Module org.bzdev.ejws

Package org.bzdev.ejws

Class EjwsBasicAuthenticator

java.lang.Object

com.sun.net.httpserver.Authenticator

com.sun.net.httpserver.BasicAuthenticator

org.bzdev.ejws.EjwsAuthenticator

org.bzdev.ejws.EjwsBasicAuthenticator

public class EjwsBasicAuthenticator
extends EjwsAuthenticator

Implementation of BasicAuthenticator using either an in-memory table of user names and passwords or a user-supplied table.

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static class	EjwsBasicAuthenticator.Entry	User entry.

Nested classes/interfaces inherited from class org.bzdev.ejws.EjwsAuthenticator

EjwsAuthenticator.AddStatus, EjwsAuthenticator.GPGKeyIDs, EjwsAuthenticator.UserInfo

Nested classes/interfaces inherited from class com.sun.net.httpserver.Authenticator

Authenticator.Failure, Authenticator.Result, Authenticator.Retry, Authenticator.Success

Field Summary

Fields inherited from class org.bzdev.ejws.EjwsAuthenticator

authFunction, loginFunction, logoutFunction, onAccountActive, onAccountRemoval, onAccountRequest, tracer

Fields inherited from class com.sun.net.httpserver.BasicAuthenticator

realm

Constructor Summary

Constructors

Constructor	Description
EjwsBasicAuthenticator(EmbeddedWebServer ews, String realm)	Constructor.
EjwsBasicAuthenticator(EmbeddedWebServer ews, String realm, Map<String,EjwsBasicAuthenticator.Entry> map)	Constructor providing a map.

Method Summary

Modifier and Type	Method	Description
void	add(String username, String password)	Add a user name and password for this authenticator's HTTP realm.
void	add(String username, String password, Set<String> roles)	Add a user name, the user's password and the user's roles for this authenticator's HTTP realm.
void	add(EjwsAuthenticator.UserInfo info)	Add a user specified by an instance of EjwsAuthenticator.UserInfo.
Authenticator.Result	authenticate(HttpExchange t)
boolean	checkCredentials(String username, String password)	Check credentials.
SecureBasicUtilities.Mode	getMode()	Get the mode.
byte[]	getSBL(String user)	Get the SBL file for a user
EjwsUserTable<EjwsBasicAuthenticator,EjwsBasicAuthenticator.Entry>	getUserTable()
void	handleError(HttpExchange t, Exception e)
boolean	isSBLCompressed(String user)	Determine if the SBL file is compresssed using GZIP.
void	loadFromDirs()	Load user-account data obtained from GPG or an SBL directory
boolean	makeUserActive(String name)	Make a user active
boolean	makeUserActive(String name, boolean gpg)	Make a user active, specifying if the user is one for whom GPG is used to provide the data needed to log in.
protected void	proposeMode(EmbeddedWebServer server)
void	prune()	Remove cached passwords whose timeout has expired.
boolean	removeUser(String name)	Remove a user.
boolean	removeUser(String name, boolean gpg)	Make a user active, specifying if the user is one for whom GPG is used to provide the data needed to log in.
void	setTimeLimit(int passphraseTimeout)	Set the time limit for a passphrase/password.
void	setUserTable(EjwsUserTable<EjwsBasicAuthenticator,EjwsBasicAuthenticator.Entry> utable)

Methods inherited from class org.bzdev.ejws.EjwsAuthenticator

addToAdminMap, addToDeleteSet, createServerCookie, createUser, createUser, createUser, createUser, createUser, deleteWithFingerprint, findServerCookie, generateAdminURI, generateRequestURI, getAdminFingerprint, getAdminUsers, getCanAddAccount, getFingerprint, getGPGUsers, getLoginAlias, getReverseProxy, getSBLDir, getSBLUsers, getTrustedKeyIDs, getUserNameFromSBL, getUserStatus, gpghome, hasGPGKey, hasGPGKey, inDeleteSet, isActiveDefault, isEmailAddress, isTrustedKey, processAdminRequests, readSBLData, removeFromDeleteSet, removePWInfo, requestFromUser, setAllowLoopback, setAuthorizedFunction, setCanAddAccount, setCookie, setDefaultActive, setGPGHome, setLoginFunction, setLogoutFunction, setOnAccountActive, setOnAccountRemoval, setOnAccountRequest, setReverseProxy, setSBLDir, setSelfSigned, setTracer, setTruststore, setTruststorePW, setupKeySigner, setUserStatusFunction, showGPGKey, signKey, signKey, storeGPGKey, storeSBLData, trustGPGKey, validGPGUser

Methods inherited from class com.sun.net.httpserver.BasicAuthenticator

getRealm

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

EjwsBasicAuthenticator

public EjwsBasicAuthenticator(EmbeddedWebServer ews,
 String realm)

Constructor.

Parameters:

realm - the HTTP realm

EjwsBasicAuthenticator

public EjwsBasicAuthenticator(EmbeddedWebServer ews,
 String realm,
 Map<String,EjwsBasicAuthenticator.Entry> map)

Constructor providing a map. A user-supplied map can be implemented so as to allow one to obtain passwords and roles from a database or some other form of persistent storage. If entries can be added while a server using this authenticator is running, the map should have a thread-safe implementation.

