1 /*
2 * The Apache Software License, Version 1.1
3 *
4 * Copyright (c) 1999 The Apache Software Foundation. All rights
5 * reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 *
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 *
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in
16 * the documentation and/or other materials provided with the
17 * distribution.
18 *
19 * 3. The end-user documentation included with the redistribution, if
20 * any, must include the following acknowlegement:
21 * "This product includes software developed by the
22 * Apache Software Foundation (http://www.apache.org/)."
23 * Alternately, this acknowlegement may appear in the software itself,
24 * if and wherever such third-party acknowlegements normally appear.
25 *
26 * 4. The names "The Jakarta Project", "Tomcat", and "Apache Software
27 * Foundation" must not be used to endorse or promote products derived
28 * from this software without prior written permission. For written
29 * permission, please contact apache@apache.org.
30 *
31 * 5. Products derived from this software may not be called "Apache"
32 * nor may "Apache" appear in their names without prior written
33 * permission of the Apache Group.
34 *
35 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
36 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
37 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
38 * DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
39 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
40 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
41 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
42 * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
43 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
44 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
45 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
46 * SUCH DAMAGE.
47 * ====================================================================
48 *
49 * This software consists of voluntary contributions made by many
50 * individuals on behalf of the Apache Software Foundation. For more
51 * information on the Apache Software Foundation, please see
52 * <http://www.apache.org/>.
53 *
54 * [Additional notices, if required by prior licensing conditions]
55 *
56 */
57
58
59 package org.apache.tomcat.security.file;
60
61 import java.io.BufferedInputStream;
62 import java.io.FileInputStream;
63 import java.io.FileNotFoundException;
64 import java.io.InputStream;
65 import java.io.IOException;
66 import java.security.Principal;
67 import java.util.Enumeration;
68 import org.apache.tomcat.core.Context;
69 import org.apache.tomcat.security.RealmConnector;
70 import org.apache.tomcat.util.StringManager;
71 import org.xml.sax.SAXException;
72 import org.xml.sax.SAXParseException;
73
74 /**
75 * Implementation of <code>RealmConnector</code> that uses a
76 * <code>FileRealmDatabase</code> object as the cache to an underlying
77 * XML-stored database of users and their associated roles.
78 *
79 * @author Craig R. McClanahan
80 * @version $Revision: 1.2 $ $Date: 2000/02/26 02:32:14 $
81 */
82
83 public final class FileRealmConnector
84 implements RealmConnector {
85
86
87 /**
88 * The Context with which we are associated.
89 */
90 private Context context = null;
91
92
93 /**
94 * The cache object containing our database information.
95 */
96 private FileRealmDatabase database = null;
97
98
99 /**
100 * The internationalized string constants for this package.
101 */
102 private StringManager sm =
103 StringManager.getManager(Constants.Package);
104
105
106 /**
107 * No-arguments constructor so that an instance of this class can be
108 * instantiated dynamically.
109 */
110 public FileRealmConnector() {
111 }
112
113
114 /**
115 * Returns the Principal associated with the specified username and
116 * credentials, if there is one, or <code>null</code> otherwise.
117 *
118 * @param username Username of the Principal to look up
119 * @param credentials Password or other credentials to use in
120 * authenticating this username
121 *
122 * @exception IllegalStateException if called before <code>start()</code>
123 * has been called, or after <code>stop()</code> has been called
124 */
125 public Principal authenticate(String username, String credentials) {
126
127 if (context == null)
128 throw new IllegalStateException(
129 sm.getString("file.authenticate.notstarted"));
130
131 FileRealmUser user = database.getUser(username);
132 if (user == null)
133 return (null);
134 if (user.authenticate(credentials))
135 return ((Principal) user);
136 else
137 return (null);
138
139 }
140
141
142 /**
143 * Returns the Principal associated with the specified username and
144 * credentials, if there is one, or <code>null</code> otherwise.
145 *
146 * @param username Username of the Principal to look up
147 * @param credentials Credentials to use in authenticating this username
148 *
149 * @exception IllegalStateException if called before <code>start()</code>
150 * has been called, or after <code>stop()</code> has been called
151 */
152 public Principal authenticate(String username, byte[] credentials) {
153
154 StringBuffer password = new StringBuffer();
155 for (int i = 0; i < credentials.length; i++)
156 password.append((char) credentials[i]);
157 return (authenticate(username, password.toString()));
158
159 }
160
161
162 /**
163 * Returns <code>true</code> if the specified Principal has been
164 * granted the specified role in this realm, or <code>false</code>
165 * otherwise.
166 *
167 * @param principal Principal whose access rights are to be tested
168 * @param role Role to test for
169 *
170 * @exception IllegalArgumentException if the specified principal
171 * is not associated with this realm
172 * @exception IllegalStateException if called before <code>start()</code>
173 * has been called, or after <code>stop()</code> has been called
174 */
175 public boolean hasRole(Principal principal, String role) {
176
177 if (context == null)
178 throw new IllegalStateException(
179 sm.getString("file.hasRole.notstarted"));
180
181 FileRealmUser user = database.getUser(principal.getName());
182 if (user == null)
183 return (false);
184 if (user.hasRole(role))
185 return (true);
186 Enumeration groups = user.getGroups();
187 while (groups.hasMoreElements()) {
188 FileRealmGroup group = (FileRealmGroup) groups.nextElement();
189 if (group.hasRole(role))
190 return (true);
191 }
192 return (false);
193 }
194
195
196 /**
197 * Prepares this RealmConnector for use in association with the specified
198 * Context. This method must be called prior to calling any of the
199 * information lookup methods.
200 *
201 * @param context The Context with which this RealmConnector is associated
202 *
203 * @exception IllegalArgumentException if the underlying database
204 * file cannot be successfully loaded
205 */
206 public void start(Context context) {
207
208 // Open an input stream to the specified database file
209 String filename =
210 context.getInitParameter(Constants.Parameter.DATABASE);
211 if (filename == null)
212 throw new IllegalArgumentException(
213 sm.getString("file.start.missing",
214 Constants.Parameter.DATABASE));
215 InputStream stream = null;
216 try {
217 stream = new BufferedInputStream(new FileInputStream(filename));
218 } catch (FileNotFoundException e) {
219 throw new IllegalArgumentException(
220 sm.getString("file.start.open", filename));
221 }
222
223 // Configure a local database object based on this file
224 try {
225 this.database = new FileRealmDatabase(stream);
226 } catch (IOException e) {
227 throw new IllegalArgumentException(
228 sm.getString("file.start.read", filename) + ": " + e);
229 } catch (SAXParseException e) {
230 throw new IllegalArgumentException(
231 sm.getString("file.start.parse", filename) + ": " + e);
232 } catch (SAXException e) {
233 throw new IllegalArgumentException(
234 sm.getString("file.start.process", filename) + ": " + e);
235 } finally {
236 try {
237 stream.close();
238 } catch (IOException f) {
239 ;
240 }
241 }
242
243 // Store a local reference to our associated context
244 this.context = context;
245
246 }
247
248
249 /**
250 * Tells this RealmConnector that it will no longer be used for information
251 * lookup, so it can release any resources that were allocated in the
252 * <code>start()</code> method.
253 */
254 public void stop() {
255
256 this.context = null;
257 this.database = null;
258
259 }
260
261
262 }