org.w3c.jigsaw.auth
Class GenericAuthFilter

java.lang.Object
  org.w3c.tools.resources.AttributeHolder
      org.w3c.tools.resources.Resource
          org.w3c.tools.resources.FramedResource
              org.w3c.tools.resources.ResourceFrame
                  org.w3c.tools.resources.ResourceFilter
                      org.w3c.jigsaw.auth.AuthFilter
                          org.w3c.jigsaw.auth.GenericAuthFilter

All Implemented Interfaces:

java.lang.Cloneable, java.util.EventListener, AttributeChangedListener, FrameEventListener, FilterInterface

public class GenericAuthFilter
extends AuthFilter

GenericAuthFilter provides for both IP and basic authentication. This is really a first implementation. It looses on several points:

• AuthUser instances, being a subclass of resource dump their classes along with their attributes, although here we know that they will all be instances of AuthUser.
• The way the ipmatcher is maintained doesn't make much sense.
• The way groups are handled is no good.
• The SimpleResourceStore is not an adequat store for the user database, it should rather use the jdbmResourceStore (not written yet).

However, this provides for the basic functionnalities.

Field Summary

protected static int	ATTR_ALLOWED_GROUPS Attribute index - The list of allowed groups.
protected static int	ATTR_ALLOWED_USERS Attribute index - The list of allowed users.
protected RealmsCatalog	catalog The catalog of realms that make our scope.
protected HttpChallenge	challenge The challenge to issue to any client for Basic Authentication.
protected IPMatcher	ipmatcher The IPMatcher to match IP templates to user records.
protected java.lang.String	loaded_realm The nam of the realm we cache in realm.
protected ResourceReference	rr_realm Our associated realm.

Fields inherited from class org.w3c.jigsaw.auth.AuthFilter

ATTR_METHODS, ATTR_PRIVATE_CACHABILITY, ATTR_PUBLIC_CACHABILITY, ATTR_REALM, ATTR_SHARED_CACHABILITY, STATE_AUTHCONTEXT, STATE_AUTHTYPE, STATE_AUTHUSER

Fields inherited from class org.w3c.tools.resources.ResourceFrame

filterClass, frameListener, resource

Fields inherited from class org.w3c.tools.resources.FramedResource

ATTR_OID, attrListener, debugEvent, event_disabled, framesRef, structListener

Fields inherited from class org.w3c.tools.resources.Resource

ATTR_CONTEXT, ATTR_HELP_URL, ATTR_IDENTIFIER, ATTR_LAST_MODIFIED, ATTR_PARENT, ATTR_RESOURCE_FRAMES, ATTR_STORE_ENTRY, ATTR_URL, co, id

Fields inherited from class org.w3c.tools.resources.AttributeHolder

attributes, values

Constructor Summary

GenericAuthFilter()

Method Summary

protected void	acquireRealm() Get a pointer to our realm, and initialize our ipmatcher.
void	authenticate(Request request) Authenticate the given request.
protected ResourceReference	checkBasicAuth(org.w3c.jigsaw.auth.BasicAuthContext ctxt) Check the given Basic context against our database.
protected boolean	checkRealm() Check that our realm does exist.
protected boolean	checkUser(AuthUser user) Is this user allowed in the realm ? First check in the list of allowed users (if any), than in the list of allowed groups (if any).
java.lang.String[]	getAllowedGroups() Get the list of allowed groups.
java.lang.String[]	getAllowedUsers() Get the list of allowed users.
void	initialize(java.lang.Object[] values) Initialize the filter.
ResourceReference	lookupUser(java.net.InetAddress ipaddr) Lookup a user by its IP address.
ResourceReference	lookupUser(java.lang.String name) Lookup a user by its name.
void	setValue(int idx, java.lang.Object value) Catch set value on the realm, to maintain cached values.

Methods inherited from class org.w3c.jigsaw.auth.AuthFilter

getMethods, getPrivateCachability, getPublicCachability, getRealm, getSharedCachability, lookup, outgoingFilter

Methods inherited from class org.w3c.tools.resources.ResourceFilter

exceptionFilter, getTargetResource, ingoingFilter, ingoingFilter, initialize, outgoingFilter, outputFilter, pickleValues

Methods inherited from class org.w3c.tools.resources.ResourceFrame

addFrameEventListener, attributeChanged, checkRequest, eventDisabled, fireFrameEvent, frameModified, getFilters, getFilters, getFrameReference, getResource, getResourceReference, getSpaceEntry, getURLPath, lookupFilters, lookupFrames, perform, postFrameEvent, processEvent, registerResource, removeFrameEventListener, unregisterResource, updateDefaultChildAttributes

