RemoteAuthenticationSessionBean


1   /*************************************************************************
2    *                                                                       *
3    *  EJBCA: The OpenSource Certificate Authority                          *
4    *                                                                       *
5    *  This software is free software; you can redistribute it and/or       *
6    *  modify it under the terms of the GNU Lesser General Public           *
7    *  License as published by the Free Software Foundation; either         *
8    *  version 2.1 of the License, or any later version.                    *
9    *                                                                       *
10   *  See terms of license at gnu.org.                                     *
11   *                                                                       *
12   *************************************************************************/
13  
14  package org.ejbca.samples;
15  
16  import java.io.BufferedReader  ;
17  import java.io.IOException  ;
18  import java.io.InputStreamReader  ;
19  import java.io.PrintWriter  ;
20  import java.net.HttpURLConnection  ;
21  import java.net.URL  ;
22  import java.net.URLEncoder  ;
23  import java.rmi.RemoteException  ;
24  
25  import javax.ejb.CreateException  ;
26  import javax.ejb.EJBException  ;
27  import javax.ejb.ObjectNotFoundException  ;
28  import javax.naming.NamingException  ;
29  
30  import org.ejbca.core.ejb.BaseSessionBean;
31  import org.ejbca.core.ejb.log.ILogSessionHome;
32  import org.ejbca.core.ejb.log.ILogSessionRemote;
33  import org.ejbca.core.model.SecConst;
34  import org.ejbca.core.model.ca.AuthLoginException;
35  import org.ejbca.core.model.ca.AuthStatusException;
36  import org.ejbca.core.model.log.Admin;
37  import org.ejbca.core.model.log.LogEntry;
38  import org.ejbca.core.model.ra.UserDataVO;
39  
40  
41  
42  
43  /**
44   * Authenticates users towards a remote user database, using HTTP-based protocol.
45   * 
46   * -AuthResult.java
47   * -RemoteVerifyServlet.java
48   * These files are a sample of a remote user database providing user authentication
49   * to the CA when the CA is about to generate a certificate for a user. 
50   * A remote user database is used by configuring the CA to use the 'RemoteAuthenticationSession' 
51   * instead of 'LocalAuthenticationSession'. 
52   * The sample files implement a simple file based user database and a servlet that
53   * responds to the HTTP requests comming from the CA.
54   * 
55   * To install it must replace the current org.ejbca.core.model.authorization.LocalAuthorizationSessionBean
56   * which will require some work from your part.
57   *
58   * @ejb.bean
59   *   generate="false"
60   *   display-name="RemoteAuthenticationSB"
61   *   name="RemoteAuthenticationSession"
62   * @ejb.home
63   *   generate="none"
64   * @ejb.interface
65   *   generate="none"
66   *   
67   * @version $Id: RemoteAuthenticationSessionBean.java,v 1.2 2006/01/26 14:17:58 anatom Exp $
68   */
69  public class RemoteAuthenticationSessionBean extends BaseSessionBean {
70      private static String   REMOTE_PROTOCOL_VER = "1.0";
71  
72      /** URL to remote authentication server */
73      String   remoteurl = null;
74  
75      /** The remote interface of the log session bean */
76      private ILogSessionRemote logsession;
77  
78  
79  
80      /**
81       * Default create for SessionBean without any creation Arguments.
82       *
83       * @throws CreateException if bean instance can't be created
84       */
85      public void ejbCreate() throws CreateException   {
86          debug(">ejbCreate()");
87  
88          // Get the URL from the environment from deployment descriptor
89          remoteurl = getLocator().getString("java:comp/env/AuthURL");
90          try {
91              ILogSessionHome logsessionhome = (ILogSessionHome) getLocator().getLocalHome(ILogSessionHome.COMP_NAME);
92              logsession = logsessionhome.create();
93          } catch (Exception   e) {
94              throw new EJBException  (e);
95          }
96  
97          debug("<ejbCreate()");
98      }
99  
100     /**
101      * Implements IAuthenticationSession::authenticateUser. Implements a mechanism that queries a
102      * remote database through a HTTP-based protocol.
