2010-10-31 19:22:53 +01:00
|
|
|
/**
|
|
|
|
|
* Copyright (c) 2010, Sebastian Sdorra
|
|
|
|
|
* All rights reserved.
|
|
|
|
|
*
|
|
|
|
|
* Redistribution and use in source and binary forms, with or without
|
|
|
|
|
* modification, are permitted provided that the following conditions are met:
|
|
|
|
|
*
|
|
|
|
|
* 1. Redistributions of source code must retain the above copyright notice,
|
|
|
|
|
* this list of conditions and the following disclaimer.
|
|
|
|
|
* 2. Redistributions in binary form must reproduce the above copyright notice,
|
|
|
|
|
* this list of conditions and the following disclaimer in the documentation
|
|
|
|
|
* and/or other materials provided with the distribution.
|
|
|
|
|
* 3. Neither the name of SCM-Manager; nor the names of its
|
|
|
|
|
* contributors may be used to endorse or promote products derived from this
|
|
|
|
|
* software without specific prior written permission.
|
|
|
|
|
*
|
|
|
|
|
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
|
|
|
|
|
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
|
|
|
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
|
|
|
|
|
* DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY
|
|
|
|
|
* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
|
|
|
|
|
* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
|
|
|
|
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
|
|
|
|
|
* ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
|
|
|
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
|
|
|
|
|
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
|
|
|
*
|
|
|
|
|
* http://bitbucket.org/sdorra/scm-manager
|
|
|
|
|
*
|
2010-10-31 11:47:16 +01:00
|
|
|
*/
|
|
|
|
|
|
2010-11-06 17:10:50 +01:00
|
|
|
|
|
|
|
|
|
2010-10-31 11:47:16 +01:00
|
|
|
package sonia.scm.web.security;
|
|
|
|
|
|
|
|
|
|
//~--- non-JDK imports --------------------------------------------------------
|
|
|
|
|
|
|
|
|
|
import com.google.inject.Inject;
|
|
|
|
|
import com.google.inject.Singleton;
|
|
|
|
|
|
|
|
|
|
import org.slf4j.Logger;
|
|
|
|
|
import org.slf4j.LoggerFactory;
|
|
|
|
|
|
|
|
|
|
import sonia.scm.SCMContextProvider;
|
2011-01-15 14:05:13 +01:00
|
|
|
import sonia.scm.cache.CacheManager;
|
|
|
|
|
import sonia.scm.cache.SimpleCache;
|
|
|
|
|
import sonia.scm.security.EncryptionHandler;
|
2010-12-04 16:01:27 +01:00
|
|
|
import sonia.scm.user.User;
|
2010-12-02 20:44:13 +01:00
|
|
|
import sonia.scm.util.AssertUtil;
|
|
|
|
|
import sonia.scm.util.IOUtil;
|
2010-10-31 11:47:16 +01:00
|
|
|
|
|
|
|
|
//~--- JDK imports ------------------------------------------------------------
|
|
|
|
|
|
|
|
|
|
import java.io.IOException;
|
|
|
|
|
|
2010-12-02 20:44:13 +01:00
|
|
|
import java.util.Set;
|
|
|
|
|
|
2010-10-31 11:47:16 +01:00
|
|
|
import javax.servlet.http.HttpServletRequest;
|
|
|
|
|
import javax.servlet.http.HttpServletResponse;
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
*
|
|
|
|
|
* @author Sebastian Sdorra
|
|
|
|
|
*/
|
|
|
|
|
@Singleton
|
2011-01-07 11:57:15 +01:00
|
|
|
public class ChainAuthenticatonManager extends AbstractAuthenticationManager
|
2010-10-31 11:47:16 +01:00
|
|
|
{
|
|
|
|
|
|
2011-01-15 14:05:13 +01:00
|
|
|
/** Field description */
|
|
|
|
|
public static final String CACHE_NAME = "sonia.cache.auth";
|
|
|
|
|
|
2010-12-02 20:44:13 +01:00
|
|
|
/** the logger for ChainAuthenticatonManager */
|
2010-10-31 11:47:16 +01:00
|
|
|
private static final Logger logger =
|
2010-12-02 20:44:13 +01:00
|
|
|
LoggerFactory.getLogger(ChainAuthenticatonManager.class);
|
|
|
|
|
|
|
|
|
|
//~--- constructors ---------------------------------------------------------
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Constructs ...
