Strolch
/
strolch
mirror of https://github.com/strolch-li/strolch.git
1
1
Fork 0
Code Issues Packages Projects Releases Wiki Activity

[New] Requiring Usage when authenticating

This commit is contained in:
Robert von Burg 2020-04-23 10:06:30 +02:00
parent f6892ba964
commit 984f6bff41
8 changed files with 34 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
li.strolch.agent/src/main/java/li/strolch/runtime/privilege/DefaultStrolchPrivilegeHandler.java
View File

@ -39,6 +39,7 @@ import li.strolch.privilege.handler.*;
import li.strolch.privilege.helper.PrivilegeInitializationHelper; import li.strolch.privilege.helper.PrivilegeInitializationHelper;
import li.strolch.privilege.model.Certificate; import li.strolch.privilege.model.Certificate;
import li.strolch.privilege.model.PrivilegeContext; import li.strolch.privilege.model.PrivilegeContext;
import li.strolch.privilege.model.Usage;
import li.strolch.privilege.model.internal.PrivilegeContainerModel; import li.strolch.privilege.model.internal.PrivilegeContainerModel;
import li.strolch.privilege.xml.PrivilegeConfigSaxReader; import li.strolch.privilege.xml.PrivilegeConfigSaxReader;
import li.strolch.runtime.StrolchConstants; import li.strolch.runtime.StrolchConstants;
@ -146,9 +147,9 @@ public class DefaultStrolchPrivilegeHandler extends StrolchComponent implements
} }
@Override @Override
public Certificate authenticate(String username, char[] password, String source) { public Certificate authenticate(String username, char[] password, String source, Usage usage) {
assertContainerStarted(); assertContainerStarted();
Certificate certificate = this.privilegeHandler.authenticate(username, password, source); Certificate certificate = this.privilegeHandler.authenticate(username, password, source, usage);
writeAudit(certificate, LOGIN, AccessType.CREATE, username); writeAudit(certificate, LOGIN, AccessType.CREATE, username);
return certificate; return certificate;
} }

5
li.strolch.agent/src/main/java/li/strolch/runtime/privilege/PrivilegeHandler.java
View File

@ -20,6 +20,7 @@ import li.strolch.privilege.handler.SystemAction;
import li.strolch.privilege.handler.SystemActionWithResult; import li.strolch.privilege.handler.SystemActionWithResult;
import li.strolch.privilege.model.Certificate; import li.strolch.privilege.model.Certificate;
import li.strolch.privilege.model.PrivilegeContext; import li.strolch.privilege.model.PrivilegeContext;
import li.strolch.privilege.model.Usage;
import li.strolch.runtime.StrolchConstants; import li.strolch.runtime.StrolchConstants;
/** /**
@ -57,12 +58,14 @@ public interface PrivilegeHandler {
* the password * the password
* @param source * @param source
* the source of the request * the source of the request
* @param usage
* the usage for this authentication
* *
* @return the certificate * @return the certificate
* *
* @see li.strolch.privilege.handler.PrivilegeHandler#authenticate(String, char[]) * @see li.strolch.privilege.handler.PrivilegeHandler#authenticate(String, char[])
*/ */
Certificate authenticate(String username, char[] password, String source); Certificate authenticate(String username, char[] password, String source, Usage usage);
/** /**
* Authenticates a user on a remote Single Sign On service. This is implemented by the * Authenticates a user on a remote Single Sign On service. This is implemented by the

6
li.strolch.privilege/src/main/java/li/strolch/privilege/handler/DefaultPrivilegeHandler.java
View File

@ -1146,11 +1146,11 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
@Override @Override
public Certificate authenticate(String username, char[] password) { public Certificate authenticate(String username, char[] password) {
return authenticate(username, password, "unknown"); return authenticate(username, password, "unknown", Usage.ANY);
} }
@Override @Override
public Certificate authenticate(String username, char[] password, String source) { public Certificate authenticate(String username, char[] password, String source, Usage usage) {
DBC.PRE.assertNotEmpty("source must not be empty!", source); DBC.PRE.assertNotEmpty("source must not be empty!", source);
try { try {
@ -1178,7 +1178,7 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
String sessionId = UUID.randomUUID().toString(); String sessionId = UUID.randomUUID().toString();
// create a new certificate, with details of the user // create a new certificate, with details of the user
Certificate certificate = buildCertificate(Usage.ANY, user, authToken, sessionId, source, new Date()); Certificate certificate = buildCertificate(usage, user, authToken, sessionId, source, new Date());
PrivilegeContext privilegeContext = buildPrivilegeContext(certificate, user); PrivilegeContext privilegeContext = buildPrivilegeContext(certificate, user);
this.privilegeContextMap.put(sessionId, privilegeContext); this.privilegeContextMap.put(sessionId, privilegeContext);

