MantaAuthenticationImpl


1   /*
2    * Copyright 2002 by
3    * <a HREF="http://www.coridan.com">Coridan</a>
4    * <a HREF="mailto: support@coridan.com ">support@coridan.com</a>
5    *
6    * The contents of this file are subject to the Mozilla Public License Version
7    * 1.1 (the "License"); you may not use this file except in compliance with the
8    * License.  You may obtain a copy of the License at
9    * http://www.mozilla.org/MPL/
10   *
11   * Software distributed under the License is distributed on an "AS IS" basis,
12   * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
13   * for the specific language governing rights and limitations under the
14   * License.
15   *
16   * The Original Code is "MantaRay" (TM).
17   *
18   * The Initial Developer of the Original Code is Shirley Sasson.
19   * Portions created by the Initial Developer are Copyright (C) 2006
20   * Coridan Inc.  All Rights Reserved.
21   *
22   * Contributor(s): all the names of the contributors are added in the source
23   * code where applicable.
24   *
25   * Alternatively, the contents of this file may be used under the terms of the
26   * LGPL license (the "GNU LESSER GENERAL PUBLIC LICENSE"), in which case the
27   * provisions of LGPL are applicable instead of those above.  If you wish to
28   * allow use of your version of this file only under the terms of the LGPL
29   * License and not to allow others to use your version of this file under
30   * the MPL, indicate your decision by deleting the provisions above and
31   * replace them with the notice and other provisions required by the LGPL.
32   * If you do not delete the provisions above, a recipient may use your version
33   * of this file under either the MPL or the GNU LESSER GENERAL PUBLIC LICENSE.
34   
35   *
36   * This library is free software; you can redistribute it and/or modify it
37   * under the terms of the MPL as stated above or under the terms of the GNU
38   * Lesser General Public License as published by the Free Software Foundation;
39   * either version 2.1 of the License, or any later version.
40   *
41   * This library is distributed in the hope that it will be useful, but WITHOUT
42   * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
43   * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
44   * License for more details.
45   */
46  
47  package org.mr.kernel.security.authentication;
48  
49  
50  import javax.jms.JMSSecurityException  ;
51  import javax.security.auth.Subject  ;
52  
53  import org.mr.kernel.security.*;
54  import org.apache.commons.logging.Log;
55  import org.apache.commons.logging.LogFactory;
56  
57  /**
58   * This class is an implementation of {@link org.mr.kernel.security.MantaAuthentication}.
59   *
60   * @version 1.0
61   * @since Mar 9, 2006
62   * @author Shirley Sasson
63   *
64   */
65  public class MantaAuthenticationImpl implements org.mr.kernel.security.MantaAuthentication, SecurityConstants, SecurityConfigurationPaths {
66      private Log _logger;
67  
68      /**
69       * This method is used to authenticate a Manta layer with username and password.
70       * If the user is authenticated, the method returns a Session id which is a unique generated number.
71       * This Session ID will be used later by the Manta layer to gain authorization for performing actions.
72       *
73       * @param username
74       *          client�s authentication username
75       * @param password
76       *          client�s authentication password
77       * @return a unique session id
78       * @throws JMSSecurityException if the user has not been authenticated
79       */
80      public SessionID authenticate(String   username, String   password) throws JMSSecurityException   {
81          if (username == null || "".equals(username)){
82              if (getLogger().isErrorEnabled())
83                  getLogger().error("[authenticate] Invalid argument: username");
84              throw new JMSSecurityException  ("Invalid argument: username");
85          }
86  
87          if (getLogger().isInfoEnabled())
88              getLogger().info("[authenticate] A request to authenticate user " + username + " has been recieved");
89  
90          try {
91              // authenticate with ACL
92              Subject   subject = MantaACLAuthenticationManager.getInstance().isAuthenticated(username, password);
93              if (subject == null)
94                  throw new JMSSecurityException  ("authentication failed");
95  
96              // produce a new sessionID and add it to sessions map
97              if (getLogger().isInfoEnabled())
98                  getLogger().info("[authenticate] Creating a new session for user " + username);
99  
100             SessionID sessionID = new SessionID();
101             // create a UserPrincipal object
102             UserPrincipal principal = new UserPrincipal(username);
103 
104             // add it to the sessions map
105             if (getLogger().isInfoEnabled())
106                 getLogger().info("[authenticate] Adding session ID " + sessionID.toString() + " for user " + username + " to the session manager");
107 
108             SessionManager.getInstance().addSession(principal, sessionID);
109             return sessionID;
110         }
111         catch (MaximumNumberOfSessionsPerUserReached mnospur){
112             if (getLogger().isErrorEnabled())
113                 getLogger().error(mnospur.getMessage());
114             throw new JMSSecurityException  (mnospur.getMessage());
115         }
116         catch (MantaSecurityException mse){
117             throw new JMSSecurityException  (mse.getMessage());
118         }
119     }
120 
121     /**
122      * This method is used to invalidate a client's session.
123      * This method should be called by the client after it has finished performing secure actions.
124      * When this method is called, the session id is removed from the list of session ids for that client.
125      *
126      * @param sessionID
127      *          client�s session id to be invaidated
128      * @throws JMSSecurityException if invalidationg was not successful
129      */
130     public void logout(SessionID sessionID) throws JMSSecurityException   {
131         if (sessionID == null){
132             if (getLogger().isErrorEnabled())
133                 getLogger().error("[logout] Invalid argument: sessionID");
134             throw new JMSSecurityException  ("Invalid argument: sessionID");
135         }
136         // remove the sessionID from the list of sessionIDs for the user
137         if (getLogger().isInfoEnabled())
138             getLogger().info("[authenticate] Removing session ID " + sessionID.toString() + " from the session manager");
139 
140         SessionManager.getInstance().removeSession(sessionID);
141     }
142 
143     /**
144      * Returns the instance of the logger for this class
145      *
146      * @return the instance of the logger
147      */
148     public Log getLogger(){
149         if (_logger == null){
150             _logger = LogFactory.getLog(getClass().getName());
151         }
152         return _logger;
153     }
154 }
155
A to Z: JavaDoc & Examples Daily Java News & Articles Open Source Projects Open Source Codes Free Computer Books Remove Frame
Popular Tags