1 10 package org.mmbase.security.implementation.cloudcontext; 11 12 import java.util.*; 13 import java.io.*; 14 import org.mmbase.security.implementation.cloudcontext.builders.*; 15 import org.mmbase.security.*; 16 import org.mmbase.module.core.*; 17 import org.mmbase.security.SecurityException; 18 import org.mmbase.security.classsecurity.ClassAuthentication; 19 import org.mmbase.util.logging.Logger; 20 import org.mmbase.util.logging.Logging; 21 import org.mmbase.util.functions.*; 22 import org.mmbase.util.ResourceWatcher; 23 24 36 public class Authenticate extends Authentication { 37 private static final Logger log = Logging.getLoggerInstance(Authenticate.class); 38 39 protected static final String ADMINS_PROPS = "admins.properties"; 40 41 private int extraAdminsUniqueNumber; 42 43 private boolean allowEncodedPassword = false; 44 45 private static Properties extraAdmins = new Properties(); protected static Map loggedInExtraAdmins = new HashMap(); 47 48 49 protected void readAdmins(InputStream in) { 50 try { 51 extraAdmins.clear(); 52 loggedInExtraAdmins.clear(); 53 if (in != null) { 54 extraAdmins.load(in); 55 } 56 log.service("Extra admins " + extraAdmins.keySet()); 57 extraAdminsUniqueNumber = extraAdmins.hashCode(); 58 } catch (IOException ioe) { 59 log.error(ioe); 60 } 61 } 62 63 64 protected void load() throws SecurityException { 66 Users users = Users.getBuilder(); 67 if (users == null) { 68 String msg = "builders for security not installed, if you are trying to install the application belonging to this security, please restart the application after all data has been imported)"; 69 log.fatal(msg); 70 throw new SecurityException (msg); 71 } 72 if (!users.check()) { 73 String msg = "builder mmbaseusers was not configured correctly"; 74 log.error(msg); 75 throw new SecurityException (msg); 76 } 77 78 ResourceWatcher adminsWatcher = new ResourceWatcher(MMBaseCopConfig.securityLoader) { 79 public void onChange(String res) { 80 InputStream in = getResourceLoader().getResourceAsStream(res); 81 readAdmins(in); 82 } 83 }; 84 adminsWatcher.add(ADMINS_PROPS); 85 adminsWatcher.onChange(ADMINS_PROPS); 86 adminsWatcher.setDelay(10*1000); 87 adminsWatcher.start(); 88 89 } 90 91 public UserContext login(String s, Map map, Object aobj[]) throws SecurityException { 93 if (log.isDebugEnabled()) { 94 log.trace("login-module: '" + s + "'"); 95 } 96 MMObjectNode node = null; 97 Users users = Users.getBuilder(); 98 if (users == null) { 99 String msg = "builders for security not installed, if you are trying to install the application belonging to this security, please restart the application after all data has been imported)"; 100 log.fatal(msg); 101 throw new SecurityException (msg); 102 } 103 allowEncodedPassword = org.mmbase.util.Casting.toBoolean(users.getInitParameter("allowencodedpassword")); 104 if ("anonymous".equals(s)) { 105 node = users.getAnonymousUser(); 106 } else if ("name/password".equals(s)) { 107 String userName = (String )map.get("username"); 108 String password = (String )map.get("password"); 109 if(userName == null || password == null) { 110 throw new SecurityException ("Expected the property 'username' and 'password' with login. But received " + map); 111 } 112 if (extraAdmins.containsKey(userName)) { 113 if(extraAdmins.get(userName).equals(password)) { 114 log.service("Logged in an 'extra' admin '" + userName + "'. (from admins.properties)"); 115 User user = new LocalAdmin(userName, s); 116 loggedInExtraAdmins.put(userName, user); 117 return user; 118 } 119 } 120 node = users.getUser(userName, password); 121 if (node != null && ! users.isValid(node)) { 122 throw new SecurityException ("Logged in an invalid user"); 123 } 124 } else if (allowEncodedPassword && "name/encodedpassword".equals(s)) { 125 String userName = (String )map.get("username"); 126 String password = (String )map.get("encodedpassword"); 127 if(userName == null || password == null) { 128 throw new SecurityException ("Expected the property 'username' and 'password' with login. But received " + map); 129 } 130 if (extraAdmins.containsKey(userName)) { 131 if(users.encode((String ) extraAdmins.get(userName)).equals(password)) { 132 log.service("Logged in an 'extra' admin '" + userName + "'. (from admins.properties)"); 133 User user = new LocalAdmin(userName, s); 134 loggedInExtraAdmins.put(userName, user); 135 return user; 136 } 137 } 138 node = users.getUser(userName, password, false); 139 if (node != null && ! users.isValid(node)) { 140 throw new SecurityException ("Logged in an invalid user"); 141 } 142 } else if ("class".equals(s)) { 143 ClassAuthentication.Login li = ClassAuthentication.classCheck("class"); 144 if (li == null) { 145 throw new SecurityException ("Class authentication failed '" + s + "' (class not authorized)"); 