Java > Open Source Codes > org > ejbca > core > ejb > ca > auth > LocalAuthenticationSessionBean


1 /*************************************************************************
2  * *
3  * EJBCA: The OpenSource Certificate Authority *
4  * *
5  * This software is free software; you can redistribute it and/or *
6  * modify it under the terms of the GNU Lesser General Public *
7  * License as published by the Free Software Foundation; either *
8  * version 2.1 of the License, or any later version. *
9  * *
10  * See terms of license at gnu.org. *
11  * *
12  *************************************************************************/
13
14 package org.ejbca.core.ejb.ca.auth;
15
16 import java.util.Date ;
17
18 import javax.ejb.CreateException ;
19 import javax.ejb.EJBException ;
20 import javax.ejb.ObjectNotFoundException ;
21
22 import org.ejbca.core.ejb.BaseSessionBean;
23 import org.ejbca.core.ejb.keyrecovery.IKeyRecoverySessionLocal;
24 import org.ejbca.core.ejb.keyrecovery.IKeyRecoverySessionLocalHome;
25 import org.ejbca.core.ejb.log.ILogSessionLocal;
26 import org.ejbca.core.ejb.log.ILogSessionLocalHome;
27 import org.ejbca.core.ejb.ra.UserDataLocal;
28 import org.ejbca.core.ejb.ra.UserDataLocalHome;
29 import org.ejbca.core.ejb.ra.UserDataPK;
30 import org.ejbca.core.ejb.ra.raadmin.IRaAdminSessionLocal;
31 import org.ejbca.core.ejb.ra.raadmin.IRaAdminSessionLocalHome;
32 import org.ejbca.core.model.InternalResources;
33 import org.ejbca.core.model.ca.AuthLoginException;
34 import org.ejbca.core.model.ca.AuthStatusException;
35 import org.ejbca.core.model.log.Admin;
36 import org.ejbca.core.model.log.LogEntry;
37 import org.ejbca.core.model.ra.UserDataConstants;
38 import org.ejbca.core.model.ra.UserDataVO;
39
40
41
42
43
44 /**
45  * Authenticates users towards a user database.
46  *
47  * @version $Id: LocalAuthenticationSessionBean.java,v 1.7 2007/01/16 11:42:22 anatom Exp $
48  *
49  * @ejb.bean
50  * display-name="AuthenticationSB"
51  * name="AuthenticationSession"
52  * jndi-name="AuthenticationSession"
53  * local-jndi-name="AuthenticationSessionLocal"
54  * view-type="both"
55  * type="Stateless"
56  * transaction-type="Container"
57  *
58  * @ejb.transaction type="Required"
59  *
60  * @weblogic.enable-call-by-reference True
61  *
62  * @ejb.home
63  * extends="javax.ejb.EJBHome"
64  * local-extends="javax.ejb.EJBLocalHome"
65  * local-class="org.ejbca.core.ejb.ca.auth.IAuthenticationSessionLocalHome"
66  * remote-class="org.ejbca.core.ejb.ca.auth.IAuthenticationSessionHome"
67  *
68  * @ejb.interface
69  * extends="javax.ejb.EJBObject"
70  * local-extends="javax.ejb.EJBLocalObject"
71  * local-class="org.ejbca.core.ejb.ca.auth.IAuthenticationSessionLocal"
72  * remote-class="org.ejbca.core.ejb.ca.auth.IAuthenticationSessionRemote"
73  *
74  * @ejb.ejb-external-ref
75  * description="The User entity bean"
76  * view-type="local"
77  * ref-name="ejb/UserDataLocal"
78  * type="Entity"
79  * home="org.ejbca.core.ejb.ra.UserDataLocalHome"
80  * business="org.ejbca.core.ejb.ra.UserDataLocal"
81  * link="UserData"
82  *
83  * @ejb.ejb-external-ref
84  * description="The Log session bean"
85  * view-type="local"
86  * ref-name="ejb/LogSessionLocal"
87  * type="Session"
88  * home="org.ejbca.core.ejb.log.ILogSessionLocalHome"
89  * business="org.ejbca.core.ejb.log.ILogSessionLocal"
90  * link="LogSession"
91  *
92  * @ejb.ejb-external-ref
93  * description="The RA Admin session bean"
94  * view-type="local"
95  * ref-name="ejb/RaAdminSessionLocal"
96  * type="Session"
97  * home="org.ejbca.core.ejb.ra.raadmin.IRaAdminSessionLocalHome"
98  * business="org.ejbca.core.ejb.ra.raadmin.IRaAdminSessionLocal"
99  * link="RaAdminSession"
100  *
101  * @ejb.ejb-external-ref
102  * description="The Key Recovery Session Bean"
103  * view-type="local"
104  * ref-name="ejb/KeyRecoverySessionLocal"
105  * type="Session"
106  * home="org.ejbca.core.ejb.keyrecovery.IKeyRecoverySessionLocalHome"
107  * business="org.ejbca.core.ejb.keyrecovery.IKeyRecoverySessionLocal"
108  * link="KeyRecoverySession"
109  *
110  */
111 public class LocalAuthenticationSessionBean extends BaseSessionBean {
112     /** home interface to user entity bean */
113     private UserDataLocalHome userHome = null;
114
115     /** The remote interface of the log session bean */
