|
1
10 package org.mmbase.security.implementation.cloudcontext;
11
12 import java.util.*;
13 import java.io.*;
14 import org.mmbase.security.implementation.cloudcontext.builders.*;
15 import org.mmbase.security.*;
16 import org.mmbase.module.core.*;
17 import org.mmbase.security.SecurityException;
18 import org.mmbase.security.classsecurity.ClassAuthentication;
19 import org.mmbase.util.logging.Logger;
20 import org.mmbase.util.logging.Logging;
21 import org.mmbase.util.functions.*;
22 import org.mmbase.util.ResourceWatcher;
23
24
36 public class Authenticate extends Authentication {
37 private static final Logger log = Logging.getLoggerInstance(Authenticate.class);
38
39 protected static final String  ADMINS_PROPS = "admins.properties";
40
41 private int extraAdminsUniqueNumber;
42
43 private boolean allowEncodedPassword = false;
44
45 private static Properties extraAdmins = new Properties(); protected static Map loggedInExtraAdmins = new HashMap();
47
48
49 protected void readAdmins(InputStream in) {
50 try {
51 extraAdmins.clear();
52 loggedInExtraAdmins.clear();
53 if (in != null) {
54 extraAdmins.load(in);
55 }
56 log.service("Extra admins " + extraAdmins.keySet());
57 extraAdminsUniqueNumber = extraAdmins.hashCode();
58 } catch (IOException ioe) {
59 log.error(ioe);
60 }
61 }
62
63
64 protected void load() throws SecurityException {
66 Users users = Users.getBuilder();
67 if (users == null) {
68 String msg = "builders for security not installed, if you are trying to install the application belonging to this security, please restart the application after all data has been imported)";
69 log.fatal(msg);
70 throw new SecurityException (msg);
71 }
72 if (!users.check()) {
73 String msg = "builder mmbaseusers was not configured correctly";
74 log.error(msg);
75 throw new SecurityException (msg);
76 }
77
78 ResourceWatcher adminsWatcher = new ResourceWatcher(MMBaseCopConfig.securityLoader) {
79 public void onChange(String res) {
80 InputStream in = getResourceLoader().getResourceAsStream(res);
81 readAdmins(in);
82 }
83 };
84 adminsWatcher.add(ADMINS_PROPS);
85 adminsWatcher.onChange(ADMINS_PROPS);
86 adminsWatcher.setDelay(10*1000);
87 adminsWatcher.start();
88
89 }
90
91 public UserContext login(String s, Map map, Object aobj[]) throws SecurityException {
93 if (log.isDebugEnabled()) {
94 log.trace("login-module: '" + s + "'");
95 }
96 MMObjectNode node = null;
97 Users users = Users.getBuilder();
98 if (users == null) {
99 String msg = "builders for security not installed, if you are trying to install the application belonging to this security, please restart the application after all data has been imported)";
100 log.fatal(msg);
101 throw new SecurityException (msg);
102 }
103 allowEncodedPassword = org.mmbase.util.Casting.toBoolean(users.getInitParameter("allowencodedpassword"));
104 if ("anonymous".equals(s)) {
105 node = users.getAnonymousUser();
106 } else if ("name/password".equals(s)) {
107 String userName = (String )map.get("username");
108 String password = (String )map.get("password");
109 if(userName == null || password == null) {
110 throw new SecurityException ("Expected the property 'username' and 'password' with login. But received " + map);
111 }
112 if (extraAdmins.containsKey(userName)) {
113 if(extraAdmins.get(userName).equals(password)) {
114 log.service("Logged in an 'extra' admin '" + userName + "'. (from admins.properties)");
115 User user = new LocalAdmin(userName, s);
116 loggedInExtraAdmins.put(userName, user);
117 return user;
118 }
119 }
120 node = users.getUser(userName, password);
121 if (node != null && ! users.isValid(node)) {
122 throw new SecurityException ("Logged in an invalid user");
123 }
124 } else if (allowEncodedPassword && "name/encodedpassword".equals(s)) {
125 String userName = (String )map.get("username");
126 String password = (String )map.get("encodedpassword");
127 if(userName == null || password == null) {
128 throw new SecurityException ("Expected the property 'username' and 'password' with login. But received " + map);
129 }
130 if (extraAdmins.containsKey(userName)) {
131 if(users.encode((String ) extraAdmins.get(userName)).equals(password)) {
132 log.service("Logged in an 'extra' admin '" + userName + "'. (from admins.properties)");
133 User user = new LocalAdmin(userName, s);
134 loggedInExtraAdmins.put(userName, user);
135 return user;
136 }
137 }
138 node = users.getUser(userName, password, false);
139 if (node != null && ! users.isValid(node)) {
140 throw new SecurityException ("Logged in an invalid user");
141 }
142 } else if ("class".equals(s)) {
143 ClassAuthentication.Login li = ClassAuthentication.classCheck("class");
144 if (li == null) {
145 throw new SecurityException ("Class authentication failed '" + s + "' (class not authorized)");
146 }
