001: /*
002: * Licensed to the Apache Software Foundation (ASF) under one or more
003: * contributor license agreements. See the NOTICE file distributed with
004: * this work for additional information regarding copyright ownership.
005: * The ASF licenses this file to You under the Apache License, Version 2.0
006: * (the "License"); you may not use this file except in compliance with
007: * the License. You may obtain a copy of the License at
008: *
009: * http://www.apache.org/licenses/LICENSE-2.0
010: *
011: * Unless required by applicable law or agreed to in writing, software distributed under the License
012: * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
013: * or implied. See the License for the specific language governing permissions and limitations under
014: * the License.
015: *
016: */
017:
018: package org.apache.lenya.ac.impl;
019:
020: import org.apache.commons.codec.binary.Base64;
021: import org.apache.avalon.framework.logger.AbstractLogEnabled;
022: import org.apache.cocoon.environment.Request;
023: import org.apache.lenya.ac.AccessControlException;
024: import org.apache.lenya.ac.AccreditableManager;
025: import org.apache.lenya.ac.Authenticator;
026: import org.apache.lenya.ac.Identity;
027: import org.apache.lenya.ac.User;
028:
029: /**
030: * User authenticator.
031: * @version $Id: UserAuthenticator.java 593543 2007-11-09 14:39:04Z andreas $
032: */
033: public class UserAuthenticator extends AbstractLogEnabled implements
034: Authenticator {
035:
036: /**
037: * @see org.apache.lenya.ac.Authenticator#authenticate(org.apache.lenya.ac.AccreditableManager,
038: * org.apache.cocoon.environment.Request) Note that this implementation first checks if the
039: * user has authenticated over basic HTTP authentication. If yes, it uses these
040: * credentials.
041: */
042: public boolean authenticate(
043: AccreditableManager accreditableManager, Request request)
044: throws AccessControlException {
045:
046: String encoded = "";
047: String unencoded = "";
048: String username = "";
049: String password = "";
050: if (request.getHeader("Authorization") != null) {
051: encoded = request.getHeader("Authorization");
052: }
053: if (encoded.indexOf("Basic") > -1) {
054: encoded = encoded.trim();
055: encoded = encoded.substring(encoded.indexOf(' ') + 1);
056: unencoded = new String(Base64.decodeBase64(encoded
057: .getBytes()));
058: }
059: if (unencoded.indexOf(":") - 1 > -1) {
060: username = unencoded.substring(0, unencoded.indexOf(":"));
061: password = unencoded.substring(unencoded.indexOf(":") + 1);
062: }
063:
064: if (encoded.length() == 0
065: && request.getParameter("username") != null) {
066: username = request.getParameter("username").toLowerCase();
067: password = request.getParameter("password");
068: }
069:
070: if (getLogger().isDebugEnabled()) {
071: getLogger().debug(
072: "Authenticating username [" + username
073: + "] with password [" + password + "]");
074: }
075:
076: if (username == null || password == null) {
077: throw new AccessControlException(
078: "Username or password is null!");
079: }
080:
081: Identity identity = (Identity) request.getSession(false)
082: .getAttribute(Identity.class.getName());
083:
084: if (identity == null) {
085: throw new AccessControlException(
086: "The session does not contain the identity!");
087: }
088:
089: boolean authenticated = authenticate(accreditableManager,
090: username, password, identity);
091: return authenticated;
092: }
093:
094: /**
095: * Authenticates a user with a given username and password. When the authentication is
096: * successful, the user is added to the identity.
097: * @param accreditableManager The accreditable manager.
098: * @param username The username.
099: * @param password The password.
100: * @param identity The identity to add the user to.
101: * @throws AccessControlException when something went wrong.
102: * @return <code>true</code> if the user was authenticated, <code>false</code> otherwise.
103: */
104: protected boolean authenticate(
105: AccreditableManager accreditableManager, String username,
106: String password, Identity identity)
107: throws AccessControlException {
108:
109: User user = accreditableManager.getUserManager().getUser(
110: username);
111: if (getLogger().isDebugEnabled()) {
112: getLogger().debug("Authenticating user: [" + user + "]");
113: }
114:
115: boolean authenticated = false;
116: if (user != null && user.authenticate(password)) {
117: if (getLogger().isDebugEnabled()) {
118: getLogger().debug("User [" + user + "] authenticated.");
119: }
120:
121: if (!identity.contains(user)) {
122: User oldUser = identity.getUser();
123: if (oldUser != null) {
124: if (getLogger().isDebugEnabled()) {
125: getLogger().debug(
126: "Removing user [" + oldUser
127: + "] from identity.");
128: }
129: identity.removeIdentifiable(oldUser);
130: }
131: identity.addIdentifiable(user);
132: }
133: authenticated = true;
134: } else {
135: if (getLogger().isDebugEnabled()) {
136: if (user == null) {
137: getLogger().debug(
138: "No such user: [" + username + "]");
139: }
140: getLogger().debug(
141: "User [" + username + "] not authenticated.");
142: }
143: }
144:
145: return authenticated;
146: }
147:
148: }
|