Parameters:

realm - the HTTP realm

map - a map associating a user name with a table entry.

Method Details

getSBL

public byte[] getSBL(String user)

Get the SBL file for a user

Specified by:

getSBL in class EjwsAuthenticator

Parameters:

user - the user

Returns:

the SBL file as a byte array; null if there is none

isSBLCompressed

public boolean isSBLCompressed(String user)

Determine if the SBL file is compresssed using GZIP.

Specified by:

isSBLCompressed in class EjwsAuthenticator

Returns:

true if the SBL file is compressed; false otherwise

See Also:

• EjwsAuthenticator.getSBL(String)

setTimeLimit

public void setTimeLimit(int passphraseTimeout)
                  throws IllegalArgumentException

Set the time limit for a passphrase/password.

Parameters:

passphraseTimeout - the time interval in seconds for which a password is valid (the default is 1200); 0 to disable the timeout

Throws:

IllegalArgumentException - if the argument is less than zero.

add

public void add(String username,
 String password)
         throws UnsupportedOperationException,
IllegalStateException

Add a user name and password for this authenticator's HTTP realm.

Parameters:

username - the user name

password - the password

Throws:

UnsupportedOperationException - if the map does not allow entries to be added (the default map does not throw this exception)

IllegalStateException - if the map already contains the user

add

public void add(String username,
 String password,
 Set<String> roles)
         throws UnsupportedOperationException,
IllegalStateException

Add a user name, the user's password and the user's roles for this authenticator's HTTP realm.

Parameters:

username - the user name

password - the user's password

roles - the user's roles

Throws:

UnsupportedOperationException - if the map does not allow entries to be added (the default map does not throw this exception)

IllegalStateException - if the map already contains the user

setUserTable

public void setUserTable(EjwsUserTable<EjwsBasicAuthenticator,EjwsBasicAuthenticator.Entry> utable)

getUserTable

public EjwsUserTable<EjwsBasicAuthenticator,EjwsBasicAuthenticator.Entry> getUserTable()

Overrides:

getUserTable in class EjwsAuthenticator

add

public void add(EjwsAuthenticator.UserInfo info)
         throws IllegalStateException

Add a user specified by an instance of EjwsAuthenticator.UserInfo.

Specified by:

add in class EjwsAuthenticator

Parameters:

info - the user data

Throws:

IllegalStateException

removeUser

public boolean removeUser(String name,
 boolean gpg)

Description copied from class: EjwsAuthenticator

Make a user active, specifying if the user is one for whom GPG is used to provide the data needed to log in.

Specified by:

removeUser in class EjwsAuthenticator

Parameters:

name - the user's name

gpg - true if GPG is used; false if an SBL directory is used

removeUser

public boolean removeUser(String name)

Description copied from class: EjwsAuthenticator

Remove a user.

Specified by:

removeUser in class EjwsAuthenticator

Parameters:

name - the user's name

makeUserActive

public boolean makeUserActive(String name,
 boolean gpg)

Description copied from class: EjwsAuthenticator

Make a user active, specifying if the user is one for whom GPG is used to provide the data needed to log in.

Specified by:

makeUserActive in class EjwsAuthenticator

Parameters:

name - the user's name

gpg - true if GPG is used; false if an SBL directory is used

makeUserActive

public boolean makeUserActive(String name)

Description copied from class: EjwsAuthenticator

Make a user active

Specified by:

makeUserActive in class EjwsAuthenticator

Parameters:

name - the user's name

loadFromDirs

public void loadFromDirs()
                  throws UnsupportedOperationException

Description copied from class: EjwsAuthenticator

Load user-account data obtained from GPG or an SBL directory

Overrides:

loadFromDirs in class EjwsAuthenticator

Throws:

UnsupportedOperationException

See Also:

• EjwsAuthenticator.gpghome()
• EjwsAuthenticator.setGPGHome(File)
• EjwsAuthenticator.getSBLDir()
• EjwsAuthenticator.setSBLDir(File)

handleError

public void handleError(HttpExchange t,
 Exception e)
                 throws IOException

Throws:

IOException

authenticate

public Authenticator.Result authenticate(HttpExchange t)

Overrides:

authenticate in class BasicAuthenticator

getMode

public SecureBasicUtilities.Mode getMode()

Get the mode.

Specified by:

getMode in class EjwsAuthenticator

Returns:

SecureBasicUtilities.Mode.PASSWORD

proposeMode

protected void proposeMode(EmbeddedWebServer server)
                    throws IllegalStateException

Throws:

IllegalStateException

prune

public void prune()

Remove cached passwords whose timeout has expired. The method can be called periodically to eliminate passwords when a user has not explicitly logged out.

checkCredentials

public boolean checkCredentials(String username,
 String password)

Check credentials. This method is called for each incoming request to verify the given name and password in the context of this Authenticator's realm.

Specified by:

checkCredentials in class BasicAuthenticator

Parameters:

username - the user name

password - the password