From 984f6bff41f476390406ddde6446a5cd347135cd Mon Sep 17 00:00:00 2001 From: Robert von Burg Date: Thu, 23 Apr 2020 10:06:30 +0200 Subject: [PATCH] [New] Requiring Usage when authenticating --- .../DefaultStrolchPrivilegeHandler.java | 5 +++-- .../runtime/privilege/PrivilegeHandler.java | 5 ++++- .../handler/DefaultPrivilegeHandler.java | 6 +++--- .../privilege/handler/PrivilegeHandler.java | 4 +++- .../java/li/strolch/privilege/model/Usage.java | 17 +++++++++++++++-- .../rest/DefaultStrolchSessionHandler.java | 4 ++-- .../li/strolch/rest/StrolchSessionHandler.java | 4 +++- .../rest/endpoint/AuthenticationService.java | 2 +- 8 files changed, 34 insertions(+), 13 deletions(-) diff --git a/li.strolch.agent/src/main/java/li/strolch/runtime/privilege/DefaultStrolchPrivilegeHandler.java b/li.strolch.agent/src/main/java/li/strolch/runtime/privilege/DefaultStrolchPrivilegeHandler.java index e479230f2..ccfe76051 100644 --- a/li.strolch.agent/src/main/java/li/strolch/runtime/privilege/DefaultStrolchPrivilegeHandler.java +++ b/li.strolch.agent/src/main/java/li/strolch/runtime/privilege/DefaultStrolchPrivilegeHandler.java @@ -39,6 +39,7 @@ import li.strolch.privilege.handler.*; import li.strolch.privilege.helper.PrivilegeInitializationHelper; import li.strolch.privilege.model.Certificate; import li.strolch.privilege.model.PrivilegeContext; +import li.strolch.privilege.model.Usage; import li.strolch.privilege.model.internal.PrivilegeContainerModel; import li.strolch.privilege.xml.PrivilegeConfigSaxReader; import li.strolch.runtime.StrolchConstants; @@ -146,9 +147,9 @@ public class DefaultStrolchPrivilegeHandler extends StrolchComponent implements } @Override - public Certificate authenticate(String username, char[] password, String source) { + public Certificate authenticate(String username, char[] password, String source, Usage usage) { assertContainerStarted(); - Certificate certificate = this.privilegeHandler.authenticate(username, password, source); + Certificate certificate = this.privilegeHandler.authenticate(username, password, source, usage); writeAudit(certificate, LOGIN, AccessType.CREATE, username); return certificate; } diff --git a/li.strolch.agent/src/main/java/li/strolch/runtime/privilege/PrivilegeHandler.java b/li.strolch.agent/src/main/java/li/strolch/runtime/privilege/PrivilegeHandler.java index 718e39f32..0a0d57595 100644 --- a/li.strolch.agent/src/main/java/li/strolch/runtime/privilege/PrivilegeHandler.java +++ b/li.strolch.agent/src/main/java/li/strolch/runtime/privilege/PrivilegeHandler.java @@ -20,6 +20,7 @@ import li.strolch.privilege.handler.SystemAction; import li.strolch.privilege.handler.SystemActionWithResult; import li.strolch.privilege.model.Certificate; import li.strolch.privilege.model.PrivilegeContext; +import li.strolch.privilege.model.Usage; import li.strolch.runtime.StrolchConstants; /** @@ -57,12 +58,14 @@ public interface PrivilegeHandler { * the password * @param source * the source of the request + * @param usage + * the usage for this authentication * * @return the certificate * * @see li.strolch.privilege.handler.PrivilegeHandler#authenticate(String, char[]) */ - Certificate authenticate(String username, char[] password, String source); + Certificate authenticate(String username, char[] password, String source, Usage usage); /** * Authenticates a user on a remote Single Sign On service. This is implemented by the diff --git a/li.strolch.privilege/src/main/java/li/strolch/privilege/handler/DefaultPrivilegeHandler.java b/li.strolch.privilege/src/main/java/li/strolch/privilege/handler/DefaultPrivilegeHandler.java index d967fba48..537a7c475 100644 --- a/li.strolch.privilege/src/main/java/li/strolch/privilege/handler/DefaultPrivilegeHandler.java +++ b/li.strolch.privilege/src/main/java/li/strolch/privilege/handler/DefaultPrivilegeHandler.java @@ -1146,11 +1146,11 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler { @Override public Certificate authenticate(String username, char[] password) { - return authenticate(username, password, "unknown"); + return authenticate(username, password, "unknown", Usage.ANY); } @Override - public Certificate authenticate(String username, char[] password, String source) { + public Certificate authenticate(String username, char[] password, String source, Usage usage) { DBC.PRE.assertNotEmpty("source must not be empty!", source); try { @@ -1178,7 +1178,7 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler { String sessionId = UUID.randomUUID().toString(); // create a new certificate, with details of the user - Certificate certificate = buildCertificate(Usage.ANY, user, authToken, sessionId, source, new Date()); + Certificate certificate = buildCertificate(usage, user, authToken, sessionId, source, new Date()); PrivilegeContext privilegeContext = buildPrivilegeContext(certificate, user); this.privilegeContextMap.put(sessionId, privilegeContext); diff --git