PasswordAuthentication


1   /*
2    * PasswordAuthentication.java
3    *
4    * Version: $Revision: 1.1 $
5    *
6    * Date: $Date: 2005/10/17 03:35:45 $
7    *
8    * Copyright (c) 2002-2005, Hewlett-Packard Company and Massachusetts
9    * Institute of Technology.  All rights reserved.
10   *
11   * Redistribution and use in source and binary forms, with or without
12   * modification, are permitted provided that the following conditions are
13   * met:
14   *
15   * - Redistributions of source code must retain the above copyright
16   * notice, this list of conditions and the following disclaimer.
17   *
18   * - Redistributions in binary form must reproduce the above copyright
19   * notice, this list of conditions and the following disclaimer in the
20   * documentation and/or other materials provided with the distribution.
21   *
22   * - Neither the name of the Hewlett-Packard Company nor the name of the
23   * Massachusetts Institute of Technology nor the names of their
24   * contributors may be used to endorse or promote products derived from
25   * this software without specific prior written permission.
26   *
27   * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
28   * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
29   * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
30   * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
31   * HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
32   * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
33   * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
34   * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
35   * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR
36   * TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
37   * USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
38   * DAMAGE.
39   */
40  package org.dspace.eperson;
41  
42  import javax.servlet.ServletException  ;
43  import javax.servlet.http.HttpServletRequest  ;
44  import javax.servlet.http.HttpServletResponse  ;
45  import javax.servlet.jsp.PageContext  ;
46  import javax.servlet.jsp.jstl.fmt.LocaleSupport;
47  import java.sql.SQLException  ;
48  import java.util.ArrayList  ;
49  
50  import org.apache.log4j.Logger;
51  import org.dspace.core.Context;
52  import org.dspace.core.LogManager;
53  import org.dspace.eperson.EPerson;
54  import org.dspace.eperson.AuthenticationMethod;
55  import org.dspace.authorize.AuthorizeException;
56  
57  /**
58   * A stackable authentication method
59   * based on the DSpace internal "EPerson" database.
60   * See the <code>AuthenticationMethod</code> interface for more details.
61   * <p>
62   * The <em>username</em> is the E-Person's email address,
63   * and and the <em>password</em> (given to the <code>authenticate()</code>
64   * method) must match the EPerson password.
65   * <p>
66   * This is the default method for a new DSpace configuration.
67   * If you are implementing a new "explicit" authentication method,
68   * use this class as a model.
69   * <p>
70   * You can use this (or another explict) method in the stack to
71   * implement HTTP Basic Authentication for servlets, by passing the
72   * Basic Auth username and password to the <code>AuthenticationManager</code>.
73   *
74   * @author Larry Stone
75   * @version $Revision: 1.1 $
76   */
77  public class PasswordAuthentication
78      implements AuthenticationMethod {
79  
80      /** log4j category */
81      private static Logger log = Logger.getLogger(PasswordAuthentication.class);
82  
83      /**
84       * Just return true since anyone can self-register by creating new
85       * EPerson.
86       * <p>NOTE:  It may be desireable to have this consult a
87       * configuration parameter first.
88       */
89      public boolean canSelfRegister(Context   context,
90                                     HttpServletRequest   request,
91                                     String   username)
92          throws SQLException  
93      {
94          return true;
95      }
96  
97      /**
98       *  Nothing extra to initialize.
99       */
100     public void initEPerson(Context   context, HttpServletRequest   request,
101             EPerson eperson)
102         throws SQLException  
103     {
104     }
105 
106     /**
107      * We always allow the user to change their password.
108      */
109     public boolean allowSetPassword(Context   context,
110                                     HttpServletRequest   request,
111                                     String   username)
112         throws SQLException  
113     {
114         return true;
115     }
116 
117     /**
118      * This is an explicit method, since it needs username and password
119      * from some source.
120      * @return false
121      */
122     public boolean isImplicit()
123     {
124         return false;
125     }
126 
127     /**
128      * No special groups.
129      */
130     public int[] getSpecialGroups(Context   context, HttpServletRequest   request)
131     {
132         return new int[0];
133     }
134 
135     /**
136      * Check credentials: username must match the email address of an
137      * EPerson record, and that EPerson must be allowed to login.
