org.wandora.modules.usercontrol

Class BasicUserAuthenticator

java.lang.Object

org.wandora.modules.AbstractModule

org.wandora.modules.usercontrol.BasicUserAuthenticator

All Implemented Interfaces:

Module, UserAuthenticator

public class BasicUserAuthenticator
extends AbstractModule
implements UserAuthenticator

A simple user authenticator that performs standard HTTP authentication using the BASIC scheme. Even if you use this over a secure connection, this might still not be suitable for a production environment, except in specific circumstances. The reason is that all user password are stored as plain text in the user objects. Thus collecting user supplied password would be a very bad idea and go against good security practices. However, if the user passwords are assigned by the system, or there is only a limited number of users who are aware of the risks, this may still be a usable solution. In any case, this can be used in a development environment and later replaced with a more suitable solution.

You can set the realm for the authentication using the realm initialisation parameter.

Author:

olli

Nested Class Summary

Nested classes/interfaces inherited from interface org.wandora.modules.usercontrol.UserAuthenticator

UserAuthenticator.AuthenticationResult

Field Summary

Fields

Modifier and Type	Field and Description
static java.lang.String	PASSWORD_KEY
protected java.lang.String	realm
protected UserStore	userStore

Fields inherited from class org.wandora.modules.AbstractModule

autoStart, isInitialized, isRunning, logging, loggingModule, moduleManager

Constructor Summary

Constructors

Constructor and Description
BasicUserAuthenticator()

Method Summary

Modifier and Type	Method and Description
UserAuthenticator.AuthenticationResult	authenticate(java.lang.String requiredRole, javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse resp, ModulesServlet.HttpMethod method) Authenticates a user.
java.util.Collection<Module>	getDependencies(ModuleManager manager) Returns all the modules this module depends on.
void	init(ModuleManager manager, java.util.HashMap<java.lang.String,java.lang.Object> settings) Initialises the module.
protected UserAuthenticator.AuthenticationResult	replyNotAuthorized(java.lang.String realm, javax.servlet.http.HttpServletResponse resp)
void	start(ModuleManager manager) Starts the module.
void	stop(ModuleManager manager) Stops the module.

Methods inherited from class org.wandora.modules.AbstractModule

isInitialized, isRunning, requireLogging, toString

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Methods inherited from interface org.wandora.modules.Module

isInitialized, isRunning

Field Detail

PASSWORD_KEY

public static final java.lang.String PASSWORD_KEY

See Also:

Constant Field Values

realm

protected java.lang.String realm

userStore

protected UserStore userStore

Constructor Detail

BasicUserAuthenticator

public BasicUserAuthenticator()

Method Detail

getDependencies

public java.util.Collection<Module> getDependencies(ModuleManager manager)
                                             throws ModuleException

Description copied from interface: Module

Returns all the modules this module depends on. This method will be called after init and the dependencies are allowed to depend on the parameters passed to init. The modules that this module depends on must be returned as a collection. In addition, if any required module is not present, a MissingDependencyException should be thrown. Typically you will use the requireModule and optionalModule methods of the manager to make sure that the modules exist and add them to the collection. requireModule will automatically throw the exception too if the module is not found whereas optionalModule does not.

Specified by:

getDependencies in interface Module

Overrides:

getDependencies in class AbstractModule

Parameters:

manager - The module manager handling this module.

Returns:

A collection of modules this module depends on.

Throws:

ModuleException

init

public void init(ModuleManager manager,
                 java.util.HashMap<java.lang.String,java.lang.Object> settings)
          throws ModuleException

Description copied from interface: Module

Initialises the module. After constructor, this is the first method called in the life cycle of a module. It should not perform anything time consuming or anything with notable outside side effects. It should only read the parameters and initialise the module so that it can later be started. Note that a module being initialised doesn't mean that it necessarily will ever be started.

A ModuleException may be thrown if something vital is missing from the parameters or they are not sensible. In some cases you may not want to throw an exception even if vital initialisation information is missing. If, for example, it is possible that the module is initialised in some other way between the init and the start method calls. A ModuleException may also be thrown at the start method if the module is still not initialised.

Specified by:

init in interface Module

Overrides:

init in class AbstractModule

Parameters:

manager - The module manager handling this module. You may keep a reference to it if needed.

Throws:

ModuleException

start

public void start(ModuleManager manager)
           throws ModuleException

Description copied from interface: Module

Starts the module. This will be called after init and getDependencies and signals that the module should now begin to perform whatever it was designed to do. This method call however should not block for long, so any time consuming tasks should be started in their own threads. You will typically get references to the required modules again in start using the findModule method of the manager and then store those references to instance variables for later use. You may throw a ModuleException if the module is not in a state where it can be started or it immediately becomes obvious that it cannot be started with the provided settings.

Specified by:

start in interface Module

Overrides:

start in class AbstractModule

Parameters:

manager - The module manager handling this module.

Throws:

ModuleException

stop

public void stop(ModuleManager manager)

Description copied from interface: Module

Stops the module. Should stop all threads used by the module, free any large data structures and perform other cleanup. It is possible that the module will be started again later with a start method call (and foregoing init and getDependencies calls). The module should be left in a state where this is possible.

Specified by:

stop in interface Module

Overrides:

stop in class AbstractModule

Parameters:

manager - The module manager handling this module.

replyNotAuthorized

protected UserAuthenticator.AuthenticationResult replyNotAuthorized(java.lang.String realm,
                                                                    javax.servlet.http.HttpServletResponse resp)
                                                             throws java.io.IOException

Throws:

java.io.IOException

authenticate

public UserAuthenticator.AuthenticationResult authenticate(java.lang.String requiredRole,
                                                           javax.servlet.http.HttpServletRequest req,
                                                           javax.servlet.http.HttpServletResponse resp,
                                                           ModulesServlet.HttpMethod method)
                                                    throws java.io.IOException,
                                                           AuthenticationException

Description copied from interface: UserAuthenticator

Authenticates a user. If requiredRole is non-null, the logged in user must be of that role for the authentication to succeed. Otherwise there are two possible options in how to implement the authentication. It may be required that the user provides valid login details for authentication to succeed. Or it could be that anonymous logins are also authorised and the authentication succeeds without the user field set in the result. What exactly happens is implementation specific, possibly even dependent on the authenticator initialisation parameters.

Specified by:

authenticate in interface UserAuthenticator

Parameters:

requiredRole - The role the user should have or null if no role is required.

req - The HTTP request.

resp - The HTTP response.

method - The method of the HTTP request.

Returns:

An AuthenticationResult what happened with the authentication.

Throws:

java.io.IOException

AuthenticationException