bundles/org.eclipse.emf.emfstore.server/src/org/eclipse/emf/emfstore/internal/server/accesscontrol/authentication/verifiers/PasswordVerifier.java - emf-store/org.eclipse.emf.emfstore.core - Git at Google

 /*******************************************************************************
  * Copyright (c) 2008-2015 Chair for Applied Software Engineering,
  * Technische Universitaet Muenchen.
  * All rights reserved. This program and the accompanying materials
  * are made available under the terms of the Eclipse Public License v1.0
  * which accompanies this distribution, and is available at
  * http://www.eclipse.org/legal/epl-v10.html
  *
  * Contributors:
  * Otto von Wesendonk - initial API and implementation
  * Edgar Mueller - refactorings
  ******************************************************************************/
 package org.eclipse.emf.emfstore.internal.server.accesscontrol.authentication.verifiers;

 import org.eclipse.emf.emfstore.internal.server.ServerConfiguration;
 import org.eclipse.emf.emfstore.internal.server.connection.ServerKeyStoreManager;
 import org.eclipse.emf.emfstore.internal.server.exceptions.AccessControlException;
 import org.eclipse.emf.emfstore.internal.server.exceptions.ClientVersionOutOfDateException;
 import org.eclipse.emf.emfstore.internal.server.exceptions.ServerKeyStoreException;
 import org.eclipse.emf.emfstore.internal.server.model.AuthenticationInformation;
 import org.eclipse.emf.emfstore.internal.server.model.ModelFactory;
 import org.eclipse.emf.emfstore.server.auth.ESUserVerifier;
 import org.eclipse.emf.emfstore.server.model.ESClientVersionInfo;

 /**
  * Abstract class for authentication.
  *
  * @author wesendonk
  */
 public abstract class PasswordVerifier implements ESUserVerifier {

 	private final String superuser;
 	private final String superuserpw;

 	/**
 	 * Default constructor.
 	 */
 	public PasswordVerifier() {
 		superuser = ServerConfiguration.getProperties().getProperty(ServerConfiguration.SUPER_USER,
 			ServerConfiguration.SUPER_USER_DEFAULT);
 		superuserpw = ServerConfiguration.getProperties().getProperty(ServerConfiguration.SUPER_USER_PASSWORD,
 			ServerConfiguration.SUPER_USER_PASSWORD_DEFAULT);
 	}

 	/**
 	 * Creates a new {@link AuthenticationInformation} with a session ID set.
 	 *
 	 * @return a new instance of an {@link AuthenticationInformation} with an already
 	 *         set session ID
 	 */
 	protected AuthenticationInformation createAuthenticationInfo() {
 		final AuthenticationInformation authenticationInformation = ModelFactory.eINSTANCE
 			.createAuthenticationInformation();
 		authenticationInformation.setSessionId(ModelFactory.eINSTANCE.createSessionId());
 		return authenticationInformation;
 	}

 	/**
 	 * Prepares password before it is used for authentication. Normally this includes decrypting the password
 	 *
 	 * @param password password
 	 * @return prepared password
 	 * @throws ServerKeyStoreException in case of an exception
 	 */
 	protected String preparePassword(String password) throws ServerKeyStoreException {
 		return ServerKeyStoreManager.getInstance().decrypt(password);

 	}

 	/**
 	 * Check user name and password against superuser.
 	 *
 	 * @param username user name
 	 * @param password password
 	 * @return true if super user
 	 */
 	protected boolean verifySuperUser(String username, String password) {
 		return username.equals(superuser) && password.equals(superuserpw);
 	}

 	/**
 	 * This method must be implemented by subclasses in order to verify a pair of username and password.
 	 * When using authentication you should use {@link ESUserVerifier#logIn(String, String, ESClientVersionInfo)} in
 	 * order to gain a session id.
 	 *
 	 * @param username
 	 *            the user name as entered by the client; may differ from the user name of the {@code resolvedUser}
 	 * @param password
 	 *            the password as entered by the client
 	 * @return boolean {@code true} if authentication was successful, {@code false} if not
 	 * @throws AccessControlException
 	 *             if an exception occurs during the verification process
 	 */
 	protected abstract boolean verifyPassword(String username, String password) throws AccessControlException;

