This project has retired. For details please refer to its Attic page.
XMLDocAuthenticator.java

XMLDocAuthenticator.java

/*
 * Copyright 2001-2008 The Apache Software Foundation.
 * 
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 * 
 *      http://www.apache.org/licenses/LICENSE-2.0
 * 
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 *
 */
package org.apache.juddi.v3.auth;

import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.net.URL;
import java.util.HashMap;
import java.util.Map;

import javax.persistence.EntityManager;
import javax.persistence.EntityTransaction;
import javax.xml.bind.JAXBContext;
import javax.xml.bind.JAXBElement;
import javax.xml.bind.JAXBException;
import javax.xml.bind.Unmarshaller;
import javax.xml.transform.stream.StreamSource;
import javax.xml.ws.WebServiceContext;

import org.apache.commons.configuration.ConfigurationException;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.juddi.ClassUtil;
import org.apache.juddi.config.AppConfig;
import org.apache.juddi.config.PersistenceManager;
import org.apache.juddi.config.Property;
import org.apache.juddi.model.Publisher;
import org.apache.juddi.model.UddiEntityPublisher;
import org.apache.juddi.v3.error.AuthenticationException;
import org.apache.juddi.v3.error.ErrorMessage;
import org.apache.juddi.v3.error.FatalErrorException;
import org.apache.juddi.v3.error.UnknownUserException;

/**
 * This is a simple implementation of jUDDI's Authenticator interface. The
 * credential store is simply an unencrypted xml document called 'juddi.users'
 * that can be found in jUDDI's config directory. Below is an example of what
 * you might find in this document.
 *
 * Example juddi.users document: =============================
 * <?xml version="1.0" encoding="UTF-8"?>
 * <juddi-users>
 * <user userid="sviens" password="password" />
 * <user userid="griddell" password="password" />
 * <user userid="bhablutzel" password="password" />
 * </juddi-users>
 *
 * @author Steve Viens (sviens@apache.org)
 * @author <a href="mailto:kstam@apache.org">Kurt T Stam</a>
 * @author <a href="mailto:jfaath@apache.org">Jeff Faath</a>
 */
public class XMLDocAuthenticator implements Authenticator {

        protected final static Log log = LogFactory.getLog(AuthenticatorFactory.class);
        /**
         * Container for the user credentials
         */
        Map<String, User> userTable;

        /**
         *
         */
        public XMLDocAuthenticator() throws JAXBException, IOException, ConfigurationException {
                readUserFile();
        }

        /**
         * an empty constructor
         */
        public XMLDocAuthenticator(boolean b) {

        }

        protected String getFilename() throws ConfigurationException {
                return AppConfig.getConfiguration().getString(Property.JUDDI_USERSFILE, Property.DEFAULT_XML_USERSFILE);
        }

        /**
         * Read user data from the juddi-users file.
         *
         * @throws IOException when the file cannot be opened JAXBException when
         * the content is malformed.
         * @throws ConfigurationException
         */
        public synchronized void readUserFile() throws JAXBException, IOException, ConfigurationException {

                userTable = new HashMap<String, User>();
                String usersFileName = getFilename();
                if (usersFileName == null || usersFileName.length() == 0) {
                        throw new ConfigurationException("usersFileName value is null!");
                }
                File file = new File(usersFileName);
                InputStream stream = null;
                try {
                        if (file.exists()) {
                                log.info("Reading jUDDI Users File: " + usersFileName + "...");
                                stream = new FileInputStream(file);
                        } else {
                                URL resource = ClassUtil.getResource(usersFileName, this.getClass());
                                if (resource != null) {
                                        log.info("Reading jUDDI Users File: " + usersFileName + "...from " + resource.toExternalForm());
                                } else {
                                        log.info("Reading jUDDI Users File: " + usersFileName + "...");
                                }
                                stream = ClassUtil.getResource(usersFileName, this.getClass()).openStream();
                        }
                        JAXBContext jaxbContext = JAXBContext.newInstance(JuddiUsers.class);
                        Unmarshaller unMarshaller = jaxbContext.createUnmarshaller();
                        JAXBElement<JuddiUsers> element = unMarshaller.unmarshal(new StreamSource(stream), JuddiUsers.class);
                        JuddiUsers users = element.getValue();
                        for (User user : users.getUser()) {
                                userTable.put(user.getUserid(), user);
                                log.debug("Loading user credentials for user: " + user.getUserid());
                        }
                } catch (IOException ex) {
                        log.warn("io exception", ex);
                } finally {
                        if (stream != null) {
                                stream.close();
                        }
                }
        }

