[New] Requiring Usage when authenticating
This commit is contained in:
parent
f6892ba964
commit
984f6bff41
|
@ -39,6 +39,7 @@ import li.strolch.privilege.handler.*;
|
||||||
import li.strolch.privilege.helper.PrivilegeInitializationHelper;
|
import li.strolch.privilege.helper.PrivilegeInitializationHelper;
|
||||||
import li.strolch.privilege.model.Certificate;
|
import li.strolch.privilege.model.Certificate;
|
||||||
import li.strolch.privilege.model.PrivilegeContext;
|
import li.strolch.privilege.model.PrivilegeContext;
|
||||||
|
import li.strolch.privilege.model.Usage;
|
||||||
import li.strolch.privilege.model.internal.PrivilegeContainerModel;
|
import li.strolch.privilege.model.internal.PrivilegeContainerModel;
|
||||||
import li.strolch.privilege.xml.PrivilegeConfigSaxReader;
|
import li.strolch.privilege.xml.PrivilegeConfigSaxReader;
|
||||||
import li.strolch.runtime.StrolchConstants;
|
import li.strolch.runtime.StrolchConstants;
|
||||||
|
@ -146,9 +147,9 @@ public class DefaultStrolchPrivilegeHandler extends StrolchComponent implements
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public Certificate authenticate(String username, char[] password, String source) {
|
public Certificate authenticate(String username, char[] password, String source, Usage usage) {
|
||||||
assertContainerStarted();
|
assertContainerStarted();
|
||||||
Certificate certificate = this.privilegeHandler.authenticate(username, password, source);
|
Certificate certificate = this.privilegeHandler.authenticate(username, password, source, usage);
|
||||||
writeAudit(certificate, LOGIN, AccessType.CREATE, username);
|
writeAudit(certificate, LOGIN, AccessType.CREATE, username);
|
||||||
return certificate;
|
return certificate;
|
||||||
}
|
}
|
||||||
|
|
|
@ -20,6 +20,7 @@ import li.strolch.privilege.handler.SystemAction;
|
||||||
import li.strolch.privilege.handler.SystemActionWithResult;
|
import li.strolch.privilege.handler.SystemActionWithResult;
|
||||||
import li.strolch.privilege.model.Certificate;
|
import li.strolch.privilege.model.Certificate;
|
||||||
import li.strolch.privilege.model.PrivilegeContext;
|
import li.strolch.privilege.model.PrivilegeContext;
|
||||||
|
import li.strolch.privilege.model.Usage;
|
||||||
import li.strolch.runtime.StrolchConstants;
|
import li.strolch.runtime.StrolchConstants;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -57,12 +58,14 @@ public interface PrivilegeHandler {
|
||||||
* the password
|
* the password
|
||||||
* @param source
|
* @param source
|
||||||
* the source of the request
|
* the source of the request
|
||||||
|
* @param usage
|
||||||
|
* the usage for this authentication
|
||||||
*
|
*
|
||||||
* @return the certificate
|
* @return the certificate
|
||||||
*
|
*
|
||||||
* @see li.strolch.privilege.handler.PrivilegeHandler#authenticate(String, char[])
|
* @see li.strolch.privilege.handler.PrivilegeHandler#authenticate(String, char[])
|
||||||
*/
|
*/
|
||||||
Certificate authenticate(String username, char[] password, String source);
|
Certificate authenticate(String username, char[] password, String source, Usage usage);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Authenticates a user on a remote Single Sign On service. This is implemented by the
|
* Authenticates a user on a remote Single Sign On service. This is implemented by the
|
||||||
|
|
|
@ -1146,11 +1146,11 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public Certificate authenticate(String username, char[] password) {
|
public Certificate authenticate(String username, char[] password) {
|
||||||
return authenticate(username, password, "unknown");
|
return authenticate(username, password, "unknown", Usage.ANY);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public Certificate authenticate(String username, char[] password, String source) {
|
public Certificate authenticate(String username, char[] password, String source, Usage usage) {
|
||||||
DBC.PRE.assertNotEmpty("source must not be empty!", source);
|
DBC.PRE.assertNotEmpty("source must not be empty!", source);
|
||||||
|
|
||||||
try {
|
try {
|
||||||
|
@ -1178,7 +1178,7 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
|
||||||
String sessionId = UUID.randomUUID().toString();
|
String sessionId = UUID.randomUUID().toString();
|
||||||
|
|
||||||
// create a new certificate, with details of the user
|
// create a new certificate, with details of the user
|
||||||
Certificate certificate = buildCertificate(Usage.ANY, user, authToken, sessionId, source, new Date());
|
Certificate certificate = buildCertificate(usage, user, authToken, sessionId, source, new Date());
|
||||||
|
|
||||||
PrivilegeContext privilegeContext = buildPrivilegeContext(certificate, user);
|
PrivilegeContext privilegeContext = buildPrivilegeContext(certificate, user);
|
||||||
this.privilegeContextMap.put(sessionId, privilegeContext);
|
this.privilegeContextMap.put(sessionId, privilegeContext);
|
||||||
|
|
|
@ -627,13 +627,15 @@ public interface PrivilegeHandler {
|
||||||
* the requirements of the {@link #validatePassword(char[])}-method
|
* the requirements of the {@link #validatePassword(char[])}-method
