[New] Requiring Usage when authenticating

2020-04-23 10:06:30 +02:00 · 2020-04-23 10:06:30 +02:00 · 984f6bff41
parent f6892ba964
commit 984f6bff41
8 changed files with 34 additions and 13 deletions
--- a/li.strolch.agent/src/main/java/li/strolch/runtime/privilege/DefaultStrolchPrivilegeHandler.java
+++ b/li.strolch.agent/src/main/java/li/strolch/runtime/privilege/DefaultStrolchPrivilegeHandler.java
@ -39,6 +39,7 @@ import li.strolch.privilege.handler.*;
 import li.strolch.privilege.helper.PrivilegeInitializationHelper;
 import li.strolch.privilege.model.Certificate;
 import li.strolch.privilege.model.PrivilegeContext;
+import li.strolch.privilege.model.Usage;
 import li.strolch.privilege.model.internal.PrivilegeContainerModel;
 import li.strolch.privilege.xml.PrivilegeConfigSaxReader;
 import li.strolch.runtime.StrolchConstants;
@ -146,9 +147,9 @@ public class DefaultStrolchPrivilegeHandler extends StrolchComponent implements
 	}

 	@Override
-	public Certificate authenticate(String username, char[] password, String source) {
+	public Certificate authenticate(String username, char[] password, String source, Usage usage) {
 		assertContainerStarted();
-		Certificate certificate = this.privilegeHandler.authenticate(username, password, source);
+		Certificate certificate = this.privilegeHandler.authenticate(username, password, source, usage);
 		writeAudit(certificate, LOGIN, AccessType.CREATE, username);
 		return certificate;
 	}
--- a/li.strolch.agent/src/main/java/li/strolch/runtime/privilege/PrivilegeHandler.java
+++ b/li.strolch.agent/src/main/java/li/strolch/runtime/privilege/PrivilegeHandler.java
@ -20,6 +20,7 @@ import li.strolch.privilege.handler.SystemAction;
 import li.strolch.privilege.handler.SystemActionWithResult;
 import li.strolch.privilege.model.Certificate;
 import li.strolch.privilege.model.PrivilegeContext;
+import li.strolch.privilege.model.Usage;
 import li.strolch.runtime.StrolchConstants;

 /**
@ -57,12 +58,14 @@ public interface PrivilegeHandler {
 	 * 		the password
 	 * @param source
 	 * 		the source of the request
+	 * @param usage
+	 * 		the usage for this authentication
 	 *
 	 * @return the certificate
 	 *
 	 * @see li.strolch.privilege.handler.PrivilegeHandler#authenticate(String, char[])
 	 */
-	Certificate authenticate(String username, char[] password, String source);
+	Certificate authenticate(String username, char[] password, String source, Usage usage);

 	/**
 	 * Authenticates a user on a remote Single Sign On service. This is implemented by the
--- a/li.strolch.privilege/src/main/java/li/strolch/privilege/handler/DefaultPrivilegeHandler.java
+++ b/li.strolch.privilege/src/main/java/li/strolch/privilege/handler/DefaultPrivilegeHandler.java
@ -1146,11 +1146,11 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {

 	@Override
 	public Certificate authenticate(String username, char[] password) {
-		return authenticate(username, password, "unknown");
+		return authenticate(username, password, "unknown", Usage.ANY);
 	}

 	@Override
-	public Certificate authenticate(String username, char[] password, String source) {
+	public Certificate authenticate(String username, char[] password, String source, Usage usage) {
 		DBC.PRE.assertNotEmpty("source must not be empty!", source);

 		try {
@ -1178,7 +1178,7 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
 			String sessionId = UUID.randomUUID().toString();

 			// create a new certificate, with details of the user
-			Certificate certificate = buildCertificate(Usage.ANY, user, authToken, sessionId, source, new Date());
+			Certificate certificate = buildCertificate(usage, user, authToken, sessionId, source, new Date());

