DefaultAuthenticator.java
- /*
- * This software was designed and created by Jason Carroll.
- * Copyright (c) 2002, 2003, 2004 Jason Carroll.
- * The author can be reached at jcarroll@cowsultants.com
- * ITracker website: http://www.cowsultants.com
- * ITracker forums: http://www.cowsultants.com/phpBB/index.php
- *
- * This program is free software; you can redistribute it and/or modify
- * it only under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- */
- package org.itracker.services.authentication;
- import org.apache.log4j.Logger;
- import org.itracker.model.Permission;
- import org.itracker.model.PermissionType;
- import org.itracker.model.User;
- import org.itracker.UserException;
- import org.itracker.services.exceptions.AuthenticatorException;
- import org.itracker.PasswordException;
- import org.itracker.model.util.UserUtilities;
- import org.springframework.dao.DataAccessException;
- import java.util.ArrayList;
- import java.util.HashMap;
- import java.util.List;
- import java.util.Map;
- /**
- * This class provides a default authentication scheme for ITracker. It uses passwords
- * in the user table provided by ITracker to authenticate users. This authenticator
- * allows any user to self register if self registration is available in the system.
- */
- public class DefaultAuthenticator extends AbstractPluggableAuthenticator {
- private static final Logger logger = Logger.getLogger(DefaultAuthenticator.class);
- /**
- * Checks the login of a user against the user profile provided in ITracker. This is
- * the default authentication scheme provided by ITracker.
- *
- * @param login the login the user/client provided
- * @param authentication the user's authentication information, if known
- * @param authType the type of authentication information being provided
- * @param reqSource the source of the request (eg web, api)
- * @return a User if the login is successful
- * @throws AuthenticatorException an exception if the login is unsuccessful, or an error occurs
- */
- public User checkLogin(final String login, final Object authentication, final int authType, final int reqSource) throws AuthenticatorException {
- if (logger.isDebugEnabled()) {
- logger.debug("Checking login for " + login + " using DefaultAuthenticator");
- }
- if (login != null && authentication != null && !login.equals("")) {
- User user;
- try {
- user = getUserService().getUserByLogin(login);
- } catch (DataAccessException e) {
- logger.error("checkLogin: failed to get user by login: " + login, e);
- throw new AuthenticatorException(AuthenticatorException.UNKNOWN_USER, e.getMessage());
- }
- if (user.getStatus() != UserUtilities.STATUS_ACTIVE) {
- AuthenticatorException e = new AuthenticatorException(AuthenticatorException.INACTIVE_ACCOUNT);
- logger.info("checkLogin: user is inactive, user: " + user, e);
- throw e;
- }
- String userPassword;
- try {
- userPassword = getUserService().getUserPasswordByLogin(login);
- } catch (DataAccessException e) {
- AuthenticatorException ex = new AuthenticatorException(e.getMessage(), authType);
- logger.info("checkLogin: user is inactive, user: " + user, ex);
- throw e;
- }
- if (userPassword == null || userPassword.equals("")) {
- AuthenticatorException e = new AuthenticatorException(AuthenticatorException.INVALID_PASSWORD);
- logger.info("checkLogin: user has no password, user: " + user, e);
- throw e;
- }
- try {
- if (!userPassword.endsWith("=")) {
- logger.info("checkLogin: User " + login + " has old style password. Converting to SHA1 hash.");
- try {
- user.setPassword(UserUtilities.encryptPassword(userPassword));
- getUserService().updateUser(user);
- } catch (UserException ue) {
- logger.error("checkLogin: User password conversion failed for user " + user, ue);
- throw new AuthenticatorException(AuthenticatorException.SYSTEM_ERROR);
- }
- }
- if (authType == AUTH_TYPE_PASSWORD_PLAIN) {
- if (!userPassword.equals(UserUtilities.encryptPassword((String) authentication))) {
- throw new AuthenticatorException(AuthenticatorException.INVALID_PASSWORD);
- }
- } else if (authType == AUTH_TYPE_PASSWORD_ENC) {
- if (!userPassword.equals(authentication)) {
- throw new AuthenticatorException(AuthenticatorException.INVALID_PASSWORD);
- }
- } else {
- logger.info("checkLogin: invalid authenticator type: " + authType);
- throw new AuthenticatorException(AuthenticatorException.INVALID_AUTHENTICATION_TYPE);
- }
- } catch (ClassCastException cce) {
- logger.error("checkLogin: Authenticator was of wrong type.", cce);
- throw new AuthenticatorException(AuthenticatorException.SYSTEM_ERROR);
- } catch (PasswordException pe) {
- throw new AuthenticatorException(AuthenticatorException.SYSTEM_ERROR);
- } catch (AuthenticatorException ae) {
- if (logger.isDebugEnabled()) {
- logger.debug("checkLogin: failed to authenticate " + login, ae);
- }
- throw ae;
- }
- return user;
- }
- logger.info("checkLogin: no login was supplied: " + login + ", type: " + authType + ", source: " + reqSource);
- throw new AuthenticatorException(AuthenticatorException.INVALID_DATA);
- }
- /**
- * The DefaultAuthenticator returns a list of user permissions from the database.