a/li.strolch.privilege/src/main/java/li/strolch/privilege/handler/PrivilegeHandler.java b/li.strolch.privilege/src/main/java/li/strolch/privilege/handler/PrivilegeHandler.java index be1292a22..e31fd1547 100644 --- a/li.strolch.privilege/src/main/java/li/strolch/privilege/handler/PrivilegeHandler.java +++ b/li.strolch.privilege/src/main/java/li/strolch/privilege/handler/PrivilegeHandler.java @@ -627,13 +627,15 @@ public interface PrivilegeHandler { * the requirements of the {@link #validatePassword(char[])}-method * @param source * the source of the authentication request, i.e. remote IP + * @param usage + * the usage type for this authentication * * @return a {@link Certificate} with which this user may then perform actions * * @throws AccessDeniedException * if the user credentials are not valid */ - Certificate authenticate(String username, char[] password, String source) throws AccessDeniedException; + Certificate authenticate(String username, char[] password, String source, Usage usage) throws AccessDeniedException; /** * Authenticates a user on a remote Single Sign On service. This is implemented by the diff --git a/li.strolch.privilege/src/main/java/li/strolch/privilege/model/Usage.java b/li.strolch.privilege/src/main/java/li/strolch/privilege/model/Usage.java index a8a93bb8f..979cedacb 100644 --- a/li.strolch.privilege/src/main/java/li/strolch/privilege/model/Usage.java +++ b/li.strolch.privilege/src/main/java/li/strolch/privilege/model/Usage.java @@ -4,11 +4,12 @@ import li.strolch.privilege.base.PrivilegeException; public enum Usage { ANY("any"), + SINGLE("single"), SET_PASSWORD("set-password"); - private String value; + private final String value; - private Usage(String value) { + Usage(String value) { this.value = value; } @@ -16,6 +17,18 @@ public enum Usage { return this.value; } + public boolean isAny() { + return this == ANY; + } + + public boolean isSingle() { + return this == SINGLE; + } + + public boolean isSetPassword() { + return this == SET_PASSWORD; + } + public static Usage byValue(String value) { for (Usage usage : values()) { if (usage.value.equals(value)) diff --git a/li.strolch.rest/src/main/java/li/strolch/rest/DefaultStrolchSessionHandler.java b/li.strolch.rest/src/main/java/li/strolch/rest/DefaultStrolchSessionHandler.java index 3e84288fb..fe2a7dea0 100644 --- a/li.strolch.rest/src/main/java/li/strolch/rest/DefaultStrolchSessionHandler.java +++ b/li.strolch.rest/src/main/java/li/strolch/rest/DefaultStrolchSessionHandler.java @@ -146,11 +146,11 @@ public class DefaultStrolchSessionHandler extends StrolchComponent implements St } @Override - public Certificate authenticate(String username, char[] password, String source) { + public Certificate authenticate(String username, char[] password, String source, Usage usage) { DBC.PRE.assertNotEmpty("Username must be set!", username); //$NON-NLS-1$ DBC.PRE.assertNotNull("Passwort must be set", password); //$NON-NLS-1$ - Certificate certificate = this.privilegeHandler.authenticate(username, password, source); + Certificate certificate = this.privilegeHandler.authenticate(username, password, source, usage); this.certificateMap.put(certificate.getAuthToken(), certificate); logger.info(MessageFormat.format("{0} sessions currently active.", this.certificateMap.size())); //$NON-NLS-1$ diff --git a/li.strolch.rest/src/main/java/li/strolch/rest/StrolchSessionHandler.java b/li.strolch.rest/src/main/java/li/strolch/rest/StrolchSessionHandler.java index 216c78bb7..22dc4b2dc 100644 --- a/li.strolch.rest/src/main/java/li/strolch/rest/StrolchSessionHandler.java +++ b/li.strolch.rest/src/main/java/li/strolch/rest/StrolchSessionHandler.java @@ -55,10 +55,12 @@ public interface StrolchSessionHandler { * the password * @param source * the source of the request + * @param usage + * the usage for this authentication * * @return the {@link Certificate} for the logged in user */ - Certificate authenticate(String username, char[] password, String source); + Certificate authenticate(String username, char[] password, String source, Usage usage); /** * Performs a single-sign-on with the given data, if SSO is enabled diff --git a/li.strolch.rest/src/main/java/li/strolch/rest/endpoint/AuthenticationService.java b/li.strolch.rest/src/main/java/li/strolch/rest/endpoint/AuthenticationService.java index 7a3f66a40..bdd34beee 100644 --- a/li.strolch.rest/src/main/java/li/strolch/rest/endpoint/AuthenticationService.java +++ b/li.strolch.rest/src/main/java/li/strolch/rest/endpoint/AuthenticationService.java @@ -91,7 +91,7 @@ public class AuthenticationService { StrolchSessionHandler sessionHandler = RestfulStrolchComponent.getInstance().getSessionHandler(); String source = getRemoteIp(request); - Certificate certificate = sessionHandler.authenticate(username, password, source); + Certificate certificate = sessionHandler.authenticate(username, password, source, Usage.ANY); return getAuthenticationResponse(request, loginResult, certificate, source);