Class w3c.jigsaw.auth.DigestAuthFilter
All Packages Class Hierarchy This Package Previous Next Index
Class w3c.jigsaw.auth.DigestAuthFilter
java.lang.Object
|
+----w3c.jigsaw.resources.AttributeHolder
|
+----w3c.jigsaw.resources.Resource
|
+----w3c.jigsaw.resources.ResourceFilter
|
+----w3c.jigsaw.auth.AuthFilter
|
+----w3c.jigsaw.auth.DigestAuthFilter
- public class DigestAuthFilter
- extends AuthFilter
DigestAuthFilter provides for both IP and basic authentication.
This is really a first implementation. It looses on several points:
- AuthUser instances, being a subclass of resource dump their classes
along with their attributes, although here we know that they will all
be instances of AuthUser.
- The way that the nonces are stored are inefficient, needs better sorting mechanism.
- Nonce are stored in vectors, will move to classes.
- The way the ipmatcher is maintained doesn't make much sense.
- The way groups are handled is no good.
- The SimpleResourceStore is not an adequat store for the user database,
it should rather use the jdbmResourceStore (not written yet).
However, this provides for the basic functionnalities.
-
ATTR_ALLOWED_GROUPS
- Attribute index - The list of allowed groups.
-
ATTR_ALLOWED_NONCES
- Attribute index - The list of allowed nonces.
-
ATTR_ALLOWED_USERS
- Attribute index - The list of allowed users.
-
catalog
- The catalog of realms that make our scope.
-
ipmatcher
- The IPMatcher to match IP templates to user records.
-
loaded_realm
- The nam of the realm we cache in
realm
.
-
realm
- Our associated realm.
-
DigestAuthFilter()
-
-
acquireRealm()
- Get a pointer to our realm, and initialize our ipmatcher.
-
authenticate(Request)
- Authenticate the given request.
-
checkDigestAuth(DigestAuthContext, String)
- Check the given Digest context against our database.
-
checkIP_Nonce(InetAddress, Vector)
- Checks to see whether or not the a valid preexisting nonce is coming in from a specific IP.
-
checkNonce(DigestAuthContext, InetAddress)
- Checks the clients nonce to see whether or not it is the correct one from that client/user.
-
checkRealm()
- Check that our realm does exist.
-
checkTime(Date, Date)
- Checks the timestamp of the nonce to see whether or not its valid.
-
checkUser(AuthUser)
- Is this user allowed in the realm ?
First check in the list of allowed users (if any), than in the list
of allowed groups (if any).
-
getAllowedGroups()
- Get the list of allowed groups.
-
getAllowedUsers()
- Get the list of allowed users.
-
getNonces()
- Gets the list of allowed nonces.
-
initialize(Object[])
- Initialize the filter.
-
lookupUser(InetAddress)
- Lookup a user by its IP address.
-
lookupUser(String)
- Lookup a user by its name.
ATTR_ALLOWED_USERS
protected static int ATTR_ALLOWED_USERS
- Attribute index - The list of allowed users.
ATTR_ALLOWED_GROUPS
protected static int ATTR_ALLOWED_GROUPS
- Attribute index - The list of allowed groups.
ATTR_ALLOWED_NONCES
protected static int ATTR_ALLOWED_NONCES
- Attribute index - The list of allowed nonces.
ipmatcher
protected IPMatcher ipmatcher
- The IPMatcher to match IP templates to user records.
catalog
protected RealmsCatalog catalog
- The catalog of realms that make our scope.
realm
protected AuthRealm realm
- Our associated realm.
loaded_realm
protected String loaded_realm
- The nam of the realm we cache in
realm
.
DigestAuthFilter
public DigestAuthFilter()
acquireRealm
protected synchronized void acquireRealm()
- Get a pointer to our realm, and initialize our ipmatcher.
checkIP_Nonce
public Vector checkIP_Nonce(InetAddress ip,
Vector allowed_nonces)
- Checks to see whether or not the a valid preexisting nonce is coming in from a specific IP.
- Parameters:
- ip - The clients ip address.
- Returns:
- s A Vector containing two objects, a boolean specifying whether or not it succeeded, and a nonce if it did succeed and is null if it didn't.
checkRealm
protected synchronized boolean checkRealm()
- Check that our realm does exist.
Otherwise we are probably being initialized, and we don't authenticate
yet.
- Returns:
- A boolean true if realm can be initialized.
getAllowedUsers
public String[] getAllowedUsers()
- Get the list of allowed users.
getAllowedGroups
public String[] getAllowedGroups()
- Get the list of allowed groups.
getNonces
public Vector getNonces()
- Gets the list of allowed nonces.
lookupUser
public synchronized AuthUser lookupUser(InetAddress ipaddr)
- Lookup a user by its IP address.
- Parameters:
- ipaddr - The IP address to look for.
- Returns:
- An AuthUser instance or null.
lookupUser
public synchronized AuthUser lookupUser(String name)
- Lookup a user by its name.
- Parameters:
- name - The user's name.
- Returns:
- An AuthUser instance, or null.
checkTime
public boolean checkTime(Date date,
Date Nonce_date)
- Checks the timestamp of the nonce to see whether or not its valid.
- Parameters:
- date - The current date.
- Nonce_date - The nonce's date.
- Returns:
- boolean specifying whether the nonce's date was within time limits.
checkNonce
public boolean checkNonce(DigestAuthContext ctxt,
InetAddress ip)
- Checks the clients nonce to see whether or not it is the correct one from that client/user.
- Parameters:
- ctxt - The Digest auth context
- ip - The client's IP address.
- Returns:
- boolean whether or not the nonce succeeded.
checkDigestAuth
protected AuthUser checkDigestAuth(DigestAuthContext ctxt,
String method)
- Check the given Digest context against our database.
- Parameters:
- ctxt - The Digest auth context to check.
- method - The method used to access this resource.
- Returns:
- A AuthUser instance if check succeeded, null
otherwise.
checkUser
protected boolean checkUser(AuthUser user)
- Is this user allowed in the realm ?
First check in the list of allowed users (if any), than in the list
of allowed groups (if any). If no allowed users or allowed groups
are defined, than simply check for the existence of this user.
- Returns:
- A boolean true if access allowed.
authenticate
public void authenticate(Request request) throws HTTPException
- Authenticate the given request.
We first check for valid authentication information. If no
authentication is provided, than we try to map the IP address to some
of the ones we know about. If the IP address is not found, we challenge
the client for a password.
If the IP address is found, than either our user entry requires an
extra password step (in wich case we challenge it), or simple IP
based authentication is enough, so we allow the request.
- Parameters:
- request - The request to be authentified.
- Overrides:
- authenticate in class AuthFilter
initialize
public void initialize(Object values[])
- Initialize the filter.
- Overrides:
- initialize in class ResourceFilter
All Packages Class Hierarchy This Package Previous Next Index