Source code: com/obinary/cms/admin/Authenticator.java
1 /**
2 *
3 * Magnolia and its source-code is licensed under the LGPL.
4 * You may copy, adapt, and redistribute this file for commercial or non-commercial use.
5 * When copying, adapting, or redistributing this document in keeping with the guidelines above,
6 * you are required to provide proper attribution to obinary.
7 * If you reproduce or distribute the document without making any substantive modifications to its content,
8 * please use the following attribution line:
9 *
10 * Copyright 1993-2003 obinary Ltd. (http://www.obinary.com) All rights reserved.
11 *
12 * */
13
14
15
16 package com.obinary.cms.admin;
17
18
19 import javax.jcr.*;
20 import javax.servlet.http.HttpServletRequest;
21 import javax.servlet.http.HttpSession;
22
23 import java.io.IOException;
24 import sun.misc.BASE64Decoder;
25 import sun.misc.BASE64Encoder;
26
27 import com.obinary.cms.beans.ConfigLoader;
28 import com.obinary.cms.core.Content;
29 import com.obinary.cms.core.HierarchyManager;
30
31 /**
32 * User: sameercharles
33 * Date: May 6, 2003
34 * Time: 10:35:12 AM
35 * @author Sameer Charles
36 * @version 1.0
37 */
38
39
40 public class Authenticator {
41
42
43 private String userId;
44 private String pswd;
45 private String authString;
46
47
48
49 /**
50 * <p>Authenticate authorization request with the usersRepository</p>
51 *
52 * @param req as received by the servlet engine
53 * @return boolean
54 * @throws IOException
55 * @throws RepositoryException
56 */
57 public static boolean authenticate(HttpServletRequest req) throws IOException,RepositoryException {
58 String credentials = req.getHeader("Authorization");
59 if (credentials == null)
60 return false;
61 credentials = getDecodedCredentials(credentials.substring(6).trim());
62 Authenticator.setUserId(credentials,req);
63 Authenticator.setPassword(credentials,req);
64 return isValidUser(req);
65 }
66
67
68
69 /**
70 * <p>checks is the credentials exist in the repository
71 * Ver : 1
72 * Ver : 2
73 * : FIXME needs to check user rights
74 * </p>
75 *
76 * @return boolean
77 * @throws RepositoryException
78 */
79 private static boolean isValidUser(HttpServletRequest request) throws RepositoryException {
80 Ticket ticket = ConfigLoader.usersRepository.connect(new PasswordCredentials("superuser", "".toCharArray()));
81 Node userStartPage = ticket.getRootNode();
82 HierarchyManager hm = new HierarchyManager(request);
83 hm.setStartPage(userStartPage);
84 try {
85 Content userPage = hm.getPage("/"+Authenticator.getUserId(request));
86 BASE64Encoder encoder = new BASE64Encoder();
87 String encodedPassword = encoder.encodeBuffer(Authenticator.getPasswordAsString(request).getBytes()).trim();
88 return (userPage.getAtom("pswd").getValue().getString().equals(encodedPassword));
89 } catch (RepositoryException re) {
90 return false;
91 }
92
93 }
94
95
96
97 /**
98 * <p>uses sun.misc.BASE64Decoder</p>
99 *
100 * @param credentials to be decoded
101 * @return String decoded credentials <b>name:password</b>
102 */
103 private static String getDecodedCredentials(String credentials) throws IOException {
104 BASE64Decoder decoder = new BASE64Decoder();
105 return (new String(decoder.decodeBuffer(credentials)));
106 }
107
108
109
110 /**
111 *
112 * @param decodedCredentials , BASE64Decoded credentials from the request
113 */
114 private static void setUserId(String decodedCredentials, HttpServletRequest request) {
115 int indexOfSeperator = decodedCredentials.indexOf(":");
116 request.getSession().setAttribute("userId",decodedCredentials.substring(0,indexOfSeperator));
117 }
118
119
120
121 /**
122 *
123 * @param decodedCredentials , BASE64Decoded credentials from the request
124 */
125 private static void setPassword(String decodedCredentials, HttpServletRequest request) {
126 int indexOfSeperator = decodedCredentials.indexOf(":");
127 request.getSession().setAttribute("pswd",decodedCredentials.substring(indexOfSeperator+1).trim());
128 }
129
130
131
132 /**
133 *
134 * @return String , current logged in user
135 */
136 public static String getUserId(HttpServletRequest request) {
137 Object userId = request.getSession().getAttribute("userId");
138 if (userId == null)
139 return "superuser";
140 return (String)userId;
141 }
142
143
144
145 /**
146 * @return char[] , decoded current user password
147 */
148 public static char[] getPassword(HttpServletRequest request) {
149 Object pswd = request.getSession().getAttribute("pswd");
150 if (pswd == null)
151 return "".toCharArray();
152 return ((String)pswd).toCharArray();
153 }
154
155
156
157 /**
158 * @return String password
159 * */
160 private static String getPasswordAsString(HttpServletRequest request) {
161 return ((String)request.getSession().getAttribute("pswd"));
162 }
163
164
165
166 /**
167 * @return credentials , as received from the servlet request
168 */
169 public static String getCredentials(HttpServletRequest request) {
170 return request.getHeader("Authorization");
171 }
172
173
174 /**
175 *
176 */
177 public static boolean isAuthenticated(HttpServletRequest request) {
178 HttpSession s = request.getSession();
179 Object userId = request.getSession().getAttribute("userId");
180 return !(userId == null);
181 }
182
183 }