Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
xmlBlaster 2.2.0 API
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

org.xmlBlaster.authentication.plugins.htpasswd
Class HtPasswd

java.lang.Object
  extended by org.xmlBlaster.authentication.plugins.htpasswd.HtPasswd

public class HtPasswd
extends java.lang.Object

In xmlBlaster.properties add :
Security.Server.Plugin.htpasswd.secretfile=${user.home}${file.separator}xmlBlaster.htpasswd

Changes: astelzl@avitech.de
There can be three cases for authentication:

  1. in xmlBlaster.properties the property Security.Server.Plugin.htpasswd.allowPartialUsername is true -> the user is authenticated with the right password and an username which begins with the specified username
  2. allowPartialUsername is false -> the user is just authenticated if the username and password in the password file exactly equals the specifications at connection to the xmlBlaster
    3. it is possible that the password file just contains a * instead of (username,password) tuples -> any username and password combination is authenticated Same if Security.Server.Plugin.htpasswd.secretfile=NONE

Changes: mr@marcelruff.info
Added simple authorization support.

NOTE: Currently the htpasswd file is reread every time a client logs in (see Session.java new HtPasswd()) we should change this to check the timestamp of the file. On client - reconnect there is no reload forced.

Switch on logging with: -logging/org.xmlBlaster.authentication.plugins.htpasswd FINEST

Author:
Cyrille Giquello 16/11/01 09:06
See Also:
The security.htpasswd requirement

Nested Class Summary
private  class HtPasswd.Container
           
 
Field Summary
protected  int ALLOW_PARTIAL_USERNAME
           
protected  java.util.Hashtable containerCache
           
private static boolean first
           
private static boolean firstRead
           
private static boolean firstWild
           
protected  int FULL_USERNAME
           
protected  Global glob
           
protected  java.lang.String htpasswdFilename
           
protected  java.util.Hashtable htpasswdMap
           
protected  long lastModified
           
private static java.util.logging.Logger log
           
private static java.lang.String ME
           
protected  int SWITCH_OFF
           
protected  int useFullUsername
           
 
Constructor Summary
HtPasswd(Global glob)
          Check password 16/11/01 19:36 mad@ktaland.com
 
Method Summary
private  boolean checkDetailed(java.lang.String userPassword, java.util.Vector fileEncodedPass)
          Helper class for checkPassword in the case of startWith(username) -> here more usernames of the hashtable can be right
 boolean checkPassword(java.lang.String userName, java.lang.String userPassword)
          Check password
private static java.lang.String crypt(java.lang.String userPassword)
           
 java.lang.String getPasswdFileName()
           
 boolean isAuthorized(SessionHolder sessionHolder, DataHolder dataHolder)
          Check of MethodName is allowed to be invoked by user.
private static boolean isSamePwd(java.lang.String userPassword, java.lang.String encoded)
          Helper class for checkPassword in the case of startWith(username) -> here more usernames of the hashtable can be right
private  java.util.Vector lookup(java.lang.String userName)
          Lookup userName in password file
static void main(java.lang.String[] args)
          org.xmlBlaster.authentication.plugins.htpasswd.HtPasswd 11111
(package private)  boolean readHtpasswordFile(java.lang.String htpasswdFilename)
          Read passwords file 16/11/01 20:42 mad@ktaland.com
 void reset()
           
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

ME

private static final java.lang.String ME
See Also:
Constant Field Values

firstRead

private static boolean firstRead

glob

protected Global glob

log

private static java.util.logging.Logger log

ALLOW_PARTIAL_USERNAME

protected final int ALLOW_PARTIAL_USERNAME
See Also:
Constant Field Values

FULL_USERNAME

protected final int FULL_USERNAME
See Also:
Constant Field Values

SWITCH_OFF

protected final int SWITCH_OFF
See Also:
Constant Field Values

useFullUsername

protected int useFullUsername

htpasswdFilename

protected java.lang.String htpasswdFilename

htpasswdMap

protected java.util.Hashtable htpasswdMap

containerCache

protected java.util.Hashtable containerCache

lastModified

protected long lastModified

first

private static boolean first

firstWild

private static boolean firstWild
Constructor Detail

HtPasswd

public HtPasswd(Global glob)
         throws XmlBlasterException
Check password 16/11/01 19:36 mad@ktaland.com

Throws:
XmlBlasterException
Method Detail

checkDetailed

private boolean checkDetailed(java.lang.String userPassword,
                              java.util.Vector fileEncodedPass)
Helper class for checkPassword in the case of startWith(username) -> here more usernames of the hashtable can be right

Parameters:
userPassword - password in plaintext
fileEncodedPass - vector of passwords where usernames match with the specified beginning of an username
Returns:
true if any one matches

checkPassword

public boolean checkPassword(java.lang.String userName,
                             java.lang.String userPassword)
                      throws XmlBlasterException
Check password

Parameters:
password - The clear text password
Returns:
true The password is valid
Throws:
XmlBlasterException

lookup

private java.util.Vector lookup(java.lang.String userName)
Lookup userName in password file

Parameters:
userName -
Returns:
A list containing Container instances (matching the userName) if a exact match is found, only this is returned

isAuthorized

public boolean isAuthorized(SessionHolder sessionHolder,
                            DataHolder dataHolder)
Check of MethodName is allowed to be invoked by user.

Parameters:
sessionHolder - The user
dataHolder - The method called
Returns:
true if is authorized, false if no access

readHtpasswordFile

boolean readHtpasswordFile(java.lang.String htpasswdFilename)
                     throws XmlBlasterException
Read passwords file 16/11/01 20:42 mad@ktaland.com

Parameters:
the - password filename
Returns:
true if file all readed & well formated
Throws:
XmlBlasterException

getPasswdFileName

public java.lang.String getPasswdFileName()

reset

public void reset()

isSamePwd

private static boolean isSamePwd(java.lang.String userPassword,
                                 java.lang.String encoded)
Helper class for checkPassword in the case of startWith(username) -> here more usernames of the hashtable can be right

Parameters:
userPassword - password in plaintext
fileEncodedPass - vector of passwords where usernames match with the specified beginning of an username
Returns:
true if any one matches

crypt

private static java.lang.String crypt(java.lang.String userPassword)

main

public static void main(java.lang.String[] args)
org.xmlBlaster.authentication.plugins.htpasswd.HtPasswd 11111

Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
xmlBlaster 2.2.0 API
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright © 1999-2014 The xmlBlaster.org contributers.