This project has retired. For details please refer to its Attic page.
HttpAuthenticator xref
View Javadoc

1   package org.apache.archiva.redback.integration.filter.authentication;
2   
3   /*
4    * Licensed to the Apache Software Foundation (ASF) under one
5    * or more contributor license agreements.  See the NOTICE file
6    * distributed with this work for additional information
7    * regarding copyright ownership.  The ASF licenses this file
8    * to you under the Apache License, Version 2.0 (the
9    * "License"); you may not use this file except in compliance
10   * with the License.  You may obtain a copy of the License at
11   *
12   * http://www.apache.org/licenses/LICENSE-2.0
13   *
14   * Unless required by applicable law or agreed to in writing,
15   * software distributed under the License is distributed on an
16   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
17   * KIND, either express or implied.  See the License for the
18   * specific language governing permissions and limitations
19   * under the License.
20   */
21  
22  import org.apache.archiva.redback.authentication.AuthenticationException;
23  import org.apache.archiva.redback.policy.MustChangePasswordException;
24  import org.apache.archiva.redback.users.User;
25  import org.apache.archiva.redback.users.UserManagerException;
26  import org.apache.archiva.redback.users.UserNotFoundException;
27  import org.apache.archiva.redback.authentication.AuthenticationDataSource;
28  import org.apache.archiva.redback.authentication.AuthenticationResult;
29  import org.apache.archiva.redback.policy.AccountLockedException;
30  import org.apache.archiva.redback.system.SecuritySession;
31  import org.apache.archiva.redback.system.SecuritySystem;
32  import org.apache.archiva.redback.system.SecuritySystemConstants;
33  import org.apache.commons.lang.StringUtils;
34  import org.slf4j.Logger;
35  import org.slf4j.LoggerFactory;
36  
37  import javax.inject.Inject;
38  import javax.servlet.http.HttpServletRequest;
39  import javax.servlet.http.HttpServletResponse;
40  import javax.servlet.http.HttpSession;
41  import java.io.IOException;
42  
43  /**
44   * HttpAuthenticator
45   *
46   * @author <a href="mailto:joakim@erdfelt.com">Joakim Erdfelt</a>
47   */
48  public abstract class HttpAuthenticator
49  {
50      protected Logger log = LoggerFactory.getLogger( getClass() );
51  
52      @Inject
53      protected SecuritySystem securitySystem;
54  
55      /**
56       * The Public Face of the Authenticator.
57       *
58       * @throws MustChangePasswordException
59       * @throws AccountLockedException
60       */
61      public AuthenticationResult authenticate( AuthenticationDataSource ds, HttpSession httpSession )
62          throws AuthenticationException, AccountLockedException, MustChangePasswordException
63      {
64          try
65          {
66              SecuritySession securitySession = securitySystem.authenticate( ds );
67  
68              setSecuritySession( securitySession, httpSession );
69  
70              return securitySession.getAuthenticationResult().user( securitySession.getUser() );
71          }
72          catch ( AuthenticationException e )
73          {
74              String msg = "Unable to authenticate user: " + ds;
75              log.info( msg, e );
76              throw new HttpAuthenticationException( msg, e );
77          }
78          catch ( UserNotFoundException e )
79          {
80              log.info( "Login attempt against unknown user: {}", ds );
81              throw new HttpAuthenticationException( "User name or password invalid." );
82          }
83          catch ( UserManagerException e )
84          {
85              log.info( "UserManagerException: {}", e.getMessage() );
86              throw new HttpAuthenticationException( e.getMessage(), e );
87          }
88      }
89  
90      /**
91       * Entry point for a Filter.
92       *
93       * @param request
94       * @param response
95       * @throws AuthenticationException
96       */
97      public void authenticate( HttpServletRequest request, HttpServletResponse response )
98          throws AuthenticationException
99      {
100         try
101         {
102             AuthenticationResult result = getAuthenticationResult( request, response );
103 
104             if ( ( result == null ) || ( !result.isAuthenticated() ) )
105             {
106                 throw new HttpAuthenticationException( "You are not authenticated." );
107             }
108         }
109         catch ( AccountLockedException e )
110         {
111             throw new HttpAuthenticationException( "Your account is locked.", e );
112         }
113         catch ( MustChangePasswordException e )
114         {
115             throw new HttpAuthenticationException( "You must change your password.", e );
116         }
117 
118     }
119 
120     /**
121      * Issue a Challenge Response back to the HTTP Client.
122      *
123      * @param request
124      * @param response
125      * @param realmName
126      * @param exception
127      * @throws IOException
128      */
129     public abstract void challenge( HttpServletRequest request, HttpServletResponse response, String realmName,
130                                     AuthenticationException exception )
131         throws IOException;
132 
133     /**
134      * Parse the incoming request and return an AuthenticationResult.
135      *
136      * @param request
137      * @param response
138      * @return null if no http auth credentials, or the actual authentication result based on the credentials.
139      * @throws AuthenticationException
140      * @throws MustChangePasswordException
141      * @throws AccountLockedException
142      */
143     public abstract AuthenticationResult getAuthenticationResult( HttpServletRequest request,
144                                                                   HttpServletResponse response )
145         throws AuthenticationException, AccountLockedException, MustChangePasswordException;
146 
147 
148     public User getSessionUser( HttpSession httpSession )
149     {
150         return (User) httpSession.getAttribute( SecuritySession.USERKEY );
151     }
152 
153     public boolean isAlreadyAuthenticated( HttpSession httpSession )
154     {
155         User user = getSessionUser( httpSession );
156 
157         return ( ( user != null ) && !user.isLocked() && !user.isPasswordChangeRequired() );
158     }
159 
160     public SecuritySession getSecuritySession( HttpSession httpSession )
161     {
162         SecuritySession securitySession = (SecuritySession) httpSession.getAttribute( SecuritySession.SESSION_KEY );
163         if ( securitySession != null )
164         {
165             return securitySession;
166         }
167         return (SecuritySession) httpSession.getAttribute( SecuritySystemConstants.SECURITY_SESSION_KEY );
168 
169     }
170 
171 
172     public void setSecuritySession( SecuritySession session, HttpSession httpSession )
173     {
174         httpSession.setAttribute( SecuritySession.SESSION_KEY, session );
175         httpSession.setAttribute( SecuritySession.USERKEY, session.getUser() );
176     }
177 
178     public void setSessionUser( User user, HttpSession httpSession )
179     {
180         httpSession.setAttribute( SecuritySession.SESSION_KEY, null );
181         httpSession.setAttribute( SecuritySession.USERKEY, user );
182     }
183 
184 
185 }