source.dussan.org Git - archiva.git/blob

   1 package org.apache.archiva.redback.authentication.keystore;
   2
   3 /*
   4  * Licensed to the Apache Software Foundation (ASF) under one
   5  * or more contributor license agreements.  See the NOTICE file
   6  * distributed with this work for additional information
   7  * regarding copyright ownership.  The ASF licenses this file
   8  * to you under the Apache License, Version 2.0 (the
   9  * "License"); you may not use this file except in compliance
  10  * with the License.  You may obtain a copy of the License at
  11  *
  12  * http://www.apache.org/licenses/LICENSE-2.0
  13  *
  14  * Unless required by applicable law or agreed to in writing,
  15  * software distributed under the License is distributed on an
  16  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
  17  * KIND, either express or implied.  See the License for the
  18  * specific language governing permissions and limitations
  19  * under the License.
  20  */
  21
  22 import org.apache.archiva.redback.authentication.AbstractAuthenticator;
  23 import org.apache.archiva.redback.authentication.AuthenticationDataSource;
  24 import org.apache.archiva.redback.authentication.AuthenticationException;
  25 import org.apache.archiva.redback.authentication.AuthenticationResult;
  26 import org.apache.archiva.redback.authentication.Authenticator;
  27 import org.apache.archiva.redback.authentication.TokenBasedAuthenticationDataSource;
  28 import org.apache.archiva.redback.keys.AuthenticationKey;
  29 import org.apache.archiva.redback.keys.KeyManager;
  30 import org.apache.archiva.redback.keys.KeyManagerException;
  31 import org.apache.archiva.redback.keys.KeyNotFoundException;
  32 import org.apache.archiva.redback.policy.AccountLockedException;
  33 import org.apache.archiva.redback.policy.MustChangePasswordException;
  34 import org.apache.archiva.redback.users.User;
  35 import org.apache.archiva.redback.users.UserManager;
  36 import org.apache.archiva.redback.users.UserManagerException;
  37 import org.apache.archiva.redback.users.UserNotFoundException;
  38 import org.slf4j.Logger;
  39 import org.slf4j.LoggerFactory;
  40 import org.springframework.stereotype.Service;
  41
  42 import javax.annotation.Resource;
  43
  44 /**
  45  * KeyStoreAuthenticator:
  46  *
  47  * @author: Jesse McConnell <jesse@codehaus.org>
  48  */
  49 @Service("authenticator#keystore")
  50 public class KeyStoreAuthenticator
  51     extends AbstractAuthenticator
  52     implements Authenticator
  53 {
  54     private Logger log = LoggerFactory.getLogger( getClass() );
  55
  56     @Resource(name = "keyManager#cached")
  57     private KeyManager keystore;
  58
  59     @Resource(name = "userManager#configurable")
  60     private UserManager userManager;
  61
  62     public String getId()
  63     {
  64         return getClass().getName();
  65     }
  66
  67     public AuthenticationResult authenticate( AuthenticationDataSource source )
  68         throws AccountLockedException, AuthenticationException, MustChangePasswordException
  69     {
  70         TokenBasedAuthenticationDataSource dataSource = (TokenBasedAuthenticationDataSource) source;
  71
  72         String key = dataSource.getToken();
  73         try
  74         {
  75             AuthenticationKey authKey = keystore.findKey( key );
  76
  77             // if we find a key (exception was probably thrown if not) then we should be authentic
  78             if ( authKey != null )
  79             {
  80                 User user = userManager.findUser( dataSource.getPrincipal() );
  81
  82                 if ( user.isLocked() )
  83                 {
  84                     throw new AccountLockedException( "Account " + source.getPrincipal() + " is locked.", user );
  85                 }
  86
  87                 if ( user.isPasswordChangeRequired() && source.isEnforcePasswordChange() )
  88                 {
  89                     throw new MustChangePasswordException( "Password expired.", user );
  90                 }
  91
  92                 return new AuthenticationResult( true, dataSource.getPrincipal(), null );
  93             }
  94             else
  95             {
  96                 return new AuthenticationResult( false, dataSource.getPrincipal(),
  97                                                  new AuthenticationException( "unable to find key" ) );
  98             }
  99         }
 100         catch ( KeyNotFoundException ne )
 101         {
 102             return new AuthenticationResult( false, null, ne );
 103         }
 104         catch ( KeyManagerException ke )
 105         {
 106             throw new AuthenticationException( "underlaying keymanager issue", ke );
 107         }
 108         catch ( UserNotFoundException e )
 109         {
 110             log.warn( "Login for user {} failed. user not found.", source.getPrincipal() );
 111             return new AuthenticationResult( false, null, e );
 112         }
 113         catch ( UserManagerException e )
 114         {
 115             log.warn( "Login fail for user {} failed. message: {}", source.getPrincipal(), e.getMessage() );
 116             return new AuthenticationResult( false, null, e );
 117         }
 118     }
 119
 120     public boolean supportsDataSource( AuthenticationDataSource source )
 121     {
 122         return source instanceof TokenBasedAuthenticationDataSource;
 123     }
 124 }