Java > Open Source Codes > org > dspace > eperson > AuthenticationManager


1 /*
2  * AuthenticationManager.java
3  *
4  * Version: $Revision: 1.1 $
5  *
6  * Date: $Date: 2005/10/17 03:35:45 $
7  *
8  * Copyright (c) 2002-2005, Hewlett-Packard Company and Massachusetts
9  * Institute of Technology. All rights reserved.
10  *
11  * Redistribution and use in source and binary forms, with or without
12  * modification, are permitted provided that the following conditions are
13  * met:
14  *
15  * - Redistributions of source code must retain the above copyright
16  * notice, this list of conditions and the following disclaimer.
17  *
18  * - Redistributions in binary form must reproduce the above copyright
19  * notice, this list of conditions and the following disclaimer in the
20  * documentation and/or other materials provided with the distribution.
21  *
22  * - Neither the name of the Hewlett-Packard Company nor the name of the
23  * Massachusetts Institute of Technology nor the names of their
24  * contributors may be used to endorse or promote products derived from
25  * this software without specific prior written permission.
26  *
27  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
28  * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
29  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
30  * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
31  * HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
32  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
33  * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
34  * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
35  * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR
36  * TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
37  * USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
38  * DAMAGE.
39  */
40 package org.dspace.eperson;
41
42 import java.io.IOException ;
43
44 import javax.servlet.ServletException ;
45 import javax.servlet.http.HttpServletRequest ;
46 import javax.servlet.http.HttpServletResponse ;
47 import javax.servlet.http.HttpSession ;
48 import java.sql.SQLException ;
49 import java.util.ArrayList ;
50 import java.util.Arrays ;
51 import java.util.List ;
52 import java.util.Iterator ;
53 import java.util.StringTokenizer ;
54
55 import org.apache.log4j.Logger;
56 import org.dspace.core.ConfigurationManager;
57 import org.dspace.core.Context;
58 import org.dspace.core.PluginManager;
59 import org.dspace.core.LogManager;
60 import org.dspace.eperson.EPerson;
61 import org.dspace.eperson.AuthenticationMethod;
62
63 /**
64  * Access point for the stackable authentication methods.
65  * <p>
66  * This class initializes the "stack" from the DSpace configuration,
67  * and then invokes methods in the appropriate order on behalf of clients.
68  * <p>
69  * See the AuthenticationMethod interface for details about what each
70  * function does.
71  * <p>
72  * <b>Configuration</b><br>
73  * The stack of authentication methods is defined by one property in the DSpace configuration:
74  * <pre>
75  * plugin.sequence.org.dspace.eperson.AuthenticationMethod = <em>a list of method class names</em>
76  * <em>e.g.</em>
77  * plugin.sequence.org.dspace.eperson.AuthenticationMethod = \
78  * org.dspace.eperson.X509Authentication, \
79  * org.dspace.eperson.PasswordAuthentication
80  * </pre>
81  * <p>
82  * The "stack" is always traversed in order, with the methods
83  * specified first (in the configuration) thus getting highest priority.
84  *
85  * @see AuthenticationMethod
86  *
87  * @author Larry Stone
88  * @version $Revision: 1.1 $
89  */
90 public class AuthenticationManager
91 {
92     /** log4j category */
93     private static Logger log = Logger.getLogger(AuthenticationManager.class);
94
95     /** List of authentication methods, highest precedence first. */
96     private static AuthenticationMethod methodStack[] =
97         (AuthenticationMethod[])PluginManager.getPluginSequence(AuthenticationMethod.class);
98
99     /**
100      * Test credentials for authenticity.
101      * Apply the given credentials to each authenticate() method in
102      * the stack. Returns upon the first <code>SUCCESS</code>, or otherwise
103      * returns the most favorable outcome from one of the methods.
104      *
105      * @param context
106      * DSpace context, will be modified (ePerson set) upon success.
107      *
108      * @param username
109      * Username (or email address) when method is explicit. Use null for
110      * implicit method.
111      *
112      * @param password
113      * Password for explicit auth, or null for implicit method.
114      *
115      * @param realm
116      * Realm is an extra parameter used by some authentication methods, leave null if
