Java tutorial
/* * This software was designed and created by Jason Carroll. * Copyright (c) 2002, 2003, 2004 Jason Carroll. * The author can be reached at jcarroll@cowsultants.com * ITracker website: http://www.cowsultants.com * ITracker forums: http://www.cowsultants.com/phpBB/index.php * * This program is free software; you can redistribute it and/or modify * it only under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. */ package org.itracker.services.authentication; import org.apache.log4j.Logger; import org.itracker.model.Permission; import org.itracker.model.PermissionType; import org.itracker.model.User; import org.itracker.UserException; import org.itracker.services.exceptions.AuthenticatorException; import org.itracker.PasswordException; import org.itracker.model.util.UserUtilities; import org.springframework.dao.DataAccessException; import java.util.ArrayList; import java.util.HashMap; import java.util.List; import java.util.Map; /** * This class provides a default authentication scheme for ITracker. It uses passwords * in the user table provided by ITracker to authenticate users. This authenticator * allows any user to self register if self registration is available in the system. */ public class DefaultAuthenticator extends AbstractPluggableAuthenticator { private static final Logger logger = Logger.getLogger(DefaultAuthenticator.class); /** * Checks the login of a user against the user profile provided in ITracker. This is * the default authentication scheme provided by ITracker. * * @param login the login the user/client provided * @param authentication the user's authentication information, if known * @param authType the type of authentication information being provided * @param reqSource the source of the request (eg web, api) * @return a User if the login is successful * @throws AuthenticatorException an exception if the login is unsuccessful, or an error occurs */ public User checkLogin(final String login, final Object authentication, final int authType, final int reqSource) throws AuthenticatorException { if (logger.isDebugEnabled()) { logger.debug("Checking login for " + login + " using DefaultAuthenticator"); } if (login != null && authentication != null && !login.equals("")) { User user; try { user = getUserService().getUserByLogin(login); } catch (DataAccessException e) { logger.error("checkLogin: failed to get user by login: " + login, e); throw new AuthenticatorException(AuthenticatorException.UNKNOWN_USER, e.getMessage()); } if (user.getStatus() != UserUtilities.STATUS_ACTIVE) { AuthenticatorException e = new AuthenticatorException(AuthenticatorException.INACTIVE_ACCOUNT); logger.info("checkLogin: user is inactive, user: " + user, e); throw e; } String userPassword; try { userPassword = getUserService().getUserPasswordByLogin(login); } catch (DataAccessException e) { AuthenticatorException ex = new AuthenticatorException(e.getMessage(), authType); logger.info("checkLogin: user is inactive, user: " + user, ex); throw e; } if (userPassword == null || userPassword.equals("")) { AuthenticatorException e = new AuthenticatorException(AuthenticatorException.INVALID_PASSWORD); logger.info("checkLogin: user has no password, user: " + user, e); throw e; } try { if (!userPassword.endsWith("=")) { logger.info("checkLogin: User " + login + " has old style password. Converting to SHA1 hash."); try { user.setPassword(UserUtilities.encryptPassword(userPassword)); getUserService().updateUser(user); } catch (UserException ue) { logger.error("checkLogin: User password conversion failed for user " + user, ue); throw new AuthenticatorException(AuthenticatorException.SYSTEM_ERROR); } } if (authType == AUTH_TYPE_PASSWORD_PLAIN) { if (!userPassword.equals(UserUtilities.encryptPassword((String) authentication))) { throw new AuthenticatorException(AuthenticatorException.INVALID_PASSWORD); } } else if (authType == AUTH_TYPE_PASSWORD_ENC) { if (!userPassword.equals(authentication)) { throw new AuthenticatorException(AuthenticatorException.INVALID_PASSWORD); } } else { logger.info("checkLogin: invalid authenticator type: " + authType); throw new AuthenticatorException(AuthenticatorException.INVALID_AUTHENTICATION_TYPE); } } catch (ClassCastException cce) { logger.error("checkLogin: Authenticator was of wrong type.", cce); throw new AuthenticatorException(AuthenticatorException.SYSTEM_ERROR); } catch (PasswordException pe) { throw new AuthenticatorException(AuthenticatorException.SYSTEM_ERROR); } catch (AuthenticatorException ae) { if (logger.isDebugEnabled()) { logger.debug("checkLogin: failed to authenticate " + login, ae); } throw ae; } return user; } logger.info( "checkLogin: no login was supplied: " + login + ", type: " + authType + ", source: " + reqSource); throw new AuthenticatorException(AuthenticatorException.INVALID_DATA); } /** * The DefaultAuthenticator returns a list of user permissions from the database. * * @param user a User object that contains the user to retrieve permissions for * @param reqSource the source of the request (eg web, api) * @return an array of PermissionModels * @throws AuthenticatorException an error occurs */ public List<Permission> getUserPermissions(User user, int reqSource) throws AuthenticatorException { if (user == null || user.getId() == null) { throw new AuthenticatorException(AuthenticatorException.INVALID_DATA); } List<Permission> permissionList; try { permissionList = getUserService().getUserPermissionsLocal(user); } catch (DataAccessException e) { throw new AuthenticatorException(e.getMessage(), reqSource); } if (user.isSuperUser()) { List<Permission> augmentedPermissions = new ArrayList<Permission>(); // Super user has access to all projects (represented by the "null" project). Permission permission = new Permission(PermissionType.USER_ADMIN, user, null); augmentedPermissions.add(permission); augmentedPermissions.addAll(permissionList); return augmentedPermissions; } else { return permissionList; } } /** * Returns the list of users for a given project. User permissions can be specified. * * @param projectId - The Project to search for users * @param permissionTypes - User rights to filter * @param requireAll - Require all permissions * @param activeOnly - Filter users who are active (Possible user status: