This project has retired. For details please refer to its Attic page.
UserManagerAuthenticator xref
View Javadoc

1   package org.apache.archiva.redback.authentication.users;
2   
3   /*
4    * Licensed to the Apache Software Foundation (ASF) under one
5    * or more contributor license agreements.  See the NOTICE file
6    * distributed with this work for additional information
7    * regarding copyright ownership.  The ASF licenses this file
8    * to you under the Apache License, Version 2.0 (the
9    * "License"); you may not use this file except in compliance
10   * with the License.  You may obtain a copy of the License at
11   *
12   * http://www.apache.org/licenses/LICENSE-2.0
13   *
14   * Unless required by applicable law or agreed to in writing,
15   * software distributed under the License is distributed on an
16   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
17   * KIND, either express or implied.  See the License for the
18   * specific language governing permissions and limitations
19   * under the License.
20   */
21  
22  import org.apache.archiva.redback.authentication.AbstractAuthenticator;
23  import org.apache.archiva.redback.authentication.AuthenticationConstants;
24  import org.apache.archiva.redback.authentication.AuthenticationDataSource;
25  import org.apache.archiva.redback.authentication.AuthenticationException;
26  import org.apache.archiva.redback.authentication.AuthenticationFailureCause;
27  import org.apache.archiva.redback.authentication.AuthenticationResult;
28  import org.apache.archiva.redback.authentication.Authenticator;
29  import org.apache.archiva.redback.authentication.PasswordBasedAuthenticationDataSource;
30  import org.apache.archiva.redback.policy.AccountLockedException;
31  import org.apache.archiva.redback.policy.MustChangePasswordException;
32  import org.apache.archiva.redback.policy.PasswordEncoder;
33  import org.apache.archiva.redback.policy.PolicyViolationException;
34  import org.apache.archiva.redback.policy.UserSecurityPolicy;
35  import org.apache.archiva.redback.users.User;
36  import org.apache.archiva.redback.users.UserManager;
37  import org.apache.archiva.redback.users.UserManagerException;
38  import org.apache.archiva.redback.users.UserNotFoundException;
39  import org.slf4j.Logger;
40  import org.slf4j.LoggerFactory;
41  import org.springframework.stereotype.Service;
42  
43  import javax.inject.Inject;
44  import javax.inject.Named;
45  import java.util.ArrayList;
46  import java.util.List;
47  
48  /**
49   * {@link Authenticator} implementation that uses a wrapped {@link UserManager} to authenticate.
50   *
51   * @author <a href='mailto:rahul.thakur.xdev@gmail.com'>Rahul Thakur</a>
52   */
53  @Service("authenticator#user-manager")
54  public class UserManagerAuthenticator
55      extends AbstractAuthenticator
56      implements Authenticator
57  {
58      private Logger log = LoggerFactory.getLogger( getClass() );
59  
60      @Inject
61      @Named(value = "userManager#default")
62      private UserManager userManager;
63  
64      @Inject
65      private UserSecurityPolicy securityPolicy;
66  
67      public String getId()
68      {
69          return "UserManagerAuthenticator";
70      }
71  
72  
73      /**
74       * @throws org.apache.archiva.redback.policy.AccountLockedException
75       *
76       * @throws MustChangePasswordException
77       * @throws MustChangePasswordException
78       * @throws PolicyViolationException
79       * @see org.apache.archiva.redback.authentication.Authenticator#authenticate(org.apache.archiva.redback.authentication.AuthenticationDataSource)
80       */
81      public AuthenticationResult authenticate( AuthenticationDataSource ds )
82          throws AuthenticationException, AccountLockedException, MustChangePasswordException
83      {
84          boolean authenticationSuccess = false;
85          String username = null;
86          Exception resultException = null;
87          PasswordBasedAuthenticationDataSource source = (PasswordBasedAuthenticationDataSource) ds;
88          List<AuthenticationFailureCause> authenticationFailureCauses = new ArrayList<AuthenticationFailureCause>();
89  
90          try
91          {
92              log.debug( "Authenticate: {}", source );
93              User user = userManager.findUser( source.getUsername() );
94              username = user.getUsername();
95  
96              if ( user.isLocked() )
97              {
98                  throw new AccountLockedException( "Account " + source.getUsername() + " is locked.", user );
99              }
100 
101             if ( user.isPasswordChangeRequired() && source.isEnforcePasswordChange() )
