AbstractPasswordAuthenticationModule


1   /*
2    *  SSL-Explorer
3    *
4    *  Copyright (C) 2003-2006 3SP LTD. All Rights Reserved
5    *
6    *  This program is free software; you can redistribute it and/or
7    *  modify it under the terms of the GNU General Public License
8    *  as published by the Free Software Foundation; either version 2 of
9    *  the License, or (at your option) any later version.
10   *  This program is distributed in the hope that it will be useful,
11   *  but WITHOUT ANY WARRANTY; without even the implied warranty of
12   *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
13   *  GNU General Public License for more details.
14   *
15   *  You should have received a copy of the GNU General Public
16   *  License along with this program; if not, write to the Free Software
17   *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
18   */
19              
20  package com.sslexplorer.security;
21  
22  import javax.servlet.http.HttpServletRequest  ;
23  import javax.servlet.http.HttpServletResponse  ;
24  
25  import org.apache.struts.action.ActionForward;
26  import org.apache.struts.action.ActionMapping;
27  
28  import com.sslexplorer.core.RequestParameterMap;
29  import com.sslexplorer.core.UserDatabaseManager;
30  
31  /**
32   * Abstract implementation of an {@link com.sslexplorer.security.AuthenticationModule}
33   * that simply checks the supplied authentication details against the information
34   * in the current {@link com.sslexplorer.security.UserDatabase}.
35   * 
36   * @author Brett Smith <a HREF="mailto: brett@3sp.com">&lt;brett@3sp.com&gt;</a>
37   */
38  public abstract class AbstractPasswordAuthenticationModule implements AuthenticationModule {
39  
40      // Protected instance variables
41  
42      protected AuthenticationScheme scheme;
43      protected PasswordCredentials credentials;
44      protected String   moduleName;
45      protected boolean required;
46      private HttpServletRequest   request ;
47  
48      /**
49       * Constructor
50       * 
51       * @param moduleName module name
52       * @param required required
53       */
54      public AbstractPasswordAuthenticationModule(String   moduleName, boolean required) {
55          this.moduleName = moduleName;
56          this.required = required;
57      }
58  
59      /*
60       * (non-Javadoc)
61       *
62       * @see com.sslexplorer.security.AuthenticationModule#getName()
63       */
64      public String   getName() {
65          return moduleName;
66      }
67  
68      /* (non-Javadoc)
69       * @see com.sslexplorer.security.AuthenticationModule#authenticate(javax.servlet.http.HttpServletRequest, com.sslexplorer.core.RequestParameterMap)
70       */
71      public Credentials authenticate(HttpServletRequest   request, RequestParameterMap parameterMap)
72                      throws InvalidLoginCredentialsException, SecurityErrorException, AccountLockedException, InputRequiredException {
73          this.request = request;
74          
75          if (scheme.getUser() == null) {
76              // If no username has been supplied then just return to the logon
77              // screen
78              UserDatabase udb = null;
79              try {
80                  // TODO is getting the default realm correct here?
81                  udb = UserDatabaseManager.getInstance().getUserDatabase(UserDatabaseManager.getInstance().getDefaultRealm());
82                  String   username = parameterMap.getParameter("username");
83                  if (username==null || username.equals("")) {
84                      throw new InvalidLoginCredentialsException();
85                  }
86                  try {
87                      scheme.setUser(udb.getAccount(username));
88                  } catch (Exception   e1) {
89                      throw new InvalidLoginCredentialsException("Failed to load user.", e1);
90                  }
91              }
92              catch(Exception   e) {
93                  throw new SecurityErrorException(SecurityErrorException.INTERNAL_ERROR, e, "Failed to logon.");
94              }
95          }
96  
97          try {
98              String   password = parameterMap.getParameter("password");
99              if (password == null || password.equals("")) {
100                 throw new InvalidLoginCredentialsException("No password supplied.");
101             }
102 
103             try {
104                 User user = doLogon(scheme.getUsername(), password, scheme.getUser().getRealm().getResourceName());
105                 if (scheme.getUser() == null && user != null) {
106                     scheme.setUser(user);
107                 }
108             } catch (UserDatabaseException e) {
109                 throw new SecurityErrorException(SecurityErrorException.INTERNAL_ERROR, "Failed to logon.");
110             }
111             credentials = new PasswordCredentials(scheme.getUsername(), password.toCharArray());
112             return credentials;
113         } catch (InvalidLoginCredentialsException ilce) {
114             throw ilce;
115         }
116     }
117 
118     /*
119      * (non-Javadoc)
120      *
121      * @see com.sslexplorer.security.AuthenticationModule#init(com.sslexplorer.security.AuthenticationSession)
122      */
123     public void init(AuthenticationScheme scheme) {
124         this.scheme = scheme;
125     }
126 
127     protected User doLogon(String   username, String   password, String   realmName) throws UserDatabaseException, InvalidLoginCredentialsException,
128                     AccountLockedException {
129         try {
130             return UserDatabaseManager.getInstance().getUserDatabase(realmName).logon(username, password);
131         } catch (Exception   e) {
132             if (e instanceof InvalidLoginCredentialsException){
133                 throw ((InvalidLoginCredentialsException)e);
134     }
135             throw new UserDatabaseException("Failed to initialise user database.", e);
136         }
137     }
138 
139     /*
140      * (non-Javadoc)
141      *
142      * @see com.sslexplorer.security.AuthenticationModule#startAuthentication(javax.servlet.http.HttpServletRequest,
143      *      javax.servlet.http.HttpServletResponse)
144      */
145     public ActionForward startAuthentication(ActionMapping mapping, HttpServletRequest   request, HttpServletResponse   response)
146                     throws SecurityErrorException {
147         return mapping.findForward("display");
148     }
149 
150     /*
151      * (non-Javadoc)
152      *
153      * @see com.sslexplorer.security.AuthenticationModule#isRequired()
154      */
155     public boolean isRequired() {
156         return required;
157     }
158 
159     /* (non-Javadoc)
160      * @see com.sslexplorer.security.AuthenticationModule#authenticationComplete()
161      */
162     public void authenticationComplete() throws SecurityErrorException {
163         
164     }
165 
166     /* (non-Javadoc)
167      * @see com.sslexplorer.security.AuthenticationModule#getInclude()
168      */
169     public abstract String   getInclude();
170 
171     public HttpServletRequest   getRequest() {
172         return request;
173 }
174     public void setRequest(HttpServletRequest   request) {
175         this.request = request;
176     }
177 }
178
A to Z: JavaDoc & Examples Daily Java News & Articles Open Source Projects Open Source Codes Free Computer Books Remove Frame
Popular Tags