103      *
104      * @param admin administrator performing this task
105      * @param username username to be authenticated
106      * @param password password for user to be authenticated
107      *
108      * @return UserData for authenticated user
109      */
110     public UserDataVO authenticateUser(Admin admin, String   username, String   password)
111         throws ObjectNotFoundException  , AuthStatusException, AuthLoginException {
112         debug(">authenticateUser(" + username + ", hiddenpwd)");
113 
114         UserDataVO ret;
115 
116         try {
117             ret = getDNfromRemote(REMOTE_PROTOCOL_VER, username, password);
118         } catch (Exception   e) {
119             error("Authentication failed.", e);
120             throw new EJBException  (e);
121         }
122 
123         // Only end users can be authenticated on remote database (so far...)
124         ret.setType(SecConst.USER_ENDUSER);
125         try{
126           logsession.log(admin, ret.getCAId(), LogEntry.MODULE_CA, new java.util.Date  (),username, null, LogEntry.EVENT_INFO_USERAUTHENTICATION,"Autenticated user");
127         }catch(RemoteException   re){
128            throw new EJBException  (re);
129         }
130         debug(">authenticateUser("+username+", hiddenpwd)");
131         return ret;
132     } // authenticateUser
133 
134     /**
135      * Implements IAuthenticationSession::finishUser. Does nothing!.
136      *
137      * @param admin administrator performing this task
138      * @param username username to be finished
139      * @param password password for user to be finished
140      */
141     public void finishUser(Admin admin, String   username, String   password)
142         throws ObjectNotFoundException   {
143     }
144 
145     /**
146      * Retieves user authentication data from a remote database using a simple HTTP-based protocol
147      * TODO: explain protocol
148      *
149      * @param version verison of protocol
150      * @param user username
151      * @param password user's password
152      *
153      * @return strnig contining the users DN
154      *
155      * @exception IOException communication error
156      * @exception NamingException cannot find AuthURL EJB-environment var
157      */
158     private UserDataVO getDNfromRemote(String   version, String   user, String   password)
159         throws NamingException  , IOException   {
160         debug(">getDNfromRemote(" + version + ", " + user + ", " + password + ")");
161 
162         // Connect to url and do our stuff...
163         URL   url = new URL  (remoteurl);
164         HttpURLConnection   connection = (HttpURLConnection  ) url.openConnection();
165         connection.setDoOutput(true);
166         connection.setRequestMethod("POST");
167 
168         {
169             PrintWriter   out = new PrintWriter  (connection.getOutputStream());
170             out.print("version=" + URLEncoder.encode(version,"UTF-8") + '&');
171             out.print("username=" + URLEncoder.encode(user,"UTF-8") + '&');
172             out.print("password=" + URLEncoder.encode(password,"UTF-8"));
173             out.close();
174         }
175 
176         BufferedReader   in = new BufferedReader  (new InputStreamReader  (connection.getInputStream()));
177 
178         if ((in.readLine().indexOf("status=200 OK") >= 0) &&
179                 (in.readLine().indexOf("result=grant") >= 0)) {
180             String   dname = "";
181             String   email = null;
182             final String   preFix = "dn-";
183 
184             while (true) {
185                 final String   line = in.readLine();
186 
187                 if (line == null) {
188                     break;
189                 }
190 
191                 line.trim();
192 
193                 if (line.indexOf('=') > 0) {
194                     if (line.indexOf(preFix) == 0) {
195                         if (line.substring(preFix.length()).indexOf("email") == 0) {
196                             email = line.substring(preFix.length() + 6);
197                         } else {
198                             if (dname.length() > 0) {
199                                 dname += ", ";
200                             }
201 
202                             dname += line.substring(preFix.length());
203                         }
204                     } else {
205                         dname += line;
206                     }
207                 }
208             }
209 
210             UserDataVO ret = new UserDataVO();
211             ret.setDN(dname);
212             ret.setEmail(email);
213             debug("<getDNfromRemote");
214 
215             return ret;
216         }
217 
218         debug("<getDNfromRemote");
219 
220         return null;
221     } // getDNfromRemote
222 } // RemoteAuthenticationSessionBean
223
A to Z: JavaDoc & Examples Daily Java News & Articles Open Source Projects Open Source Codes Free Computer Books Remove Frame
Popular Tags