LoginBasedVerifier xref

View Javadoc

1   /*
2    * Copyright (C) 2017-2019 Centre National d'Etudes Spatiales (CNES).
3    *
4    * This library is free software; you can redistribute it and/or
5    * modify it under the terms of the GNU Lesser General Public
6    * License as published by the Free Software Foundation; either
7    * version 3.0 of the License, or (at your option) any later version.
8    *
9    * This library is distributed in the hope that it will be useful,
10   * but WITHOUT ANY WARRANTY; without even the implied warranty of
11   * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
12   * Lesser General Public License for more details.
13   *
14   * You should have received a copy of the GNU Lesser General Public
15   * License along with this library; if not, write to the Free Software
16   * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
17   * MA 02110-1301  USA
18   */
19  package fr.cnes.doi.security;
20  
21  import fr.cnes.doi.db.AbstractUserRoleDBHelper;
22  import java.util.Base64;
23  
24  import org.apache.logging.log4j.LogManager;
25  import org.apache.logging.log4j.Logger;
26  import org.restlet.Request;
27  import org.restlet.Response;
28  import org.restlet.data.ChallengeResponse;
29  import org.restlet.data.ChallengeScheme;
30  import org.restlet.security.Verifier;
31  
32  import fr.cnes.doi.logging.business.JsonMessage;
33  import fr.cnes.doi.plugin.PluginFactory;
34  import fr.cnes.doi.db.IAuthenticationDBHelper;
35  import java.nio.charset.Charset;
36  
37  /**
38   * Security class for checking login/password.
39   *
40   * @author Jean-Christophe Malapert (jean-christophe.malapert@cnes.fr)
41   */
42  public class LoginBasedVerifier implements Verifier {
43  
44      /**
45       * Logger.
46       */
47      private static final Logger LOG = LogManager.getLogger(LoginBasedVerifier.class.getName());
48  
49      /**
50       * Authentication access instance.
51       */
52      private final IAuthenticationDBHelper authenticationService;
53  
54      /**
55       * Constructor.
56       */
57      public LoginBasedVerifier() {
58          this.authenticationService = PluginFactory.getAuthenticationSystem();
59      }
60  
61      /**
62       * Verifies the user name and his password.
63       *
64       * @param request request
65       * @param response response
66       * @return the result
67       */
68      @Override
69      public int verify(final Request request, final Response response) {
70          LOG.traceEntry(new JsonMessage(request));
71          final int result;
72          final ChallengeResponse challResponse = request.getChallengeResponse();
73  
74          if (challResponse == null) {
75              result = Verifier.RESULT_MISSING;
76          } else if (challResponse.getScheme().equals(ChallengeScheme.HTTP_OAUTH_BEARER)) {
77              result = Verifier.RESULT_MISSING;
78          } else {
79              result = processAuthentication(request, challResponse);
80          }
81          return LOG.traceExit(result);
82      }
83  
84      /**
85       * Process Authentication.
86       *
87       * @param request request
88       * @param challResponse authentication object
89       * @return the authentication status
90       */
91      private int processAuthentication(final Request request, final ChallengeResponse challResponse) {
92          LOG.traceEntry(new JsonMessage(request));
93          final int result;
94          final String login = challResponse.getRawValue();
95          LOG.debug("User from challenge response : " + login);
96  
97          if (login == null) {
98              return LOG.traceExit(Verifier.RESULT_MISSING);
99          }
100 
101         final String decodedLogin = new String(Base64.getDecoder().decode(login), Charset.
102                 defaultCharset());
103         final String[] userLogin = decodedLogin.split(":");
104 
105         final AbstractUserRoleDBHelper manageUsers = PluginFactory.getUserManagement();
106         if (manageUsers.isUserExist(userLogin[0])) {
107             result = authenticationService.authenticateUser(userLogin[0], userLogin[1])
108                     ? Verifier.RESULT_VALID : Verifier.RESULT_INVALID;
109         } else {
110             result = Verifier.RESULT_INVALID;
111         }
112         if (result == Verifier.RESULT_VALID) {
113             LOG.info("{} is authenticated, set it in get client info {}", userLogin[0], manageUsers.
114                     getRealm().findUser(userLogin[0]));
115             request.getClientInfo().setUser(manageUsers.getRealm().findUser(userLogin[0]));
116         }
117         return LOG.traceExit(result);
118     }
119 }