improve authentication system

scm-web-api/src/main/java/sonia/scm/web/security/AuthenticationHandler.java

@@ -0,0 +1,68 @@
+/**
+ * Copyright (c) 2010, Sebastian Sdorra
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ *    this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright notice,
+ *    this list of conditions and the following disclaimer in the documentation
+ *    and/or other materials provided with the distribution.
+ * 3. Neither the name of SCM-Manager; nor the names of its
+ *    contributors may be used to endorse or promote products derived from this
+ *    software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
+ * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ * http://bitbucket.org/sdorra/scm-manager
+ *
+ */
+
+
+
+package sonia.scm.web.security;
+
+//~--- non-JDK imports --------------------------------------------------------
+
+import sonia.scm.Initable;
+import sonia.scm.TypedObject;
+
+//~--- JDK imports ------------------------------------------------------------
+
+import java.io.Closeable;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+/**
+ *
+ * @author Sebastian Sdorra
+ */
+public interface AuthenticationHandler extends Initable, Closeable, TypedObject
+{
+
+  /**
+   * Method description
+   *
+   *
+   * @param request
+   * @param response
+   * @param username
+   * @param password
+   *
+   * @return
+   */
+  public AuthenticationResult authenticate(HttpServletRequest request,
+          HttpServletResponse response, String username, String password);
+}

scm-web-api/src/main/java/sonia/scm/web/security/AuthenticationManager.java

@@ -36,6 +36,7 @@ package sonia.scm.web.security;
 //~--- non-JDK imports --------------------------------------------------------
 
 import sonia.scm.Initable;
+import sonia.scm.user.User;
 
 //~--- JDK imports ------------------------------------------------------------
 
@@ -62,6 +63,7 @@ public interface AuthenticationManager extends Initable, Closeable
    *
    * @return
    */
-  public AuthenticationResult authenticate(HttpServletRequest request,
+  public User authenticate(HttpServletRequest request,
-          HttpServletResponse response, String username, String password);
+                           HttpServletResponse response, String username,
+                           String password);
 }

scm-web-api/src/main/java/sonia/scm/web/security/AuthenticationResult.java

@@ -45,8 +45,8 @@ public class AuthenticationResult
 {
 
   /** Field description */
-  public static final AuthenticationResult NEXT =
+  public static final AuthenticationResult NOT_FOUND =
-    new AuthenticationResult(AuthenticationState.NEXT);
+    new AuthenticationResult(AuthenticationState.NOT_FOUND);
 
   /** Field description */
   public static final AuthenticationResult FAILED =
@@ -65,6 +65,18 @@ public class AuthenticationResult
     this.state = state;
   }
 
+  /**
+   * Constructs ...
+   *
+   *
+   *
+   * @param user
+   */
+  public AuthenticationResult(User user)
+  {
+    this.state = AuthenticationState.SUCCESS;
+  }
+
   /**
    * Constructs ...
    *

scm-web-api/src/main/java/sonia/scm/web/security/AuthenticationState.java

@@ -39,8 +39,7 @@ package sonia.scm.web.security;
  */
 public enum AuthenticationState
 {
-  CREATE_USER(true), MODIFY_USER(true), SUCCESS(true), NEXT(false),
+  SUCCESS(true), NOT_FOUND(false), FAILED(false);
-  FAILED(false);
 
   /**
    * Constructs ...

scm-web-api/src/main/java/sonia/scm/web/security/BasicSecurityContext.java

@@ -96,28 +96,26 @@ public class BasicSecurityContext implements WebSecurityContext
                            HttpServletResponse response, String username,
                            String password)
   {
-    AuthenticationResult result = authenticator.authenticate(request, response,
+    user = authenticator.authenticate(request, response, username, password);
-                                    username, password);
 
-    if (result.getState().isSuccessfully())
+    if (user != null)
     {
-      user = result.getUser();
-
       try
       {
-        switch (result.getState())
+        user.setLastLogin(System.currentTimeMillis());
+
+        if (userManager.contains(username))
         {
-          case CREATE_USER :
-            userManager.create(user);
-
-            break;
-
-          case MODIFY_USER :
           userManager.modify(user);
         }
+        else
+        {
+          userManager.create(user);
+        }
       }
       catch (Exception ex)
       {
+        user = null;
         logger.error(ex.getMessage(), ex);
       }
     }

scm-web-api/src/main/java/sonia/scm/web/security/ChainAuthenticatonManager.java

@@ -42,6 +42,7 @@ import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
 import sonia.scm.SCMContextProvider;
+import sonia.scm.user.User;
 import sonia.scm.util.AssertUtil;
 import sonia.scm.util.IOUtil;
 
@@ -72,13 +73,14 @@ public class ChainAuthenticatonManager implements AuthenticationManager
    * Constructs ...
    *
    *
-   * @param authenticatorSet
+   * @param authenticationHandlerSet
    */
   @Inject
-  public ChainAuthenticatonManager(Set<AuthenticationManager> authenticatorSet)
+  public ChainAuthenticatonManager(
+          Set<AuthenticationHandler> authenticationHandlerSet)
   {
-    AssertUtil.assertIsNotEmpty(authenticatorSet);
+    AssertUtil.assertIsNotEmpty(authenticationHandlerSet);
-    this.authenticatorSet = authenticatorSet;
+    this.authenticationHandlerSet = authenticationHandlerSet;
   }
 
