1 19 20 package org.lucane.server.auth; 21 22 import java.util.HashMap ; 23 import java.util.Map ; 24 25 import org.lucane.common.*; 26 import org.lucane.common.concepts.UserConcept; 27 import org.lucane.common.net.ObjectConnection; 28 import org.lucane.server.ConnectInfoManager; 29 import org.lucane.server.Server; 30 import org.lucane.server.store.Store; 31 32 public class LockingAuthenticator extends Authenticator 33 { 34 private static final int MAX_FAILURES = 3; 35 private HashMap loginFailures; 36 37 public LockingAuthenticator() 38 { 39 this.loginFailures = new HashMap (); 40 } 41 42 public AuthResponse authenticate(AuthRequest request) 43 { 44 Store store = Server.getInstance().getStore(); 45 ConnectInfo userInfo = request.getUserInfo(); 46 47 UserConcept user = null; 49 try { 50 user = store.getUserStore().getUser(userInfo.getName()); 51 } catch(Exception e) { 52 e.printStackTrace(); 53 } 54 55 if(user == null) 56 return new AuthResponse(AuthResponse.BAD_CREDENTIALS); 57 58 if(user.isLocked()) 59 return new AuthResponse(AuthResponse.USER_LOCKED); 60 61 if(!store.getUserStore().checkUserPassword(user, request.getMd5Passwd())) 62 { 63 logonError(user); 64 return new AuthResponse(AuthResponse.BAD_CREDENTIALS); 65 } 66 67 loginFailures.remove(user); 69 70 if(userInfo.isClient() && ConnectInfoManager.getInstance().isConnected(userInfo)) 72 { 73 ConnectInfo oldUser = ConnectInfoManager.getInstance(). 74 getCompleteConnectInfo(request.getUserInfo()); 75 76 try { 77 Map action = new HashMap (); 78 action.put("command", "DISCONNECT"); 79 ObjectConnection oc = Server.getInstance().sendMessageTo(oldUser, "Client", action); 80 oc.close(); 81 } catch (Exception e) { 82 } 84 ConnectInfoManager.getInstance().removeConnectInfo(oldUser); 85 } 86 87 ConnectInfoManager.getInstance().addConnectInfo(userInfo); 89 90 return new AuthResponse(AuthResponse.AUTH_ACCEPTED); 91 } 92 93 98 private void logonError(UserConcept user) 99 { 100 Integer numberOfFailures = (Integer )loginFailures.get(user.getName()); 101 int newNumber = 1; 102 if(numberOfFailures != null) 103 newNumber = numberOfFailures.intValue() + 1; 104 loginFailures.put(user.getName(), new Integer (newNumber)); 105 106 Logging.getLogger().fine("Login failure: " + user.getName() + " (" + newNumber + " failures)."); 107 108 if(newNumber >= MAX_FAILURES) 109 { 110 user.setLocked(true); 111 try { 112 Server.getInstance().getStore().getUserStore().updateUser(user); 113 loginFailures.remove(user.getName()); 114 Logging.getLogger().info("Locking " + user.getName() + " after " + MAX_FAILURES + " failures."); 115 } catch (Exception e) { 116 Logging.getLogger().warning("Unable to lock user : " + e); 117 } 118 } 119 } 120 } | Popular Tags |