Changeset 6423

Timestamp:

Feb 25, 2014, 1:11:25 PM (9 years ago)

Author:

Nicklas Nordborg

Message:

References #1599: Convert authentication plug-in system to an extension point

Created extension point for authentication. Extensions should implement the AuthenticationAction interface. The old Authenticator interface is deprecated but it should not be difficult to convert existing authenticators to the new system. Login information is now sent using LoginRequest object via the AuthenticationContext object.

Location:

trunk/src/core

Files:

• core-extensions.xml (modified) (1 diff)
• net/sf/basedb/core/Application.java (modified) (5 diffs)
• net/sf/basedb/core/AuthenticationContext.java (added)
• net/sf/basedb/core/SessionControl.java (modified) (10 diffs)
• net/sf/basedb/core/authentication/AuthenticationException.java (modified) (1 diff)
• net/sf/basedb/core/authentication/AuthenticationInformation.java (modified) (4 diffs)
• net/sf/basedb/core/authentication/AuthenticationManager.java (added)
• net/sf/basedb/core/authentication/Authenticator.java (modified) (1 diff)
• net/sf/basedb/core/authentication/LoginRequest.java (added)
• net/sf/basedb/core/authentication/POP3Authenticator.java (modified) (1 diff)
• net/sf/basedb/core/authentication/SimpleAuthenticator.java (modified) (1 diff)
• net/sf/basedb/util/extensions/debug/BeanActionFactory.java (modified) (1 diff)
• net/sf/basedb/util/extensions/debug/ProxyActionFactory.java (modified) (1 diff)

trunk/src/core/core-extensions.xml

@@ -37 +37 @@
     <url>http://base.thep.lu.se/</url>
   </about>
+  
+  <extension-point
+    id="net.sf.basedb.core.authentication-manager"
+    >
+    <action-class>net.sf.basedb.core.authentication.AuthenticationManager</action-class>
+    <name>Authentication manager</name>
+    <description>
+      Extension point for authentication of users when logging in to BASE.
+      Installed authentication managers are invoked in the index order.
+      An authentication manager have three possible options:
+      1) Decide that the login/password is valid and return an 
+         AuthenticationInformation object. No further authentication managers
+         are invoked and the user is logged in to BASE.
+      2) Decide that the login/password is invalid and throw an
+         Exception. No further authentication managers
+         are invoked and the user is NOT logged in to BASE.
+      3) Decide that it doesn't know if the login/password is valid or not
+         and return null. The next authentication manager is invoked.
+         If this was the last authentication manager, internal authentication
+         is used.
+    </description>
+  </extension-point>
   
   <extension-point

trunk/src/core/net/sf/basedb/core/Application.java

@@ -27 +27 @@
 import net.sf.basedb.core.data.SchemaVersionData;
 import net.sf.basedb.core.hibernate.JdbcWork;
-import net.sf.basedb.core.authentication.Authenticator;
-import net.sf.basedb.util.ClassUtil;
 import net.sf.basedb.util.EmailUtil;
 import net.sf.basedb.util.FileUtil;
-import net.sf.basedb.util.JarClassLoader;
 import net.sf.basedb.util.RegexpFileFilter;
 import net.sf.basedb.util.StaticCache;
@@ -93 +90 @@
     The name of the external authenication class, if any.
   */
-  private static String authenticationDriver;
+  //private static String authenticationDriver;
   
   /**
@@ -425 +422 @@
       
       Config.init();
-      authenticationDriver = Config.getString("auth.driver");
-      log.info("auth.driver = " + authenticationDriver);
+      //authenticationDriver = Config.getString("auth.driver");
+      //log.info("auth.driver = " + authenticationDriver);
       
       secondaryStorageDriver = Config.getString("secondary.storage.driver");
@@ -703 +700 @@
   /**
     Check if BASE is using internal or external authentication.
-    @return TRUE if internal authentication is used, FALSE otherwise
+    @return Always true
     @see #getAuthenticator()
-  */
+    @deprecated In 3.3, no replacement
+  */
+  @Deprecated
   public static boolean isUsingInternalAuthentication()
   {
-    return authenticationDriver == null;
+    return true;
   }
 
