AuthenticationHandler


1   /*
2   
3   This software is OSI Certified Open Source Software.
4   OSI Certified is a certification mark of the Open Source Initiative.
5   
6   The license (Mozilla version 1.0) can be read at the MMBase site.
7   See http://www.MMBase.org/license
8   
9   */
10  
11  package org.mmbase.security.implementation.basic;
12  
13  import org.w3c.dom.Element  ;
14  import org.mmbase.util.XMLBasicReader;
15  import org.mmbase.util.XMLEntityResolver;
16  
17  import org.mmbase.security.*;
18  import org.mmbase.security.SecurityException;
19  
20  import java.util.*;
21  
22  
23  import org.mmbase.util.logging.Logger;
24  import org.mmbase.util.logging.Logging;
25  
26  /**
27   * Authentication based on a config files. There is an XML file (`authentication.xml') which defines
28   * several modules (conected to the 'module/method' String). There are now three moduiles in this
29   * implementation. 'anonymous' for the anonyunous user. 'name/password' for 'basic users'. The
30   * username/passwords of the basic users are defined in an account.properties file. The last module
31   * is 'admin' which authenticates only on password.
32   *
33   * @todo MM: I think it should be possible for admin to login with name/password to, how else could
34   * you use HTTP authentication (e.g. admin pages).
35   * @author Eduard Witteveen
36   * @version $Id: AuthenticationHandler.java,v 1.10 2005/07/09 15:29:12 nklasens Exp $
37   */
38  public class AuthenticationHandler extends Authentication {
39      private static final Logger log = Logging.getLoggerInstance(AuthenticationHandler.class);
40  
41      public static final String   PUBLIC_ID_BASICSECURITY_1_0 = "-//MMBase//DTD securitybasicauth config 1.0//EN";
42      public static final String   DTD_BASICSECURITY_1_0       = " securitybasicauth_1_0.dtd";
43      
44      
45      static {
46          XMLEntityResolver.registerPublicID(PUBLIC_ID_BASICSECURITY_1_0, DTD_BASICSECURITY_1_0, AuthenticationHandler.class);
47      }
48  
49      // hashmap of the modules..
50      private Map modules = new HashMap();
51      // hashmap of the ranks of the modules..
52      private Map moduleRanks = new HashMap();
53  
54      protected void load() {
55          log.debug("using: '" + configFile + "' as config file for authentication");
56          XMLBasicReader reader = new XMLBasicReader(configFile.getAbsolutePath(), getClass());
57  
58          log.debug("Trying to load all loginmodules:");
59          for (Iterator modIter = reader.getChildElements(reader.getElementByPath("authentication"), "loginmodule"); modIter.hasNext();) {
60              Element   modTag = (Element  ) modIter.next();
61              String   modName = reader.getElementAttributeValue(modTag, "name");
62              if (modName.equals("")) {
63                  log.error("module attribute name was not defined in :" + configFile);
64                  throw new SecurityException  ("module attribute name was not defined in :" + configFile);
65              }
66              String   modClass = reader.getElementAttributeValue(modTag, "class");
67              if (modClass.equals("")) {
68                  log.error("module attribute class was not defined in :" + configFile + " for module: " + modName);
69                  throw new SecurityException  ("module attribute class was not defined in :" + configFile + " for module: " + modName);
70              }
71              String   modRankString = reader.getElementAttributeValue(modTag, "rank");
72              Rank modRank;
73              if (modRankString.equals("")) {
74                  modRank = null;
75              } else {
76                  modRank = Rank.getRank(modRankString);
77              }
78  
79              log.debug("Trying to load login module with name: " + modName);
80  
81              // create the module...
82              LoginModule module;
83              try {
84                  Class   moduleClass = Class.forName(modClass);
85                  module = (LoginModule)moduleClass.newInstance();
86              } catch (Exception   e) {
87                  log.error("Could not create Login Module with class name " + modClass);
88                  throw new SecurityException  ("Could not create Login Module with class name " + modClass);
89              }
90  
91              // retrieve the properties...
92              HashMap properties = new HashMap();
93              for (Iterator propIter = reader.getChildElements(modTag, "property"); propIter.hasNext();) {
94                  Element   propTag = (Element  ) propIter.next();
95                  String   propName = reader.getElementAttributeValue(propTag, "name");
96                  String   propValue = reader.getElementValue(propTag).trim();
97                  properties.put(propName, propValue);
98                  log.debug("\tadding key : " + propName + " with value : " + propValue);
99              }
100             properties.put("_parentFile", configFile);
101             // if module's configuration uses filenames, they probably want to be relative to this one.
102             module.load(properties);
103             modules.put(modName, module);
104             moduleRanks.put(modName, modRank);
105             log.debug("Loaded loginmodule with name: " + modName);
106         }
107         log.debug("Loaded all loginmodules " + listModules());
108     }
109 
110     public UserContext login(String   moduleName, Map loginInfo, Object  [] parameters) throws org.mmbase.security.SecurityException {
111         LoginModule module = (LoginModule)modules.get(moduleName);
112         if (module == null) {
113             log.error("Login Module with name '" + moduleName + "' not found ! (available:" + listModules() + ")");
114             throw new UnknownAuthenticationMethodException("Login Module with name '" + moduleName + "' not found ! (available:" + listModules() + ")");
115         }
116         NameContext newUser = new NameContext((Rank)moduleRanks.get(moduleName), moduleName);
117         if (module.login(newUser, loginInfo, parameters)) {
118             // our login succeeded..
119             // check if the identifier was set by the loginModule, when invalid will trow exception..
120             newUser.getIdentifier();
121             return newUser;
122         }
123         return null;
124     }
125 
126     private String   listModules() {
127         Iterator i = modules.keySet().iterator();
128         String   loginModulesAvailable = "";
129         while (i.hasNext()) {
130             loginModulesAvailable += "\"" + (String  )i.next() + "\" ";
131         }
132         return loginModulesAvailable;
133     }
134 
135     /**
136      * this method does nothing..
137      */
138     public boolean isValid(UserContext usercontext) throws org.mmbase.security.SecurityException {
139         return true;
140     }
141 }
142
A to Z: JavaDoc & Examples Daily Java News & Articles Open Source Projects Open Source Codes Free Computer Books Remove Frame
Popular Tags