001: /*
002: * NEMESIS-FORUM.
003: * Copyright (C) 2002 David Laurent(lithium2@free.fr). All rights reserved.
004: *
005: * Copyright (c) 2000 The Apache Software Foundation. All rights reserved.
006: *
007: * Copyright (C) 2001 Yasna.com. All rights reserved.
008: *
009: * Copyright (C) 2000 CoolServlets.com. All rights reserved.
010: *
011: * NEMESIS-FORUM. is free software; you can redistribute it and/or
012: * modify it under the terms of the Apache Software License, Version 1.1,
013: * or (at your option) any later version.
014: *
015: * NEMESIS-FORUM core framework, NEMESIS-FORUM backoffice, NEMESIS-FORUM frontoffice
016: * application are parts of NEMESIS-FORUM and are distributed under
017: * same terms of licence.
018: *
019: *
020: * NEMESIS-FORUM includes software developed by the Apache Software Foundation (http://www.apache.org/)
021: * and software developed by CoolServlets.com (http://www.coolservlets.com).
022: * and software developed by Yasna.com (http://www.yasna.com).
023: *
024: */
025: package org.nemesis.forum;
026:
027: import java.util.PropertyResourceBundle;
028:
029: import org.apache.commons.logging.Log;
030: import org.apache.commons.logging.LogFactory;
031: import org.nemesis.forum.exception.UnauthorizedException;
032:
033: /**
034: * An abstract class that defines a framework for providing authorization
035: * services. The static getAuthorization(String,String) and
036: * getAnonymousAuthorization() methods should be called directly from
037: * applications using in order to obtain Authorization tokens.<p>
038: *
039: * Users that wish to change the AuthorizationFactory implementation
040: * used to generate tokens can set the <code>AuthorizationFactory.className</code>
041: * property. For example, if you have altered to use LDAP for user
042: * information, you'd want to write a custom implementation of
043: * AuthorizationFactory to make LDAP authorization queries. After changing the
044: * <code>AuthorizationFactory.className</code>property, you must restart
045: * your application server.
046: */
047: public abstract class AuthorizationFactory {
048: static protected Log log = LogFactory
049: .getLog(AuthorizationFactory.class);
050:
051: private static Object initLock = new Object();
052:
053: private static AuthorizationFactory factory = null;
054:
055: /**
056: * Returns the Authorization token associated with the specified username
057: * and password. If the username and password do not match the record of
058: * any user in the system, the method throws an UnauthorizedException.<p>
059: *
060: * When using most implementations of this class, authorization tokens
061: * should be cached. A convenient place to store a token is often in the
062: * HttpSession.
063: *
064: * @param username the username to create an Authorization with.
065: * @param password the password to create an Authorization with.
066: * @return an Authorization token if the username and password are correct.
067: * @throws UnauthorizedException if the username and password do not match
068: * any existing user.
069: */
070: public static Authorization getAuthorization(String username,
071: String password) throws UnauthorizedException {
072: loadAuthorizationFactory();
073: return factory.createAuthorization(username, password);
074: }
075:
076: /**
077: * Returns the anonymous user Authorization.
078: *
079: * @return an anonymous Authorization token.
080: */
081: public static Authorization getAnonymousAuthorization() {
082: loadAuthorizationFactory();
083: return factory.createAnonymousAuthorization();
084: }
085:
086: /**
087: * Creates Authorization tokens for users. This method is implemented by
088: * concrete subclasses of AuthorizationFactory.
089: *
090: * @param username the username to create an Authorization with.
091: * @param password the password to create an Authorization with.
092: * @return an Authorization token if the username and password are correct.
093: * @throws UnauthorizedException if the username and password do not match
094: * any existing user.
095: */
096: public abstract Authorization createAuthorization(String username,
097: String password) throws UnauthorizedException;
098:
099: /**
100: * Creates anonymous Authorization tokens. This method is implemented by
101: * concrete subclasses AuthorizationFactory.
102: *
103: * @return an anonymous Authorization token.
104: */
105: public abstract Authorization createAnonymousAuthorization();
106:
107: private static String Impl = (String) ((PropertyResourceBundle) PropertyResourceBundle
108: .getBundle("org.nemesis.forum.config"))
109: .getObject("AuthorizationFactory.class");
110:
111: /**
112: * Loads a concrete AuthorizationFactory that can be used generate
113: * Authorization tokens for authorized users.<p>
114: *
115: * By default, the implementation used will be an instance of
116: * DbAuthorizationFactory -- the standard database implementation that uses
117: * the user table. A different factory can be specified by setting the
118: * property "AuthorizationFactory.className". However, you must
119: * restart for any change to take effect.
120: */
121: private static void loadAuthorizationFactory() {
122: if (factory == null) {
123: //Use className as a convenient object to get a lock on.
124: synchronized (initLock) {
125: if (factory == null) {
126:
127: try {
128: Class c = Class.forName(Impl);
129: factory = (AuthorizationFactory) c
130: .newInstance();
131: } catch (Exception e) {
132: log.fatal("Exception loading class: ", e);
133:
134: }
135: }
136: }
137: }
138: }
139: }
|