- *
- * @param user a User object that contains the user to retrieve permissions for
- * @param reqSource the source of the request (eg web, api)
- * @return an array of PermissionModels
- * @throws AuthenticatorException an error occurs
- */
- public List<Permission> getUserPermissions(User user, int reqSource) throws AuthenticatorException {
- if (user == null || user.getId() == null) {
- throw new AuthenticatorException(AuthenticatorException.INVALID_DATA);
- }
- List<Permission> permissionList;
- try {
- permissionList = getUserService().getUserPermissionsLocal(user);
- } catch (DataAccessException e) {
- throw new AuthenticatorException(e.getMessage(), reqSource);
- }
- if (user.isSuperUser()) {
- List<Permission> augmentedPermissions = new ArrayList<Permission>();
- // Super user has access to all projects (represented by the "null" project).
- Permission permission = new Permission(PermissionType.USER_ADMIN, user, null);
- augmentedPermissions.add(permission);
- augmentedPermissions.addAll(permissionList);
- return augmentedPermissions;
- } else {
- return permissionList;
- }
- }
- /**
- * Returns the list of users for a given project. User permissions can be specified.
- *
- * @param projectId - The Project to search for users
- * @param permissionTypes - User rights to filter
- * @param requireAll - Require all permissions
- * @param activeOnly - Filter users who are active (Possible user status: DELETED, ACTIVE, LOCKED)
- * @param reqSource - not used. TODO: Tagged for removal
- * @return List of users for the project with filters applied.
- */
- @Override
- public List<User> getUsersWithProjectPermission(Integer projectId, PermissionType[] permissionTypes, boolean requireAll, boolean activeOnly, int reqSource) throws AuthenticatorException {
- List<User> users;
- try {
- Map<Integer, User> userMap = new HashMap<Integer, User>();
- if (requireAll) {
- List<User> explicitUsers = getUserService().findUsersForProjectByPermissionTypeList(projectId, permissionTypes);
- for (User user : explicitUsers) {
- userMap.put(user.getId(), user);
- }
- } else {
- for (int i = 0; i < permissionTypes.length; i++) {
- List<User> explicitUsers = getUserService().getUsersWithPermissionLocal(projectId, permissionTypes[i]);
- for (User user : explicitUsers) {
- userMap.put(user.getId(), user);
- }
- }
- }
- List<User> superUsers = getUserService().getSuperUsers();
- for (User superUser : superUsers) {
- userMap.put(superUser.getId(), superUser);
- }
- users = new ArrayList<User>();
- for (User user : userMap.values()) {
- if (activeOnly) {
- if (user.getStatus() == UserUtilities.STATUS_ACTIVE) {
- users.add(user);
- }
- } else {
- users.add(user);
- }
- }
- } catch (Exception e) {
- logger.error("Error retreiving users with permissions.", e);
- throw new AuthenticatorException();
- }
- return users;
- }
- @Override
- @Deprecated
- public List<User> getUsersWithProjectPermission(Integer projectId,
- int[] permissionTypes,
- boolean requireAll,
- boolean activeOnly,
- int reqSource)
- throws AuthenticatorException {
- return getUsersWithProjectPermission(projectId,
- PermissionType.valueOf(permissionTypes),
- requireAll,
- activeOnly,
- reqSource);
- }
- /**
- * The DefaultAuthenticator always allows self registered users.
