Google Git
Sign in
eclipse / osbp / org.eclipse.osbp.authentication / b2a4bc82b51868849dd030ed5012e7daf0f4af87 / . / org.eclipse.osbp.authentication / src / org / eclipse / osbp / authentication / shiro / extensions / StaticRealm.java
blob: 67126df006a932cb837abe2fb11fdec9b4e4215e [file] [log] [blame]
/**
*
* Copyright (c) 2011, 2016 - Loetz GmbH&Co.KG (69115 Heidelberg, Germany)
*
* All rights reserved. This program and the accompanying materials
* are made available under the terms of the Eclipse Public License v1.0
* which accompanies this distribution, and is available at
* http://www.eclipse.org/legal/epl-v10.html
*
* Contributors:
* Christophe Loetz (Loetz GmbH&Co.KG) - initial implementation
*/
package org.eclipse.osbp.authentication.shiro.extensions;
import java.util.Calendar;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import org.apache.shiro.authc.AccountException;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.DisabledAccountException;
import org.apache.shiro.authc.LockedAccountException;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authc.credential.PasswordMatcher;
import org.apache.shiro.authz.AuthorizationException;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.subject.PrincipalCollection;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.eclipse.osbp.authentication.account.dtos.UserAccountDto;
import org.eclipse.osbp.authentication.providerimpl.AuthenticationInformation;
import org.eclipse.osbp.authentication.providerimpl.AuthorizationInformation;
import org.eclipse.osbp.authentication.shiro.extensionsimpl.UserAccessAuthorizationRealm;
import org.eclipse.osbp.preferences.ProductConfiguration;
import org.eclipse.osbp.ui.api.useraccess.AbstractPosition;
/**
* The Class StaticRealm.
*/
public class StaticRealm extends UserAccessAuthorizationRealm {
/** The Constant LOGGER. */
private static final Logger LOGGER = LoggerFactory.getLogger("realm");
/** The Constant NAME_ADMINISTRATOR. */
private static final String NAME_ADMINISTRATOR="Administrator";
/** The Constant PASSWORD_ADMINISTRATOR. */
private static final String PASSWORD_ADMINISTRATOR="Administrator";
/** The Constant POS_ADMINISTRATOR. */
private static final String POS_ADMINISTRATOR="Administrator";
/** The static token. */
private IPortalAuthenticationToken staticToken = null;
/**
* Instantiates a new static realm.
*/
public StaticRealm() {
setName(ProductConfiguration.SHIRO_STATIC_REALM); // This name must match the name in the User class's getPrincipals() method
setCredentialsMatcher(new PasswordMatcher());
setAuthorizationCachingEnabled(true);
}
/* (non-Javadoc)
* @see org.eclipse.osbp.authentication.shiro.extensionsimpl.UserAccessAuthorizationRealm#doGetAuthorizationInfo(org.apache.shiro.subject.PrincipalCollection)
*/
@Override
protected AuthorizationInfo doGetAuthorizationInfo(final PrincipalCollection principals) {
if (principals == null) {
throw new AuthorizationException("PrincipalCollection method argument cannot be null.");
}
final String username = (String) getAvailablePrincipal(principals);
UserAccountDto account = findUserAccount(username);
if (account == null) {
return null;
}
// the positions are linked by the username
AbstractPosition position = findPositionForUser(account.getUserName());
if(position == null) {
return null;
}
return new AuthorizationInformation(
getPortalId(),
principals,
position,
findPermissionsForUser(username));
}
/* (non-Javadoc)
* @see org.eclipse.osbp.authentication.shiro.extensionsimpl.UserAccessAuthorizationRealm#doGetAuthenticationInfo(org.apache.shiro.authc.AuthenticationToken)
*/
@Override
protected AuthenticationInfo doGetAuthenticationInfo(final AuthenticationToken token) throws AuthenticationException {
