1 package org.apache.fulcrum.security.authenticator; 2 3 /* 4 * Licensed to the Apache Software Foundation (ASF) under one 5 * or more contributor license agreements. See the NOTICE file 6 * distributed with this work for additional information 7 * regarding copyright ownership. The ASF licenses this file 8 * to you under the Apache License, Version 2.0 (the 9 * "License"); you may not use this file except in compliance 10 * with the License. You may obtain a copy of the License at 11 * 12 * http://www.apache.org/licenses/LICENSE-2.0 13 * 14 * Unless required by applicable law or agreed to in writing, 15 * software distributed under the License is distributed on an 16 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 17 * KIND, either express or implied. See the License for the 18 * specific language governing permissions and limitations 19 * under the License. 20 */ 21 import org.apache.avalon.framework.logger.AbstractLogEnabled; 22 import org.apache.fulcrum.security.entity.User; 23 import org.apache.fulcrum.security.util.DataBackendException; 24 25 /** 26 * This class authenticates by doing a plain text match of the user's passwords. 27 * Very insecure! 28 * 29 * avalon.component name="textmatch-authenticator" avalon.service 30 * type="org.apache.fulcrum.security.authenticator.Authenticator" 31 * 32 * @author <a href="mailto:epugh@upstate.com">Eric Pugh</a> 33 * @version $Id$ 34 * 35 */ 36 public class TextMatchAuthenticator extends AbstractLogEnabled implements Authenticator { 37 /** 38 * Authenticate an username with the specified password. Returns true if the 39 * user password plain text matches the passed in password. 40 * 41 * @param user object 42 * @param password the user supplied password. 43 * @exception DataBackendException if there is a problem accessing the storage. 44 */ 45 @Override 46 public boolean authenticate(User user, String password) throws DataBackendException { 47 if (user == null) { 48 return false; 49 } 50 51 String referenced = user.getPassword() == null ? "" : user.getPassword().trim(); 52 String tested = password == null ? "" : password.trim(); 53 return referenced.equals(tested); 54 } 55 }