KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > org > jivesoftware > messenger > auth > DefaultAuthProvider


1 /**
2  * $RCSfile: DefaultAuthProvider.java,v $
3  * $Revision: 1.2 $
4  * $Date: 2005/03/10 23:18:08 $
5  *
6  * Copyright (C) 2004 Jive Software. All rights reserved.
7  *
8  * This software is published under the terms of the GNU Public License (GPL),
9  * a copy of which is included in this distribution.
10  */

11
12 package org.jivesoftware.messenger.auth;
13
14 import org.jivesoftware.database.DbConnectionManager;
15 import org.jivesoftware.util.Log;
16
17 import java.sql.Connection JavaDoc;
18 import java.sql.PreparedStatement JavaDoc;
19 import java.sql.ResultSet JavaDoc;
20 import java.sql.SQLException JavaDoc;
21
22 /**
23  * Default AuthProvider implementation. It authenticates against the <tt>jiveUser</tt>
24  * database table and supports plain text and digest authentication.
25  *
26  * Because each call to authenticate() makes a database connection, the
27  * results of authentication should be cached whenever possible.
28  *
29  * @author Matt Tucker
30  */

31 public class DefaultAuthProvider implements AuthProvider {
32
33     private static final String JavaDoc AUTHORIZE =
34         "SELECT username FROM jiveUser WHERE username=? AND password=?";
35     private static final String JavaDoc SELECT_PASSWORD =
36         "SELECT password FROM jiveUser WHERE username=?";
37
38     public void authenticate(String JavaDoc username, String JavaDoc password) throws UnauthorizedException {
39         if (username == null || password == null) {
40             throw new UnauthorizedException();
41         }
42         username = username.trim().toLowerCase();
43         Connection JavaDoc con = null;
44         PreparedStatement JavaDoc pstmt = null;
45         try {
46             con = DbConnectionManager.getConnection();
47             pstmt = con.prepareStatement(AUTHORIZE);
48             pstmt.setString(1, username);
49             pstmt.setString(2, password);
50             ResultSet JavaDoc rs = pstmt.executeQuery();
51             // If the query has no results, the username and password
52
// did not match a user record. Therefore, throw an exception.
53
if (!rs.next()) {
54                 throw new UnauthorizedException();
55             }
56             rs.close();
57         }
58         catch (SQLException JavaDoc e) {
59             Log.error("Exception in DbAuthProvider", e);
60             throw new UnauthorizedException();
61         }
62         finally {
63             try { if (pstmt != null) pstmt.close(); }
64             catch (Exception JavaDoc e) { Log.error(e); }
65             try { if (con != null) con.close(); }
66             catch (Exception JavaDoc e) { Log.error(e); }
67         }
68         // Got this far, so the user must be authorized.
69
}
70
71     public void authenticate(String JavaDoc username, String JavaDoc token, String JavaDoc digest) throws UnauthorizedException {
72         if (username == null || token == null || digest == null) {
73             throw new UnauthorizedException();
74         }
75         username = username.trim().toLowerCase();
76         Connection JavaDoc con = null;
77         PreparedStatement JavaDoc pstmt = null;
78         try {
79             con = DbConnectionManager.getConnection();
80             pstmt = con.prepareStatement(SELECT_PASSWORD);
81             pstmt.setString(1, username);
82
83             ResultSet JavaDoc rs = pstmt.executeQuery();
84
85             // If the query had no results, the username and password
86
// did not match a user record. Therefore, throw an exception.
87
if (!rs.next()) {
88                 throw new UnauthorizedException();
89             }
90             String JavaDoc pass = rs.getString(1);
91             String JavaDoc anticipatedDigest = AuthFactory.createDigest(token, pass);
92             if (!digest.equalsIgnoreCase(anticipatedDigest)) {
93                 throw new UnauthorizedException();
94             }
95             rs.close();
96         }
97         catch (SQLException JavaDoc e) {
98             Log.error("Exception in DbAuthProvider", e);
99             throw new UnauthorizedException();
100         }
101         finally {
102             try { if (pstmt != null) pstmt.close(); }
103             catch (Exception JavaDoc e) { Log.error(e); }
104             try { if (con != null) con.close(); }
105             catch (Exception JavaDoc e) { Log.error(e); }
106         }
107         // Got this far, so the user must be authorized.
108
}
109
110     public boolean isPlainSupported() {
111         return true;
112     }
113
114     public boolean isDigestSupported() {
115         return true;
116     }
117 }
Popular Tags