org.xmlBlaster.authentication.plugins.htpasswd
Class HtPasswd

java.lang.Object
  org.xmlBlaster.authentication.plugins.htpasswd.HtPasswd

public class HtPasswd

extends java.lang.Object

In xmlBlaster.properties add :
Security.Server.Plugin.htpasswd.secretfile=${user.home}${file.separator}xmlBlaster.htpasswd

Changes: astelzl@avitech.de
There can be three cases for authentication:

1. in xmlBlaster.properties the property Security.Server.Plugin.htpasswd.allowPartialUsername is true -> the user is authenticated with the right password and an username which begins with the specified username
2. allowPartialUsername is false -> the user is just authenticated if the username and password in the password file exactly equals the specifications at connection to the xmlBlaster
it is possible that the password file just contains a * instead of (username,password) tuples -> any username and password combination is authenticated Same if Security.Server.Plugin.htpasswd.secretfile=NONE

Changes: mr@marcelruff.info
Added simple authorization support.

NOTE: Currently the htpasswd file is reread every time a client logs in (see Session.java new HtPasswd()) we should change this to check the timestamp of the file. On client - reconnect there is no reload forced.

Switch on logging with: -logging/org.xmlBlaster.authentication.plugins.htpasswd FINEST

Author:

Cyrille Giquello 16/11/01 09:06

See Also:

The security.htpasswd requirement

Nested Class Summary

private class

HtPasswd.Container

Field Summary

protected int	ALLOW_PARTIAL_USERNAME
protected java.util.Hashtable	containerCache
private static boolean	first
private static boolean	firstWild
protected int	FULL_USERNAME
protected Global	glob
protected java.lang.String	htpasswdFilename
protected java.util.Hashtable	htpasswdMap
protected long	lastModified
private static java.util.logging.Logger	log
private static java.lang.String	ME
protected int	SWITCH_OFF
protected int	useFullUsername

Constructor Summary

HtPasswd(Global glob)
Check password 16/11/01 19:36 mad@ktaland.com

Method Summary

private boolean	checkDetailed(java.lang.String userPassword, java.util.Vector fileEncodedPass) Helper class for checkPassword in the case of startWith(username) -> here more usernames of the hashtable can be right
boolean	checkPassword(java.lang.String userName, java.lang.String userPassword) Check password
java.lang.String	getPasswdFileName()
boolean	isAuthorized(SessionHolder sessionHolder, DataHolder dataHolder) Check of MethodName is allowed to be invoked by user.
private static boolean	isSamePwd(java.lang.String userPassword, java.lang.String encoded) Helper class for checkPassword in the case of startWith(username) -> here more usernames of the hashtable can be right
private java.util.Vector	lookup(java.lang.String userName) Lookup userName in password file
static void	main(java.lang.String[] args)
(package private) boolean	readHtpasswordFile(java.lang.String htpasswdFilename) Read passwords file 16/11/01 20:42 mad@ktaland.com
void	reset()

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

ME

private static final java.lang.String ME

See Also:

Constant Field Values

glob

protected Global glob

log

private static java.util.logging.Logger log

ALLOW_PARTIAL_USERNAME

protected final int ALLOW_PARTIAL_USERNAME

See Also:

Constant Field Values

FULL_USERNAME

protected final int FULL_USERNAME

See Also:

Constant Field Values

SWITCH_OFF

protected final int SWITCH_OFF

See Also:

Constant Field Values

useFullUsername

protected int useFullUsername

htpasswdFilename

protected java.lang.String htpasswdFilename

htpasswdMap

protected java.util.Hashtable htpasswdMap

containerCache

protected java.util.Hashtable containerCache

lastModified

protected long lastModified

first

private static boolean first

firstWild

private static boolean firstWild

Constructor Detail

HtPasswd

public HtPasswd(Global glob)
         throws XmlBlasterException

Check password 16/11/01 19:36 mad@ktaland.com

Method Detail

checkDetailed

private boolean checkDetailed(java.lang.String userPassword,
                              java.util.Vector fileEncodedPass)

Helper class for checkPassword in the case of startWith(username) -> here more usernames of the hashtable can be right

Parameters:

userPassword - password in plaintext

fileEncodedPass - vector of passwords where usernames match with the specified beginning of an username

Returns:

true if any one matches

checkPassword

public boolean checkPassword(java.lang.String userName,
                             java.lang.String userPassword)
                      throws XmlBlasterException

Check password

Returns:

true The password is valid

Throws:

XmlBlasterException

lookup

private java.util.Vector lookup(java.lang.String userName)

Lookup userName in password file

Parameters:

userName -

Returns:

A list containing Container instances (matching the userName)

isAuthorized

public boolean isAuthorized(SessionHolder sessionHolder,
                            DataHolder dataHolder)

Check of MethodName is allowed to be invoked by user.

Parameters:

sessionHolder - The user

dataHolder - The method called

Returns:

true if is authorized, false if no access

readHtpasswordFile

boolean readHtpasswordFile(java.lang.String htpasswdFilename)
                     throws XmlBlasterException

Read passwords file 16/11/01 20:42 mad@ktaland.com

Returns:

true if file all readed & well formated

Throws:

XmlBlasterException

getPasswdFileName

public java.lang.String getPasswdFileName()

reset

public void reset()

isSamePwd

private static boolean isSamePwd(java.lang.String userPassword,
                                 java.lang.String encoded)

Helper class for checkPassword in the case of startWith(username) -> here more usernames of the hashtable can be right

Parameters:

userPassword - password in plaintext

Returns:

true if any one matches

main

public static void main(java.lang.String[] args)