UDDISecurityImpl.java

/*
 * Copyright 2001-2008 The Apache Software Foundation.
 * 
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 * 
 *      http://www.apache.org/licenses/LICENSE-2.0
 * 
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 *
 */

package org.apache.juddi.api.impl;

import java.util.Date;
import java.util.UUID;

import javax.jws.WebService;
import javax.persistence.EntityManager;
import javax.persistence.EntityTransaction;
import javax.xml.ws.WebServiceContext;

import org.uddi.api_v3.AuthToken;
import org.uddi.api_v3.DiscardAuthToken;
import org.uddi.api_v3.GetAuthToken;
import org.uddi.v3_service.DispositionReportFaultMessage;
import org.uddi.v3_service.UDDISecurityPortType;

import org.apache.juddi.api.util.QueryStatus;
import org.apache.juddi.api.util.SecurityQuery;
import org.apache.juddi.config.PersistenceManager;
import org.apache.juddi.mapping.MappingModelToApi;
import org.apache.juddi.model.Publisher;
import org.apache.juddi.v3.auth.Authenticator;
import org.apache.juddi.v3.auth.AuthenticatorFactory;
import org.apache.juddi.v3.error.ErrorMessage;
import org.apache.juddi.v3.error.UnknownUserException;

/**
 * This class implements the UDDI Security Service and basically handles all authentication requests
 * for jUDDI. These authentication requests are routed to the appropriately configured
 * authenticator for validation, then persisted in the database until they either
 * expire or are discarded.
 * @author <a href="mailto:jfaath@apache.org">Jeff Faath</a> (and many others)
 */
@WebService(serviceName="UDDISecurityService", 
			endpointInterface="org.uddi.v3_service.UDDISecurityPortType",
			targetNamespace = "urn:uddi-org:api_v3_portType")
public class UDDISecurityImpl extends AuthenticatedService implements UDDISecurityPortType {

	public static final String AUTH_TOKEN_PREFIX = "authtoken:";
        private UDDIServiceCounter serviceCounter;

        public UDDISecurityImpl() {
            super();
            serviceCounter = ServiceCounterLifecycleResource.getServiceCounter(UDDISecurityImpl.class);
        }
        
        /**
         * used for unit tests only
         * @param ctx 
         */
        protected UDDISecurityImpl(WebServiceContext ctx) {
            super();
            this.ctx = ctx;
            serviceCounter = ServiceCounterLifecycleResource.getServiceCounter(UDDISecurityImpl.class);
        }
	
	public void discardAuthToken(DiscardAuthToken body)
			throws DispositionReportFaultMessage {
	        long startTime = System.currentTimeMillis();
	    
		EntityManager em = PersistenceManager.getEntityManager();
		EntityTransaction tx = em.getTransaction();
		try {
			tx.begin();
			
			this.getEntityPublisher(em, body.getAuthInfo());
			
			org.apache.juddi.model.AuthToken modelAuthToken = em.find(org.apache.juddi.model.AuthToken.class, body.getAuthInfo());
			if (modelAuthToken != null) {
				modelAuthToken.setLastUsed(new Date());
				modelAuthToken.setNumberOfUses(modelAuthToken.getNumberOfUses() + 1);
				modelAuthToken.setTokenState(AUTHTOKEN_RETIRED);
                                logger.info("AUDIT: AuthToken discarded for " + modelAuthToken.getAuthorizedName() + " from " + getRequestorsIPAddress());
			}
	
			tx.commit();
                        
                        long procTime = System.currentTimeMillis() - startTime;
                        serviceCounter.update(SecurityQuery.DISCARD_AUTHTOKEN, 
                                QueryStatus.SUCCESS, procTime);
                } catch (DispositionReportFaultMessage drfm) {
                    logger.info("AUDIT: AuthToken discard request aborted, issued from " + getRequestorsIPAddress());
                    long procTime = System.currentTimeMillis() - startTime;
                    serviceCounter.update(SecurityQuery.DISCARD_AUTHTOKEN, 
                            QueryStatus.FAILED, procTime);                      
                    throw drfm;                                                                                                 
		} finally {
			if (tx.isActive()) {
				tx.rollback();
			}
			em.close();
		}
	}


	public AuthToken getAuthToken(GetAuthToken body)
			throws DispositionReportFaultMessage {
            
                logger.info("AUDIT: AuthToken request for " + body.getUserID() + " from " + getRequestorsIPAddress());
		Authenticator authenticator = AuthenticatorFactory.getAuthenticator();
		
		String publisherId = authenticator.authenticate(body.getUserID(), body.getCred());
		
		return getAuthToken(publisherId);
	}
	
	public AuthToken getAuthToken(String publisherId) throws DispositionReportFaultMessage {
	        long startTime = System.currentTimeMillis();

		if (publisherId == null || publisherId.length() == 0)
			throw new UnknownUserException(new ErrorMessage("errors.auth.InvalidCredentials", publisherId));

		EntityManager em = PersistenceManager.getEntityManager();
		EntityTransaction tx = em.getTransaction();
		try {
			tx.begin();
			//Check if this publisher exists 
			Publisher publisher = em.find(Publisher.class, publisherId);
			if (publisher == null)
				throw new UnknownUserException(new ErrorMessage("errors.auth.InvalidCredentials", publisherId));

			// Generate auth token and store it!
			String authInfo = AUTH_TOKEN_PREFIX + UUID.randomUUID();
			org.apache.juddi.model.AuthToken modelAuthToken = new org.apache.juddi.model.AuthToken();
                        modelAuthToken.setAuthToken(authInfo);
                        modelAuthToken.setCreated(new Date());
                        modelAuthToken.setLastUsed(new Date());
                        modelAuthToken.setAuthorizedName(publisherId);
                        modelAuthToken.setNumberOfUses(0);
                        modelAuthToken.setTokenState(AUTHTOKEN_ACTIVE);
                        modelAuthToken.setIPAddress(this.getRequestorsIPAddress());
                        em.persist(modelAuthToken);

			org.uddi.api_v3.AuthToken apiAuthToken = new org.uddi.api_v3.AuthToken();

			MappingModelToApi.mapAuthToken(modelAuthToken, apiAuthToken);

			tx.commit();
                        logger.info("AUDIT: AuthToken issued for " + modelAuthToken.getAuthorizedName() + " from " + getRequestorsIPAddress());
	                long procTime = System.currentTimeMillis() - startTime;
	                serviceCounter.update(SecurityQuery.GET_AUTHTOKEN, 
	                        QueryStatus.SUCCESS, procTime);

			return apiAuthToken;
                } catch (DispositionReportFaultMessage drfm) {
                    long procTime = System.currentTimeMillis() - startTime;
                    serviceCounter.update(SecurityQuery.GET_AUTHTOKEN, 
                            QueryStatus.FAILED, procTime);                      
                    logger.info("AUDIT: AuthToken issue FAILED " + publisherId + " from " + getRequestorsIPAddress());
                    throw drfm;                                                                                                 
		} finally {
			if (tx.isActive()) {
				tx.rollback();
			}
			em.close();
		}
	}
}