001package org.apache.fulcrum.security.authenticator; 002 003/* 004 * Licensed to the Apache Software Foundation (ASF) under one 005 * or more contributor license agreements. See the NOTICE file 006 * distributed with this work for additional information 007 * regarding copyright ownership. The ASF licenses this file 008 * to you under the Apache License, Version 2.0 (the 009 * "License"); you may not use this file except in compliance 010 * with the License. You may obtain a copy of the License at 011 * 012 * http://www.apache.org/licenses/LICENSE-2.0 013 * 014 * Unless required by applicable law or agreed to in writing, 015 * software distributed under the License is distributed on an 016 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 017 * KIND, either express or implied. See the License for the 018 * specific language governing permissions and limitations 019 * under the License. 020 */ 021import org.apache.avalon.framework.logger.AbstractLogEnabled; 022import org.apache.fulcrum.security.entity.User; 023import org.apache.fulcrum.security.util.DataBackendException; 024 025/** 026 * This class authenticates by doing a plain text match of the user's passwords. 027 * Very insecure! 028 * 029 * avalon.component name="textmatch-authenticator" avalon.service 030 * type="org.apache.fulcrum.security.authenticator.Authenticator" 031 * 032 * @author <a href="mailto:epugh@upstate.com">Eric Pugh</a> 033 * @version $Id$ 034 * 035 */ 036public class TextMatchAuthenticator extends AbstractLogEnabled implements Authenticator { 037 /** 038 * Authenticate an username with the specified password. Returns true if the 039 * user password plain text matches the passed in password. 040 * 041 * @param user object 042 * @param password the user supplied password. 043 * @exception DataBackendException if there is a problem accessing the storage. 044 */ 045 @Override 046 public boolean authenticate(User user, String password) throws DataBackendException { 047 if (user == null) { 048 return false; 049 } 050 051 String referenced = user.getPassword() == null ? "" : user.getPassword().trim(); 052 String tested = password == null ? "" : password.trim(); 053 return referenced.equals(tested); 054 } 055}