Commit 31a192b3 authored by Derek DeMoro's avatar Derek DeMoro Committed by derek

Refactoring AuthorizationProvider.

git-svn-id: http://svn.igniterealtime.org/svn/repos/openfire/branches@8218 b35dd754-fafc-0310-a699-88a17e54d16e
parent de340f06
......@@ -13,7 +13,7 @@ package org.jivesoftware.openfire.ldap;
import org.jivesoftware.util.JiveGlobals;
import org.jivesoftware.openfire.sasl.AbstractAuthorizationProvider;
import org.jivesoftware.openfire.sasl.AuthorizationProvider;
import org.jivesoftware.openfire.sasl.AuthorizationPolicy;
import org.xmpp.packet.JID;
import javax.naming.directory.Attribute;
......@@ -38,7 +38,7 @@ import java.util.Enumeration;
*
* @author Jay Kline
*/
public class LdapAuthorizationProvider extends AbstractAuthorizationProvider implements AuthorizationProvider {
public class LdapAuthorizationProvider extends AbstractAuthorizationProvider implements AuthorizationPolicy {
private LdapManager manager;
private String usernameField;
......
......@@ -33,7 +33,7 @@ package org.jivesoftware.openfire.sasl;
*
* @author Jay Kline
*/
public abstract class AbstractAuthorizationPolicy implements AuthorizationProvider {
public abstract class AbstractAuthorizationPolicy implements AuthorizationPolicy {
/**
* Returns true if the principal is explicity authorized to the JID
......@@ -44,18 +44,6 @@ public abstract class AbstractAuthorizationPolicy implements AuthorizationProvid
*/
public abstract boolean authorize(String username, String principal);
/**
* Returns the short name of the Policy
*
* @return The short name of the Policy
*/
public abstract String name();
/**
* Returns a description of the Policy
*
* @return The description of the Policy.
*/
public abstract String description();
}
\ No newline at end of file
......@@ -36,7 +36,7 @@ import java.util.Collection;
*
* @author Jay Kline
*/
public abstract class AbstractAuthorizationProvider implements AuthorizationProvider {
public abstract class AbstractAuthorizationProvider implements AuthorizationPolicy {
/**
* Returns true if the principal is explicity authorized to the JID
......
......@@ -42,8 +42,8 @@ import java.util.StringTokenizer;
*/
public class AuthorizationManager {
private static ArrayList<AuthorizationProvider> providers =
new ArrayList<AuthorizationProvider>();
private static ArrayList<AuthorizationPolicy> providers =
new ArrayList<AuthorizationPolicy>();
private static AuthorizationManager instance = new AuthorizationManager();
static {
......@@ -54,8 +54,8 @@ public class AuthorizationManager {
String s_provider = st.nextToken();
try {
Class c_provider = ClassUtils.forName(s_provider);
AuthorizationProvider provider =
(AuthorizationProvider) (c_provider.newInstance());
AuthorizationPolicy provider =
(AuthorizationPolicy) (c_provider.newInstance());
Log.debug("AuthorizationManager: Loaded " + s_provider);
providers.add(provider);
} catch (Exception e) {
......@@ -81,7 +81,7 @@ public class AuthorizationManager {
*
* @return the current AuthorizationProvider.
*/
public static Collection<AuthorizationProvider> getAuthorizationProviders() {
public static Collection<AuthorizationPolicy> getAuthorizationProviders() {
return providers;
}
......@@ -102,7 +102,7 @@ public class AuthorizationManager {
*/
public static boolean authorize(String authorId, String authenId) {
for (AuthorizationProvider ap : providers) {
for (AuthorizationPolicy ap : providers) {
if (ap.authorize(authorId, authenId)) {
return true;
}
......
......@@ -12,17 +12,17 @@
package org.jivesoftware.openfire.sasl;
/**
* This is the interface the AuthorizationManager uses to
* conduct authorizations.
*
* Users that wish to integrate with their own authorization
* system must implement this interface, and are strongly
* This is the interface the AuthorizationManager uses to
* conduct authorizations.
* <p/>
* Users that wish to integrate with their own authorization
* system must implement this interface, and are strongly
* encouraged to extend either the AbstractAuthoriationPolicy
* or the AbstractAuthorizationProvider classes which allow
* the admin console manage the classes more effectively.
* Register the class with Openfire in the <tt>openfire.xml</tt>
* file. An entry in that file would look like the following:
*
* <p/>
* <pre>
* &lt;provider&gt;
* &lt;authorizationpolicy&gt;
......@@ -32,15 +32,28 @@ package org.jivesoftware.openfire.sasl;
*
* @author Jay Kline
*/
public interface AuthorizationProvider {
public interface AuthorizationPolicy {
/**
* Returns true if the principal is explicity authorized to the JID
*
* @param username The username requested.
