]> source.dussan.org Git - archiva.git/blob
02a67cb1b9291b447ccdef7fce417cce28d075a8
[archiva.git] /
1 package org.codehaus.redback.rest.services;
2
3 /*
4  * Licensed to the Apache Software Foundation (ASF) under one
5  * or more contributor license agreements.  See the NOTICE file
6  * distributed with this work for additional information
7  * regarding copyright ownership.  The ASF licenses this file
8  * to you under the Apache License, Version 2.0 (the
9  * "License"); you may not use this file except in compliance
10  * with the License.  You may obtain a copy of the License at
11  *
12  * http://www.apache.org/licenses/LICENSE-2.0
13  *
14  * Unless required by applicable law or agreed to in writing,
15  * software distributed under the License is distributed on an
16  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
17  * KIND, either express or implied.  See the License for the
18  * specific language governing permissions and limitations
19  * under the License.
20  */
21 import org.apache.archiva.redback.authentication.AuthenticationException;
22 import org.apache.archiva.redback.keys.KeyManager;
23 import org.apache.archiva.redback.policy.AccountLockedException;
24 import org.apache.archiva.redback.policy.MustChangePasswordException;
25 import org.apache.archiva.redback.users.UserNotFoundException;
26 import org.apache.archiva.redback.authentication.PasswordBasedAuthenticationDataSource;
27 import org.apache.archiva.redback.keys.AuthenticationKey;
28 import org.codehaus.plexus.redback.keys.jdo.JdoAuthenticationKey;
29 import org.apache.archiva.redback.keys.memory.MemoryAuthenticationKey;
30 import org.apache.archiva.redback.keys.memory.MemoryKeyManager;
31 import org.apache.archiva.redback.system.SecuritySession;
32 import org.apache.archiva.redback.system.SecuritySystem;
33 import org.apache.archiva.redback.integration.filter.authentication.HttpAuthenticator;
34 import org.codehaus.redback.rest.api.model.User;
35 import org.codehaus.redback.rest.api.services.LoginService;
36 import org.codehaus.redback.rest.api.services.RedbackServiceException;
37 import org.slf4j.Logger;
38 import org.slf4j.LoggerFactory;
39 import org.springframework.stereotype.Service;
40
41 import javax.inject.Inject;
42 import javax.inject.Named;
43 import javax.servlet.http.HttpServletRequest;
44 import javax.servlet.http.HttpSession;
45 import javax.ws.rs.core.Context;
46 import javax.ws.rs.core.Response;
47 import java.util.Calendar;
48 import java.util.TimeZone;
49
50 /**
51  * @author Olivier Lamy
52  * @since 1.3
53  */
54 @Service( "loginService#rest" )
55 public class DefaultLoginService
56     implements LoginService
57 {
58
59     private Logger log = LoggerFactory.getLogger( getClass() );
60
61     private SecuritySystem securitySystem;
62
63     private HttpAuthenticator httpAuthenticator;
64
65     @Context
66     private HttpServletRequest httpServletRequest;
67
68     @Inject
69     public DefaultLoginService( SecuritySystem securitySystem,
70                                 @Named( "httpAuthenticator#basic" ) HttpAuthenticator httpAuthenticator )
71     {
72         this.securitySystem = securitySystem;
73         this.httpAuthenticator = httpAuthenticator;
74     }
75
76
77     public String addAuthenticationKey( String providedKey, String principal, String purpose, int expirationMinutes )
78         throws RedbackServiceException
79     {
80         KeyManager keyManager = securitySystem.getKeyManager();
81         AuthenticationKey key;
82
83         if ( keyManager instanceof MemoryKeyManager )
84         {
85             key = new MemoryAuthenticationKey();
86         }
87         else
88         {
89             key = new JdoAuthenticationKey();
90         }
91
92         key.setKey( providedKey );
93         key.setForPrincipal( principal );
94         key.setPurpose( purpose );
95
96         Calendar now = getNowGMT();
97         key.setDateCreated( now.getTime() );
98
99         if ( expirationMinutes >= 0 )
100         {
101             Calendar expiration = getNowGMT();
102             expiration.add( Calendar.MINUTE, expirationMinutes );
103             key.setDateExpires( expiration.getTime() );
104         }
105
106         keyManager.addKey( key );
107
108         return key.getKey();
109     }
110
111     public Boolean ping()
112         throws RedbackServiceException
113     {
114         return Boolean.TRUE;
115     }
116
117     public Boolean pingWithAutz()
118         throws RedbackServiceException
119     {
120         return Boolean.TRUE;
121     }
122
123     public User logIn( String userName, String password )
124         throws RedbackServiceException
125     {
126         PasswordBasedAuthenticationDataSource authDataSource =
127             new PasswordBasedAuthenticationDataSource( userName, password );
128         try
129         {
130             SecuritySession securitySession = securitySystem.authenticate( authDataSource );
131             if ( securitySession.getAuthenticationResult().isAuthenticated() )
132             {
133                 org.apache.archiva.redback.users.User user = securitySession.getUser();
134                 if ( !user.isValidated() )
135                 {
136                     log.info( "user {} not validated", user.getUsername() );
137                     return null;
138                 }
139                 User restUser = buildRestUser( user );
140
141                 // here create an http session
142                 httpAuthenticator.authenticate( authDataSource, httpServletRequest.getSession( true ) );
143                 return restUser;
144             }
145             return null;
146         }
147         catch ( AuthenticationException e )
148         {
149             throw new RedbackServiceException( e.getMessage(), Response.Status.FORBIDDEN.getStatusCode() );
150         }
151         catch ( UserNotFoundException e )
152         {
153             throw new RedbackServiceException( e.getMessage() );
154         }
155         catch ( AccountLockedException e )
156         {
157             throw new RedbackServiceException( e.getMessage() );
158         }
159         catch ( MustChangePasswordException e )
160         {
161             return buildRestUser( e.getUser() );
162         }
163     }
164
165     public Boolean isLogged()
166         throws RedbackServiceException
167     {
168         Boolean isLogged = httpAuthenticator.getSecuritySession( httpServletRequest.getSession( true ) ) != null;
169         log.debug( "isLogged {}", isLogged );
170         return isLogged;
171     }
172
173     public Boolean logout()
174         throws RedbackServiceException
175     {
176         HttpSession httpSession = httpServletRequest.getSession();
177         if ( httpSession != null )
178         {
179             httpSession.invalidate();
180         }
181         return Boolean.TRUE;
182     }
183
184     private Calendar getNowGMT()
185     {
186         return Calendar.getInstance( TimeZone.getTimeZone( "GMT" ) );
187     }
188
189     private User buildRestUser( org.apache.archiva.redback.users.User user )
190     {
191         User restUser = new User();
192         restUser.setEmail( user.getEmail() );
193         restUser.setUsername( user.getUsername() );
194         restUser.setPasswordChangeRequired( user.isPasswordChangeRequired() );
195         restUser.setLocked( user.isLocked() );
196         restUser.setValidated( user.isValidated() );
197         restUser.setFullName( user.getFullName() );
198         return restUser;
199     }
200 }