117      * not applicable.
118      *
119      * @param request
120      * The HTTP request that started this operation, or null if not applicable.
121      *
122      * @return One of:
123      * SUCCESS, BAD_CREDENTIALS, CERT_REQUIRED, NO_SUCH_USER, BAD_ARGS
124      * <p>Meaning:
125      * <br>SUCCESS - authenticated OK.
126      * <br>BAD_CREDENTIALS - user exists, but credenitals (e.g. passwd) don't match
127      * <br>CERT_REQUIRED - not allowed to login this way without X.509 cert.
128      * <br>NO_SUCH_USER - user not found using this method.
129      * <br>BAD_ARGS - user/pw not appropriate for this method
130      */
131     public static int authenticate(Context context,
132                             String username,
133                             String password,
134                             String realm,
135                             HttpServletRequest request)
136     {
137         return authenticateInternal(context, username, password, realm,
138                                      request, false);
139     }
140
141     /**
142      * Test credentials for authenticity, using only Implicit methods.
143      * Just like <code>authenticate()</code>, except it only invokes the
144      * <em>implicit</em> authentication methods the stack.
145      *
146      * @param context
147      * DSpace context, will be modified (ePerson set) upon success.
148      *
149      * @param username
150      * Username (or email address) when method is explicit. Use null for
151      * implicit method.
152      *
153      * @param password
154      * Password for explicit auth, or null for implicit method.
155      *
156      * @param realm
157      * Realm is an extra parameter used by some authentication methods, leave null if
158      * not applicable.
159      *
160      * @param request
161      * The HTTP request that started this operation, or null if not applicable.
162      *
163      * @return One of:
164      * SUCCESS, BAD_CREDENTIALS, CERT_REQUIRED, NO_SUCH_USER, BAD_ARGS
165      * <p>Meaning:
166      * <br>SUCCESS - authenticated OK.
167      * <br>BAD_CREDENTIALS - user exists, but credenitals (e.g. passwd) don't match
168      * <br>CERT_REQUIRED - not allowed to login this way without X.509 cert.
169      * <br>NO_SUCH_USER - user not found using this method.
170      * <br>BAD_ARGS - user/pw not appropriate for this method
171      */
172     public static int authenticateImplicit(Context context,
173                             String username,
174                             String password,
175                             String realm,
176                             HttpServletRequest request)
177     {
178         return authenticateInternal(context, username, password, realm,
179                                      request, true);
180     }
181
182     private static int authenticateInternal(Context context,
183                             String username,
184                             String password,
185                             String realm,
186                             HttpServletRequest request,
187                             boolean implicitOnly)
188     {
189         // better is lowest, so start with the highest.
190 int bestRet = AuthenticationMethod.BAD_ARGS;
191
192         // return on first success, otherwise "best" outcome.
193 for (int i = 0; i < methodStack.length; ++i)
194         {
195             if (!implicitOnly || methodStack[i].isImplicit())
196             {
197                 int ret = 0;
198                 try
199                 {
200                     ret = methodStack[i].authenticate(context, username, password, realm, request);
201                 }
202                 catch (SQLException e)
203                 {
204                     ret = AuthenticationMethod.NO_SUCH_USER;
205                 }
206                 if (ret == AuthenticationMethod.SUCCESS)
207                     return ret;
208                 if (ret < bestRet)
209                     bestRet = ret;
210             }
211         }
212         return bestRet;
213     }
214
215     /**
216      * Predicate, can a new EPerson be created.
217      * Invokes <code>canSelfRegister()</code> of every authentication
218      * method in the stack, and returns true if any of them is true.
219      *
220      * @param context
221      * DSpace context
222      * @param request
223      * HTTP request, in case it's needed. Can be null.
224      * @param username
225      * Username, if available. Can be null.
226      * @return true if new ePerson should be created.
227      */
228     public static boolean canSelfRegister(Context context,
229                                    HttpServletRequest request,