146 } 147 String userName = (String ) li.getMap().get(PARAMETER_USERNAME.getName()); 148 String rank = (String ) li.getMap().get(PARAMETER_RANK.getName()); 149 if (userName != null && (rank == null || (Rank.ADMIN.toString().equals(rank) && extraAdmins.containsKey(userName)))) { 150 log.service("Logged in an 'extra' admin '" + userName + "'. (from admins.properties)"); 151 User user = new LocalAdmin(userName, s); 152 loggedInExtraAdmins.put(userName, user); 153 return user; 154 } else { 155 if (userName != null) { 156 node = users.getUser(userName); 157 if (rank != null) { 158 } 159 } else if (rank != null) { 160 node = users.getUserByRank(rank, userName); 161 log.debug("Class authentication to rank " + rank + " found node " + node); 162 } 163 } 164 } else { 165 throw new UnknownAuthenticationMethodException("login module with name '" + s + "' not found, only 'anonymous', 'name/password' and 'class' are supported"); 166 } 167 if (node == null) return null; 168 return new User(node, getKey(), s); 169 } 170 171 public static User getLoggedInExtraAdmin(String userName) { 172 return (User) loggedInExtraAdmins.get(userName); 173 } 174 175 public boolean isValid(UserContext userContext) throws SecurityException { 177 if (! (userContext instanceof User)) { 178 log.debug("Changed to other security implementation"); 179 return false; 180 } 181 User user = (User) userContext; 182 if (user.node == null) { 183 log.debug("No node associated to user object, --> user object is invalid"); 184 return false; 185 } 186 if (! user.isValidNode()) { 187 log.debug("Node associated to user object, is invalid"); 188 return false; 189 } 190 if ( user.getKey() != getKey()) { 191 log.service(user.toString() + "(" + user.getClass().getName() + ") was NOT valid (different unique number)"); 192 return false; 193 } 194 log.debug(user.toString() + " was valid"); 195 return true; 196 } 197 198 199 public String [] getTypes(int method) { 200 if (allowEncodedPassword) { 201 if (method == METHOD_ASIS) { 202 return new String [] {"anonymous", "name/password", "name/encodedpassword", "class"}; 203 } else { 204 return new String [] {"name/password", "name/encodedpassword", "class"}; 205 } 206 } else { 207 if (method == METHOD_ASIS) { 208 return new String [] {"anonymous", "name/password", "class"}; 209 } else { 210 return new String [] {"name/password", "class"}; 211 } 212 } 213 214 } 215 216 private static final Parameter PARAMETER_ENCODEDPASSWORD = new Parameter("encodedpassword", String .class, true); 217 private static final Parameter[] PARAMETERS_NAME_ENCODEDPASSWORD = 218 new Parameter[] { 219 PARAMETER_USERNAME, 220 PARAMETER_ENCODEDPASSWORD, 221 new Parameter.Wrapper(PARAMETERS_USERS) }; 222 223 public Parameters createParameters(String application) { 224 application = application.toLowerCase(); 225 if ("anonymous".equals(application)) { 226 return new Parameters(PARAMETERS_ANONYMOUS); 227 } else if ("class".equals(application)) { 228 return Parameters.VOID; 229 } else if ("name/password".equals(application)) { 230 return new Parameters(PARAMETERS_NAME_PASSWORD); 231 } else if ("name/encodedpassword".equals(application)) { 232 return new Parameters(PARAMETERS_NAME_ENCODEDPASSWORD); 233 } else { 234 return new AutodefiningParameters(); 235 } 236 } 237 238 protected class LocalAdmin extends User { 239 private static final long serialVersionUID = 1; 240 241 private String userName; 242 private long l; 243 LocalAdmin(String user, String app) { 244 super(new AdminVirtualNode(), Authenticate.this.getKey(), app); 245 l = extraAdminsUniqueNumber; 246 userName = user; 247 } 248 public String getIdentifier() { return userName; } 249 public String getOwnerField() { return userName; } 250 public Rank getRank() throws SecurityException { return Rank.ADMIN; } 251 public boolean isValidNode() { return l == extraAdminsUniqueNumber; } 252 private void readObject(java.io.ObjectInputStream in) throws java.io.IOException , ClassNotFoundException { 253 userName = in.readUTF(); 254 l = extraAdminsUniqueNumber; 255 org.mmbase.util.ThreadPools.jobsExecutor.execute(new Runnable () { 256 public void run() { 257 org.mmbase.bridge.LocalContext.getCloudContext().assertUp(); 258 node = new AdminVirtualNode(); 259 } 260 }); 261 262 } 263 264 private void writeObject(java.io.ObjectOutputStream out) throws java.io.IOException { 265 out.writeUTF(userName); 266 } 267 268 public boolean equals(Object o) { 269 if (o instanceof LocalAdmin) { 270 LocalAdmin ou = (LocalAdmin) o; 271 return 272 super.equals(o) && 273 userName.equals(ou.userName) && 274 l == ou.l; 275 } else { 276 return false; 277 } 278 } 279 } 280 public class AdminVirtualNode extends VirtualNode { 281 AdminVirtualNode() { 282 super(Users.getBuilder()); 283 } 284 } 285 286 } 287 | Popular Tags |