 			PrivilegeContext privilegeContext = buildPrivilegeContext(certificate, user);
 			this.privilegeContextMap.put(sessionId, privilegeContext);
--- a/li.strolch.privilege/src/main/java/li/strolch/privilege/handler/PrivilegeHandler.java
+++ b/li.strolch.privilege/src/main/java/li/strolch/privilege/handler/PrivilegeHandler.java
@ -627,13 +627,15 @@ public interface PrivilegeHandler {
 	 * 		the requirements of the {@link #validatePassword(char[])}-method
 	 * @param source
 	 * 		the source of the authentication request, i.e. remote IP
+	 * @param usage
+	 * 		the usage type for this authentication
 	 *
 	 * @return a {@link Certificate} with which this user may then perform actions
 	 *
 	 * @throws AccessDeniedException
 	 * 		if the user credentials are not valid
 	 */
-	Certificate authenticate(String username, char[] password, String source) throws AccessDeniedException;
+	Certificate authenticate(String username, char[] password, String source, Usage usage) throws AccessDeniedException;

 	/**
 	 * Authenticates a user on a remote Single Sign On service. This is implemented by the
--- a/li.strolch.privilege/src/main/java/li/strolch/privilege/model/Usage.java
+++ b/li.strolch.privilege/src/main/java/li/strolch/privilege/model/Usage.java
@ -4,11 +4,12 @@ import li.strolch.privilege.base.PrivilegeException;

 public enum Usage {
 	ANY("any"),
+	SINGLE("single"),
 	SET_PASSWORD("set-password");

-	private String value;
+	private final String value;

-	private Usage(String value) {
+	Usage(String value) {
 		this.value = value;
 	}

@ -16,6 +17,18 @@ public enum Usage {
 		return this.value;
 	}

+	public boolean isAny() {
+		return this == ANY;
+	}
+
+	public boolean isSingle() {
+		return this == SINGLE;
+	}
+
+	public boolean isSetPassword() {
+		return this == SET_PASSWORD;
+	}
+
 	public static Usage byValue(String value) {
 		for (Usage usage : values()) {
 			if (usage.value.equals(value))
--- a/li.strolch.rest/src/main/java/li/strolch/rest/DefaultStrolchSessionHandler.java
+++ b/li.strolch.rest/src/main/java/li/strolch/rest/DefaultStrolchSessionHandler.java
@ -146,11 +146,11 @@ public class DefaultStrolchSessionHandler extends StrolchComponent implements St
 	}

 	@Override
-	public Certificate authenticate(String username, char[] password, String source) {
+	public Certificate authenticate(String username, char[] password, String source, Usage usage) {
 		DBC.PRE.assertNotEmpty("Username must be set!", username); //$NON-NLS-1$
 		DBC.PRE.assertNotNull("Passwort must be set", password); //$NON-NLS-1$

-		Certificate certificate = this.privilegeHandler.authenticate(username, password, source);
+		Certificate certificate = this.privilegeHandler.authenticate(username, password, source, usage);

 		this.certificateMap.put(certificate.getAuthToken(), certificate);
 		logger.info(MessageFormat.format("{0} sessions currently active.", this.certificateMap.size())); //$NON-NLS-1$
--- a/li.strolch.rest/src/main/java/li/strolch/rest/StrolchSessionHandler.java
+++ b/li.strolch.rest/src/main/java/li/strolch/rest/StrolchSessionHandler.java
@ -55,10 +55,12 @@ public interface StrolchSessionHandler {
 	 * 		the password
 	 * @param source
 	 * 		the source of the request
+	 * @param usage
+	 * 		the usage for this authentication
 	 *
 	 * @return the {@link Certificate} for the logged in user
 	 */
-	Certificate authenticate(String username, char[] password, String source);
+	Certificate authenticate(String username, char[] password, String source, Usage usage);

 	/**
 	 * Performs a single-sign-on with the given data, if SSO is enabled
--- a/li.strolch.rest/src/main/java/li/strolch/rest/endpoint/AuthenticationService.java
+++ b/li.strolch.rest/src/main/java/li/strolch/rest/endpoint/AuthenticationService.java
@ -91,7 +91,7 @@ public class AuthenticationService {

 			StrolchSessionHandler sessionHandler = RestfulStrolchComponent.getInstance().getSessionHandler();
 			String source = getRemoteIp(request);
-			Certificate certificate = sessionHandler.authenticate(username, password, source);
+			Certificate certificate = sessionHandler.authenticate(username, password, source, Usage.ANY);

 			return getAuthenticationResponse(request, loginResult, certificate, source);