/** * $RCSfile$ * $Revision: 1116 $ * $Date: 2005-03-10 20:18:08 -0300 (Thu, 10 Mar 2005) $ * * Copyright (C) 2004 Jive Software. All rights reserved. * * This software is published under the terms of the GNU Public License (GPL), * a copy of which is included in this distribution. */ package org.jivesoftware.openfire.auth; import org.jivesoftware.openfire.user.UserNotFoundException; import org.jivesoftware.database.DbConnectionManager; import org.jivesoftware.util.Log; import org.jivesoftware.util.JiveGlobals; import org.jivesoftware.openfire.XMPPServer; import java.sql.*; /** * Default AuthProvider implementation. It authenticates against the <tt>jiveUser</tt> * database table and supports plain text and digest authentication. * * Because each call to authenticate() makes a database connection, the * results of authentication should be cached whenever possible. * * @author Matt Tucker */ public class DefaultAuthProvider implements AuthProvider { private static final String LOAD_PASSWORD = "SELECT password,encryptedPassword FROM jiveUser WHERE username=?"; private static final String UPDATE_PASSWORD = "UPDATE jiveUser SET password=?, encryptedPassword=? WHERE username=?"; /** * Constructs a new DefaultAuthProvider. */ public DefaultAuthProvider() { } public void authenticate(String username, String password) throws UnauthorizedException { if (username == null || password == null) { throw new UnauthorizedException(); } username = username.trim().toLowerCase(); if (username.contains("@")) { // Check that the specified domain matches the server's domain int index = username.indexOf("@"); String domain = username.substring(index + 1); if (domain.equals(XMPPServer.getInstance().getServerInfo().getName())) { username = username.substring(0, index); } else { // Unknown domain. Return authentication failed. throw new UnauthorizedException(); } } try { if (!password.equals(getPassword(username))) { throw new UnauthorizedException(); } } catch (UserNotFoundException unfe) { throw new UnauthorizedException(); } // Got this far, so the user must be authorized. } public void authenticate(String username, String token, String digest) throws UnauthorizedException { if (username == null || token == null || digest == null) { throw new UnauthorizedException(); } username = username.trim().toLowerCase(); if (username.contains("@")) { // Check that the specified domain matches the server's domain int index = username.indexOf("@"); String domain = username.substring(index + 1); if (domain.equals(XMPPServer.getInstance().getServerInfo().getName())) { username = username.substring(0, index); } else { // Unknown domain. Return authentication failed. throw new UnauthorizedException(); } } try { String password = getPassword(username); String anticipatedDigest = AuthFactory.createDigest(token, password); if (!digest.equalsIgnoreCase(anticipatedDigest)) { throw new UnauthorizedException(); } } catch (UserNotFoundException unfe) { throw new UnauthorizedException(); } // Got this far, so the user must be authorized. } public boolean isPlainSupported() { return true; } public boolean isDigestSupported() { return true; } public String getPassword(String username) throws UserNotFoundException { if (!supportsPasswordRetrieval()) { // Reject the operation since the provider is read-only throw new UnsupportedOperationException(); } Connection con = null; PreparedStatement pstmt = null; if (username.contains("@")) { // Check that the specified domain matches the server's domain int index = username.indexOf("@"); String domain = username.substring(index + 1); if (domain.equals(XMPPServer.getInstance().getServerInfo().getName())) { username = username.substring(0, index); } else { // Unknown domain. throw new UserNotFoundException(); } } try { con = DbConnectionManager.getConnection(); pstmt = con.prepareStatement(LOAD_PASSWORD); pstmt.setString(1, username); ResultSet rs = pstmt.executeQuery(); if (!rs.next()) { throw new UserNotFoundException(username); } String plainText = rs.getString(1); String encrypted = rs.getString(2); if (encrypted != null) { try { return AuthFactory.decryptPassword(encrypted); } catch (UnsupportedOperationException uoe) { // Ignore and return plain password instead. } } return plainText; } catch (SQLException sqle) { throw new UserNotFoundException(sqle); } finally { try { if (pstmt != null) pstmt.close(); } catch (Exception e) { Log.error(e); } try { if (con != null) con.close(); } catch (Exception e) { Log.error(e); } } } public void setPassword(String username, String password) throws UserNotFoundException { // Determine if the password should be stored as plain text or encrypted. boolean usePlainPassword = JiveGlobals.getBooleanProperty("user.usePlainPassword"); String encryptedPassword = null; if (username.contains("@")) { // Check that the specified domain matches the server's domain int index = username.indexOf("@"); String domain = username.substring(index + 1); if (domain.equals(XMPPServer.getInstance().getServerInfo().getName())) { username = username.substring(0, index); } else { // Unknown domain. throw new UserNotFoundException(); } } if (!usePlainPassword) { try { encryptedPassword = AuthFactory.encryptPassword(password); // Set password to null so that it's inserted that way. password = null; } catch (UnsupportedOperationException uoe) { // Encryption may fail. In that case, ignore the error and // the plain password will be stored. } } Connection con = null; PreparedStatement pstmt = null; try { con = DbConnectionManager.getConnection(); pstmt = con.prepareStatement(UPDATE_PASSWORD); if (password == null) { pstmt.setNull(1, Types.VARCHAR); } else { pstmt.setString(1, password); } if (encryptedPassword == null) { pstmt.setNull(2, Types.VARCHAR); } else { pstmt.setString(2, encryptedPassword); } pstmt.setString(3, username); pstmt.executeUpdate(); } catch (SQLException sqle) { throw new UserNotFoundException(sqle); } finally { try { if (pstmt != null) pstmt.close(); } catch (Exception e) { Log.error(e); } try { if (con != null) con.close(); } catch (Exception e) { Log.error(e); } } } public boolean supportsPasswordRetrieval() { return true; } }