Source code

001package org.apache.fulcrum.security.authenticator;
002
003/*
004 * Licensed to the Apache Software Foundation (ASF) under one
005 * or more contributor license agreements.  See the NOTICE file
006 * distributed with this work for additional information
007 * regarding copyright ownership.  The ASF licenses this file
008 * to you under the Apache License, Version 2.0 (the
009 * "License"); you may not use this file except in compliance
010 * with the License.  You may obtain a copy of the License at
011 *
012 *   http://www.apache.org/licenses/LICENSE-2.0
013 *
014 * Unless required by applicable law or agreed to in writing,
015 * software distributed under the License is distributed on an
016 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
017 * KIND, either express or implied.  See the License for the
018 * specific language governing permissions and limitations
019 * under the License.
020 */
021import org.apache.avalon.framework.logger.AbstractLogEnabled;
022import org.apache.fulcrum.security.entity.User;
023import org.apache.fulcrum.security.util.DataBackendException;
024
025/**
026 * This class authenticates by doing a plain text match of the user's passwords.
027 * Very insecure!
028 * 
029 * avalon.component name="textmatch-authenticator" avalon.service
030 * type="org.apache.fulcrum.security.authenticator.Authenticator"
031 *
032 * @author <a href="mailto:epugh@upstate.com">Eric Pugh</a>
033 * @version $Id$
034 * 
035 */
036public class TextMatchAuthenticator extends AbstractLogEnabled implements Authenticator {
037        /**
038         * Authenticate an username with the specified password. Returns true if the
039         * user password plain text matches the passed in password.
040         *
041         * @param user     object
042         * @param password the user supplied password.
043         * @exception DataBackendException if there is a problem accessing the storage.
044         */
045        @Override
046        public boolean authenticate(User user, String password) throws DataBackendException {
047                if (user == null) {
048                        return false;
049                }
050
051                String referenced = user.getPassword() == null ? "" : user.getPassword().trim();
052                String tested = password == null ? "" : password.trim();
053                return referenced.equals(tested);
054        }
055}