116     private ILogSessionLocal logsession;
117     
118     /** The local interface of the keyrecovery session bean */
119     private IKeyRecoverySessionLocal keyrecoverysession = null;
120     
121     /** Internal localization of logs and errors */
122     private static final InternalResources intres = InternalResources.getInstance();
123     
124     /** boolean indicating if keyrecovery should be used. */
125     private boolean usekeyrecovery = true;
126     
127
128     /**
129      * Default create for SessionBean without any creation Arguments.
130      *
131      * @throws CreateException if bean instance can't be created
132      * @ejb.create-method
133      */
134     public void ejbCreate() throws CreateException {
135         debug(">ejbCreate()");
136         
137         // Look up the UserDataLocal entity bean home interface
138 userHome = (UserDataLocalHome)getLocator().getLocalHome(UserDataLocalHome.COMP_NAME);
139         ILogSessionLocalHome logsessionhome = (ILogSessionLocalHome) getLocator().getLocalHome(ILogSessionLocalHome.COMP_NAME);
140         logsession = logsessionhome.create();
141         
142         debug("<ejbCreate()");
143     }
144     
145     /**
146      * Method returning the keyrecovery session if key recovery is configured in the globalconfiguration
147      * else null is returned.
148      *
149      * @param admin
150      * @return
151      */
152     private IKeyRecoverySessionLocal getKeyRecoverySession(Admin admin){
153         if(keyrecoverysession == null){
154             try{
155               IRaAdminSessionLocalHome raadminhome = (IRaAdminSessionLocalHome) getLocator().getLocalHome(IRaAdminSessionLocalHome.COMP_NAME);
156               IRaAdminSessionLocal raadmin = raadminhome.create();
157               usekeyrecovery = (raadmin.loadGlobalConfiguration(admin)).getEnableKeyRecovery();
158               if(usekeyrecovery){
159                 IKeyRecoverySessionLocalHome keyrecoveryhome = (IKeyRecoverySessionLocalHome) getLocator().getLocalHome(IKeyRecoverySessionLocalHome.COMP_NAME);
160                 keyrecoverysession = keyrecoveryhome.create();
161               }
162             }catch(Exception e){
163                   error("Error in getKeyRecoverySession: ", e);
164                   throw new EJBException (e);
165             }
166         }
167         
168         return keyrecoverysession;
169     }
170
171     /**
172      * Authenticates a user to the user database and returns the user DN.
173      *
174      * @param username unique username within the instance
175      * @param password password for the user
176      *
177      * @return UserDataVO, never returns null
178      *
179      * @throws ObjectNotFoundException if the user does not exist.
180      * @throws AuthStatusException If the users status is incorrect.
181      * @throws AuthLoginException If the password is incorrect.
182      * @ejb.interface-method
183      */
184     public UserDataVO authenticateUser(Admin admin, String username, String password)
185         throws ObjectNotFoundException , AuthStatusException, AuthLoginException {
186         debug(">authenticateUser(" + username + ", hiddenpwd)");
187
188         try {
189             // Find the user with username username
190 UserDataPK pk = new UserDataPK(username);
191             UserDataLocal data = userHome.findByPrimaryKey(pk);
192             int status = data.getStatus();
193             if ( (status == UserDataConstants.STATUS_NEW) || (status == UserDataConstants.STATUS_FAILED) || (status == UserDataConstants.STATUS_INPROCESS) || (status == UserDataConstants.STATUS_KEYRECOVERY)) {
194                 debug("Trying to authenticate user: username="+data.getUsername()+", dn="+data.getSubjectDN()+", email="+data.getSubjectEmail()+", status="+data.getStatus()+", type="+data.getType());
195                 if (data.comparePassword(password) == false)
196                 {
197                     String msg = intres.getLocalizedMessage("authentication.invalidpwd", username);
198                     logsession.log(admin, data.getCaId(), LogEntry.MODULE_CA, new java.util.Date (),username, null, LogEntry.EVENT_ERROR_USERAUTHENTICATION,msg);
199                     throw new AuthLoginException(msg);
200                 }
201