230                                    String username)
231         throws SQLException
232     {
233         for (int i = 0; i < methodStack.length; ++i)
234             if (methodStack[i].canSelfRegister(context, request, username))
235                 return true;
236         return false;
237     }
238
239     /**
240      * Predicate, can user set EPerson password.
241      * Returns true if the <code>allowSetPassword()</code> method of any
242      * member of the stack returns true.
243      *
244      * @param context
245      * DSpace context
246      * @param request
247      * HTTP request, in case it's needed. Can be null.
248      * @param username
249      * Username, if available. Can be null.
250      * @return true if this method allows user to change ePerson password.
251      */
252     public static boolean allowSetPassword(Context context,
253                                     HttpServletRequest request,
254                                     String username)
255         throws SQLException
256     {
257         for (int i = 0; i < methodStack.length; ++i)
258             if (methodStack[i].allowSetPassword(context, request, username))
259                 return true;
260         return false;
261     }
262
263     /**
264      * Initialize a new e-person record for a self-registered new user.
265      * Give every authentication method in the stack a chance to
266      * initialize the new ePerson by calling its <code>initEperson()</code>
267      *
268      * @param context
269      * DSpace context
270      * @param request
271      * HTTP request, in case it's needed. Can be null.
272      * @param eperson
273      * newly created EPerson record - email + information from the
274      * registration form will have been filled out.
275      */
276     public static void initEPerson(Context context,
277                                    HttpServletRequest request,
278                                    EPerson eperson)
279         throws SQLException
280     {
281         for (int i = 0; i < methodStack.length; ++i)
282             methodStack[i].initEPerson(context, request, eperson);
283     }
284
285     /**
286      * Get list of extra groups that user implicitly belongs to.
287      * Returns accumulation of groups of all the <code>getSpecialGroups()</code>
288      * methods in the stack.
289      *
290      * @param context
291      * A valid DSpace context.
292      *
293      * @param request
294      * The request that started this operation, or null if not applicable.
295      *
296      * @return Returns IDs of any groups the user authenticated by this
297      * request is in implicitly -- checks for e.g. network-address dependent
298      * groups.
299      */
300     public static int[] getSpecialGroups(Context context,
301                                          HttpServletRequest request)
302     {
303         ArrayList gll = new ArrayList ();
304         int totalLen = 0;
305
306         for (int i = 0; i < methodStack.length; ++i)
307         {
308             int gl[] = methodStack[i].getSpecialGroups(context, request);
309             if (gl.length > 0)
310             {
311                 gll.add(gl);
312                 totalLen += gl.length;
313             }
314         }
315
316         // Maybe this is over-optimized but it's called on every
317 // request, and most sites will only have 0 or 1 auth methods
318 // actually returning groups, so it pays..
319 if (totalLen == 0)
320             return new int[0];
321         else if (gll.size() == 1)
322             return (int [])gll.get(0);
323         else
324         {
325             // Have to do it this painful way since list.toArray() doesn't
326 // work on int[]. stupid Java ints aren't first-class objects.
327 int result[] = new int[totalLen];
328             int k = 0;
329             for (int i = 0; i < gll.size(); ++i)
330             {
331                 int gl[] = (int [])gll.get(i);
332                 for (int j = 0; j < gl.length; ++j)
333                     result[k++] = gl[j];
334             }
335             return result;
336         }
337     }
338
339     /**
340      * Get stack of authentication methods.
341      * Return an <code>Iterator</code> that steps through each configured
342      * authentication method, in order of precedence.
343      *
344      * @return Iterator object.
345      */
346     public static Iterator authenticationMethodIterator()
347     {
348         return Arrays.asList(methodStack).iterator();
349     }
350 }
351

A to Z: JavaDoc & Examples

---

Daily Java News & Articles

---

Open Source Projects

---

Open Source Codes

---

Free Computer Books

---

Remove Frame

---

Popular Tags