DefaultAuthProvider


1   /**
2    * $RCSfile: DefaultAuthProvider.java,v $
3    * $Revision: 1.2 $
4    * $Date: 2005/03/10 23:18:08 $
5    *
6    * Copyright (C) 2004 Jive Software. All rights reserved.
7    *
8    * This software is published under the terms of the GNU Public License (GPL),
9    * a copy of which is included in this distribution.
10   */
11  
12  package org.jivesoftware.messenger.auth;
13  
14  import org.jivesoftware.database.DbConnectionManager;
15  import org.jivesoftware.util.Log;
16  
17  import java.sql.Connection  ;
18  import java.sql.PreparedStatement  ;
19  import java.sql.ResultSet  ;
20  import java.sql.SQLException  ;
21  
22  /**
23   * Default AuthProvider implementation. It authenticates against the <tt>jiveUser</tt>
24   * database table and supports plain text and digest authentication.
25   *
26   * Because each call to authenticate() makes a database connection, the
27   * results of authentication should be cached whenever possible.
28   *
29   * @author Matt Tucker
30   */
31  public class DefaultAuthProvider implements AuthProvider {
32  
33      private static final String   AUTHORIZE =
34          "SELECT username FROM jiveUser WHERE username=? AND password=?";
35      private static final String   SELECT_PASSWORD =
36          "SELECT password FROM jiveUser WHERE username=?";
37  
38      public void authenticate(String   username, String   password) throws UnauthorizedException {
39          if (username == null || password == null) {
40              throw new UnauthorizedException();
41          }
42          username = username.trim().toLowerCase();
43          Connection   con = null;
44          PreparedStatement   pstmt = null;
45          try {
46              con = DbConnectionManager.getConnection();
47              pstmt = con.prepareStatement(AUTHORIZE);
48              pstmt.setString(1, username);
49              pstmt.setString(2, password);
50              ResultSet   rs = pstmt.executeQuery();
51              // If the query has no results, the username and password
52              // did not match a user record. Therefore, throw an exception.
53              if (!rs.next()) {
54                  throw new UnauthorizedException();
55              }
56              rs.close();
57          }
58          catch (SQLException   e) {
59              Log.error("Exception in DbAuthProvider", e);
60              throw new UnauthorizedException();
61          }
62          finally {
63              try { if (pstmt != null) pstmt.close(); }
64              catch (Exception   e) { Log.error(e); }
65              try { if (con != null) con.close(); }
66              catch (Exception   e) { Log.error(e); }
67          }
68          // Got this far, so the user must be authorized.
69      }
70  
71      public void authenticate(String   username, String   token, String   digest) throws UnauthorizedException {
72          if (username == null || token == null || digest == null) {
73              throw new UnauthorizedException();
74          }
75          username = username.trim().toLowerCase();
76          Connection   con = null;
77          PreparedStatement   pstmt = null;
78          try {
79              con = DbConnectionManager.getConnection();
80              pstmt = con.prepareStatement(SELECT_PASSWORD);
81              pstmt.setString(1, username);
82  
83              ResultSet   rs = pstmt.executeQuery();
84  
85              // If the query had no results, the username and password
86              // did not match a user record. Therefore, throw an exception.
87              if (!rs.next()) {
88                  throw new UnauthorizedException();
89              }
90              String   pass = rs.getString(1);
91              String   anticipatedDigest = AuthFactory.createDigest(token, pass);
92              if (!digest.equalsIgnoreCase(anticipatedDigest)) {
93                  throw new UnauthorizedException();
94              }
95              rs.close();
96          }
97          catch (SQLException   e) {
98              Log.error("Exception in DbAuthProvider", e);
99              throw new UnauthorizedException();
100         }
101         finally {
102             try { if (pstmt != null) pstmt.close(); }
103             catch (Exception   e) { Log.error(e); }
104             try { if (con != null) con.close(); }
105             catch (Exception   e) { Log.error(e); }
106         }
107         // Got this far, so the user must be authorized.
108     }
109 
110     public boolean isPlainSupported() {
111         return true;
112     }
113 
114     public boolean isDigestSupported() {
115         return true;
116     }
117 }
A to Z: JavaDoc & Examples Daily Java News & Articles Open Source Projects Open Source Codes Free Computer Books Remove Frame
Popular Tags