|
|
|
|
|
*
|
|
|
|
|
*
|
2010-12-04 16:01:27 +01:00
|
|
|
* @param authenticationHandlerSet
|
2011-01-15 14:05:13 +01:00
|
|
|
* @param encryptionHandler
|
|
|
|
|
* @param cacheManager
|
2010-12-02 20:44:13 +01:00
|
|
|
*/
|
|
|
|
|
@Inject
|
2010-12-04 16:01:27 +01:00
|
|
|
public ChainAuthenticatonManager(
|
2011-01-15 14:05:13 +01:00
|
|
|
Set<AuthenticationHandler> authenticationHandlerSet,
|
|
|
|
|
EncryptionHandler encryptionHandler, CacheManager cacheManager)
|
2010-12-02 20:44:13 +01:00
|
|
|
{
|
2010-12-04 16:01:27 +01:00
|
|
|
AssertUtil.assertIsNotEmpty(authenticationHandlerSet);
|
2011-01-15 14:05:13 +01:00
|
|
|
AssertUtil.assertIsNotNull(cacheManager);
|
2010-12-04 16:01:27 +01:00
|
|
|
this.authenticationHandlerSet = authenticationHandlerSet;
|
2011-01-15 14:05:13 +01:00
|
|
|
this.encryptionHandler = encryptionHandler;
|
|
|
|
|
this.cache = cacheManager.getSimpleCache(String.class,
|
|
|
|
|
AuthenticationCacheValue.class, CACHE_NAME);
|
2010-12-02 20:44:13 +01:00
|
|
|
}
|
2010-10-31 11:47:16 +01:00
|
|
|
|
|
|
|
|
//~--- methods --------------------------------------------------------------
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Method description
|
|
|
|
|
*
|
|
|
|
|
*
|
|
|
|
|
* @param request
|
|
|
|
|
* @param response
|
|
|
|
|
* @param username
|
|
|
|
|
* @param password
|
|
|
|
|
*
|
|
|
|
|
* @return
|
|
|
|
|
*/
|
|
|
|
|
@Override
|
2011-01-08 13:04:04 +01:00
|
|
|
public AuthenticationResult authenticate(HttpServletRequest request,
|
|
|
|
|
HttpServletResponse response, String username, String password)
|
2011-01-15 14:05:13 +01:00
|
|
|
{
|
|
|
|
|
AssertUtil.assertIsNotEmpty(username);
|
|
|
|
|
AssertUtil.assertIsNotEmpty(password);
|
|
|
|
|
|
|
|
|
|
String encryptedPassword = encryptionHandler.encrypt(password);
|
|
|
|
|
AuthenticationResult ar = getCached(username, encryptedPassword);
|
|
|
|
|
|
|
|
|
|
if (ar == null)
|
|
|
|
|
{
|
|
|
|
|
ar = doAuthentication(request, response, username, password);
|
|
|
|
|
|
|
|
|
|
if ((ar != null) && ar.isCacheable())
|
|
|
|
|
{
|
|
|
|
|
cache.put(username,
|
|
|
|
|
new AuthenticationCacheValue(ar, encryptedPassword));
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
else if (logger.isDebugEnabled())
|
|
|
|
|
{
|
|
|
|
|
logger.debug("authenticate {} via cache", username);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return ar;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Method description
|
|
|
|
|
*
|
|
|
|
|
*
|
|
|
|
|
* @throws IOException
|
|
|
|
|
*/
|
|
|
|
|
@Override
|
|
|
|
|
public void close() throws IOException
|
|
|
|
|
{
|
|
|
|
|
for (AuthenticationHandler authenticator : authenticationHandlerSet)
|
|
|
|
|
{
|
|
|
|
|
IOUtil.close(authenticator);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Method description
|
|
|
|
|
*
|
|
|
|
|
*