        /**
         *
         * @param userID
         * @param credential
         */
        public String authenticate(String userID, String credential)
                throws AuthenticationException, FatalErrorException {
                // a userID must be specified.
                if (userID == null) {
                        throw new UnknownUserException(new ErrorMessage("errors.auth.InvalidUserId"));
                }

                // credential (password) must be specified.
                if (credential == null) {
                        throw new UnknownUserException(new ErrorMessage("errors.auth.InvalidCredentials"));
                }

                if (userTable.containsKey(userID)) {
                        User user = (User) userTable.get(userID);
                        if ((user.getPassword() == null) || (!credential.equals(user.getPassword()))) {
                                throw new UnknownUserException(new ErrorMessage("errors.auth.InvalidCredentials"));
                        }
                } else {
                        throw new UnknownUserException(new ErrorMessage("errors.auth.InvalidUserId", userID));
                }

                int MaxBindingsPerService = -1;
                int MaxServicesPerBusiness = -1;
                int MaxTmodels = -1;
                int MaxBusinesses = -1;
                try {
                        MaxBindingsPerService = AppConfig.getConfiguration().getInt(Property.JUDDI_MAX_BINDINGS_PER_SERVICE, -1);
                        MaxServicesPerBusiness = AppConfig.getConfiguration().getInt(Property.JUDDI_MAX_SERVICES_PER_BUSINESS, -1);
                        MaxTmodels = AppConfig.getConfiguration().getInt(Property.JUDDI_MAX_TMODELS_PER_PUBLISHER, -1);
                        MaxBusinesses = AppConfig.getConfiguration().getInt(Property.JUDDI_MAX_BUSINESSES_PER_PUBLISHER, -1);
                } catch (Exception ex) {
                        MaxBindingsPerService = -1;
                        MaxServicesPerBusiness = -1;
                        MaxTmodels = -1;
                        MaxBusinesses = -1;
                        log.error("config exception! " + userID, ex);
                }
                EntityManager em = PersistenceManager.getEntityManager();
                EntityTransaction tx = em.getTransaction();
                try {
                        tx.begin();
                        Publisher publisher = em.find(Publisher.class, userID);
                        if (publisher == null) {
                                log.warn("Publisher \"" + userID + "\" was not found in the database, adding the publisher in on the fly.");
                                publisher = new Publisher();
                                publisher.setAuthorizedName(userID);
                                publisher.setIsAdmin("false");
                                publisher.setIsEnabled("true");
                                publisher.setMaxBindingsPerService(MaxBindingsPerService);
                                publisher.setMaxBusinesses(MaxBusinesses);
                                publisher.setMaxServicesPerBusiness(MaxServicesPerBusiness);
                                publisher.setMaxTmodels(MaxTmodels);
                                publisher.setPublisherName("Unknown");
                                em.persist(publisher);
                                tx.commit();
                        }
                } finally {
                        if (tx.isActive()) {
                                tx.rollback();
                        }
                        em.close();
                }
                return userID;
        }

        @Override
        public UddiEntityPublisher identify(String authInfo, String authorizedName, WebServiceContext ctx) throws AuthenticationException {

                EntityManager em = PersistenceManager.getEntityManager();
                EntityTransaction tx = em.getTransaction();
                try {
                        tx.begin();
                        Publisher publisher = em.find(Publisher.class, authorizedName);
                        if (publisher == null) {
                                throw new UnknownUserException(new ErrorMessage("errors.auth.NoPublisher", authorizedName));
                        }

                        return publisher;
                } finally {
                        if (tx.isActive()) {
                                tx.rollback();
                        }
                        em.close();
                }

        }

}