001package org.apache.fulcrum.security.authenticator; 002 003/* 004 * Licensed to the Apache Software Foundation (ASF) under one 005 * or more contributor license agreements. See the NOTICE file 006 * distributed with this work for additional information 007 * regarding copyright ownership. The ASF licenses this file 008 * to you under the Apache License, Version 2.0 (the 009 * "License"); you may not use this file except in compliance 010 * with the License. You may obtain a copy of the License at 011 * 012 * http://www.apache.org/licenses/LICENSE-2.0 013 * 014 * Unless required by applicable law or agreed to in writing, 015 * software distributed under the License is distributed on an 016 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 017 * KIND, either express or implied. See the License for the 018 * specific language governing permissions and limitations 019 * under the License. 020 */ 021import java.security.NoSuchAlgorithmException; 022 023import org.apache.avalon.framework.activity.Disposable; 024import org.apache.avalon.framework.configuration.Configurable; 025import org.apache.avalon.framework.configuration.Configuration; 026import org.apache.avalon.framework.configuration.ConfigurationException; 027import org.apache.avalon.framework.logger.AbstractLogEnabled; 028import org.apache.avalon.framework.service.ServiceException; 029import org.apache.avalon.framework.service.ServiceManager; 030import org.apache.avalon.framework.service.Serviceable; 031import org.apache.fulcrum.crypto.CryptoAlgorithm; 032import org.apache.fulcrum.crypto.CryptoService; 033import org.apache.fulcrum.security.entity.User; 034import org.apache.fulcrum.security.util.DataBackendException; 035 036/** 037 * This class authenticates using the Fulcrum Crypto service a user and their 038 * password 039 * 040 * avalon.component name="crypto-authenticator" 041 * avalon.service type="org.apache.fulcrum.security.authenticator.Authenticator" 042 * 043 * @author <a href="mailto:epugh@upstate.com">Eric Pugh</a> 044 * @version $Id$ 045 * 046 */ 047public class CryptoAuthenticator extends AbstractLogEnabled implements Authenticator, Serviceable, Disposable, Configurable 048{ 049 boolean composed = false; 050 protected CryptoService cryptoService = null; 051 private String algorithm; 052 private String cipher; 053 054 /** 055 * Authenticate a user with the specified password. If authentication is 056 * successful the method returns true. If it fails, it returns false If 057 * there are any problems, an exception is thrown. 058 * 059 * @param user 060 * a User object. 061 * @param password 062 * the user supplied password. 063 * @exception DataBackendException 064 * if there is a problem accessing the storage. 065 */ 066 @Override 067 public boolean authenticate(User user, String password) throws DataBackendException 068 { 069 try 070 { 071 CryptoAlgorithm ca = cryptoService.getCryptoAlgorithm(algorithm); 072 ca.setCipher(cipher); 073 String output = ca.encrypt(password); 074 return output.equals(user.getPassword()); 075 } 076 catch (NoSuchAlgorithmException e) 077 { 078 throw new DataBackendException(e.getMessage(), e); 079 } 080 catch (Exception ex) 081 { 082 throw new DataBackendException(ex.getMessage(), ex); 083 } 084 } 085 086 // ---------------- Avalon Lifecycle Methods --------------------- 087 /* (non-Javadoc) 088 * @see org.apache.avalon.framework.configuration.Configurable#configure(org.apache.avalon.framework.configuration.Configuration) 089 */ 090 @Override 091 public void configure(Configuration conf) throws ConfigurationException 092 { 093 algorithm = conf.getChild("algorithm").getValue(); 094 cipher = conf.getChild("cipher").getValue(); 095 } 096 097 /* (non-Javadoc) 098 * @see org.apache.avalon.framework.service.Serviceable#service(org.apache.avalon.framework.service.ServiceManager) 099 */ 100 @Override 101 public void service(ServiceManager manager) throws ServiceException 102 { 103 this.cryptoService = (CryptoService) manager.lookup(CryptoService.ROLE); 104 } 105 106 /* (non-Javadoc) 107 * @see org.apache.avalon.framework.activity.Disposable#dispose() 108 */ 109 @Override 110 public void dispose() 111 { 112 cryptoService = null; 113 } 114}