org.structr.rest.auth.AuthHelper.java Source code

Java tutorial

Introduction

Here is the source code for org.structr.rest.auth.AuthHelper.java

Source

/**
 * Copyright (C) 2010-2016 Structr GmbH
 *
 * This file is part of Structr <http://structr.org>.
 *
 * Structr is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as
 * published by the Free Software Foundation, either version 3 of the
 * License, or (at your option) any later version.
 *
 * Structr is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with Structr.  If not, see <http://www.gnu.org/licenses/>.
 */
package org.structr.rest.auth;

import java.util.logging.Level;
import java.util.logging.Logger;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import org.apache.commons.lang3.StringUtils;
import org.structr.common.error.FrameworkException;
import org.structr.core.Services;
import org.structr.core.app.App;
import org.structr.core.app.Query;
import org.structr.core.app.StructrApp;
import org.structr.core.auth.exception.AuthenticationException;
import org.structr.core.entity.AbstractUser;
import org.structr.core.entity.Principal;
import org.structr.core.entity.SuperUser;
import org.structr.core.property.PropertyKey;
import org.structr.schema.action.Actions;

/**
 * Utility class for authentication
 *
 *
 */
public class AuthHelper {

    public static final String STANDARD_ERROR_MSG = "Wrong username or password, or user is blocked. Check caps lock. Note: Username is case sensitive!";
    private static final Logger logger = Logger.getLogger(AuthHelper.class.getName());

    //~--- get methods ----------------------------------------------------

    /**
     * Find a {@link Principal} for the given credential
     *
     * @param key
     * @param value
     * @return principal
     */
    public static <T> Principal getPrincipalForCredential(final PropertyKey<T> key, final T value) {

        if (value == null) {
            return null;
        }

        final App app = StructrApp.getInstance();

        final Query<Principal> query = app.nodeQuery(Principal.class).and(key, value);

        try {
            return query.getFirst();

        } catch (FrameworkException fex) {

            logger.log(Level.WARNING, "Error while searching for principal", fex);
        }

        return null;
    }

    /**
     * Find a {@link Principal} with matching password and given key or name
     *
     * @param key
     * @param value
     * @param password
     * @return principal
     * @throws AuthenticationException
     */
    public static Principal getPrincipalForPassword(final PropertyKey<String> key, final String value,
            final String password) throws AuthenticationException {

        String errorMsg = null;
        Principal principal = null;

        // FIXME: this might be slow, because the the property file needs to be read each time
        final String superuserName = StructrApp.getConfigurationValue(Services.SUPERUSER_USERNAME);
        final String superUserPwd = StructrApp.getConfigurationValue(Services.SUPERUSER_PASSWORD);

        if (superuserName.equals(value) && superUserPwd.equals(password)) {

            // logger.log(Level.INFO, "############# Authenticated as superadmin! ############");

            principal = new SuperUser();

        } else {

            try {

                principal = StructrApp.getInstance().nodeQuery(Principal.class).and().or(key, value)
                        .or(AbstractUser.name, value).getFirst();

                if (principal == null) {

                    logger.log(Level.INFO, "No principal found for {0} {1}", new Object[] { key.dbName(), value });

                    errorMsg = STANDARD_ERROR_MSG;

                } else {

                    if (principal.getProperty(Principal.blocked)) {

                        logger.log(Level.INFO, "Principal {0} is blocked", principal);

                        errorMsg = STANDARD_ERROR_MSG;

                    }

                    if (StringUtils.isEmpty(password)) {

                        logger.log(Level.INFO, "Empty password for principal {0}", principal);

                        errorMsg = "Empty password, should never happen here!";

                    } else {

                        // let Principal decide how to check password
                        if (!principal.isValidPassword(password)) {

                            errorMsg = STANDARD_ERROR_MSG;
                        }

                    }

                }

            } catch (FrameworkException fex) {

                fex.printStackTrace();

            }

        }

        if (errorMsg != null) {

            throw new AuthenticationException(errorMsg);
        }

        return principal;

    }

    /**
     * Find a {@link Principal} for the given session id
     *
     * @param sessionId
     * @return principal
     */
    public static Principal getPrincipalForSessionId(final String sessionId) {
        return getPrincipalForCredential(Principal.sessionIds, new String[] { sessionId });
    }

    public static void doLogin(final HttpServletRequest request, final Principal user) throws FrameworkException {

        HttpSession session = request.getSession(false);

        if (session == null) {
            session = SessionHelper.newSession(request);
        }

        SessionHelper.clearInvalidSessions(user);

        // We need a session to login a user
        if (session != null) {

            SessionHelper.clearSession(session.getId());
            user.addSessionId(session.getId());

            Actions.call(Actions.NOTIFICATION_LOGIN, user);
        }
    }

    public static void doLogout(final HttpServletRequest request, final Principal user) throws FrameworkException {

        final HttpSession session = request.getSession(false);

        // We need a session to logout a user
        if (session != null) {

            SessionHelper.clearSession(session.getId());

            SessionHelper.invalidateSession(session);

            Actions.call(Actions.NOTIFICATION_LOGOUT, user);

            try {
                request.logout();
                request.changeSessionId();
            } catch (Throwable t) {
            }

        }
    }

}