Class w3c.jigsaw.auth.DigestAuthFilter

All Packages  Class Hierarchy  This Package  Previous  Next  Index

Class w3c.jigsaw.auth.DigestAuthFilter

java.lang.Object
   |
   +----w3c.jigsaw.resources.AttributeHolder
           |
           +----w3c.jigsaw.resources.Resource
                   |
                   +----w3c.jigsaw.resources.ResourceFilter
                           |
                           +----w3c.jigsaw.auth.AuthFilter
                                   |
                                   +----w3c.jigsaw.auth.DigestAuthFilter

public class DigestAuthFilter
extends AuthFilter

DigestAuthFilter provides for both IP and basic authentication. This is really a first implementation. It looses on several points:

AuthUser instances, being a subclass of resource dump their classes along with their attributes, although here we know that they will all be instances of AuthUser.
The way that the nonces are stored are inefficient, needs better sorting mechanism.
Nonce are stored in vectors, will move to classes.
The way the ipmatcher is maintained doesn't make much sense.
The way groups are handled is no good.
The SimpleResourceStore is not an adequat store for the user database, it should rather use the jdbmResourceStore (not written yet).

However, this provides for the basic functionnalities.

ATTR_ALLOWED_GROUPS: Attribute index - The list of allowed groups.
ATTR_ALLOWED_NONCES: Attribute index - The list of allowed nonces.
ATTR_ALLOWED_USERS: Attribute index - The list of allowed users.
catalog: The catalog of realms that make our scope.
ipmatcher: The IPMatcher to match IP templates to user records.
loaded_realm: The nam of the realm we cache in realm.
realm: Our associated realm.

DigestAuthFilter()

acquireRealm(): Get a pointer to our realm, and initialize our ipmatcher.
authenticate(Request): Authenticate the given request.
checkDigestAuth(DigestAuthContext, String): Check the given Digest context against our database.
checkIP_Nonce(InetAddress, Vector): Checks to see whether or not the a valid preexisting nonce is coming in from a specific IP.
checkNonce(DigestAuthContext, InetAddress): Checks the clients nonce to see whether or not it is the correct one from that client/user.
checkRealm(): Check that our realm does exist.
checkTime(Date, Date): Checks the timestamp of the nonce to see whether or not its valid.
checkUser(AuthUser): Is this user allowed in the realm ? First check in the list of allowed users (if any), than in the list of allowed groups (if any).
getAllowedGroups(): Get the list of allowed groups.
getAllowedUsers(): Get the list of allowed users.
getNonces(): Gets the list of allowed nonces.
initialize(Object[]): Initialize the filter.
lookupUser(InetAddress): Lookup a user by its IP address.
lookupUser(String): Lookup a user by its name.

ATTR_ALLOWED_USERS

  protected static int ATTR_ALLOWED_USERS

Attribute index - The list of allowed users.

ATTR_ALLOWED_GROUPS

  protected static int ATTR_ALLOWED_GROUPS

Attribute index - The list of allowed groups.

ATTR_ALLOWED_NONCES

  protected static int ATTR_ALLOWED_NONCES

Attribute index - The list of allowed nonces.

ipmatcher

  protected IPMatcher ipmatcher

The IPMatcher to match IP templates to user records.

catalog

  protected RealmsCatalog catalog

The catalog of realms that make our scope.

realm

  protected AuthRealm realm

Our associated realm.

loaded_realm

  protected String loaded_realm

The nam of the realm we cache in realm.

DigestAuthFilter

  public DigestAuthFilter()

acquireRealm

  protected synchronized void acquireRealm()

Get a pointer to our realm, and initialize our ipmatcher.

checkIP_Nonce

  public Vector checkIP_Nonce(InetAddress ip,
                              Vector allowed_nonces)

Checks to see whether or not the a valid preexisting nonce is coming in from a specific IP.

Parameters:: ip - The clients ip address.
Returns:: s A Vector containing two objects, a boolean specifying whether or not it succeeded, and a nonce if it did succeed and is null if it didn't.

checkRealm

  protected synchronized boolean checkRealm()

Check that our realm does exist. Otherwise we are probably being initialized, and we don't authenticate yet.

Returns:: A boolean true if realm can be initialized.

getAllowedUsers

  public String[] getAllowedUsers()

Get the list of allowed users.

getAllowedGroups

  public String[] getAllowedGroups()

Get the list of allowed groups.

getNonces

  public Vector getNonces()

Gets the list of allowed nonces.

lookupUser

  public synchronized AuthUser lookupUser(InetAddress ipaddr)

Lookup a user by its IP address.

Parameters:: ipaddr - The IP address to look for.
Returns:: An AuthUser instance or null.

lookupUser

  public synchronized AuthUser lookupUser(String name)

Lookup a user by its name.

Parameters:: name - The user's name.
Returns:: An AuthUser instance, or null.

checkTime

  public boolean checkTime(Date date,
                           Date Nonce_date)

Checks the timestamp of the nonce to see whether or not its valid.

Parameters:: date - The current date.; Nonce_date - The nonce's date.
Returns:: boolean specifying whether the nonce's date was within time limits.

checkNonce

  public boolean checkNonce(DigestAuthContext ctxt,
                            InetAddress ip)

Checks the clients nonce to see whether or not it is the correct one from that client/user.

Parameters:: ctxt - The Digest auth context; ip - The client's IP address.
Returns:: boolean whether or not the nonce succeeded.

checkDigestAuth

  protected AuthUser checkDigestAuth(DigestAuthContext ctxt,
                                     String method)

Check the given Digest context against our database.

Parameters:: ctxt - The Digest auth context to check.; method - The method used to access this resource.
Returns:: A AuthUser instance if check succeeded, null otherwise.

checkUser

  protected boolean checkUser(AuthUser user)

Is this user allowed in the realm ? First check in the list of allowed users (if any), than in the list of allowed groups (if any). If no allowed users or allowed groups are defined, than simply check for the existence of this user.

Returns:: A boolean true if access allowed.

authenticate

  public void authenticate(Request request) throws HTTPException

Authenticate the given request. We first check for valid authentication information. If no authentication is provided, than we try to map the IP address to some of the ones we know about. If the IP address is not found, we challenge the client for a password.

If the IP address is found, than either our user entry requires an extra password step (in wich case we challenge it), or simple IP based authentication is enough, so we allow the request.

Parameters:: request - The request to be authentified.
Overrides:: authenticate in class AuthFilter

initialize

  public void initialize(Object values[])

Initialize the filter.

Overrides:: initialize in class ResourceFilter

All Packages  Class Hierarchy  This Package  Previous  Next  Index