source.dussan.org Git - archiva.git/blob

   1 package org.apache.archiva.redback.rest.services;
   2
   3 /*
   4  * Licensed to the Apache Software Foundation (ASF) under one
   5  * or more contributor license agreements.  See the NOTICE file
   6  * distributed with this work for additional information
   7  * regarding copyright ownership.  The ASF licenses this file
   8  * to you under the Apache License, Version 2.0 (the
   9  * "License"); you may not use this file except in compliance
  10  * with the License.  You may obtain a copy of the License at
  11  *
  12  * http://www.apache.org/licenses/LICENSE-2.0
  13  *
  14  * Unless required by applicable law or agreed to in writing,
  15  * software distributed under the License is distributed on an
  16  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
  17  * KIND, either express or implied.  See the License for the
  18  * specific language governing permissions and limitations
  19  * under the License.
  20  */
  21 import org.apache.archiva.redback.authentication.AuthenticationException;
  22 import org.apache.archiva.redback.keys.KeyManager;
  23 import org.apache.archiva.redback.policy.AccountLockedException;
  24 import org.apache.archiva.redback.policy.MustChangePasswordException;
  25 import org.apache.archiva.redback.users.UserNotFoundException;
  26 import org.apache.archiva.redback.authentication.PasswordBasedAuthenticationDataSource;
  27 import org.apache.archiva.redback.keys.AuthenticationKey;
  28 import org.codehaus.plexus.redback.keys.jdo.JdoAuthenticationKey;
  29 import org.apache.archiva.redback.keys.memory.MemoryAuthenticationKey;
  30 import org.apache.archiva.redback.keys.memory.MemoryKeyManager;
  31 import org.apache.archiva.redback.system.SecuritySession;
  32 import org.apache.archiva.redback.system.SecuritySystem;
  33 import org.apache.archiva.redback.integration.filter.authentication.HttpAuthenticator;
  34 import org.apache.archiva.redback.rest.api.model.User;
  35 import org.apache.archiva.redback.rest.api.services.LoginService;
  36 import org.apache.archiva.redback.rest.api.services.RedbackServiceException;
  37 import org.slf4j.Logger;
  38 import org.slf4j.LoggerFactory;
  39 import org.springframework.stereotype.Service;
  40
  41 import javax.inject.Inject;
  42 import javax.inject.Named;
  43 import javax.servlet.http.HttpServletRequest;
  44 import javax.servlet.http.HttpSession;
  45 import javax.ws.rs.core.Context;
  46 import javax.ws.rs.core.Response;
  47 import java.util.Calendar;
  48 import java.util.TimeZone;
  49
  50 /**
  51  * @author Olivier Lamy
  52  * @since 1.3
  53  */
  54 @Service( "loginService#rest" )
  55 public class DefaultLoginService
  56     implements LoginService
  57 {
  58
  59     private Logger log = LoggerFactory.getLogger( getClass() );
  60
  61     private SecuritySystem securitySystem;
  62
  63     private HttpAuthenticator httpAuthenticator;
  64
  65     @Context
  66     private HttpServletRequest httpServletRequest;
  67
  68     @Inject
  69     public DefaultLoginService( SecuritySystem securitySystem,
  70                                 @Named( "httpAuthenticator#basic" ) HttpAuthenticator httpAuthenticator )
  71     {
  72         this.securitySystem = securitySystem;
  73         this.httpAuthenticator = httpAuthenticator;
  74     }
  75
  76
  77     public String addAuthenticationKey( String providedKey, String principal, String purpose, int expirationMinutes )
  78         throws RedbackServiceException
  79     {
  80         KeyManager keyManager = securitySystem.getKeyManager();
  81         AuthenticationKey key;
  82
  83         if ( keyManager instanceof MemoryKeyManager )
  84         {
  85             key = new MemoryAuthenticationKey();
  86         }
  87         else
  88         {
  89             key = new JdoAuthenticationKey();
  90         }
  91
  92         key.setKey( providedKey );
  93         key.setForPrincipal( principal );
  94         key.setPurpose( purpose );
  95
  96         Calendar now = getNowGMT();
  97         key.setDateCreated( now.getTime() );
  98
  99         if ( expirationMinutes >= 0 )
 100         {
 101             Calendar expiration = getNowGMT();
 102             expiration.add( Calendar.MINUTE, expirationMinutes );
 103             key.setDateExpires( expiration.getTime() );
 104         }
 105
 106         keyManager.addKey( key );
 107
 108         return key.getKey();
 109     }
 110
 111     public Boolean ping()
 112         throws RedbackServiceException
 113     {
 114         return Boolean.TRUE;
 115     }
 116
 117     public Boolean pingWithAutz()
 118         throws RedbackServiceException
 119     {
 120         return Boolean.TRUE;
 121     }
 122
 123     public User logIn( String userName, String password )
 124         throws RedbackServiceException
 125     {
 126         PasswordBasedAuthenticationDataSource authDataSource =
 127             new PasswordBasedAuthenticationDataSource( userName, password );
 128         try
 129         {
 130             SecuritySession securitySession = securitySystem.authenticate( authDataSource );
 131             if ( securitySession.getAuthenticationResult().isAuthenticated() )
 132             {
 133                 org.apache.archiva.redback.users.User user = securitySession.getUser();
 134                 if ( !user.isValidated() )
 135                 {
 136                     log.info( "user {} not validated", user.getUsername() );
 137                     return null;
 138                 }
 139                 User restUser = buildRestUser( user );
 140
 141                 // here create an http session
 142                 httpAuthenticator.authenticate( authDataSource, httpServletRequest.getSession( true ) );
 143                 return restUser;
 144             }
 145             return null;
 146         }
 147         catch ( AuthenticationException e )
 148         {
 149             throw new RedbackServiceException( e.getMessage(), Response.Status.FORBIDDEN.getStatusCode() );
 150         }
 151         catch ( UserNotFoundException e )
 152         {
 153             throw new RedbackServiceException( e.getMessage() );
 154         }
 155         catch ( AccountLockedException e )
 156         {
 157             throw new RedbackServiceException( e.getMessage() );
 158         }
 159         catch ( MustChangePasswordException e )
 160         {
 161             return buildRestUser( e.getUser() );
 162         }
 163     }
 164
 165     public Boolean isLogged()
 166         throws RedbackServiceException
 167     {
 168         Boolean isLogged = httpAuthenticator.getSecuritySession( httpServletRequest.getSession( true ) ) != null;
 169         log.debug( "isLogged {}", isLogged );
 170         return isLogged;
 171     }
 172
 173     public Boolean logout()
 174         throws RedbackServiceException
 175     {
 176         HttpSession httpSession = httpServletRequest.getSession();
 177         if ( httpSession != null )
 178         {
 179             httpSession.invalidate();
 180         }
 181         return Boolean.TRUE;
 182     }
 183
 184     private Calendar getNowGMT()
 185     {
 186         return Calendar.getInstance( TimeZone.getTimeZone( "GMT" ) );
 187     }
 188
 189     private User buildRestUser( org.apache.archiva.redback.users.User user )
 190     {
 191         User restUser = new User();
 192         restUser.setEmail( user.getEmail() );
 193         restUser.setUsername( user.getUsername() );
 194         restUser.setPasswordChangeRequired( user.isPasswordChangeRequired() );
 195         restUser.setLocked( user.isLocked() );
 196         restUser.setValidated( user.isValidated() );
 197         restUser.setFullName( user.getFullName() );
 198         return restUser;
 199     }
 200 }