Java tutorial
/** * Copyright (c) 2011-2012, Thilo Planz. All rights reserved. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU Affero General Public License as * published by the Free Software Foundation, either version 3 of the * License, or (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU Affero General Public License for more details. * * You should have received a copy of the GNU Affero General Public License * along with this program. If not, see <http://www.gnu.org/licenses/>. */ package v7db.auth; import java.util.Properties; import org.apache.commons.lang3.StringUtils; import com.mongodb.BasicDBObject; import com.mongodb.DBCollection; import com.mongodb.DBObject; import com.mongodb.Mongo; /** * An AuthenticationProvider that queries a MongoDB database for authentication * information (in a configurable way) * */ public class MongoAuthenticationProvider implements AuthenticationProvider { private final DBCollection collection; private final String username_field; private final String password_field; private String getRequiredProperty(Properties props, String name) { String v = props.getProperty(name); if (StringUtils.isBlank(v)) throw new IllegalArgumentException("MongoAuthenticationProvider: missing required parameter " + name); return v; } public MongoAuthenticationProvider(Mongo mongo, Properties props) { String dbName = props.getProperty("mongo.db"); collection = mongo.getDB(dbName).getCollection(getRequiredProperty(props, "auth.mongo.collection")); username_field = getRequiredProperty(props, "auth.mongo.username"); password_field = getRequiredProperty(props, "auth.mongo.password"); } public AuthenticationToken authenticate(String username, String password) { DBObject found = collection.findOne(new BasicDBObject(username_field, username), new BasicDBObject(password_field, true)); if (found == null) return null; if (!PasswordUtil.check(password.toCharArray(), found.get(password_field))) return null; return new AuthenticationToken(username); } }