001: /*
002: * JOSSO: Java Open Single Sign-On
003: *
004: * Copyright 2004-2008, Atricore, Inc.
005: *
006: * This is free software; you can redistribute it and/or modify it
007: * under the terms of the GNU Lesser General Public License as
008: * published by the Free Software Foundation; either version 2.1 of
009: * the License, or (at your option) any later version.
010: *
011: * This software is distributed in the hope that it will be useful,
012: * but WITHOUT ANY WARRANTY; without even the implied warranty of
013: * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
014: * Lesser General Public License for more details.
015: *
016: * You should have received a copy of the GNU Lesser General Public
017: * License along with this software; if not, write to the Free
018: * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
019: * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
020: */
021: package org.josso.auth.scheme;
022:
023: import org.apache.commons.logging.Log;
024: import org.apache.commons.logging.LogFactory;
025: import org.josso.auth.BindableCredentialStore;
026: import org.josso.auth.CredentialStore;
027: import org.josso.auth.exceptions.SSOAuthenticationException;
028:
029: /**
030: * Basic authentication scheme, supporting username and password credentials.
031: * <p/>
032: * <p>
033: * This implementation relays on the configured CredentialStore to authenticate users.
034: * The configured store must be instance of BindableCredentialStore. If the bind operation provided by the store succeeds,
035: * the user is authenticated.
036: * </p>
037: *
038: * @see org.josso.auth.CredentialStore
039: * @see org.josso.auth.BindableCredentialStore
040: * @see org.josso.gateway.identity.service.store.AbstractStore
041: *
042: * @author <a href="mailto:sgonzalez@josso.org">Sebastian Gonzalez Oyuela</a>
043: * @version $Id: BindUsernamePasswordAuthScheme.java 508 2008-02-18 13:32:29Z sgonzalez $
044: *
045: */
046:
047: public class BindUsernamePasswordAuthScheme extends
048: UsernamePasswordAuthScheme {
049:
050: private static final Log logger = LogFactory
051: .getLog(BindUsernamePasswordAuthScheme.class);
052:
053: /**
054: * Authenticates the user using recieved credentials to proof his identity.
055: *
056: * @return the Principal if credentials are valid, null otherwise.
057: */
058: public boolean authenticate() throws SSOAuthenticationException {
059:
060: setAuthenticated(false);
061:
062: String username = getUsername(_inputCredentials);
063: String password = getPassword(_inputCredentials);
064:
065: // Check if all credentials are present.
066: if (username == null || username.length() == 0
067: || password == null || password.length() == 0) {
068:
069: if (logger.isDebugEnabled()) {
070: logger
071: .debug("Username "
072: + (username == null
073: || username.length() == 0 ? " not"
074: : "")
075: + " provided. "
076: + "Password "
077: + (password == null
078: || password.length() == 0 ? " not"
079: : "") + " provided.");
080: }
081:
082: // We don't support empty values !
083: return false;
084: }
085:
086: // Authenticate the user against the configured store via a bind
087: // The configured store could be using a LDAP server , a DB, etc.
088: if (((BindableCredentialStore) _credentialStore).bind(username,
089: password)) {
090:
091: if (logger.isDebugEnabled())
092: logger
093: .debug("[authenticate()], Principal authenticated : "
094: + username);
095:
096: // We have successfully authenticated this user.
097: setAuthenticated(true);
098: return true;
099: }
100:
101: return false;
102: }
103:
104: public void setCredentialStore(CredentialStore c) {
105: if (c instanceof BindableCredentialStore) {
106: super .setCredentialStore(c);
107: } else {
108: throw new RuntimeException(
109: "Invalid credential store type, it must be instace of "
110: + BindableCredentialStore.class.getName());
111: }
112:
113: }
114:
115: }
|