DefaultAuthProvider.java 2.86 KB
Newer Older
1 2 3 4 5 6 7 8 9 10 11 12 13
/**
 * $RCSfile$
 * $Revision: 1116 $
 * $Date: 2005-03-10 20:18:08 -0300 (Thu, 10 Mar 2005) $
 *
 * Copyright (C) 2004 Jive Software. All rights reserved.
 *
 * This software is published under the terms of the GNU Public License (GPL),
 * a copy of which is included in this distribution.
 */

package org.jivesoftware.wildfire.auth;

14 15
import org.jivesoftware.wildfire.user.UserNotFoundException;
import org.jivesoftware.wildfire.user.DefaultUserProvider;
16 17 18 19 20 21 22 23 24 25 26 27

/**
 * Default AuthProvider implementation. It authenticates against the <tt>jiveUser</tt>
 * database table and supports plain text and digest authentication.
 *
 * Because each call to authenticate() makes a database connection, the
 * results of authentication should be cached whenever possible.
 *
 * @author Matt Tucker
 */
public class DefaultAuthProvider implements AuthProvider {

28 29 30 31 32 33 34 35 36 37 38 39 40
    private DefaultUserProvider userProvider;

    /**
     * Constructs a new DefaultAuthProvider.
     */
    public DefaultAuthProvider() {
        // Create a new default user provider since we need it to get the
        // user's password. We always create our own user provider because
        // we don't know what user provider is configured for the system and
        // the contract of this class is to authenticate against the jiveUser
        // database table.
        userProvider = new DefaultUserProvider();
    }
41 42 43 44 45 46 47

    public void authenticate(String username, String password) throws UnauthorizedException {
        if (username == null || password == null) {
            throw new UnauthorizedException();
        }
        username = username.trim().toLowerCase();
        try {
48
            if (!password.equals(userProvider.getPassword(username))) {
49 50 51
                throw new UnauthorizedException();
            }
        }
52
        catch (UserNotFoundException unfe) {
53 54 55 56 57 58 59 60 61 62 63
            throw new UnauthorizedException();
        }
        // Got this far, so the user must be authorized.
    }

    public void authenticate(String username, String token, String digest) throws UnauthorizedException {
        if (username == null || token == null || digest == null) {
            throw new UnauthorizedException();
        }
        username = username.trim().toLowerCase();
        try {
64 65
            String password = userProvider.getPassword(username);
            String anticipatedDigest = AuthFactory.createDigest(token, password);
66 67 68 69
            if (!digest.equalsIgnoreCase(anticipatedDigest)) {
                throw new UnauthorizedException();
            }
        }
70
        catch (UserNotFoundException unfe) {
71 72 73 74 75 76 77 78 79 80 81 82 83
            throw new UnauthorizedException();
        }
        // Got this far, so the user must be authorized.
    }

    public boolean isPlainSupported() {
        return true;
    }

    public boolean isDigestSupported() {
        return true;
    }
}