org.cdlib.xtf.dynaXML
Class Authenticator

Object
  Authenticator

 class Authenticator
extends Object

Performs all authentication tasks for the servlet, including IP-based, LDAP, and external authentication.

Nested Class Summary

private class	Authenticator.AllAuthSpec Allow or deny all access
private class	Authenticator.AuthSpec Holds information on a particular authorization specification
private class	Authenticator.ExternalAuthSpec Allow or deny based on an external login page
private class	Authenticator.IPAuthSpec Allow or deny based on whether requestor's IP address is in the specified list.
private class	Authenticator.IpListCache This class is used to cache IP maps so we don't have to load the same ones over and over.
private class	Authenticator.LdapAuthSpec Allow or deny based on looking up an entry in an LDAP database.

Field Summary

private StringCache	authCache Caches authorized session IDs
private DynaXMLConfig	config Configuration info
private Authenticator.IpListCache	ipListCache Caches IP maps
private StringCache	loginCache Caches nonce values for external log-ins
private SecureRandom	secureRandom Used for generating random nonce values
private DynaXML	servlet Servlet to get dependencies from

Constructor Summary

Authenticator(DynaXML servlet)
Construct an authorizer, initializing all the caches.

Method Summary

private boolean	authExternal(Authenticator.ExternalAuthSpec spec, HttpServletRequest req, HttpServletResponse res) Uses an external login web page to authorize user access.
private void	authLdap(Authenticator.LdapAuthSpec spec, HttpServletRequest req, HttpServletResponse res) Uses an LDAP server to authorize user access with a username and password.
private static String	bytesToHex(byte[] bytes) Converts an array of bytes to the hex representation of them, two digits per byte and no spaces.
boolean	checkAuth(String ipAddr, Vector authSpecs, HttpServletRequest req, HttpServletResponse res) Based on a list of authentication specifications, checks if the current session is allowed to access this document.
void	clearCaches() Clears all the caches used by the authenticator.
private boolean	isEmpty(String s) Utility method to check if a string is null or ""
Authenticator.AuthSpec	processAuthTag(EasyNode el) Creates an AuthSpec from an 'auth' element produced by the docReqParser stylesheet.

Methods inherited from class Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

secureRandom

private SecureRandom secureRandom

Used for generating random nonce values

ipListCache

private Authenticator.IpListCache ipListCache

Caches IP maps

authCache

private StringCache authCache

Caches authorized session IDs

loginCache

private StringCache loginCache

Caches nonce values for external log-ins

servlet

private DynaXML servlet

Servlet to get dependencies from

config

private DynaXMLConfig config

Configuration info

Constructor Detail

Authenticator

public Authenticator(DynaXML servlet)

Construct an authorizer, initializing all the caches.

Parameters:

servlet - Servlet whose cache we will access

Method Detail

isEmpty

private boolean isEmpty(String s)

Utility method to check if a string is null or ""

processAuthTag

public Authenticator.AuthSpec processAuthTag(EasyNode el)
                                      throws DynaXMLException

Creates an AuthSpec from an 'auth' element produced by the docReqParser stylesheet. Parses the various parameters depending on the type.

Throws:

DynaXMLException

clearCaches

public void clearCaches()

Clears all the caches used by the authenticator.

authLdap

private void authLdap(Authenticator.LdapAuthSpec spec,
                      HttpServletRequest req,
                      HttpServletResponse res)
               throws Exception

Uses an LDAP server to authorize user access with a username and password. Name and password are gathered using the HTTP 'basic' authentication mechanism.

Parameters:

spec - The authorization spec containing details (server to connect to, what to look up, etc.)

req - The HTTP request (contains username and password)

res - The HTTP response (only used to re-request user auth)

Throws:

NoPermissionException - If permission isn't granted, or the browser must re-validate the password.

Exception - Communication or other miscellaneous problems.

authExternal

private boolean authExternal(Authenticator.ExternalAuthSpec spec,
                             HttpServletRequest req,
                             HttpServletResponse res)
                      throws Exception

Uses an external login web page to authorize user access. Redirects to an external login page and sends a 'nonce' value along with the redirect. Eventually the login gets back to our page with an encrypted version of the nonce so we can prevent spurious returns.

Parameters:

spec - The authorization spec containing URL to contact.

req - The HTTP request (contains nonce when we get the return from the authorization page).

res - The HTTP response

Returns:

true if granted, false if redirected

Throws:

NoPermissionException - If permission isn't granted.

Exception - For miscellaneous problems.

checkAuth

public boolean checkAuth(String ipAddr,
                         Vector authSpecs,
                         HttpServletRequest req,
                         HttpServletResponse res)
                  throws Exception

Based on a list of authentication specifications, checks if the current session is allowed to access this document. Handles IP-based, LDAP, and external authentication methods.

Parameters:

ipAddr - Real IP address of the requestor

authSpecs - List of authentication specifications (allow/deny), processed in order.

req - The HTTP request that was made

res - The HTTP response being generated

Returns:

true if ok, false to redirect.

Throws:

NoPermissionException - Authentication failed

Exception - Miscellaneous problems

bytesToHex

private static String bytesToHex(byte[] bytes)

Converts an array of bytes to the hex representation of them, two digits per byte and no spaces.

Parameters:

bytes - An array of bytes to convert

Returns:

A long string representing those bytes in hex form