View Javadoc
1   package org.apache.fulcrum.security.authenticator;
2   
3   /*
4    * Licensed to the Apache Software Foundation (ASF) under one
5    * or more contributor license agreements.  See the NOTICE file
6    * distributed with this work for additional information
7    * regarding copyright ownership.  The ASF licenses this file
8    * to you under the Apache License, Version 2.0 (the
9    * "License"); you may not use this file except in compliance
10   * with the License.  You may obtain a copy of the License at
11   *
12   *   http://www.apache.org/licenses/LICENSE-2.0
13   *
14   * Unless required by applicable law or agreed to in writing,
15   * software distributed under the License is distributed on an
16   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
17   * KIND, either express or implied.  See the License for the
18   * specific language governing permissions and limitations
19   * under the License.
20   */
21  import java.security.NoSuchAlgorithmException;
22  
23  import org.apache.avalon.framework.activity.Disposable;
24  import org.apache.avalon.framework.configuration.Configurable;
25  import org.apache.avalon.framework.configuration.Configuration;
26  import org.apache.avalon.framework.configuration.ConfigurationException;
27  import org.apache.avalon.framework.logger.AbstractLogEnabled;
28  import org.apache.avalon.framework.service.ServiceException;
29  import org.apache.avalon.framework.service.ServiceManager;
30  import org.apache.avalon.framework.service.Serviceable;
31  import org.apache.fulcrum.crypto.CryptoAlgorithm;
32  import org.apache.fulcrum.crypto.CryptoService;
33  import org.apache.fulcrum.security.entity.User;
34  import org.apache.fulcrum.security.util.DataBackendException;
35  
36  /**
37   * This class authenticates using the Fulcrum Crypto service a user and their
38   * password
39   * 
40   * avalon.component name="crypto-authenticator"
41   * avalon.service  type="org.apache.fulcrum.security.authenticator.Authenticator"
42   *
43   * @author <a href="mailto:epugh@upstate.com">Eric Pugh</a>
44   * @version $Id$
45   *                
46   */
47  public class CryptoAuthenticator extends AbstractLogEnabled implements Authenticator, Serviceable, Disposable, Configurable
48  {
49      boolean composed = false;
50      protected CryptoService cryptoService = null;
51      private String algorithm;
52      private String cipher;
53  
54      /**
55       * Authenticate a user with the specified password. If authentication is
56       * successful the method returns true. If it fails, it returns false If
57       * there are any problems, an exception is thrown.
58       *
59       * @param user
60       *            a User object.
61       * @param password
62       *            the user supplied password.
63       * @exception DataBackendException
64       *                if there is a problem accessing the storage.
65       */
66      @Override
67      public boolean authenticate(User user, String password) throws DataBackendException
68      {
69          try
70          {
71              CryptoAlgorithm ca = cryptoService.getCryptoAlgorithm(algorithm);
72              ca.setCipher(cipher);
73              String output = ca.encrypt(password);
74              return output.equals(user.getPassword());
75          }
76          catch (NoSuchAlgorithmException e)
77          {
78              throw new DataBackendException(e.getMessage(), e);
79          }
80          catch (Exception ex)
81          {
82              throw new DataBackendException(ex.getMessage(), ex);
83          }
84      }
85  
86      // ---------------- Avalon Lifecycle Methods ---------------------
87      /* (non-Javadoc)
88       * @see org.apache.avalon.framework.configuration.Configurable#configure(org.apache.avalon.framework.configuration.Configuration)
89       */
90      @Override
91      public void configure(Configuration conf) throws ConfigurationException
92      {
93          algorithm = conf.getChild("algorithm").getValue();
94          cipher = conf.getChild("cipher").getValue();
95      }
96  
97      /* (non-Javadoc)
98       * @see org.apache.avalon.framework.service.Serviceable#service(org.apache.avalon.framework.service.ServiceManager)
99       */
100     @Override
101     public void service(ServiceManager manager) throws ServiceException
102     {
103         this.cryptoService = (CryptoService) manager.lookup(CryptoService.ROLE);
104     }
105 
106     /* (non-Javadoc)
107      * @see org.apache.avalon.framework.activity.Disposable#dispose()
108      */
109     @Override
110     public void dispose()
111     {
112         cryptoService = null;
113     }
114 }