 	/**
 	 * Checks whether the given client version is valid.
 	 * If not, throws an exception
 	 *
 	 * @param clientVersionInfo
 	 *            the client version to be checked
 	 * @throws ClientVersionOutOfDateException
 	 *             in case the given client version is not valid
 	 */
 	protected void checkClientVersion(ESClientVersionInfo clientVersionInfo) throws ClientVersionOutOfDateException {
 		VersionVerifier.verify(
 			ServerConfiguration.getSplittedProperty(ServerConfiguration.ACCEPTED_VERSIONS),
 			org.eclipse.emf.emfstore.internal.server.model.impl.api.ESClientVersionInfoImpl.class.cast(
 				clientVersionInfo).toInternalAPI());
 	}
 }
	/*******************************************************************************
	* Copyright (c) 2008-2015 Chair for Applied Software Engineering,
	* Technische Universitaet Muenchen.
	* All rights reserved. This program and the accompanying materials
	* are made available under the terms of the Eclipse Public License v1.0
	* which accompanies this distribution, and is available at
	* http://www.eclipse.org/legal/epl-v10.html
	*
	* Contributors:
	* Otto von Wesendonk - initial API and implementation
	* Edgar Mueller - refactorings
	******************************************************************************/
	package org.eclipse.emf.emfstore.internal.server.accesscontrol.authentication.verifiers;

	import org.eclipse.emf.emfstore.internal.server.ServerConfiguration;
	import org.eclipse.emf.emfstore.internal.server.connection.ServerKeyStoreManager;
	import org.eclipse.emf.emfstore.internal.server.exceptions.AccessControlException;
	import org.eclipse.emf.emfstore.internal.server.exceptions.ClientVersionOutOfDateException;
	import org.eclipse.emf.emfstore.internal.server.exceptions.ServerKeyStoreException;
	import org.eclipse.emf.emfstore.internal.server.model.AuthenticationInformation;
	import org.eclipse.emf.emfstore.internal.server.model.ModelFactory;
	import org.eclipse.emf.emfstore.server.auth.ESUserVerifier;
	import org.eclipse.emf.emfstore.server.model.ESClientVersionInfo;

	/**
	* Abstract class for authentication.
	*
	* @author wesendonk
	*/
	public abstract class PasswordVerifier implements ESUserVerifier {

	private final String superuser;
	private final String superuserpw;

	/**
	* Default constructor.
	*/
	public PasswordVerifier() {
	superuser = ServerConfiguration.getProperties().getProperty(ServerConfiguration.SUPER_USER,
	ServerConfiguration.SUPER_USER_DEFAULT);
	superuserpw = ServerConfiguration.getProperties().getProperty(ServerConfiguration.SUPER_USER_PASSWORD,
	ServerConfiguration.SUPER_USER_PASSWORD_DEFAULT);
	}

	/**
	* Creates a new {@link AuthenticationInformation} with a session ID set.
	*
	* @return a new instance of an {@link AuthenticationInformation} with an already
	* set session ID
	*/
	protected AuthenticationInformation createAuthenticationInfo() {
	final AuthenticationInformation authenticationInformation = ModelFactory.eINSTANCE
	.createAuthenticationInformation();
	authenticationInformation.setSessionId(ModelFactory.eINSTANCE.createSessionId());
	return authenticationInformation;
	}

	/**
	* Prepares password before it is used for authentication. Normally this includes decrypting the password
	*
	* @param password password
	* @return prepared password
	* @throws ServerKeyStoreException in case of an exception
	*/
	protected String preparePassword(String password) throws ServerKeyStoreException {
	return ServerKeyStoreManager.getInstance().decrypt(password);

	}

	/**
	* Check user name and password against superuser.
	*
	* @param username user name
	* @param password password
	* @return true if super user
	*/
	protected boolean verifySuperUser(String username, String password) {
	return username.equals(superuser) && password.equals(superuserpw);
	}

	/**
	* This method must be implemented by subclasses in order to verify a pair of username and password.
	* When using authentication you should use {@link ESUserVerifier#logIn(String, String, ESClientVersionInfo)} in
	* order to gain a session id.
	*
	* @param username
	* the user name as entered by the client; may differ from the user name of the {@code resolvedUser}
	* @param password
	* the password as entered by the client
	* @return boolean {@code true} if authentication was successful, {@code false} if not
	* @throws AccessControlException
	* if an exception occurs during the verification process
	*/
	protected abstract boolean verifyPassword(String username, String password) throws AccessControlException;

	/**
	* Checks whether the given client version is valid.
	* If not, throws an exception
	*
	* @param clientVersionInfo
	* the client version to be checked
	* @throws ClientVersionOutOfDateException
	* in case the given client version is not valid
	*/
	protected void checkClientVersion(ESClientVersionInfo clientVersionInfo) throws ClientVersionOutOfDateException {
	VersionVerifier.verify(
	ServerConfiguration.getSplittedProperty(ServerConfiguration.ACCEPTED_VERSIONS),
	org.eclipse.emf.emfstore.internal.server.model.impl.api.ESClientVersionInfoImpl.class.cast(
	clientVersionInfo).toInternalAPI());
	}
	}