View Javadoc

1   /*
2    * Copyright 2000-2004 The Apache Software Foundation.
3    * 
4    * Licensed under the Apache License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    * 
8    *      http://www.apache.org/licenses/LICENSE-2.0
9    * 
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   */
16  
17  package org.apache.jetspeed.services.security.turbine;
18  
19  import javax.servlet.ServletConfig;
20  
21  import java.util.Date;
22  import java.util.GregorianCalendar;
23  
24  import org.apache.turbine.services.TurbineBaseService;
25  import org.apache.turbine.services.TurbineServices;
26  import org.apache.turbine.services.InitializationException;
27  import org.apache.turbine.services.resources.ResourceService;
28  
29  import org.apache.jetspeed.services.security.PortalAuthentication;
30  import org.apache.jetspeed.services.security.LoginException;
31  import org.apache.jetspeed.services.logging.JetspeedLogFactoryService;
32  import org.apache.jetspeed.services.logging.JetspeedLogger;
33  import org.apache.jetspeed.services.JetspeedSecurity;
34  import org.apache.jetspeed.om.security.JetspeedUser;
35  import org.apache.jetspeed.om.security.UserNamePrincipal;
36  import org.apache.jetspeed.services.JetspeedUserManagement;
37  import org.apache.jetspeed.services.security.JetspeedSecurityService;
38  import org.apache.jetspeed.services.security.FailedLoginException;
39  import org.apache.jetspeed.services.security.CredentialExpiredException;
40  import org.apache.jetspeed.services.security.UnknownUserException;
41  import org.apache.jetspeed.services.security.JetspeedSecurityException;
42  import org.apache.jetspeed.services.security.JetspeedSecurityCache;
43  import org.apache.jetspeed.services.rundata.JetspeedRunDataService;
44  import org.apache.jetspeed.services.rundata.JetspeedRunData;
45  import org.apache.turbine.services.rundata.RunDataService;
46  
47  /***
48   * <p> The <code>TurbineAuthentication</code> class is a default Jetspeed
49   * security provider, implementing the <code>PortalAuthentication</code> interface.
50   * It provides authentication services using a User database table mimicking the 
51   * legacy Turbine-2 user table. 
52   *
53   * This service does not use any of the Turbine security or user management classes.
54   * 
55   * @author <a href="mailto:david@bluesunrise.com">David Sean Taylor</a>
56   * @author <a href="mailto:morciuch@apache.org">Mark Orciuch</a> 
57   * @version $Id: TurbineAuthentication.java,v 1.9 2004/02/23 03:54:49 jford Exp $
58   */
59                                                               
60  public class TurbineAuthentication  extends    TurbineBaseService
61                                      implements PortalAuthentication
62  {
63      /***
64       * Static initialization of the logger for this class
65       */    
66      private static final JetspeedLogger logger = JetspeedLogFactoryService.getLogger(TurbineAuthentication.class.getName());
67      
68      /*** The JetspeedRunData Service. */
69      private JetspeedRunDataService runDataService = null;
70  
71      private final static String CONFIG_ANONYMOUS_USER = "user.anonymous";
72      String anonymousUser = "anon";
73      private final static String CACHING_ENABLE = "caching.enable";
74      private boolean cachingEnable = true;
75  
76      private final static String CONFIG_PASSWORD_EXPIRATION_PERIOD = "password.expiration.period";
77  
78      private int expirationPeriod = 0;
79  
80      /***
81       * Given a public credential(username) and private credential(password), 
82       * perform authentication. If authentication succeeds, a <code>JetspeedUser</code> 
83       * is returned representing the authenticated subject.
84       *
85       * @param username a public credential of the subject to be authenticated.
86       * @param password a private credentialof the subject to be authenticated.
87       * @return a <code>JetspeedUser</code> object representing the authenticated subject.
88       * @exception LoginException when general security provider failure.
89       * @exception FailedLoginException when the authentication failed.
90       * @exception AccountExpiredException when the subject's account is expired.
91       * @exception CredentialExpiredException when the subject's credential is expired.
92       */
93      public JetspeedUser login(String username, String password)
94          throws LoginException
95      {
96  
97          if (username.equals(this.anonymousUser))
98          {
99              throw new LoginException("Anonymous user cannot login");
100         }
101 
102         JetspeedUser user = null;
103 
104         username = JetspeedSecurity.convertUserName(username);
105         password = JetspeedSecurity.convertPassword(password);
106        
107         try
108         {
109             user = JetspeedUserManagement.getUser(new UserNamePrincipal(username));
110             password = JetspeedSecurity.encryptPassword(password);
111         }                            
112         catch (UnknownUserException e)
113         {
114             logger.warn("Unknown user attempted access: " + username, e);
115             throw new FailedLoginException(e.toString());
116         }
117         catch (JetspeedSecurityException e)
118         {
119             logger.warn("User denied authentication: " + username, e);
120             throw new LoginException(e.toString());
121         }
122 
123         if(!user.getPassword().equals(password))
124         {
125             logger.error("Invalid password for user: " + username);
126             throw new FailedLoginException("Credential authentication failure");
127         }  
128 
129         // Check for password expiration
130         if (this.expirationPeriod > 0)
131         {
132             Date passwordLastChangedDate = user.getPasswordChanged();
133             Date passwordExpireDate = null;
134             if (passwordLastChangedDate != null) {
135                 GregorianCalendar gcal = (GregorianCalendar) GregorianCalendar.getInstance();
136                 gcal.setTime(passwordLastChangedDate);
137                 gcal.add(GregorianCalendar.DATE, this.expirationPeriod);
138                 passwordExpireDate = gcal.getTime();
139                 if (logger.isDebugEnabled())
140                 {
141                     logger.debug("TurbineAuthentication: password last changed = " + passwordLastChangedDate.toString() +
142                               ", password expires = " + passwordExpireDate.toString());
143                 }
144             }
145 
146             if (passwordExpireDate == null || (new Date().getTime() > passwordExpireDate.getTime())) {
147                 throw new CredentialExpiredException("Password expired");
148             }
149 
150         }
151 
152         // Mark the user as being logged in.
