001: /**
002: * Copyright (C) 2001 Yasna.com. All rights reserved.
003: *
004: * ===================================================================
005: * The Apache Software License, Version 1.1
006: *
007: * Redistribution and use in source and binary forms, with or without
008: * modification, are permitted provided that the following conditions
009: * are met:
010: *
011: * 1. Redistributions of source code must retain the above copyright
012: * notice, this list of conditions and the following disclaimer.
013: *
014: * 2. Redistributions in binary form must reproduce the above copyright
015: * notice, this list of conditions and the following disclaimer in
016: * the documentation and/or other materials provided with the
017: * distribution.
018: *
019: * 3. The end-user documentation included with the redistribution,
020: * if any, must include the following acknowledgment:
021: * "This product includes software developed by
022: * Yasna.com (http://www.yasna.com)."
023: * Alternately, this acknowledgment may appear in the software itself,
024: * if and wherever such third-party acknowledgments normally appear.
025: *
026: * 4. The names "Yazd" and "Yasna.com" must not be used to
027: * endorse or promote products derived from this software without
028: * prior written permission. For written permission, please
029: * contact yazd@yasna.com.
030: *
031: * 5. Products derived from this software may not be called "Yazd",
032: * nor may "Yazd" appear in their name, without prior written
033: * permission of Yasna.com.
034: *
035: * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
036: * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
037: * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
038: * DISCLAIMED. IN NO EVENT SHALL YASNA.COM OR
039: * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
040: * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
041: * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
042: * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
043: * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
044: * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
045: * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
046: * SUCH DAMAGE.
047: * ====================================================================
048: *
049: * This software consists of voluntary contributions made by many
050: * individuals on behalf of Yasna.com. For more information
051: * on Yasna.com, please see <http://www.yasna.com>.
052: */
053:
054: /**
055: * Copyright (C) 2000 CoolServlets.com. All rights reserved.
056: *
057: * ===================================================================
058: * The Apache Software License, Version 1.1
059: *
060: * Redistribution and use in source and binary forms, with or without
061: * modification, are permitted provided that the following conditions
062: * are met:
063: *
064: * 1. Redistributions of source code must retain the above copyright
065: * notice, this list of conditions and the following disclaimer.
066: *
067: * 2. Redistributions in binary form must reproduce the above copyright
068: * notice, this list of conditions and the following disclaimer in
069: * the documentation and/or other materials provided with the
070: * distribution.
071: *
072: * 3. The end-user documentation included with the redistribution,
073: * if any, must include the following acknowledgment:
074: * "This product includes software developed by
075: * CoolServlets.com (http://www.coolservlets.com)."
076: * Alternately, this acknowledgment may appear in the software itself,
077: * if and wherever such third-party acknowledgments normally appear.
078: *
079: * 4. The names "Jive" and "CoolServlets.com" must not be used to
080: * endorse or promote products derived from this software without
081: * prior written permission. For written permission, please
082: * contact webmaster@coolservlets.com.
083: *
084: * 5. Products derived from this software may not be called "Jive",
085: * nor may "Jive" appear in their name, without prior written
086: * permission of CoolServlets.com.
087: *
088: * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
089: * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
090: * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
091: * DISCLAIMED. IN NO EVENT SHALL COOLSERVLETS.COM OR
092: * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
093: * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
094: * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
095: * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
096: * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
097: * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
098: * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
099: * SUCH DAMAGE.
100: * ====================================================================
101: *
102: * This software consists of voluntary contributions made by many
103: * individuals on behalf of CoolServlets.com. For more information
104: * on CoolServlets.com, please see <http://www.coolservlets.com>.
105: */package com.Yasna.forum;
106:
107: /**
108: * An abstract class that defines a framework for providing authorization
109: * services in Yazd. The static getAuthorization(String,String) and
110: * getAnonymousAuthorization() methods should be called directly from
111: * applications using Yazd in order to obtain Authorization tokens.<p>
112: *
113: * Users of Yazd that wish to change the AuthorizationFactory implementation
114: * used to generate tokens can set the <code>AuthorizationFactory.className</code>
115: * Yazd property. For example, if you have altered Yazd to use LDAP for user
116: * information, you'd want to write a custom implementation of
117: * AuthorizationFactory to make LDAP authorization queries. After changing the
118: * <code>AuthorizationFactory.className</code> Yazd property, you must restart
119: * your application server.
120: */
121: public abstract class AuthorizationFactory {
122:
123: /**
124: * The default class to instantiate is database implementation.
125: */
126: private static String className = "com.Yasna.forum.database.DbAuthorizationFactory";
127:
128: private static AuthorizationFactory factory = null;
129:
130: /**
131: * Returns the Authorization token associated with the specified username
132: * and password. If the username and password do not match the record of
133: * any user in the system, the method throws an UnauthorizedException.<p>
134: *
135: * When using most implementations of this class, authorization tokens
136: * should be cached. A convenient place to store a token is often in the
137: * HttpSession.
138: *
139: * @param username the username to create an Authorization with.
140: * @param password the password to create an Authorization with.
141: * @return an Authorization token if the username and password are correct.
142: * @throws UnauthorizedException if the username and password do not match
143: * any existing user.
144: */
145: public static Authorization getAuthorization(String username,
146: String password) throws UnauthorizedException {
147: loadAuthorizationFactory();
148: return factory.createAuthorization(username, password);
149: }
150:
151: /**
152: * Returns the anonymous user Authorization.
153: *
154: * @return an anonymous Authorization token.
155: */
156: public static Authorization getAnonymousAuthorization() {
157: loadAuthorizationFactory();
158: return factory.createAnonymousAuthorization();
159: }
160:
161: /**
162: * Creates Authorization tokens for users. This method is implemented by
163: * concrete subclasses of AuthorizationFactory.
164: *
165: * @param username the username to create an Authorization with.
166: * @param password the password to create an Authorization with.
167: * @return an Authorization token if the username and password are correct.
168: * @throws UnauthorizedException if the username and password do not match
169: * any existing user.
170: */
171: public abstract Authorization createAuthorization(String username,
172: String password) throws UnauthorizedException;
173:
174: /**
175: * Creates anonymous Authorization tokens. This method is implemented by
176: * concrete subclasses AuthorizationFactory.
177: *
178: * @return an anonymous Authorization token.
179: */
180: public abstract Authorization createAnonymousAuthorization();
181:
182: /**
183: * Loads a concrete AuthorizationFactory that can be used generate
184: * Authorization tokens for authorized users.<p>
185: *
186: * By default, the implementation used will be an instance of
187: * DbAuthorizationFactory -- the standard database implementation that uses
188: * the Yazd user table. A different factory can be specified by setting the
189: * Yazd property "AuthorizationFactory.className". However, you must
190: * restart Yazd for any change to take effect.
191: */
192: private static void loadAuthorizationFactory() {
193: if (factory == null) {
194: //Use className as a convenient object to get a lock on.
195: synchronized (className) {
196: if (factory == null) {
197: //See if the classname has been set as a Yazd property.
198: String classNameProp = PropertyManager
199: .getProperty("AuthorizationFactory.className");
200: if (classNameProp != null) {
201: className = classNameProp;
202: }
203: try {
204: Class c = Class.forName(className);
205: factory = (AuthorizationFactory) c
206: .newInstance();
207: } catch (Exception e) {
208: System.err.println("Exception loading class: "
209: + e);
210: e.printStackTrace();
211: }
212: }
213: }
214: }
215: }
216: }
|