138      * Password must match its password.  Also checks for EPerson that
139      * is only allowed to login via an implicit method
140      * and returns <code>CERT_REQUIRED</code> if that is the case.
141      *
142      * @param context
143      *  DSpace context, will be modified (EPerson set) upon success.
144      *
145      * @param username
146      *  Username (or email address) when method is explicit. Use null for
147      *  implicit method.
148      *
149      * @param password
150      *  Password for explicit auth, or null for implicit method.
151      *
152      * @param realm
153      *  Realm is an extra parameter used by some authentication methods, leave null if
154      *  not applicable.
155      *
156      * @param request
157      *  The HTTP request that started this operation, or null if not applicable.
158      *
159      * @return One of:
160      *   SUCCESS, BAD_CREDENTIALS, CERT_REQUIRED, NO_SUCH_USER, BAD_ARGS
161      * <p>Meaning:
162      * <br>SUCCESS         - authenticated OK.
163      * <br>BAD_CREDENTIALS - user exists, but assword doesn't match
164      * <br>CERT_REQUIRED   - not allowed to login this way without X.509 cert.
165      * <br>NO_SUCH_USER    - no EPerson with matching email address.
166      * <br>BAD_ARGS        - missing username, or user matched but cannot login.
167      */
168     public int authenticate(Context   context,
169                             String   username,
170                             String   password,
171                             String   realm,
172                             HttpServletRequest   request)
173         throws SQLException  
174     {
175         if (username != null && password != null)
176         {
177             EPerson eperson = null;
178             log.info(LogManager.getHeader(context, "authenticate", "attempting password auth of user="+username));
179             try
180             {
181                 eperson = EPerson.findByEmail(context, username.toLowerCase());
182             }
183             catch (AuthorizeException e)
184             {
185                 // ignore exception, treat it as lookup failure.
186             }
187 
188             // lookup failed.
189             if (eperson == null)
190                 return NO_SUCH_USER;
191 
192             // cannot login this way
193             else if (!eperson.canLogIn())
194                 return BAD_ARGS;
195 
196             // this user can only login with x.509 certificate
197             else if (eperson.getRequireCertificate())
198             {
199                 log.warn(LogManager.getHeader(context, "authenticate", "rejecting PasswordAuthentication because "+username+" requires certificate."));
200                 return CERT_REQUIRED;
201             }
202 
203             // login is ok if password matches:
204             else if (eperson.checkPassword(password))
205             {
206                 context.setCurrentUser(eperson);
207                 log.info(LogManager.getHeader(context, "authenticate", "type=PasswordAuthentication"));
208                 return SUCCESS;
209             }
210             else
211                 return BAD_CREDENTIALS;
212         }
213 
214         // BAD_ARGS always defers to the next authentication method.
215         // It means this method cannot use the given credentials.
216         else
217             return BAD_ARGS;
218     }
219 
220     /**
221      * Returns URL of password-login servlet.
222      *
223      * @param context
224      *  DSpace context, will be modified (EPerson set) upon success.
225      *
226      * @param request
227      *  The HTTP request that started this operation, or null if not applicable.
228      *
229      * @param response
230      *  The HTTP response from the servlet method.
231      *
232      * @return fully-qualified URL
233      */
234     public String   loginPageURL(Context   context,
235                             HttpServletRequest   request,
236                             HttpServletResponse   response)
237     {
238         return response.encodeRedirectURL(request.getContextPath() +
239                                           "/password-login");
240     }
241 
242     /**
243      * Returns message key for title of the "login" page, to use
244      * in a menu showing the choice of multiple login methods.
245      *
246      * @param context
247      *  DSpace context, will be modified (EPerson set) upon success.
248      *
249      * @return Message key to look up in i18n message catalog.
250      */
251     public String   loginPageTitle(Context   context)
252     {
253         return "org.dspace.eperson.PasswordAuthentication.title";
254     }
255 }
256
A to Z: JavaDoc & Examples Daily Java News & Articles Open Source Projects Open Source Codes Free Computer Books Remove Frame
Popular Tags