153         user.setHasLoggedIn(new Boolean(true));
154 
155         // Set the last_login date in the database.
156         try
157         {
158             user.updateLastLogin();
159             putUserIntoContext(user);
160             if (cachingEnable)
161             {
162                 JetspeedSecurityCache.load(username);
163             }
164         }
165         catch (Exception e)
166         {
167             logger.error( "Failed to update last login ", e);
168             putUserIntoContext(JetspeedSecurity.getAnonymousUser());
169             throw new LoginException("Failed to update last login ", e);
170         }
171 
172         return user;
173         
174     }
175 
176     /***
177      * Automatically authenticates and retrieves the portal anonymous user.
178      *
179      * @return a <code>JetspeedUser</code> object representing the authenticated subject.
180      * @exception LoginException if the authentication fails.
181      */
182     public JetspeedUser getAnonymousUser()
183         throws LoginException
184     {
185         JetspeedUser user = null;
186         try
187         {
188             user = JetspeedUserManagement.getUser(new UserNamePrincipal(anonymousUser));
189             user.setHasLoggedIn(new Boolean(false));
190             putUserIntoContext(user);
191             if (cachingEnable)
192             {
193                 JetspeedSecurityCache.load(user.getUserName());
194             }
195         }
196         catch (JetspeedSecurityException e)
197         {
198             logger.error( "Failed to get anonymous user: ", e );
199             throw new LoginException("Failed to get anonymous user: ", e);
200         }
201         return user;
202     }
203 
204     /***
205      * Logout the <code>JetspeedUser</code>.
206      *
207      * The logout procedure my may include removing/destroying
208      * <code>Principal</code> and <code>Credential</code> information
209      * if relevant to the security provider.
210      *
211      * @exception LoginException if the logout fails.
212      */
213     public void logout()
214         throws LoginException
215     {
216         try
217         {
218             //if (cachingEnable)
219             //{
220             //    JetspeedSecurityCache.unload(getUserFromContext().getUserName());
221             //}
222             getAnonymousUser();
223         }
224         catch (Exception e)
225         {
226             logger.error( "Exception logging user out ", e );
227             throw new LoginException("Exception logging user out ", e );
228         }
229     }
230 
231     /***
232      * This is the early initialization method called by the 
233      * Turbine <code>Service</code> framework
234      * @param conf The <code>ServletConfig</code>
235      * @exception throws a <code>InitializationException</code> if the service
236      * fails to initialize
237      */
238     public synchronized void init(ServletConfig conf) 
239         throws InitializationException 
240     {
241         if (getInit()) return;
242 
243         super.init(conf);
244 
245         // get configuration parameters from Jetspeed Resources
246         ResourceService serviceConf = ((TurbineServices)TurbineServices.getInstance())
247                                                      .getResources(JetspeedSecurityService.SERVICE_NAME);
248 
249         anonymousUser = serviceConf.getString(CONFIG_ANONYMOUS_USER, anonymousUser);
250         cachingEnable = serviceConf.getBoolean( CACHING_ENABLE, cachingEnable );
251         expirationPeriod = serviceConf.getInt( this.CONFIG_PASSWORD_EXPIRATION_PERIOD, 0 );
252 
253         this.runDataService =
254             (JetspeedRunDataService)TurbineServices.getInstance()
255                 .getService(RunDataService.SERVICE_NAME);
256 
257 
258         setInit(true);
259      }
260 
261     ////////////////////////////////////////////////////////////////////////////
262 
263     protected JetspeedRunData getRunData()
264     {
265         JetspeedRunData rundata = null;
266         if (this.runDataService != null)
267         {
268             rundata = this.runDataService.getCurrentRunData();
269         }
270         return rundata;
271     }
272 
273     protected JetspeedUser getUserFromContext()
274     {
275         JetspeedRunData rundata = getRunData();
276         JetspeedUser user = null;
277         if (rundata != null)
278         {
279             user = (JetspeedUser)rundata.getUser();
280         }
281         return user;
282     }
283 
284     protected JetspeedRunData putUserIntoContext(JetspeedUser user)
285     {
286         JetspeedRunData rundata = getRunData();
287         if (rundata != null)
288         {
289             rundata.setUser(user);
290             rundata.save();
291         }
292         return rundata;
293     }
294 
295 
296 }