|
|
|
|
|
* @param context
|
|
|
|
|
*/
|
|
|
|
|
@Override
|
|
|
|
|
public void init(SCMContextProvider context)
|
|
|
|
|
{
|
|
|
|
|
for (AuthenticationHandler authenticator : authenticationHandlerSet)
|
|
|
|
|
{
|
|
|
|
|
authenticator.init(context);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Method description
|
|
|
|
|
*
|
|
|
|
|
*
|
|
|
|
|
* @param request
|
|
|
|
|
* @param response
|
|
|
|
|
* @param username
|
|
|
|
|
* @param password
|
|
|
|
|
*
|
|
|
|
|
* @return
|
|
|
|
|
*/
|
|
|
|
|
private AuthenticationResult doAuthentication(HttpServletRequest request,
|
|
|
|
|
HttpServletResponse response, String username, String password)
|
2010-10-31 11:47:16 +01:00
|
|
|
{
|
2011-01-08 13:04:04 +01:00
|
|
|
AuthenticationResult ar = null;
|
2010-10-31 11:47:16 +01:00
|
|
|
|
2010-12-04 16:01:27 +01:00
|
|
|
for (AuthenticationHandler authenticator : authenticationHandlerSet)
|
2010-10-31 11:47:16 +01:00
|
|
|
{
|
2010-12-02 20:44:13 +01:00
|
|
|
try
|
2010-10-31 11:47:16 +01:00
|
|
|
{
|
2010-12-04 16:01:27 +01:00
|
|
|
AuthenticationResult result = authenticator.authenticate(request,
|
|
|
|
|
response, username, password);
|
2010-10-31 11:47:16 +01:00
|
|
|
|
|
|
|
|
if (logger.isDebugEnabled())
|
|
|
|
|
{
|
2010-12-02 20:44:13 +01:00
|
|
|
logger.debug("authenticator {} ends with result, {}",
|
|
|
|
|
authenticator.getClass().getName(), result);
|
2010-10-31 11:47:16 +01:00
|
|
|
}
|
2010-12-02 20:44:13 +01:00
|
|
|
|
2010-12-04 16:01:27 +01:00
|
|
|
if ((result != null) && (result.getState() != null)
|
|
|
|
|
&& (result.getState().isSuccessfully()
|
|
|
|
|
|| (result.getState() == AuthenticationState.FAILED)))
|
2010-11-06 17:10:50 +01:00
|
|
|
{
|
2010-12-04 16:01:27 +01:00
|
|
|
if (result.getState().isSuccessfully() && (result.getUser() != null))
|
|
|
|
|
{
|
2011-01-08 13:04:04 +01:00
|
|
|
User user = result.getUser();
|
|
|
|
|
|
2010-12-04 16:01:27 +01:00
|
|
|
user.setType(authenticator.getType());
|
2011-01-08 13:04:04 +01:00
|
|
|
ar = result;
|
2011-01-07 11:57:15 +01:00
|
|
|
|
|
|
|
|
// notify authentication listeners
|
|
|
|
|
fireAuthenticationEvent(request, response, user);
|
2010-12-04 16:01:27 +01:00
|
|
|
}
|
|
|
|
|
|
2010-12-02 20:44:13 +01:00
|
|
|
break;
|
2010-11-06 17:10:50 +01:00
|
|
|
}
|
2010-10-31 11:47:16 +01:00
|
|
|
}
|
2010-12-02 20:44:13 +01:00
|
|
|
catch (Exception ex)
|
|
|
|
|
{
|
|
|
|
|
logger.error(ex.getMessage(), ex);
|
|
|
|
|
}
|
2010-10-31 11:47:16 +01:00
|
|
|
}
|
|
|
|
|
|
2011-01-08 13:04:04 +01:00
|
|
|
return ar;
|
2010-10-31 11:47:16 +01:00
|
|
|
}
|
|
|
|
|
|
2011-01-15 14:05:13 +01:00
|
|
|
//~--- get methods ----------------------------------------------------------
|
|
|
|
|
|
2010-10-31 11:47:16 +01:00
|
|
|
/**
|
|
|
|
|
* Method description
|
|
|
|
|
*
|
|
|
|
|
*
|
2011-01-15 14:05:13 +01:00
|
|
|
* @param username
|
|
|
|
|
* @param encryptedPassword
|
|
|
|
|
*
|
|
|
|
|
* @return
|
2010-10-31 11:47:16 +01:00
|
|
|
*/
|
2011-01-15 14:05:13 +01:00
|
|
|
private AuthenticationResult getCached(String username,
|
|
|
|
|
String encryptedPassword)
|
2010-10-31 11:47:16 +01:00
|
|
|
{
|
2011-01-15 14:05:13 +01:00
|
|
|
AuthenticationResult result = null;
|
|
|
|
|
AuthenticationCacheValue value = cache.get(username);
|
|
|
|
|
|
|
|
|
|
if (value != null)
|
2010-12-02 20:44:13 +01:00
|
|
|
{
|
2011-01-15 14:05:13 +01:00
|
|
|
String cachedPassword = value.password;
|
|
|
|
|
|
|
|
|
|
if (cachedPassword.equals(encryptedPassword))
|
|
|
|
|
{
|
|
|
|
|
result = value.authenticationResult;
|
|
|
|
|
}
|
2010-12-02 20:44:13 +01:00
|
|
|
}
|
2011-01-15 14:05:13 +01:00
|
|
|
|
|
|
|
|
return result;
|
2010-10-31 11:47:16 +01:00
|
|
|
}
|
|
|
|
|
|
2011-01-15 14:05:13 +01:00
|
|
|
//~--- inner classes --------------------------------------------------------
|
|
|
|
|
|
2010-10-31 11:47:16 +01:00
|
|
|
/**
|
2011-01-15 14:05:13 +01:00
|
|
|
* Class description
|
2010-10-31 11:47:16 +01:00
|
|
|
*
|
|
|
|
|
*
|
2011-01-15 14:05:13 +01:00
|
|
|
* @version Enter version here..., 2011-01-15
|
|
|
|
|
* @author Sebastian Sdorra
|
2010-10-31 11:47:16 +01:00
|
|
|
*/
|
2011-01-15 14:05:13 +01:00
|
|
|
private static class AuthenticationCacheValue
|
2010-10-31 11:47:16 +01:00
|
|
|
{
|
2011-01-15 14:05:13 +01:00
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Constructs ...
|
|
|
|
|
*
|
|
|
|
|
*
|
|
|
|
|
* @param authenticationResult
|
|
|
|
|
* @param password
|
|
|
|
|
*/
|
|
|
|
|
public AuthenticationCacheValue(AuthenticationResult authenticationResult,
|
|
|
|
|
String password)
|
2010-12-02 20:44:13 +01:00
|
|
|
{
|
2011-01-15 14:05:13 +01:00
|
|
|
this.authenticationResult = authenticationResult;
|
|
|
|
|
this.password = password;
|
2010-12-02 20:44:13 +01:00
|
|
|
}
|
2011-01-15 14:05:13 +01:00
|
|
|
|
|
|
|
|
//~--- fields -------------------------------------------------------------
|
|
|
|
|
|
|
|
|
|
/** Field description */
|
|
|
|
|
private AuthenticationResult authenticationResult;
|
|
|
|
|
|
|
|
|
|
/** Field description */
|
|
|
|
|
private String password;
|
2010-10-31 11:47:16 +01:00
|
|
|
}
|
|
|
|
|
|
2011-01-15 14:05:13 +01:00
|
|
|
|
2010-10-31 11:47:16 +01:00
|
|
|
//~--- fields ---------------------------------------------------------------
|
|
|
|
|
|
|
|
|
|
/** Field description */
|
2010-12-04 16:01:27 +01:00
|
|
|
private Set<AuthenticationHandler> authenticationHandlerSet;
|
2011-01-15 14:05:13 +01:00
|
|
|
|
|
|
|
|
/** Field description */
|
|
|
|
|
private SimpleCache<String, AuthenticationCacheValue> cache;
|
|
|
|
|
|
|
|
|
|
/** Field description */
|
|
|
|
|
private EncryptionHandler encryptionHandler;
|
2010-10-31 11:47:16 +01:00
|
|
|
}
|
