Source code

001/*
002 *  Copyright 2010 Anyware Services
003 *
004 *  Licensed under the Apache License, Version 2.0 (the "License");
005 *  you may not use this file except in compliance with the License.
006 *  You may obtain a copy of the License at
007 *
008 *      http://www.apache.org/licenses/LICENSE-2.0
009 *
010 *  Unless required by applicable law or agreed to in writing, software
011 *  distributed under the License is distributed on an "AS IS" BASIS,
012 *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
013 *  See the License for the specific language governing permissions and
014 *  limitations under the License.
015 */
016
017package org.ametys.plugins.repositoryapp.authentication;
018
019import org.apache.avalon.framework.context.ContextException;
020import org.apache.avalon.framework.context.Contextualizable;
021import org.apache.avalon.framework.logger.AbstractLogEnabled;
022
023/**
024 * Authentication for the repository application looking for the administrator login and password.
025 */
026//FIXME
027public class AdminRepositoryAuthentication extends AbstractLogEnabled implements RepositoryAuthentication, Contextualizable
028{
029    /** Location of the administrator password relative to ametys home */
030    public static final String ADMINISTRATOR_PASSWORD_FILENAME = "administrator/admin.xml";
031    /** The request attribute name for telling that super user is logged in. */
032    public static final String REQUEST_ATTRIBUTE_SUPER_USER = "Runtime:SuperUser";
033    
034    /** The cocoon context, initialized during the contextualize method */
035//    private org.apache.avalon.framework.context.Context _context;
036    
037    public void contextualize(org.apache.avalon.framework.context.Context context) throws ContextException
038    {
039//        _context = context;
040    }
041
042//    @Override
043//    public CredentialsProvider getCredentialsProvider()
044//    {
045//        return new BasicCredentialsProvider("Administration", _context);
046//    }
047//    
048//    /**
049//     * Set the "Super User" in request attribute 
050//     */
051//    @Override
052//    public void allowed()
053//    {
054//        Request request = ContextHelper.getRequest(_context);
055//        request.setAttribute(AdminAuthenticateAction.REQUEST_ATTRIBUTE_SUPER_USER, Boolean.TRUE);
056//    }
057//    
058//    @Override
059//    public boolean allowUser(Credentials credentials)
060//    {
061//        String login = credentials.getLogin();
062//        String passwd = credentials.getPassword();
063//
064//        try
065//        {
066//            if (!"admin".equals(login))
067//            {
068//                if (getLogger().isDebugEnabled())
069//                {
070//                    getLogger().debug("The administrator login must be 'admin' => authentication failed");
071//                }
072//                return false;
073//            }
074//
075//            if (passwd == null)
076//            {
077//                if (getLogger().isDebugEnabled())
078//                {
079//                    getLogger().debug("The administrator password cannot be null => authentication failed");
080//                }
081//                return false;
082//            }
083//
084//            try (InputStream is  = new FileInputStream(new File(RuntimeConfig.getInstance().getAmetysHome(), ADMINISTRATOR_PASSWORD_FILENAME)))
085//            {
086//                XPath xpath = XPathFactory.newInstance().newXPath();
087//                String pass = xpath.evaluate("admin/password", new InputSource(is));
088//                if (pass == null || "".equals(pass))
089//                {
090//                    if (getLogger().isWarnEnabled())
091//                    {
092//                        getLogger().warn("The administrator password cannot be null at reading => authentication failed");
093//                    }
094//                    return false;
095//                }
096//
097//                MessageDigest messageDigest = MessageDigest.getInstance("MD5");
098//                byte[] encryptedPasswd = messageDigest.digest(passwd.getBytes("UTF-8"));
099//
100//                if (!MessageDigest.isEqual(Base64.decodeBase64(pass.getBytes("UTF-8")), encryptedPasswd))
101//                {
102//                    if (getLogger().isDebugEnabled())
103//                    {
104//                        getLogger().debug("The user did not give the right password => authentication failed");
105//                    }
106//                    return false;
107//                }
108//
109//                return true;
110//            }
111//            catch (FileNotFoundException e)
112//            {
113//                if (getLogger().isWarnEnabled())
114//                {
115//                    String ametysHomePath = RuntimeConfig.getInstance().getAmetysHome().getPath();
116//                    getLogger().warn(
117//                            "The file '" + ADMINISTRATOR_PASSWORD_FILENAME + "' is missing in Ametys home '" + ametysHomePath
118//                                    + "'.\nDefault administrator password 'admin' is used.", e);
119//                }
120//                
121//                return "admin".equals(passwd);
122//            }
123//        }
124//        catch (Exception e)
125//        {
126//            getLogger().error("Authentication failed", e);
127//            return false;
128//        }
129//    }
130}