DELETED, ACTIVE, LOCKED) * @param reqSource - not used. TODO: Tagged for removal * @return List of users for the project with filters applied. */ @Override public List<User> getUsersWithProjectPermission(Integer projectId, PermissionType[] permissionTypes, boolean requireAll, boolean activeOnly, int reqSource) throws AuthenticatorException { List<User> users; try { Map<Integer, User> userMap = new HashMap<Integer, User>(); if (requireAll) { List<User> explicitUsers = getUserService().findUsersForProjectByPermissionTypeList(projectId, permissionTypes); for (User user : explicitUsers) { userMap.put(user.getId(), user); } } else { for (int i = 0; i < permissionTypes.length; i++) { List<User> explicitUsers = getUserService().getUsersWithPermissionLocal(projectId, permissionTypes[i]); for (User user : explicitUsers) { userMap.put(user.getId(), user); } } } List<User> superUsers = getUserService().getSuperUsers(); for (User superUser : superUsers) { userMap.put(superUser.getId(), superUser); } users = new ArrayList<User>(); for (User user : userMap.values()) { if (activeOnly) { if (user.getStatus() == UserUtilities.STATUS_ACTIVE) { users.add(user); } } else { users.add(user); } } } catch (Exception e) { logger.error("Error retreiving users with permissions.", e); throw new AuthenticatorException(); } return users; } @Override @Deprecated public List<User> getUsersWithProjectPermission(Integer projectId, int[] permissionTypes, boolean requireAll, boolean activeOnly, int reqSource) throws AuthenticatorException { return getUsersWithProjectPermission(projectId, PermissionType.valueOf(permissionTypes), requireAll, activeOnly, reqSource); } /** * The DefaultAuthenticator always allows self registered users. * * @param user a User object that contains the data the user submitted * @param authentication the user's authentication information, if known * @param authType the type of authentication information being provided * @param reqSource the source of the request (eg web, api) * @return true */ public boolean allowRegistration(User user, Object authentication, int authType, int reqSource) throws AuthenticatorException { return true; } /** * The DefaultAuthenticator always allows new user profiles. * * @param user a User object that contains the data the user submitted * @param authentication the user's authentication information, if known * @param authType the type of authentication information being provided * @return true * @throws AuthenticatorException an exception if an error occurs */ public boolean allowProfileCreation(User user, Object authentication, int authType, int reqSource) throws AuthenticatorException { return true; } /** * The DefaultAuthenticator always allows profile updates. * * @param user a User object that contains the data the user submitted * @param authentication the user's authentication information, if known * @param authType the type of authentication information being provided * @param reqSource the source of the request (eg web, api) * @return true * @throws AuthenticatorException an exception if an error occurs */ public boolean allowProfileUpdates(User user, Object authentication, int authType, int reqSource) throws AuthenticatorException { return true; } /** * The DefaultAuthenticator always allows password updates. * * @param user a User object that contains the data the user submitted * @param authentication the user's authentication information, if known * @param authType the type of authentication information being provided * @param reqSource the source of the request (eg web, api) * @return true * @throws AuthenticatorException an exception if an error occurs */ public boolean allowPasswordUpdates(User user, Object authentication, int authType, int reqSource) throws AuthenticatorException { return true; } /** * The DefaultAuthenticator always allows permission updates. * * @param user a User object that contains the data the user submitted * @param authentication the user's authentication information, if known * @param authType the type of authentication information being provided * @param reqSource the source of the request (eg web, api) * @return true * @throws AuthenticatorException an exception if an error occurs */ public boolean allowPermissionUpdates(User user, Object authentication, int authType, int reqSource) throws AuthenticatorException { return true; } /** * The DefaultAuthenticator always allows preferences updates. * * @param user a User object that contains the data the user submitted * @param authentication the user's authentication information, if known * @param authType the type of authentication information being provided * @param reqSource the source of the request (eg web, api) * @return true * @throws AuthenticatorException an exception if an error occurs */ public boolean allowPreferenceUpdates(User user, Object authentication, int authType, int reqSource) throws AuthenticatorException { return true; } /** * The DefaultAuthenticator does not make any changes to a newly created profile. * * @param user a User object that contains the newly created profile * @param authentication the user's authentication information, if known * @param authType the type of authentication information being provided * @param reqSource the source of the request (eg web, api) * @return boolean indicating whther changes to the user were made * @throws AuthenticatorException an error occurs */ public boolean createProfile(User user, Object authentication, int authType, int reqSource) throws AuthenticatorException { return false; } /** * The DefaultAuthenticator does not make any changes to an updated profile. * * @param user a User object that contains the updated profile * @param updateType the type of information that is being updated * @param authentication the user's authentication information, if known * @param authType the type of authentication information being provided * @param reqSource the source of the request (eg web, api) * @return boolean indicating whther changes to the user were made * @throws AuthenticatorException an exception if the login is unsuccessful, or an error occurs */ public boolean updateProfile(User user, int updateType, Object authentication, int authType, int reqSource) throws AuthenticatorException { return false; } }