securitySession,
131             final String   userName,
132             final String   password) throws SystemException {
133         PersistenceSession persistenceSession =
134             persistenceManager.openSession();
135         try {
136 
137             UserDO user = (UserDO) persistenceManager.findInstance(persistenceSession,
138                 "securityUserByName",
139                 new Object  [] { userName });
140 
141             String   userPassword = user.getPassword();
142             if (password == null) {
143                 if (userPassword != null) {
144                     throw new SystemException("Null password specified - "
145                         + "not null in data store for user '"
146                         + userName
147                         + "'.");
148                 }
149             } else if (!password.equals(userPassword)) {
150                 throw new SystemException("Passwords do not match for "
151                     + "user '"
152                     + userName
153                     + "'.");
154             }
155         } catch (Exception   e) {
156             persistenceSession.cancel();
157             throw new SystemException(e);
158         } finally {
159             persistenceSession.close();
160         }
161     }
162     /**
163      * @see com.ivata.groupware.admin.security.server.SecurityServer#getSystemUserName(String)
164      */
165     public final String   getSystemUserName(final SecuritySession securitySession,
166             final String   userName) {
167         return userName;
168     }
169 
170     /**
171      * @see com.ivata.groupware.admin.security.server.SecurityServer#getUserNameFromSystemUserName(String)
172      */
173     public final String   getUserNameFromSystemUserName(
174             final SecuritySession securitySession,
175             final String   systemUserName) {
176         return systemUserName;
177     }
178 
179     /**
180      * Refer to {@link }.
181      *
182      * @param userNameParam
183      * @return
184      * @see com.ivata.groupware.admin.security.server.SecurityServer#isUser(java.lang.String)
185      */
186     public boolean isUser(final SecuritySession securitySession,
187             String   userNameParam) {
188         return false;
189     }
190     /**
191      * <p>Login to an authentication server using the user name and password
192      * provided.</p>
193      *
194      * @param user user to login to the server.
195      * @param password used to login to the server
196      * @return valid session for this username password combination.
197      * @throws BusinessException if this user cannot be authenticated.
198      */
199     public SecuritySession login(final UserDO user,
200             final String   password) throws SystemException {
201         checkPassword(loginGuest(), user.getName(), password);
202         PicoContainer globalContainer = PicoContainerFactory.getInstance()
203             .getGlobalContainer();
204         MutablePicoContainer sessionContainer = new DefaultPicoContainer(globalContainer);
205         PlainTextSecuritySession session =
206             new PlainTextSecuritySession(sessionContainer, user);
207         sessionContainer.registerComponentInstance(SecuritySession.class, session);
208         session.setPassword(password);
209         return session;
210     }
211 
212     /**
213      * @see com.ivata.groupware.admin.security.server.SecurityServer#login()
214      */
215     public SecuritySession loginGuest() throws SystemException {
216         PicoContainer globalContainer = PicoContainerFactory.getInstance()
217             .getGlobalContainer();
218         UserDO guestUser = new UserDO();
219         guestUser.setDeleted(false);
220         guestUser.setEnabled(true);
221         guestUser.setName("guest");
222         MutablePicoContainer sessionContainer = new DefaultPicoContainer(globalContainer);
223         SecuritySession session = new PlainTextSecuritySession(sessionContainer, guestUser);
224         sessionContainer.registerComponentInstance(SecuritySession.class, session);
225         return session;
226     }
227 
228     /**
229      * <p>Remove the user with the given name from the system.</p>
230      *
231      * @param userName name of the user to be removed.
232      * @throws BusinessException if this user cannot be removed.
233      */
234     public void removeUser(final SecuritySession securitySession,
235             final String   userName) throws SystemException {
236         // don't need to do anything additional to remove a user for this server
237     }
238 
239     /**
240      * <p>Set the password for a user.</p>
241      *
242      * @param userName name of the user for whom to set the password.
243      * @param password the new password value to set.
244      * @throws BusinessException if the password cannot be set for any
245      *     reason.
246      */
247     public final void setPassword(final SecuritySession securitySession,
248             final String   userName,
249             final String   password) throws SystemException {
250         PersistenceSession persistenceSession;
251         persistenceSession = persistenceManager.openSession();
252         try {
253             UserDO user = (UserDO) persistenceManager.findInstance(persistenceSession,
254                 "securityUserByName",
255                 new Object  [] { userName });
256             user.setPassword(password);
257             persistenceManager.amend(persistenceSession, user);
258         } catch (Exception   e) {
259             persistenceSession.cancel();
260             throw new SystemException(e);
261         } finally {
262             persistenceSession.close();
263         }
264     };
265 
266 }
267
A to Z: JavaDoc & Examples Daily Java News & Articles Open Source Projects Open Source Codes Free Computer Books Remove Frame
Popular Tags