147 String userName = (String ) li.getMap().get(PARAMETER_USERNAME.getName());
148 String rank = (String ) li.getMap().get(PARAMETER_RANK.getName());
149 if (userName != null && (rank == null || (Rank.ADMIN.toString().equals(rank) && extraAdmins.containsKey(userName)))) {
150 log.service("Logged in an 'extra' admin '" + userName + "'. (from admins.properties)");
151 User user = new LocalAdmin(userName, s);
152 loggedInExtraAdmins.put(userName, user);
153 return user;
154 } else {
155 if (userName != null) {
156 node = users.getUser(userName);
157 if (rank != null) {
158 }
159 } else if (rank != null) {
160 node = users.getUserByRank(rank, userName);
161 log.debug("Class authentication to rank " + rank + " found node " + node);
162 }
163 }
164 } else {
165 throw new UnknownAuthenticationMethodException("login module with name '" + s + "' not found, only 'anonymous', 'name/password' and 'class' are supported");
166 }
167 if (node == null) return null;
168 return new User(node, getKey(), s);
169 }
170
171 public static User getLoggedInExtraAdmin(String userName) {
172 return (User) loggedInExtraAdmins.get(userName);
173 }
174
175 public boolean isValid(UserContext userContext) throws SecurityException {
177 if (! (userContext instanceof User)) {
178 log.debug("Changed to other security implementation");
179 return false;
180 }
181 User user = (User) userContext;
182 if (user.node == null) {
183 log.debug("No node associated to user object, --> user object is invalid");
184 return false;
185 }
186 if (! user.isValidNode()) {
187 log.debug("Node associated to user object, is invalid");
188 return false;
189 }
190 if ( user.getKey() != getKey()) {
191 log.service(user.toString() + "(" + user.getClass().getName() + ") was NOT valid (different unique number)");
192 return false;
193 }
194 log.debug(user.toString() + " was valid");
195 return true;
196 }
197
198
199 public String [] getTypes(int method) {
200 if (allowEncodedPassword) {
201 if (method == METHOD_ASIS) {
202 return new String [] {"anonymous", "name/password", "name/encodedpassword", "class"};
203 } else {
204 return new String [] {"name/password", "name/encodedpassword", "class"};
205 }
206 } else {
207 if (method == METHOD_ASIS) {
208 return new String [] {"anonymous", "name/password", "class"};
209 } else {
210 return new String [] {"name/password", "class"};
211 }
212 }
213
214 }
215
216 private static final Parameter PARAMETER_ENCODEDPASSWORD = new Parameter("encodedpassword", String .class, true);
217 private static final Parameter[] PARAMETERS_NAME_ENCODEDPASSWORD =
218 new Parameter[] {
219 PARAMETER_USERNAME,
220 PARAMETER_ENCODEDPASSWORD,
221 new Parameter.Wrapper(PARAMETERS_USERS) };
222
223 public Parameters createParameters(String application) {
224 application = application.toLowerCase();
225 if ("anonymous".equals(application)) {
226 return new Parameters(PARAMETERS_ANONYMOUS);
227 } else if ("class".equals(application)) {
228 return Parameters.VOID;
229 } else if ("name/password".equals(application)) {
230 return new Parameters(PARAMETERS_NAME_PASSWORD);
231 } else if ("name/encodedpassword".equals(application)) {
232 return new Parameters(PARAMETERS_NAME_ENCODEDPASSWORD);
233 } else {
234 return new AutodefiningParameters();
235 }
236 }
237
238 protected class LocalAdmin extends User {
239 private static final long serialVersionUID = 1;
240
241 private String userName;
242 private long l;
243 LocalAdmin(String user, String app) {
244 super(new AdminVirtualNode(), Authenticate.this.getKey(), app);
245 l = extraAdminsUniqueNumber;
246 userName = user;
247 }
248 public String getIdentifier() { return userName; }
249 public String getOwnerField() { return userName; }
250 public Rank getRank() throws SecurityException { return Rank.ADMIN; }
251 public boolean isValidNode() { return l == extraAdminsUniqueNumber; }
252 private void readObject(java.io.ObjectInputStream in) throws java.io.IOException , ClassNotFoundException {
253 userName = in.readUTF();
254 l = extraAdminsUniqueNumber;
255 org.mmbase.util.ThreadPools.jobsExecutor.execute(new Runnable () {
256 public void run() {
257 org.mmbase.bridge.LocalContext.getCloudContext().assertUp();
258 node = new AdminVirtualNode();
259 }
260 });
261
262 }
263
264 private void writeObject(java.io.ObjectOutputStream out) throws java.io.IOException {
265 out.writeUTF(userName);
266 }
267
268 public boolean equals(Object o) {
269 if (o instanceof LocalAdmin) {
270 LocalAdmin ou = (LocalAdmin) o;
271 return
272 super.equals(o) &&
273 userName.equals(ou.userName) &&
274 l == ou.l;
275 } else {
276 return false;
277 }
278 }
279 }
280 public class AdminVirtualNode extends VirtualNode {
281 AdminVirtualNode() {
282 super(Users.getBuilder());
283 }
284 }
285
286 }
287 |
Popular Tags |
Java API By Example, From Geeks To Geeks.