|
||||||
* @param source
|
* @param source
|
||||||
* the source of the authentication request, i.e. remote IP
|
* the source of the authentication request, i.e. remote IP
|
||||||
|
* @param usage
|
||||||
|
* the usage type for this authentication
|
||||||
*
|
*
|
||||||
* @return a {@link Certificate} with which this user may then perform actions
|
* @return a {@link Certificate} with which this user may then perform actions
|
||||||
*
|
*
|
||||||
* @throws AccessDeniedException
|
* @throws AccessDeniedException
|
||||||
* if the user credentials are not valid
|
* if the user credentials are not valid
|
||||||
*/
|
*/
|
||||||
Certificate authenticate(String username, char[] password, String source) throws AccessDeniedException;
|
Certificate authenticate(String username, char[] password, String source, Usage usage) throws AccessDeniedException;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Authenticates a user on a remote Single Sign On service. This is implemented by the
|
* Authenticates a user on a remote Single Sign On service. This is implemented by the
|
||||||
|
|
|
@ -4,11 +4,12 @@ import li.strolch.privilege.base.PrivilegeException;
|
||||||
|
|
||||||
public enum Usage {
|
public enum Usage {
|
||||||
ANY("any"),
|
ANY("any"),
|
||||||
|
SINGLE("single"),
|
||||||
SET_PASSWORD("set-password");
|
SET_PASSWORD("set-password");
|
||||||
|
|
||||||
private String value;
|
private final String value;
|
||||||
|
|
||||||
private Usage(String value) {
|
Usage(String value) {
|
||||||
this.value = value;
|
this.value = value;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -16,6 +17,18 @@ public enum Usage {
|
||||||
return this.value;
|
return this.value;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public boolean isAny() {
|
||||||
|
return this == ANY;
|
||||||
|
}
|
||||||
|
|
||||||
|
public boolean isSingle() {
|
||||||
|
return this == SINGLE;
|
||||||
|
}
|
||||||
|
|
||||||
|
public boolean isSetPassword() {
|
||||||
|
return this == SET_PASSWORD;
|
||||||
|
}
|
||||||
|
|
||||||
public static Usage byValue(String value) {
|
public static Usage byValue(String value) {
|
||||||
for (Usage usage : values()) {
|
for (Usage usage : values()) {
|
||||||
if (usage.value.equals(value))
|
if (usage.value.equals(value))
|
||||||
|
|
|
@ -146,11 +146,11 @@ public class DefaultStrolchSessionHandler extends StrolchComponent implements St
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public Certificate authenticate(String username, char[] password, String source) {
|
public Certificate authenticate(String username, char[] password, String source, Usage usage) {
|
||||||
DBC.PRE.assertNotEmpty("Username must be set!", username); //$NON-NLS-1$
|
DBC.PRE.assertNotEmpty("Username must be set!", username); //$NON-NLS-1$
|
||||||
DBC.PRE.assertNotNull("Passwort must be set", password); //$NON-NLS-1$
|
DBC.PRE.assertNotNull("Passwort must be set", password); //$NON-NLS-1$
|
||||||
|
|
||||||
Certificate certificate = this.privilegeHandler.authenticate(username, password, source);
|
Certificate certificate = this.privilegeHandler.authenticate(username, password, source, usage);
|
||||||
|
|
||||||
this.certificateMap.put(certificate.getAuthToken(), certificate);
|
this.certificateMap.put(certificate.getAuthToken(), certificate);
|
||||||
logger.info(MessageFormat.format("{0} sessions currently active.", this.certificateMap.size())); //$NON-NLS-1$
|
logger.info(MessageFormat.format("{0} sessions currently active.", this.certificateMap.size())); //$NON-NLS-1$
|
||||||
|
|
|
@ -55,10 +55,12 @@ public interface StrolchSessionHandler {
|
||||||
* the password
|
* the password
|
||||||
* @param source
|
* @param source
|
||||||
* the source of the request
|
* the source of the request
|
||||||
|
* @param usage
|
||||||
|
* the usage for this authentication
|
||||||
*
|
*
|
||||||
* @return the {@link Certificate} for the logged in user
|
* @return the {@link Certificate} for the logged in user
|
||||||
*/
|
*/
|
||||||
Certificate authenticate(String username, char[] password, String source);
|
Certificate authenticate(String username, char[] password, String source, Usage usage);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Performs a single-sign-on with the given data, if SSO is enabled
|
* Performs a single-sign-on with the given data, if SSO is enabled
|
||||||
|
|
|
@ -91,7 +91,7 @@ public class AuthenticationService {
|
||||||
|
|
||||||
StrolchSessionHandler sessionHandler = RestfulStrolchComponent.getInstance().getSessionHandler();
|
StrolchSessionHandler sessionHandler = RestfulStrolchComponent.getInstance().getSessionHandler();
|
||||||
String source = getRemoteIp(request);
|
String source = getRemoteIp(request);
|
||||||
Certificate certificate = sessionHandler.authenticate(username, password, source);
|
Certificate certificate = sessionHandler.authenticate(username, password, source, Usage.ANY);
|
||||||
|
|
||||||
return getAuthenticationResponse(request, loginResult, certificate, source);
|
return getAuthenticationResponse(request, loginResult, certificate, source);
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue