AuthFactory


1   /**
2    * $RCSfile: AuthFactory.java,v $
3    * $Revision: 1.7 $
4    * $Date: 2005/04/11 21:02:05 $
5    *
6    * Copyright (C) 2004 Jive Software. All rights reserved.
7    *
8    * This software is published under the terms of the GNU Public License (GPL),
9    * a copy of which is included in this distribution.
10   */
11  
12  package org.jivesoftware.messenger.auth;
13  
14  import org.jivesoftware.util.*;
15  import org.jivesoftware.util.JiveGlobals;
16  
17  import java.security.MessageDigest  ;
18  import java.security.NoSuchAlgorithmException  ;
19  
20  /**
21   * Authentication service.
22   *
23   * Users of Jive that wish to change the AuthProvider implementation used to authenticate users
24   * can set the <code>AuthProvider.className</code> Jive property. For example, if
25   * you have altered Jive to use LDAP for user information, you'd want to send a custom
26   * implementation of AuthFactory to make LDAP authToken queries. After changing the
27   * <code>AuthProvider.className</code> Jive property, you must restart your application
28   * server.<p>
29   * <p/>
30   * The getAuthToken method that takes servlet request and response objects as arguments can be
31   * used to implement single sign-on. Additionally, two helper methods are provided for securely
32   * encrypting and decrypting login information so that it can be stored as a cookie value to
33   * implement auto-login.<p>
34   *
35   * @author Matt Tucker
36   */
37  public class AuthFactory {
38  
39      private static AuthProvider authProvider = null;
40      private static MessageDigest   digest;
41  
42      static {
43          // Load an auth provider.
44          String   className = JiveGlobals.getXMLProperty("provider.auth.className",
45                  "org.jivesoftware.messenger.auth.DefaultAuthProvider");
46          try {
47              Class   c = ClassUtils.forName(className);
48              authProvider = (AuthProvider)c.newInstance();
49          }
50          catch (Exception   e) {
51              Log.error("Error loading auth provider: " + className, e);
52              authProvider = new DefaultAuthProvider();
53          }
54          // Create a message digest instance.
55          try {
56              digest = MessageDigest.getInstance("SHA");
57          }
58          catch (NoSuchAlgorithmException   e) {
59              Log.error(LocaleUtils.getLocalizedString("admin.error"), e);
60          }
61      }
62  
63      /**
64       * Returns true if the currently installed {@link AuthProvider} supports authentication
65       * using plain-text passwords according to JEP-0078. Plain-text authentication is
66       * not secure and should generally only be used over a TLS/SSL connection.
67       *
68       * @return true if plain text password authentication is supported.
69       */
70      public static boolean isPlainSupported() {
71          return authProvider.isPlainSupported();
72      }
73  
74      /**
75       * Returns true if the currently installed {@link AuthProvider} supports
76       * digest authentication according to JEP-0078.
77       *
78       * @return true if digest authentication is supported.
79       */
80      public static boolean isDigestSupported() {
81          return authProvider.isDigestSupported();
82      }
83  
84      /**
85       * Authenticates a user with a username and plain text password and returns and
86       * AuthToken. If the username and password do not match the record of
87       * any user in the system, this method throws an UnauthorizedException.
88       *
89       * @param username the username.
90       * @param password the password.
91       * @return an AuthToken token if the username and password are correct.
92       * @throws UnauthorizedException if the username and password do not match any existing user.
93       */
94      public static AuthToken authenticate(String   username, String   password)
95              throws UnauthorizedException
96      {
97          authProvider.authenticate(username, password);
98          return new AuthToken(username);
99      }
100 
101     /**
102      * Authenticates a user with a username, token, and digest and returns an AuthToken.
103      * The digest should be generated using the {@link #createDigest(String, String)} method.
104      * If the username and digest do not match the record of any user in the system, the
105      * method throws an UnauthorizedException.
106      *
107      * @param username the username.
108      * @param token the token that was used with plain-text password to generate the digest.
109      * @param digest the digest generated from plain-text password and unique token.
110      * @return an AuthToken token if the username and digest are correct for the user's
111      *      password and given token.
112      * @throws UnauthorizedException if the username and password do not match any
113      *      existing user.
114      */
115     public static AuthToken authenticate(String   username, String   token, String   digest)
116             throws UnauthorizedException
117     {
118         authProvider.authenticate(username, token, digest);
119         return new AuthToken(username);
120     }
121 
122     /**
123      * Returns a digest given a token and password, according to JEP-0078.
124      *
125      * @param token the token used in the digest.
126      * @param password the plain-text password to be digested.
127      * @return the digested result as a hex string.
128      */
129     public static String   createDigest(String   token, String   password) {
130         synchronized (digest) {
131             digest.update(token.getBytes());
132             return StringUtils.encodeHex(digest.digest(password.getBytes()));
133         }
134     }
135 }
A to Z: JavaDoc & Examples Daily Java News & Articles Open Source Projects Open Source Codes Free Computer Books Remove Frame
Popular Tags