org.cdlib.xtf.dynaXML
Class Authenticator

Object
  extended by Authenticator

 class Authenticator
extends Object

Performs all authentication tasks for the servlet, including IP-based, LDAP, and external authentication.


Nested Class Summary
private  class Authenticator.AllAuthSpec
          Allow or deny all access
private  class Authenticator.AuthSpec
          Holds information on a particular authorization specification
private  class Authenticator.ExternalAuthSpec
          Allow or deny based on an external login page
private  class Authenticator.IPAuthSpec
          Allow or deny based on whether requestor's IP address is in the specified list.
private  class Authenticator.IpListCache
          This class is used to cache IP maps so we don't have to load the same ones over and over.
private  class Authenticator.LdapAuthSpec
          Allow or deny based on looking up an entry in an LDAP database.
 
Field Summary
private  StringCache authCache
          Caches authorized session IDs
private  DynaXMLConfig config
          Configuration info
private  Authenticator.IpListCache ipListCache
          Caches IP maps
private  StringCache loginCache
          Caches nonce values for external log-ins
private  SecureRandom secureRandom
          Used for generating random nonce values
private  DynaXML servlet
          Servlet to get dependencies from
 
Constructor Summary
Authenticator(DynaXML servlet)
          Construct an authorizer, initializing all the caches.
 
Method Summary
private  boolean authExternal(Authenticator.ExternalAuthSpec spec, HttpServletRequest req, HttpServletResponse res)
          Uses an external login web page to authorize user access.
private  void authLdap(Authenticator.LdapAuthSpec spec, HttpServletRequest req, HttpServletResponse res)
          Uses an LDAP server to authorize user access with a username and password.
private static String bytesToHex(byte[] bytes)
          Converts an array of bytes to the hex representation of them, two digits per byte and no spaces.
 boolean checkAuth(String ipAddr, Vector authSpecs, HttpServletRequest req, HttpServletResponse res)
          Based on a list of authentication specifications, checks if the current session is allowed to access this document.
 void clearCaches()
          Clears all the caches used by the authenticator.
private  boolean isEmpty(String s)
          Utility method to check if a string is null or ""
 Authenticator.AuthSpec processAuthTag(EasyNode el)
          Creates an AuthSpec from an 'auth' element produced by the docReqParser stylesheet.
 
Methods inherited from class Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

secureRandom

private SecureRandom secureRandom
Used for generating random nonce values


ipListCache

private Authenticator.IpListCache ipListCache
Caches IP maps


authCache

private StringCache authCache
Caches authorized session IDs


loginCache

private StringCache loginCache
Caches nonce values for external log-ins


servlet

private DynaXML servlet
Servlet to get dependencies from


config

private DynaXMLConfig config
Configuration info

Constructor Detail

Authenticator

public Authenticator(DynaXML servlet)
Construct an authorizer, initializing all the caches.

Parameters:
servlet - Servlet whose cache we will access
Method Detail

isEmpty

private boolean isEmpty(String s)
Utility method to check if a string is null or ""


processAuthTag

public Authenticator.AuthSpec processAuthTag(EasyNode el)
                                      throws DynaXMLException
Creates an AuthSpec from an 'auth' element produced by the docReqParser stylesheet. Parses the various parameters depending on the type.

Throws:
DynaXMLException

clearCaches

public void clearCaches()
Clears all the caches used by the authenticator.


authLdap

private void authLdap(Authenticator.LdapAuthSpec spec,
                      HttpServletRequest req,
                      HttpServletResponse res)
               throws Exception
Uses an LDAP server to authorize user access with a username and password. Name and password are gathered using the HTTP 'basic' authentication mechanism.

Parameters:
spec - The authorization spec containing details (server to connect to, what to look up, etc.)
req - The HTTP request (contains username and password)
res - The HTTP response (only used to re-request user auth)
Throws:
NoPermissionException - If permission isn't granted, or the browser must re-validate the password.
Exception - Communication or other miscellaneous problems.

authExternal

private boolean authExternal(Authenticator.ExternalAuthSpec spec,
                             HttpServletRequest req,
                             HttpServletResponse res)
                      throws Exception
Uses an external login web page to authorize user access. Redirects to an external login page and sends a 'nonce' value along with the redirect. Eventually the login gets back to our page with an encrypted version of the nonce so we can prevent spurious returns.

Parameters:
spec - The authorization spec containing URL to contact.
req - The HTTP request (contains nonce when we get the return from the authorization page).
res - The HTTP response
Returns:
true if granted, false if redirected
Throws:
NoPermissionException - If permission isn't granted.
Exception - For miscellaneous problems.

checkAuth

public boolean checkAuth(String ipAddr,
                         Vector authSpecs,
                         HttpServletRequest req,
                         HttpServletResponse res)
                  throws Exception
Based on a list of authentication specifications, checks if the current session is allowed to access this document. Handles IP-based, LDAP, and external authentication methods.

Parameters:
ipAddr - Real IP address of the requestor
authSpecs - List of authentication specifications (allow/deny), processed in order.
req - The HTTP request that was made
res - The HTTP response being generated
Returns:
true if ok, false to redirect.
Throws:
NoPermissionException - Authentication failed
Exception - Miscellaneous problems

bytesToHex

private static String bytesToHex(byte[] bytes)
Converts an array of bytes to the hex representation of them, two digits per byte and no spaces.

Parameters:
bytes - An array of bytes to convert
Returns:
A long string representing those bytes in hex form