@@ -715 +714 @@
     authentication. The authenticator is initialised before it is returned.
     If internal authentication is used, this method returns null.
-    @return An <code>Authenticator</code> object, or null if
-      not using external authentication
+    @return Always null
     @throws BaseException If the authenticator class could not be loaded
     @see #isUsingInternalAuthentication()
-  */
-  static Authenticator getAuthenticator()
+    @deprecated In 3.3, no replacement
+  */
+  @Deprecated
+  static net.sf.basedb.core.authentication.Authenticator getAuthenticator()
     throws BaseException
   {
-    if (isUsingInternalAuthentication()) return null;
-    Authenticator a;
-    try
-    {
-      String jarPath = net.sf.basedb.util.Values.getStringOrNull(Config.getString("auth.jarpath"));
-      ClassLoader loader = jarPath == null ? null : JarClassLoader.getInstance(jarPath);
-      a = (Authenticator)ClassUtil.checkAndLoadClass(loader, 
-        authenticationDriver, true, Authenticator.class).newInstance();
-      a.init(Config.getString("auth.init"));
-    }
-    catch (Throwable t)
-    {
-      throw new BaseException("The authentication driver '"+authenticationDriver+
-        "' could not be loaded. The error message is: "+t.getMessage());
-    }
-    return a;
+    return null;
   }
 

trunk/src/core/net/sf/basedb/core/SessionControl.java

@@ -42 +42 @@
 import net.sf.basedb.core.data.ContextIndex;
 import net.sf.basedb.util.Enumeration;
-
-import net.sf.basedb.core.authentication.Authenticator;
+import net.sf.basedb.util.extensions.ExtensionsInvoker;
+import net.sf.basedb.util.extensions.Registry;
+import net.sf.basedb.util.extensions.manager.ExtensionsManager;
+import net.sf.basedb.core.authentication.AuthenticationManager;
 import net.sf.basedb.core.authentication.AuthenticationInformation;
+import net.sf.basedb.core.authentication.LoginRequest;
 
 import java.util.ArrayList;
@@ -326 +329 @@
     loginInfo = li;
   }
+  
+  /**
+    @deprecated In 3.3, use {@link #login(LoginRequest)} instead
+  */
+  @Deprecated
+  public synchronized void login(String login, String password, String comment)
+  {
+    LoginRequest loginRequest = new LoginRequest();
+    loginRequest.setLogin(login);
+    loginRequest.setPassword(password);
+    loginRequest.setComment(comment);
+    login(loginRequest);
+  }
 
   /**
@@ -332 +348 @@
     the client application if one has been specified.
 
-    @param login The login of the user
-    @param password The UTF-8 encoded plain-text password for the user
-    @param comment A comment for the login, which will show in the {@link Session}
+    @param loginRequest Request containing login/password and other information
     @throws ItemNotFoundException If a user with the specified username is not found
     @throws InvalidPasswordException If the specified password is incorrect
@@ -344 +358 @@
     @see #isLoggedIn()
     @see #getLoggedInUserId()
-    @since 3.0 (the option to use encrypted passwords has been removed)
-  */
-  public synchronized void login(String login, String password, String comment)
-    throws ItemNotFoundException, PermissionDeniedException,
-    InvalidPasswordException, BaseException
+    @since 3.3 
+  */
+  public synchronized void login(LoginRequest loginRequest)
   {
     updateLastAccess();
@@ -356 +368 @@
       throw new AlreadyLoggedInException(loginInfo.userLogin);
     }
-    if (login == null) throw new InvalidUseOfNullException("login");
-    if (password == null) throw new InvalidUseOfNullException("password");
+    if (loginRequest == null) throw new InvalidUseOfNullException("loginRequest");
+    if (loginRequest.getLogin() == null) throw new InvalidUseOfNullException("loginRequest.login");
 
     org.hibernate.Session session = null;
@@ -365 +377 @@
       session = HibernateUtil.newSession();
       tx = HibernateUtil.newTransaction(session);
-      // Verify login and password
+
       UserData userData = null;
-      // The root user should always use internal verification
+      // Try external authentication at first, except...
+      // ...root user should always use internal verification
       UserData root = HibernateUtil.loadData(session, UserData.class, SystemItems.getId(User.ROOT));
       assert root != null : "root == null";
-      if (Application.isUsingInternalAuthentication() || login.equals(root.getLogin()))
-      {
-        userData = verifyUserInternal(session, login, password);
-      }
-      else
-      {
-        userData = verifyUserExternal(session, login, password);
-      }
-      LoginInfo li = createLoginInfo(session, userData, comment, false);
+      
+      if (!loginRequest.getLogin().equals(root.getLogin()))
+      {
+        userData = verifyUserExternal(session, loginRequest);
+      }
+      
+      if (userData == null)
+      {
+        // If no user was found, use internal authentication
+        userData = verifyUserInternal(session, loginRequest);
+      }
+      
+      LoginInfo li = createLoginInfo(session, userData, loginRequest.getComment(), false);
       HibernateUtil.commit(tx);
       currentContexts.clear();
@@ -394 +411 @@
   }
   