4
li.strolch.privilege/src/main/java/li/strolch/privilege/handler/PrivilegeHandler.java
View File

@ -627,13 +627,15 @@ public interface PrivilegeHandler {
* the requirements of the {@link #validatePassword(char[])}-method * the requirements of the {@link #validatePassword(char[])}-method
* @param source * @param source
* the source of the authentication request, i.e. remote IP * the source of the authentication request, i.e. remote IP
* @param usage
* the usage type for this authentication
* *
* @return a {@link Certificate} with which this user may then perform actions * @return a {@link Certificate} with which this user may then perform actions
* *
* @throws AccessDeniedException * @throws AccessDeniedException
* if the user credentials are not valid * if the user credentials are not valid
*/ */
Certificate authenticate(String username, char[] password, String source) throws AccessDeniedException; Certificate authenticate(String username, char[] password, String source, Usage usage) throws AccessDeniedException;
/** /**
* Authenticates a user on a remote Single Sign On service. This is implemented by the * Authenticates a user on a remote Single Sign On service. This is implemented by the

17
li.strolch.privilege/src/main/java/li/strolch/privilege/model/Usage.java
View File

@ -4,11 +4,12 @@ import li.strolch.privilege.base.PrivilegeException;
public enum Usage { public enum Usage {
ANY("any"), ANY("any"),
SINGLE("single"),
SET_PASSWORD("set-password"); SET_PASSWORD("set-password");
private String value; private final String value;
private Usage(String value) { Usage(String value) {
this.value = value; this.value = value;
} }
@ -16,6 +17,18 @@ public enum Usage {
return this.value; return this.value;
} }
public boolean isAny() {
return this == ANY;
}
public boolean isSingle() {
return this == SINGLE;
}
public boolean isSetPassword() {
return this == SET_PASSWORD;
}
public static Usage byValue(String value) { public static Usage byValue(String value) {
for (Usage usage : values()) { for (Usage usage : values()) {
if (usage.value.equals(value)) if (usage.value.equals(value))

4
li.strolch.rest/src/main/java/li/strolch/rest/DefaultStrolchSessionHandler.java
View File

@ -146,11 +146,11 @@ public class DefaultStrolchSessionHandler extends StrolchComponent implements St
} }
@Override @Override
public Certificate authenticate(String username, char[] password, String source) { public Certificate authenticate(String username, char[] password, String source, Usage usage) {
DBC.PRE.assertNotEmpty("Username must be set!", username); //$NON-NLS-1$ DBC.PRE.assertNotEmpty("Username must be set!", username); //$NON-NLS-1$
DBC.PRE.assertNotNull("Passwort must be set", password); //$NON-NLS-1$ DBC.PRE.assertNotNull("Passwort must be set", password); //$NON-NLS-1$
Certificate certificate = this.privilegeHandler.authenticate(username, password, source); Certificate certificate = this.privilegeHandler.authenticate(username, password, source, usage);
this.certificateMap.put(certificate.getAuthToken(), certificate); this.certificateMap.put(certificate.getAuthToken(), certificate);
logger.info(MessageFormat.format("{0} sessions currently active.", this.certificateMap.size())); //$NON-NLS-1$ logger.info(MessageFormat.format("{0} sessions currently active.", this.certificateMap.size())); //$NON-NLS-1$

4
li.strolch.rest/src/main/java/li/strolch/rest/StrolchSessionHandler.java
View File

@ -55,10 +55,12 @@ public interface StrolchSessionHandler {
* the password * the password
* @param source * @param source
* the source of the request * the source of the request
* @param usage
* the usage for this authentication
* *
* @return the {@link Certificate} for the logged in user * @return the {@link Certificate} for the logged in user
*/ */
Certificate authenticate(String username, char[] password, String source); Certificate authenticate(String username, char[] password, String source, Usage usage);
/** /**
* Performs a single-sign-on with the given data, if SSO is enabled * Performs a single-sign-on with the given data, if SSO is enabled

2
li.strolch.rest/src/main/java/li/strolch/rest/endpoint/AuthenticationService.java
View File

@ -91,7 +91,7 @@ public class AuthenticationService {
StrolchSessionHandler sessionHandler = RestfulStrolchComponent.getInstance().getSessionHandler(); StrolchSessionHandler sessionHandler = RestfulStrolchComponent.getInstance().getSessionHandler();
String source = getRemoteIp(request); String source = getRemoteIp(request);
Certificate certificate = sessionHandler.authenticate(username, password, source); Certificate certificate = sessionHandler.authenticate(username, password, source, Usage.ANY);
return getAuthenticationResponse(request, loginResult, certificate, source); return getAuthenticationResponse(request, loginResult, certificate, source);