KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > org > alfresco > filesys > server > auth > passthru > AcegiPassthruAuthenticator


1 /*
2  * Copyright (C) 2006 Alfresco, Inc.
3  *
4  * Licensed under the Mozilla Public License version 1.1
5  * with a permitted attribution clause. You may obtain a
6  * copy of the License at
7  *
8  * http://www.alfresco.org/legal/license.txt
9  *
10  * Unless required by applicable law or agreed to in writing,
11  * software distributed under the License is distributed on an
12  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
13  * either express or implied. See the License for the specific
14  * language governing permissions and limitations under the
15  * License.
16  */
17 package org.alfresco.filesys.server.auth.passthru;
18
19 import java.util.List JavaDoc;
20
21 import net.sf.acegisecurity.AuthenticationManager;
22 import net.sf.acegisecurity.providers.ProviderManager;
23
24 import org.alfresco.config.ConfigElement;
25 import org.alfresco.filesys.server.SrvSession;
26 import org.alfresco.filesys.server.auth.ClientInfo;
27 import org.alfresco.filesys.server.auth.SrvAuthenticator;
28 import org.alfresco.filesys.server.auth.UserAccount;
29 import org.alfresco.filesys.server.config.InvalidConfigurationException;
30 import org.alfresco.filesys.server.config.ServerConfiguration;
31 import org.alfresco.filesys.server.core.SharedDevice;
32 import org.alfresco.repo.security.authentication.ntlm.NTLMAuthenticationProvider;
33 import org.alfresco.repo.security.authentication.ntlm.NTLMPassthruToken;
34 import org.apache.commons.logging.Log;
35 import org.apache.commons.logging.LogFactory;
36
37 /**
38  * <p>Passthru authenticator implementation that uses the Acegi NTLM passthru authentication provider
39  *
40  * @author GKSpencer
41  */
42 public class AcegiPassthruAuthenticator extends SrvAuthenticator
43 {
44     // Debug logging
45
46     private static final Log logger = LogFactory.getLog("org.alfresco.smb.protocol.auth");
47     
48     // Constants
49 //
50 // Default authentication manager bean name
51
52     private static final String JavaDoc DefaultAuthManagerName = "authenticationManager";
53     
54     // Acegi authentication manager
55
56     private AuthenticationManager m_authMgr;
57     
58     /**
59      * Default constructor
60      */
61     public AcegiPassthruAuthenticator()
62     {
63         setAccessMode(SrvAuthenticator.USER_MODE);
64         setEncryptedPasswords(true);
65     }
66     
67     /**
68      * Authenticate the connection to a particular share, called when the SMB server is in share
69      * security mode
70      *
71      * @param client ClientInfo
72      * @param share SharedDevice
73      * @param sharePwd String
74      * @param sess SrvSession
75      * @return int
76      */
77     public int authenticateShareConnect(ClientInfo client, SharedDevice share, String JavaDoc sharePwd, SrvSession sess)
78     {
79         return SrvAuthenticator.Writeable;
80     }
81
82     /**
83      * Authenticate a session setup by a user
84      *
85      * @param client ClientInfo
86      * @param sess SrvSession
87      * @param alg int
88      * @return int
89      */
90     public int authenticateUser(ClientInfo client, SrvSession sess, int alg)
91     {
92         // Get the authentication token for the session
93
94         NTLMPassthruToken authToken = (NTLMPassthruToken) sess.getAuthenticationToken();
95         
96         if ( authToken == null)
97             return SrvAuthenticator.AUTH_DISALLOW;
98
99         // Get the appropriate hashed password for the algorithm
100
101         int authSts = SrvAuthenticator.AUTH_DISALLOW;
102         byte[] hashedPassword = null;
103         
104         if ( alg == NTLM1)
105             hashedPassword = client.getPassword();
106         else if ( alg == LANMAN)
107             hashedPassword = client.getANSIPassword();
108         else
109         {
110             // Debug
111
112             if ( logger.isDebugEnabled())
113                 logger.debug("Invalid algorithm specified for user authentication (" + alg + ")");
114             
115             // Invalid/unsupported algorithm specified
116
117             return SrvAuthenticator.AUTH_DISALLOW;
118         }
119         
120         // Set the username and hashed password in the authentication token
121
122         authToken.setUserAndPassword( client.getUserName(), hashedPassword, alg);
123         
124         // Authenticate the user
125
126         try
127         {
128             // Run the second stage of the passthru authentication
129
130             m_authMgr.authenticate( authToken);
131             
132             // Check if the user has been logged on as a guest
133
134             if (authToken.isGuestLogon())
135             {
136
137                 // Check if the local server allows guest access
138
139                 if (allowGuest() == true)
140                 {
141
142                     // Allow the user access as a guest
143
144                     authSts = SrvAuthenticator.AUTH_GUEST;
145
146                     // Debug
147
148                     if (logger.isDebugEnabled())
149                         logger.debug("Acegi passthru authenticate user=" + client.getUserName() + ", GUEST");
150                 }
151             }
152             else
153             {
154
155                 // Allow the user full access to the server
156
157                 authSts = SrvAuthenticator.AUTH_ALLOW;
158
159                 // Debug
160
161                 if (logger.isDebugEnabled())
162                     logger.debug("Acegi passthru authenticate user=" + client.getUserName() + ", FULL");
163             }
164         }
165         catch ( Exception JavaDoc ex)
166         {
167             // Log the error
168
169             if ( logger.isErrorEnabled())
170                 logger.error("Logon failure, " + ex.getMessage());
171         }
172         
173         // Clear the authentication token
174
175         sess.setAuthenticationToken(null);
176         
177         // Return the authentication status
178
179         return authSts;
180     }
181
182     /**
183      * Get user account details for the specified user
184      *
185      * @param user String
186      * @return UserAccount
187      */
188     public UserAccount getUserDetails(String JavaDoc user)
189     {
190         // No user details to return
191
192         return null;
193     }
194
195     /**
196      * Get a challenge key for a new session
197      *
198      * @param sess SrvSession
199      * @return byte[]
200      */
201     public byte[] getChallengeKey(SrvSession sess)
202     {
203         // Create an authentication token for the session
204
205         NTLMPassthruToken authToken = new NTLMPassthruToken();
206         
207         // Run the first stage of the passthru authentication to get the challenge
208
209         m_authMgr.authenticate( authToken);
210         
211         // Save the authentication token for the second stage of the authentication
212
213         sess.setAuthenticationToken(authToken);
214         
215         // Debug
216
217         if ( logger.isDebugEnabled())
218             logger.debug("Created new passthru token " + authToken);
219         
220         // Get the challenge from the token
221
222         if ( authToken.getChallenge() != null)
223             return authToken.getChallenge().getBytes();
224         return null;
225     }
226
227     /**
228      * Initialzie the authenticator
229      *
230      * @param config ServerConfiguration
231      * @param params ConfigElement
232      * @exception InvalidConfigurationException
233      */
234     public void initialize(ServerConfiguration config, ConfigElement params) throws InvalidConfigurationException
235     {
236         // Call the base class
237
238         super.initialize(config, params);
239
240         // Check if the configuration has an associated bean factory, if not it looks like we are
241 // not running inside Spring
242
243         if ( config.getAuthenticationManager() == null)
244             throw new InvalidConfigurationException("Acegi authentication manager not available");
245         
246         // Passthru authenticator only works in user mode
247
248         if ( getAccessMode() != USER_MODE)
249             throw new InvalidConfigurationException("Acegi authenticator only works in user mode");
250         
251         // Check if authentication manager is the required type and that the NTLM authentication provider
252 // is available.
253
254         Object JavaDoc authMgrObj = config.getAuthenticationManager();
255         
256         if ( authMgrObj instanceof ProviderManager)
257         {
258             // The required authentication manager is configured, now check if the NTLM provider is configured
259
260             ProviderManager providerManager = (ProviderManager) authMgrObj;
261             List JavaDoc providerList = providerManager.getProviders();
262             
263             if ( providerList != null)
264             {
265                 // Check for the NTLM authentication provider
266
267                 int i = 0;
268                 boolean foundProvider = false;
269                 
270                 while ( i < providerList.size() && foundProvider == false)
271                 {
272                     if ( providerList.get(i++) instanceof NTLMAuthenticationProvider)
273                         foundProvider = true;
274                 }
275                 
276                 if (foundProvider == false)
277                     throw new InvalidConfigurationException("NTLM authentication provider is not available");
278                 
279                 // Save the authentication manager
280
281                 m_authMgr = (AuthenticationManager) authMgrObj;
282             }
283             else
284                 throw new InvalidConfigurationException("No authentication providers available");
285         }
286         else
287             throw new InvalidConfigurationException("Required authentication manager is not configured");
288     }
289 }
290
Popular Tags