* @param username The username requested.
* @param principal The principal requesting the username.
* @return true is the user is authorized to be principal
*/
public boolean authorize(String username, String principal);
/**
* Returns the short name of the Policy
*
* @return The short name of the Policy
*/
public abstract String name();
/**
* Returns a description of the Policy
*
* @return The description of the Policy.
*/
public abstract String description();
}
\ No newline at end of file
......@@ -22,8 +22,7 @@ import org.jivesoftware.openfire.XMPPServer;
*
* @author Jay Kline
*/
public class DefaultAuthorizationPolicy extends AbstractAuthorizationPolicy
implements AuthorizationProvider {
public class DefaultAuthorizationPolicy implements AuthorizationPolicy {
private String serverName;
......
......@@ -30,7 +30,7 @@ import java.util.Collection;
* @author Jay Kline
*/
public class DefaultAuthorizationProvider extends AbstractAuthorizationProvider
implements AuthorizationProvider {
implements AuthorizationPolicy {
private static final String MATCH_AUTHORIZED =
"SELECT username FROM jiveSASLAuthorized WHERE username=? AND authorized=?";
......
......@@ -12,24 +12,24 @@
package org.jivesoftware.openfire.sasl;
/**
* This policy will authorize any principal who's username matches exactly
* the username of the JID. This means when cross realm authentication is
* This policy will authorize any principal who's username matches exactly
* the username of the JID. This means when cross realm authentication is
* allowed, user@REALM_A.COM and user@REALM_B.COM could both authorize as
* user@servername, so there is some risk here. But if usernames across the
*
* @author Jay Kline
*/
public class LazyAuthorizationPolicy extends AbstractAuthorizationPolicy implements AuthorizationProvider {
public class LooseAuthorizationPolicy implements AuthorizationPolicy {
/**
* Returns true if the principal is explicity authorized to the JID
*
* @param username The username requested.
* @param username The username requested.
* @param principal The principal requesting the username.
* @return true is the user is authorized to be principal
*/
public boolean authorize(String username, String principal) {
return (principal.startsWith(username+"@"));
return (principal.startsWith(username + "@"));
}
/**
......@@ -38,7 +38,7 @@ public class LazyAuthorizationPolicy extends AbstractAuthorizationPolicy impleme
* @return The short name of the Policy
*/
public String name() {
return "Lazy";
return "Loose Authorization Policy";
}
/**
......
......@@ -15,31 +15,31 @@ import org.jivesoftware.util.JiveGlobals;
/**
* This policy will authorize any principal who:
*
* <li> Username of principal matches exactly the username of the JID </li>
* <li> The user principal's realm matches exactly the realm of the server.</li>
* Note that the realm may not match the servername, and in fact for this
* policy to be useful it will not match the servername. RFC3920 Section
* <p/>
* <li> Username of principal matches exactly the username of the JID </li>
* <li> The user principal's realm matches exactly the realm of the server.</li>
* Note that the realm may not match the servername, and in fact for this
* policy to be useful it will not match the servername. RFC3920 Section
* 6.1, item 7 states that if the principal (authorization entity) is the
* same as the JID (initiating entity), its MUST NOT provide an authorization
* identity. In practice however, GSSAPI will provide both. (Note: Ive
* identity. In practice however, GSSAPI will provide both. (Note: Ive
* not done extensive testing on this)
*
* @author Jay Kline
*/
public class StrictAuthorizationPolicy extends AbstractAuthorizationPolicy implements AuthorizationProvider {
public class StrictAuthorizationPolicy implements AuthorizationPolicy {
/**
* Returns true if the principal is explicity authorized to the JID
*
* @param username The username requested.
* @param username The username requested.
* @param principal The principal requesting the username.
* @return true is the user is authorized to be principal
*/
public boolean authorize(String username, String principal) {
return (principal.equals(username+"@"+JiveGlobals.getXMLProperty("sasl.realm")));
return (principal.equals(username + "@" + JiveGlobals.getXMLProperty("sasl.realm")));
}
/**
* Returns the short name of the Policy
*
......@@ -48,7 +48,7 @@ public class StrictAuthorizationPolicy extends AbstractAuthorizationPolicy imple
public String name() {
return "Strict Policy";
}
/**
* Returns a description of the Policy
*
......
......@@ -36,7 +36,7 @@ import java.util.Collection;
*
* @author Jay Kline
*/
public class UnixK5LoginProvider extends AbstractAuthorizationProvider implements AuthorizationProvider {
public class UnixK5LoginProvider extends AbstractAuthorizationProvider implements AuthorizationPolicy {
/**
* Returns true if the principal is explicity authorized to the JID
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment