File Source: Authenticator.java
/*
P/P * Method: org.apache.roller.weblogger.webservices.adminprotocol.Authenticator__static_init
*/
1 /*
2 * Copyright 2005 David M Johnson (For RSS and Atom In Action)
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16 package org.apache.roller.weblogger.webservices.adminprotocol;
17
18 import javax.servlet.http.HttpServletRequest;
19 import org.apache.roller.weblogger.WebloggerException;
20 import org.apache.roller.weblogger.business.Weblogger;
21 import org.apache.roller.weblogger.business.WebloggerFactory;
22 import org.apache.roller.weblogger.business.UserManager;
23 import org.apache.roller.weblogger.pojos.User;
24 import org.apache.roller.weblogger.config.WebloggerConfig;
25 import org.apache.roller.weblogger.util.Utilities;
26
27 /**
28 * TODO
29 *
30 * @author jtb
31 */
32 abstract class Authenticator {
33 private HttpServletRequest request;
34 private Weblogger roller;
35 private String userName;
36
37 /** Creates a new instance of HttpBasicAuthenticator */
/*
P/P * Method: void org.apache.roller.weblogger.webservices.adminprotocol.Authenticator(HttpServletRequest)
*
* Postconditions:
* this.request == req
* init'ed(this.request)
* init'ed(this.roller)
*/
38 public Authenticator(HttpServletRequest req) {
39 setRequest(req);
40 setRoller(WebloggerFactory.getWeblogger());
41 }
42
43 public abstract void authenticate() throws HandlerException;
44
45 /**
46 * This method should be called by extensions of this class within their
47 * implementation of authenticate().
48 */
49 protected void verifyUser(String userName, String password) throws HandlerException {
/*
P/P * Method: void verifyUser(String, String)
*
* Preconditions:
* this.roller != null
* userName != null
* (soft) password != null
*
* Presumptions:
* java.lang.Boolean:booleanValue(...)@68 == 1
* java.lang.Boolean:valueOf(...)@53 != null
* java.lang.String:equals(...)@58 == 1
* java.lang.String:equals(...)@61 == 1
* org.apache.roller.weblogger.pojos.User:getEnabled(...)@68 != null
* ...
*
* Test Vectors:
* java.lang.Boolean:booleanValue(...)@53: {0}, {1}
*/
50 User ud = getUserData(userName);
51 String realpassword = ud.getPassword();
52
53 boolean encrypted = Boolean.valueOf(WebloggerConfig.getProperty("passwds.encryption.enabled"));
54 if (encrypted) {
55 password = Utilities.encodePassword(password, WebloggerConfig.getProperty("passwds.encryption.algorithm"));
56 }
57
58 if (!userName.trim().equals(ud.getUserName())) {
59 throw new UnauthorizedException("ERROR: User is not authorized: " + userName);
60 }
61 if (!password.trim().equals(realpassword)) {
62 throw new UnauthorizedException("ERROR: User is not authorized: " + userName);
63 }
64
65 if (!ud.hasRole("admin")) {
66 throw new UnauthorizedException("ERROR: User must have the admin role to use the RAP endpoint: " + userName);
67 }
68 if (!ud.getEnabled().booleanValue()) {
69 throw new UnauthorizedException("ERROR: User is disabled: " + userName);
70 }
71 }
72
73 public HttpServletRequest getRequest() {
/*
P/P * Method: HttpServletRequest getRequest()
*
* Preconditions:
* init'ed(this.request)
*
* Postconditions:
* return_value == this.request
* init'ed(return_value)
*/
74 return request;
75 }
76
77 protected void setRequest(HttpServletRequest request) {
/*
P/P * Method: void setRequest(HttpServletRequest)
*
* Postconditions:
* this.request == request
* init'ed(this.request)
*/
78 this.request = request;
79 }
80
81 public String getUserName() {
/*
P/P * Method: String getUserName()
*
* Preconditions:
* init'ed(this.userName)
*
* Postconditions:
* return_value == this.userName
* init'ed(return_value)
*/
82 return userName;
83 }
84
85 protected void setUserName(String userId) {
/*
P/P * Method: void setUserName(String)
*
* Postconditions:
* this.userName == userId
* init'ed(this.userName)
*/
86 this.userName = userId;
87 }
88
89 protected Weblogger getRoller() {
/*
P/P * Method: Weblogger getRoller()
*
* Preconditions:
* init'ed(this.roller)
*
* Postconditions:
* return_value == this.roller
* init'ed(return_value)
*/
90 return roller;
91 }
92
93 protected void setRoller(Weblogger roller) {
/*
P/P * Method: void setRoller(Weblogger)
*
* Postconditions:
* this.roller == roller
* init'ed(this.roller)
*/
94 this.roller = roller;
95 }
96
97 protected User getUserData(String name) throws NotFoundException, InternalException {
98 try {
/*
P/P * Method: User getUserData(String)
*
* Preconditions:
* this.roller != null
*
* Presumptions:
* init'ed(java.lang.Boolean.FALSE)
* init'ed(java.lang.Boolean.TRUE)
* org.apache.roller.weblogger.business.Weblogger:getUserManager(...)@99 != null
*
* Postconditions:
* return_value != null
*
* Test Vectors:
* org.apache.roller.weblogger.business.UserManager:getUserByUserName(...)@100: Inverse{null}, Addr_Set{null}
*/
99 UserManager mgr = getRoller().getUserManager();
100 User ud = mgr.getUserByUserName(name, Boolean.TRUE);
101 if (ud == null) {
102 ud = mgr.getUserByUserName(name, Boolean.FALSE);
103 }
104 if (ud == null) {
+ 105 throw new NotFoundException("ERROR: Unknown user: " + name);
106 }
107
108 return ud;
109 } catch (WebloggerException re) {
110 throw new InternalException("ERROR: Could not get user: " + name, re);
111 }
112 }
113
114 }
SofCheck Inspector Build Version : 2.18479
| Authenticator.java |
2009-Jan-02 14:24:46 |
| Authenticator.class |
2009-Sep-04 03:12:45 |