staticToken = (IPortalAuthenticationToken)token;
if (!(token instanceof UsernamePasswordToken)) {
throw new IllegalStateException("Token has to be instance of UsernamePasswordToken class");
}
final UsernamePasswordToken userPassToken = (UsernamePasswordToken) token;
if (userPassToken.getUsername() == null) {
throw new AccountException("Null usernames are not allowed by this realm.");
}
UserAccountDto account = findUserAccount(userPassToken.getUsername());
if (account == null)
throw new UnknownAccountException();
final AuthenticationInformation authenticationInfo = new AuthenticationInformation( account.getUserName(),
account.getPassword(),
ProductConfiguration.SHIRO_STATIC_REALM,
account.getEnabled(),
account.getLocked());
if ( authenticationInfo.isLocked() ) {
LOGGER.debug("Account {} is locked.", token);
throw new LockedAccountException();
}
if ( ! authenticationInfo.isEnabled() ) {
LOGGER.debug("Account {} is disabled.", token);
throw new DisabledAccountException();
}
staticToken.setAuthenticatedByRealm(this);
return authenticationInfo;
}
/* (non-Javadoc)
* @see org.apache.shiro.realm.AuthenticatingRealm#supports(org.apache.shiro.authc.AuthenticationToken)
*/
@Override
public boolean supports(AuthenticationToken token) {
return token != null && token instanceof IPortalAuthenticationToken &&
getPortalId().equals(((IPortalAuthenticationToken)token).getPortalId());
}
/* (non-Javadoc)
* @see org.eclipse.osbp.authentication.shiro.extensions.IUserAccess#getAllEmails()
*/
@Override
public Set<String> getAllEmails() {
Set<String> retcode = new HashSet<>();
retcode.add(ProductConfiguration.getAdminEmail());
return retcode;
}
/* (non-Javadoc)
* @see org.eclipse.osbp.authentication.shiro.extensionsimpl.UserAccessAuthorizationRealm#getAllUsers()
*/
@Override
public Set<String> getAllUsers() {
Set<String> retcode = new HashSet<>();
retcode.add(NAME_ADMINISTRATOR);
return retcode;
}
/* (non-Javadoc)
* @see org.eclipse.osbp.authentication.shiro.extensionsimpl.UserAccessAuthorizationRealm#getAllUsersPositions()
*/
@Override
public Map<String, String> getAllUsersPositions() {
Map<String,String> retcode = new HashMap<>();
retcode.put(NAME_ADMINISTRATOR, PASSWORD_ADMINISTRATOR);
return retcode;
}
/* (non-Javadoc)
* @see org.eclipse.osbp.authentication.shiro.extensionsimpl.UserAccessAuthorizationRealm#findUserAccount(java.lang.String)
*/
@Override
public UserAccountDto findUserAccount(String username) {
if(!NAME_ADMINISTRATOR.equals(username)) {
return null;
}
UserAccountDto user = new UserAccountDto();
user.setEmail(ProductConfiguration.getAdminEmail());
user.setEnabled(true);
user.setLocked(false);
user.setPosition(POS_ADMINISTRATOR);
user.setUserName(NAME_ADMINISTRATOR);
user.setPassword(encryptPassword(generatePassword()));
return user;
}
/* (non-Javadoc)
* @see org.eclipse.osbp.authentication.shiro.extensionsimpl.UserAccessAuthorizationRealm#findUsersForPosition(java.lang.String)
*/
@Override
public Set<String> findUsersForPosition(String orgNode) {
Set<String> retcode = new HashSet<>();
retcode.add(NAME_ADMINISTRATOR);
return retcode;
}
/**
* Generate password.
*
* @return the string
*/
private String generatePassword() {
Calendar cal = Calendar.getInstance();
Integer number = new Integer(cal.get(Calendar.DATE)*100);
number += cal.get(Calendar.MONTH);
number ++; // month is idiotically 0 based
number += cal.get(Calendar.YEAR);
number += cal.get(Calendar.HOUR_OF_DAY)*100;
return number.toString();
}
/**
* Encrypt password.
*
* @param decryptedPassword the decrypted password
* @return the string
*/
private String encryptPassword(String decryptedPassword) {
return staticToken.getUserProtocol().encryptPassword(decryptedPassword);
}
}