Methods inherited from class org.w3c.tools.resources.FramedResource

addAttributeChangedListener, addStructureChangedListener, collectFramesReference, delete, disableEvent, displayEvent, enableEvent, fireAttributeChangeEvent, fireStructureChangedEvent, fireStructureChangedEvent, frameAdded, frameRemoved, getClone, getFrame, getFrame, getFrameReference, getFrameReference, getFramesReference, getOid, markModified, notifyUnload, performFrames, postAttributeChangeEvent, postEvent, postStructureChangedEvent, postStructureChangedEvent, registerFrame, registerFrameIfNone, removeAttributeChangedListener, removeStructureChangedListener, setSilentValue, setSilentValue, unregisterFrame

Methods inherited from class org.w3c.tools.resources.Resource

acceptUnload, checkMultipleLock, collectFrames, getContext, getFrame, getFrames, getHelpURL, getHelpURL, getIdentifier, getLastModified, getParent, getServer, getSpace, getStoreEntry, getValue, getValue, isInitialized, isUnloaded, setContext, setContext, setValue, unsafeGetContext, unsafeGetFrame, unsafeGetFrames, unsafeGetIdentifier, unsafeGetResourceReference, unsafeGetURLPath, unsafeGetValue, updateAttributes

Methods inherited from class org.w3c.tools.resources.AttributeHolder

definesAttribute, definesAttribute, getAttributes, getBoolean, getChar, getClone, getClone, getDouble, getFloat, getInt, getLong, getString, getValue, lookupAttribute, print, setBoolean, setChar, setDouble, setFloat, setInt, setLong, setString, setValue, unsafeDefinesAttribute, unsafeGetDouble, unsafeGetString

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

ATTR_ALLOWED_USERS

protected static int ATTR_ALLOWED_USERS

Attribute index - The list of allowed users.

ATTR_ALLOWED_GROUPS

protected static int ATTR_ALLOWED_GROUPS

Attribute index - The list of allowed groups.

ipmatcher

protected IPMatcher ipmatcher

The IPMatcher to match IP templates to user records.

catalog

protected RealmsCatalog catalog

The catalog of realms that make our scope.

rr_realm

protected ResourceReference rr_realm

Our associated realm.

loaded_realm

protected java.lang.String loaded_realm

The nam of the realm we cache in realm.

challenge

protected HttpChallenge challenge

The challenge to issue to any client for Basic Authentication.

Constructor Detail

GenericAuthFilter

public GenericAuthFilter()

Method Detail

acquireRealm

protected void acquireRealm()

Get a pointer to our realm, and initialize our ipmatcher.

checkRealm

protected boolean checkRealm()

Check that our realm does exist. Otherwise we are probably being initialized, and we don't authenticate yet.

Returns:

A boolean true if realm can be initialized.

getAllowedUsers

public java.lang.String[] getAllowedUsers()

Get the list of allowed users.

getAllowedGroups

public java.lang.String[] getAllowedGroups()

Get the list of allowed groups.

lookupUser

public ResourceReference lookupUser(java.net.InetAddress ipaddr)

Lookup a user by its IP address.

Parameters:

ipaddr - The IP address to look for.

Returns:

An AuthUser instance or null.

lookupUser

public ResourceReference lookupUser(java.lang.String name)

Lookup a user by its name.

Parameters:

name - The user's name.

Returns:

An AuthUser instance, or null.

checkBasicAuth

protected ResourceReference checkBasicAuth(org.w3c.jigsaw.auth.BasicAuthContext ctxt)

Check the given Basic context against our database.

Parameters:

ctxt - The basic auth context to check.

Returns:

A AuthUser instance if check succeeded, null otherwise.

checkUser

protected boolean checkUser(AuthUser user)

Is this user allowed in the realm ? First check in the list of allowed users (if any), than in the list of allowed groups (if any). If no allowed users or allowed groups are defined, than simply check for the existence of this user.

Returns:

A boolean true if access allowed.

setValue

public void setValue(int idx,
                     java.lang.Object value)

Catch set value on the realm, to maintain cached values.

Overrides:

setValue in class ResourceFrame

Parameters:

idx - The index of the attribute to modify.

value - The new attribute value.

authenticate

public void authenticate(Request request)
                  throws ProtocolException

Authenticate the given request. We first check for valid authentication information. If no authentication is provided, than we try to map the IP address to some of the ones we know about. If the IP address is not found, we challenge the client for a password.

If the IP address is found, than either our user entry requires an extra password step (in wich case we challenge it), or simple IP based authentication is enough, so we allow the request.

Overrides:

authenticate in class AuthFilter

Parameters:

request - The request to be authentified.

Throws:

ProtocolException - if authentication failed

initialize

public void initialize(java.lang.Object[] values)

Initialize the filter.

Overrides:

initialize in class FramedResource

Parameters:

values - Default attribute values.