   //~--- methods --------------------------------------------------------------
@@ -95,17 +97,18 @@ public class ChainAuthenticatonManager implements AuthenticationManager
    * @return
    */
   @Override
-  public AuthenticationResult authenticate(HttpServletRequest request,
+  public User authenticate(HttpServletRequest request,
-          HttpServletResponse response, String username, String password)
+                           HttpServletResponse response, String username,
+                           String password)
   {
-    AuthenticationResult result = null;
+    User user = null;
 
-    for (AuthenticationManager authenticator : authenticatorSet)
+    for (AuthenticationHandler authenticator : authenticationHandlerSet)
     {
       try
       {
-        result = authenticator.authenticate(request, response, username,
+        AuthenticationResult result = authenticator.authenticate(request,
-                password);
+                                        response, username, password);
 
         if (logger.isDebugEnabled())
         {
@@ -113,9 +116,16 @@ public class ChainAuthenticatonManager implements AuthenticationManager
                        authenticator.getClass().getName(), result);
         }
 
-        if (((result != null) && result.getState().isSuccessfully())
+        if ((result != null) && (result.getState() != null)
-            || (result.getState() == AuthenticationState.FAILED))
+            && (result.getState().isSuccessfully()
+                || (result.getState() == AuthenticationState.FAILED)))
         {
+          if (result.getState().isSuccessfully() && (result.getUser() != null))
+          {
+            user = result.getUser();
+            user.setType(authenticator.getType());
+          }
+
           break;
         }
       }
@@ -125,7 +135,7 @@ public class ChainAuthenticatonManager implements AuthenticationManager
       }
     }
 
-    return result;
+    return user;
   }
 
   /**
@@ -137,7 +147,7 @@ public class ChainAuthenticatonManager implements AuthenticationManager
   @Override
   public void close() throws IOException
   {
-    for (AuthenticationManager authenticator : authenticatorSet)
+    for (AuthenticationHandler authenticator : authenticationHandlerSet)
     {
       IOUtil.close(authenticator);
     }
@@ -152,7 +162,7 @@ public class ChainAuthenticatonManager implements AuthenticationManager
   @Override
   public void init(SCMContextProvider context)
   {
-    for (AuthenticationManager authenticator : authenticatorSet)
+    for (AuthenticationHandler authenticator : authenticationHandlerSet)
     {
       authenticator.init(context);
     }
@@ -161,5 +171,5 @@ public class ChainAuthenticatonManager implements AuthenticationManager
   //~--- fields ---------------------------------------------------------------
 
   /** Field description */
-  private Set<AuthenticationManager> authenticatorSet;
+  private Set<AuthenticationHandler> authenticationHandlerSet;
 }

scm-web-api/src/main/java/sonia/scm/web/security/XmlAuthenticationHandler.java

@@ -58,7 +58,7 @@ import javax.servlet.http.HttpServletResponse;
  * @author Sebastian Sdorra
  */
 @Singleton
-public class XmlAuthenticationManager implements AuthenticationManager
+public class XmlAuthenticationHandler implements AuthenticationHandler
 {
 
   /** Field description */
@@ -67,9 +67,9 @@ public class XmlAuthenticationManager implements AuthenticationManager
   /** Field description */
   public static final String TYPE = "xml";
 
-  /** the logger for XmlAuthenticationManager */
+  /** the logger for XmlAuthenticationHandler */
   private static final Logger logger =
-    LoggerFactory.getLogger(XmlAuthenticationManager.class);
+    LoggerFactory.getLogger(XmlAuthenticationHandler.class);
 
   //~--- constructors ---------------------------------------------------------
 
@@ -81,7 +81,7 @@ public class XmlAuthenticationManager implements AuthenticationManager
    * @param encryptionHandler
    */
   @Inject
-  public XmlAuthenticationManager(UserManager userManager,
+  public XmlAuthenticationHandler(UserManager userManager,
                                   EncryptionHandler encryptionHandler)
   {
     this.userManager = userManager;
@@ -121,7 +121,7 @@ public class XmlAuthenticationManager implements AuthenticationManager
           logger.debug("{} is not an xml user", username);
         }
 
-        result = AuthenticationResult.NEXT;
+        result = AuthenticationResult.NOT_FOUND;
       }
     }
     else
@@ -131,7 +131,7 @@ public class XmlAuthenticationManager implements AuthenticationManager
         logger.debug("could not find user {}", username);
       }
 
-      result = AuthenticationResult.NEXT;
+      result = AuthenticationResult.NOT_FOUND;
     }
 
     return result;
@@ -163,6 +163,22 @@ public class XmlAuthenticationManager implements AuthenticationManager
     // do nothing
   }
 
+  //~--- get methods ----------------------------------------------------------
+
+  /**
+   * Method description
+   *
+   *
+   * @return
+   */
+  @Override
+  public String getType()
+  {
+    return TYPE;
+  }
+
+  //~--- methods --------------------------------------------------------------
+
   /**
    * Method description
    *