202                 String msg = intres.getLocalizedMessage("authentication.authok", username);
203                 logsession.log(admin, data.getCaId(), LogEntry.MODULE_CA, new java.util.Date (),username, null, LogEntry.EVENT_INFO_USERAUTHENTICATION,msg);
204                 UserDataVO ret = new UserDataVO(data.getUsername(), data.getSubjectDN(), data.getCaId(), data.getSubjectAltName(), data.getSubjectEmail(),
205                         data.getStatus(), data.getType(), data.getEndEntityProfileId(), data.getCertificateProfileId(),
206                         new Date (data.getTimeCreated()), new Date (data.getTimeModified()), data.getTokenType(), data.getHardTokenIssuerId(), data.getExtendedInformation());
207                 ret.setPassword(data.getClearPassword());
208                 debug("<authenticateUser("+username+", hiddenpwd)");
209                 return ret;
210             }
211             String msg = intres.getLocalizedMessage("authentication.wrongstatus", new Integer (status), username);
212             logsession.log(admin, data.getCaId(), LogEntry.MODULE_CA, new java.util.Date (),username, null, LogEntry.EVENT_ERROR_USERAUTHENTICATION,msg);
213             throw new AuthStatusException("User "+username+" has status '"+status+"', NEW, FAILED or INPROCESS required.");
214         } catch (ObjectNotFoundException oe) {
215             String msg = intres.getLocalizedMessage("authentication.usernotfound", username);
216             logsession.log(admin, admin.getCaId(), LogEntry.MODULE_CA, new java.util.Date (),username, null, LogEntry.EVENT_ERROR_USERAUTHENTICATION,msg);
217             throw oe;
218         } catch (AuthStatusException se) {
219             throw se;
220         } catch (AuthLoginException le) {
221             throw le;
222         } catch (Exception e) {
223             String msg = intres.getLocalizedMessage("error.unknown");
224             error(msg, e);
225             throw new EJBException (e);
226         }
227     } //authenticateUser
228
229     /**
230      * Set the status of a user to finished, called when a user has been successfully processed. If
231      * possible sets users status to UserData.STATUS_GENERATED, which means that the user cannot
232      * be authenticated anymore. NOTE: May not have any effect of user database is remote.
233      *
234      * @param username unique username within the instance
235      * @param password password for the user
236      *
237      * @throws ObjectNotFoundException if the user does not exist.
238      * @ejb.interface-method
239      */
240     public void finishUser(Admin admin, String username, String password)
241         throws ObjectNotFoundException {
242         debug(">finishUser(" + username + ", hiddenpwd)");
243
244         try {
245             // Find the user with username username
246 UserDataPK pk = new UserDataPK(username);
247             UserDataLocal data = userHome.findByPrimaryKey(pk);
248             data.setStatus(UserDataConstants.STATUS_GENERATED);
249             data.setTimeModified((new Date ()).getTime());
250             // Reset key recoveryflag if keyrecovery is used.
251 if(this.getKeyRecoverySession(admin) != null){
252               getKeyRecoverySession(admin).unmarkUser(admin,username);
253             }
254             String msg = intres.getLocalizedMessage("authentication.statuschanged", username);
255             logsession.log(admin, data.getCaId(), LogEntry.MODULE_CA, new java.util.Date (),username, null, LogEntry.EVENT_INFO_CHANGEDENDENTITY,msg);
256             debug("<finishUser("+username+", hiddenpwd)");
257         } catch (ObjectNotFoundException oe) {
258             String msg = intres.getLocalizedMessage("authentication.usernotfound", username);
259             logsession.log(admin, admin.getCaId(), LogEntry.MODULE_CA, new java.util.Date (),username, null, LogEntry.EVENT_ERROR_USERAUTHENTICATION,msg);
260             throw oe;
261         } catch (Exception e) {
262             String msg = intres.getLocalizedMessage("error.unknown");
263             error(msg, e);
264             throw new EJBException (e.toString());
265         }
266     } //finishUser
267 }
268

A to Z: JavaDoc & Examples

---

Daily Java News & Articles

---

Open Source Projects

---

Open Source Codes

---

Free Computer Books

---

Remove Frame

---

Popular Tags