- *
- * @param user a User object that contains the data the user submitted
- * @param authentication the user's authentication information, if known
- * @param authType the type of authentication information being provided
- * @param reqSource the source of the request (eg web, api)
- * @return true
- */
- public boolean allowRegistration(User user, Object authentication, int authType, int reqSource) throws AuthenticatorException {
- return true;
- }
- /**
- * The DefaultAuthenticator always allows new user profiles.
- *
- * @param user a User object that contains the data the user submitted
- * @param authentication the user's authentication information, if known
- * @param authType the type of authentication information being provided
- * @return true
- * @throws AuthenticatorException an exception if an error occurs
- */
- public boolean allowProfileCreation(User user, Object authentication, int authType, int reqSource) throws AuthenticatorException {
- return true;
- }
- /**
- * The DefaultAuthenticator always allows profile updates.
- *
- * @param user a User object that contains the data the user submitted
- * @param authentication the user's authentication information, if known
- * @param authType the type of authentication information being provided
- * @param reqSource the source of the request (eg web, api)
- * @return true
- * @throws AuthenticatorException an exception if an error occurs
- */
- public boolean allowProfileUpdates(User user, Object authentication, int authType, int reqSource) throws AuthenticatorException {
- return true;
- }
- /**
- * The DefaultAuthenticator always allows password updates.
- *
- * @param user a User object that contains the data the user submitted
- * @param authentication the user's authentication information, if known
- * @param authType the type of authentication information being provided
- * @param reqSource the source of the request (eg web, api)
- * @return true
- * @throws AuthenticatorException an exception if an error occurs
- */
- public boolean allowPasswordUpdates(User user, Object authentication, int authType, int reqSource) throws AuthenticatorException {
- return true;
- }
- /**
- * The DefaultAuthenticator always allows permission updates.
- *
- * @param user a User object that contains the data the user submitted
- * @param authentication the user's authentication information, if known
- * @param authType the type of authentication information being provided
- * @param reqSource the source of the request (eg web, api)
- * @return true
- * @throws AuthenticatorException an exception if an error occurs
- */
- public boolean allowPermissionUpdates(User user, Object authentication, int authType, int reqSource) throws AuthenticatorException {
- return true;
- }
- /**
- * The DefaultAuthenticator always allows preferences updates.
- *
- * @param user a User object that contains the data the user submitted
- * @param authentication the user's authentication information, if known
- * @param authType the type of authentication information being provided
- * @param reqSource the source of the request (eg web, api)
- * @return true
- * @throws AuthenticatorException an exception if an error occurs
- */
- public boolean allowPreferenceUpdates(User user, Object authentication, int authType, int reqSource) throws AuthenticatorException {
- return true;
- }
- /**
- * The DefaultAuthenticator does not make any changes to a newly created profile.
- *
- * @param user a User object that contains the newly created profile
- * @param authentication the user's authentication information, if known
- * @param authType the type of authentication information being provided
- * @param reqSource the source of the request (eg web, api)
- * @return boolean indicating whther changes to the user were made
- * @throws AuthenticatorException an error occurs
- */
- public boolean createProfile(User user, Object authentication, int authType, int reqSource) throws AuthenticatorException {
- return false;
- }
- /**
- * The DefaultAuthenticator does not make any changes to an updated profile.
- *
- * @param user a User object that contains the updated profile
- * @param updateType the type of information that is being updated
- * @param authentication the user's authentication information, if known
- * @param authType the type of authentication information being provided
- * @param reqSource the source of the request (eg web, api)
- * @return boolean indicating whther changes to the user were made
- * @throws AuthenticatorException an exception if the login is unsuccessful, or an error occurs
- */
- public boolean updateProfile(User user, int updateType, Object authentication, int authType, int reqSource) throws AuthenticatorException {
- return false;
- }
- }