102             {
103                 throw new MustChangePasswordException( "Password expired.", user );
104             }
105 
106             PasswordEncoder encoder = securityPolicy.getPasswordEncoder();
107             log.debug( "PasswordEncoder: {}", encoder.getClass().getName() );
108 
109             boolean isPasswordValid = encoder.isPasswordValid( user.getEncodedPassword(), source.getPassword() );
110             if ( isPasswordValid )
111             {
112                 log.debug( "User {} provided a valid password", source.getUsername() );
113 
114                 try
115                 {
116                     securityPolicy.extensionPasswordExpiration( user );
117                 }
118                 catch ( MustChangePasswordException e )
119                 {
120                     user.setPasswordChangeRequired( true );
121                     throw e;
122                 }
123 
124                 authenticationSuccess = true;
125 
126                 //REDBACK-151 do not make unnessesary updates to the user object
127                 if ( user.getCountFailedLoginAttempts() > 0 )
128                 {
129                     user.setCountFailedLoginAttempts( 0 );
130                     userManager.updateUser( user );
131                 }
132 
133                 return new AuthenticationResult( true, source.getUsername(), null );
134             }
135             else
136             {
137                 log.warn( "Password is Invalid for user {}.", source.getUsername() );
138                 authenticationFailureCauses.add(
139                     new AuthenticationFailureCause( AuthenticationConstants.AUTHN_NO_SUCH_USER,
140                                                     "Password is Invalid for user " + source.getUsername() + "." ) );
141 
142                 try
143                 {
144                     securityPolicy.extensionExcessiveLoginAttempts( user );
145                 }
146                 finally
147                 {
148                     userManager.updateUser( user );
149                 }
150 
151                 return new AuthenticationResult( false, source.getUsername(), null, authenticationFailureCauses );
152             }
153         }
154         catch ( UserNotFoundException e )
155         {
156             log.warn( "Login for user {} failed. user not found.", source.getUsername() );
157             resultException = e;
158             authenticationFailureCauses.add( new AuthenticationFailureCause( AuthenticationConstants.AUTHN_NO_SUCH_USER,
159                                                                              "Login for user " + source.getUsername()
160                                                                                  + " failed. user not found." ) );
161         }
162         catch ( UserManagerException e )
163         {
164             log.warn( "Login for user {} failed, message: {}", source.getUsername(), e.getMessage() );
165             resultException = e;
166             authenticationFailureCauses.add(
167                 new AuthenticationFailureCause( AuthenticationConstants.AUTHN_RUNTIME_EXCEPTION,
168                                                 "Login for user " + source.getUsername() + " failed, message: "
169                                                     + e.getMessage() ) );
170         }
171 
172         return new AuthenticationResult( authenticationSuccess, username, resultException,
173                                          authenticationFailureCauses );
174     }
175 
176     /**
177      * Returns the wrapped {@link UserManager} used by this {@link org.apache.archiva.redback.authentication.Authenticator}
178      * implementation for authentication.
179      *
180      * @return the userManager
181      */
182     public UserManager getUserManager()
183     {
184         return userManager;
185     }
186 
187     /**
188      * Sets a {@link UserManager} to be used by this {@link Authenticator}
189      * implementation for authentication.
190      *
191      * @param userManager the userManager to set
192      */
193     public void setUserManager( UserManager userManager )
194     {
195         this.userManager = userManager;
196     }
197 
198     public boolean supportsDataSource( AuthenticationDataSource source )
199     {
200         return ( source instanceof PasswordBasedAuthenticationDataSource );
201     }
202 
203     public UserSecurityPolicy getSecurityPolicy()
204     {
205         return securityPolicy;
206     }
207 
208     public void setSecurityPolicy( UserSecurityPolicy securityPolicy )
209     {
210         this.securityPolicy = securityPolicy;
211     }
212 }