1 package org.codehaus.redback.rest.services;
4 * Licensed to the Apache Software Foundation (ASF) under one
5 * or more contributor license agreements. See the NOTICE file
6 * distributed with this work for additional information
7 * regarding copyright ownership. The ASF licenses this file
8 * to you under the Apache License, Version 2.0 (the
9 * "License"); you may not use this file except in compliance
10 * with the License. You may obtain a copy of the License at
12 * http://www.apache.org/licenses/LICENSE-2.0
14 * Unless required by applicable law or agreed to in writing,
15 * software distributed under the License is distributed on an
16 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
17 * KIND, either express or implied. See the License for the
18 * specific language governing permissions and limitations
21 import org.apache.archiva.redback.authentication.AuthenticationException;
22 import org.apache.archiva.redback.keys.KeyManager;
23 import org.apache.archiva.redback.policy.AccountLockedException;
24 import org.apache.archiva.redback.policy.MustChangePasswordException;
25 import org.apache.archiva.redback.users.UserNotFoundException;
26 import org.apache.archiva.redback.authentication.PasswordBasedAuthenticationDataSource;
27 import org.apache.archiva.redback.keys.AuthenticationKey;
28 import org.codehaus.plexus.redback.keys.jdo.JdoAuthenticationKey;
29 import org.apache.archiva.redback.keys.memory.MemoryAuthenticationKey;
30 import org.apache.archiva.redback.keys.memory.MemoryKeyManager;
31 import org.apache.archiva.redback.system.SecuritySession;
32 import org.apache.archiva.redback.system.SecuritySystem;
33 import org.apache.archiva.redback.integration.filter.authentication.HttpAuthenticator;
34 import org.codehaus.redback.rest.api.model.User;
35 import org.codehaus.redback.rest.api.services.LoginService;
36 import org.codehaus.redback.rest.api.services.RedbackServiceException;
37 import org.slf4j.Logger;
38 import org.slf4j.LoggerFactory;
39 import org.springframework.stereotype.Service;
41 import javax.inject.Inject;
42 import javax.inject.Named;
43 import javax.servlet.http.HttpServletRequest;
44 import javax.servlet.http.HttpSession;
45 import javax.ws.rs.core.Context;
46 import javax.ws.rs.core.Response;
47 import java.util.Calendar;
48 import java.util.TimeZone;
51 * @author Olivier Lamy
54 @Service( "loginService#rest" )
55 public class DefaultLoginService
56 implements LoginService
59 private Logger log = LoggerFactory.getLogger( getClass() );
61 private SecuritySystem securitySystem;
63 private HttpAuthenticator httpAuthenticator;
66 private HttpServletRequest httpServletRequest;
69 public DefaultLoginService( SecuritySystem securitySystem,
70 @Named( "httpAuthenticator#basic" ) HttpAuthenticator httpAuthenticator )
72 this.securitySystem = securitySystem;
73 this.httpAuthenticator = httpAuthenticator;
77 public String addAuthenticationKey( String providedKey, String principal, String purpose, int expirationMinutes )
78 throws RedbackServiceException
80 KeyManager keyManager = securitySystem.getKeyManager();
81 AuthenticationKey key;
83 if ( keyManager instanceof MemoryKeyManager )
85 key = new MemoryAuthenticationKey();
89 key = new JdoAuthenticationKey();
92 key.setKey( providedKey );
93 key.setForPrincipal( principal );
94 key.setPurpose( purpose );
96 Calendar now = getNowGMT();
97 key.setDateCreated( now.getTime() );
99 if ( expirationMinutes >= 0 )
101 Calendar expiration = getNowGMT();
102 expiration.add( Calendar.MINUTE, expirationMinutes );
103 key.setDateExpires( expiration.getTime() );
106 keyManager.addKey( key );
111 public Boolean ping()
112 throws RedbackServiceException
117 public Boolean pingWithAutz()
118 throws RedbackServiceException
123 public User logIn( String userName, String password )
124 throws RedbackServiceException
126 PasswordBasedAuthenticationDataSource authDataSource =
127 new PasswordBasedAuthenticationDataSource( userName, password );
130 SecuritySession securitySession = securitySystem.authenticate( authDataSource );
131 if ( securitySession.getAuthenticationResult().isAuthenticated() )
133 org.apache.archiva.redback.users.User user = securitySession.getUser();
134 if ( !user.isValidated() )
136 log.info( "user {} not validated", user.getUsername() );
139 User restUser = buildRestUser( user );
141 // here create an http session
142 httpAuthenticator.authenticate( authDataSource, httpServletRequest.getSession( true ) );
147 catch ( AuthenticationException e )
149 throw new RedbackServiceException( e.getMessage(), Response.Status.FORBIDDEN.getStatusCode() );
151 catch ( UserNotFoundException e )
153 throw new RedbackServiceException( e.getMessage() );
155 catch ( AccountLockedException e )
157 throw new RedbackServiceException( e.getMessage() );
159 catch ( MustChangePasswordException e )
161 return buildRestUser( e.getUser() );
165 public Boolean isLogged()
166 throws RedbackServiceException
168 Boolean isLogged = httpAuthenticator.getSecuritySession( httpServletRequest.getSession( true ) ) != null;
169 log.debug( "isLogged {}", isLogged );
173 public Boolean logout()
174 throws RedbackServiceException
176 HttpSession httpSession = httpServletRequest.getSession();
177 if ( httpSession != null )
179 httpSession.invalidate();
184 private Calendar getNowGMT()
186 return Calendar.getInstance( TimeZone.getTimeZone( "GMT" ) );
189 private User buildRestUser( org.apache.archiva.redback.users.User user )
191 User restUser = new User();
192 restUser.setEmail( user.getEmail() );
193 restUser.setUsername( user.getUsername() );
194 restUser.setPasswordChangeRequired( user.isPasswordChangeRequired() );
195 restUser.setLocked( user.isLocked() );
196 restUser.setValidated( user.isValidated() );
197 restUser.setFullName( user.getFullName() );