-  /**
-    Check that the user exists and verify the password using
-    internal authentication.
-  */
-  private UserData verifyUserInternal(org.hibernate.Session session, String login, String password)
-    throws ItemNotFoundException, InvalidPasswordException, AccountExpiredException, BaseException
-  {
+
+  /**
+    Verify the user with internal authentication.
+  */
+  UserData verifyUserInternal(org.hibernate.Session session, LoginRequest loginRequest)
+  {
+    String login = loginRequest.getLogin();
+    String password = loginRequest.getPassword();
+    
     org.hibernate.Query query = HibernateUtil.getPredefinedQuery(session, "GET_USER_FOR_LOGIN");
     /*
@@ -433 +452 @@
       throw new InvalidPasswordException("User[login="+login+"]");
     }
+    
     return userData;
   }
-
+  
   /**
     Verify the user with external authentication.
   */
-  private UserData verifyUserExternal(org.hibernate.Session session, String login, String password)
-    throws ItemNotFoundException, InvalidPasswordException, BaseException
-  {
+  @SuppressWarnings("unchecked")
+  private UserData verifyUserExternal(org.hibernate.Session session, LoginRequest loginRequest)
+  {
+    AuthenticationContext context = new AuthenticationContext(this, session, loginRequest);
+    
+    ExtensionsManager xtManager = Application.getExtensionsManager();
+    Registry registry = xtManager.getRegistry();
+    ExtensionsInvoker<AuthenticationManager> invoker = (ExtensionsInvoker<AuthenticationManager>)registry.useExtensions(context, xtManager.getSettings(), "net.sf.basedb.core.authentication-manager");
+    
     AuthenticationInformation info = null;
-    Authenticator authenticator = null;
+    boolean extraInfo = false;
     try
     {
-      authenticator = Application.getAuthenticator();
-      info = authenticator.authenticate(login, password);
+      // Load all installed authentication managers and iterate until 
+      // someone returns an info object or throws an exception
+      for (AuthenticationManager auth : invoker)
+      {
+        info = auth.authenticate();
+        if (info != null)
+        {
+          // Found a valid login
+          extraInfo = auth.supportsExtraInformation() && info.hasExtraInfo;
+          break;
+        }
+      }
     }
     catch (net.sf.basedb.core.authentication.LoginException ex)
@@ -455 +491 @@
     catch (net.sf.basedb.core.authentication.UnknownLoginException ex)
     {
-      throw new ItemNotFoundException("User[login="+login+"]", ex);
+      throw new ItemNotFoundException("User[login="+loginRequest.getLogin()+"]", ex);
     }
     catch (net.sf.basedb.core.authentication.InvalidPasswordException ex)
     {
-      throw new InvalidPasswordException("User[login="+login+"]", ex);
+      throw new InvalidPasswordException("User[login="+loginRequest.getLogin()+"]", ex);
     }
     catch (net.sf.basedb.core.authentication.AuthenticationException ex)
     {
-      if (Config.getBoolean("auth.cachepasswords"))
-      {
-        return verifyUserInternal(session, login, password);
-      }
-      throw new BaseException(ex);
-    }
-
-    org.hibernate.Query query = HibernateUtil.getPredefinedQuery(session, "GET_USER_FOR_EXTERNAL_ID");
-    /*
-      SELECT usr 
-      FROM UserData usr
-      WHERE usr.externalId = :externalId
-    */
-    query.setParameter("externalId", info.id);
-    UserData userData = HibernateUtil.loadData(UserData.class, query);
+      if (!Config.getBoolean("auth.cachepasswords"))
+      {
+        throw new BaseException(ex);
+      }
+    }
+    
+    // Return null to force internal verification
+    if (info == null) return null;
+
+    UserData userData = context.getUserByExternalId(info.id);
     if (userData == null) 
     {
+      // Create new user
       userData = new UserData();
       userData.setExternalId(info.id);
@@ -487 +519 @@
       User.addDefultRolesAndGroups(session, userData);
     }
+    
+    // Cache the password if allowed by config
     if (Config.getBoolean("auth.cachepasswords"))
     {
-      userData.getPassword().setCryptedPassword(User.encryptPassword(password));
+      userData.getPassword().setCryptedPassword(User.encryptPassword(loginRequest.getPassword()));
       int daysToCache = Config.getInt("auth.daystocache", 0);
       userData.setExpirationDate(daysToCache > 0 ? new Date(System.currentTimeMillis()+daysToCache*24L*3600L*1000L) : null);
     }
-    if (authenticator.supportsExtraInformation() &&
-      (Config.getBoolean("auth.synchronize") || userData.getId() == 0))
+    
+    // Synchronize extra information if supported and allowed by config
+    if (extraInfo && (Config.getBoolean("auth.synchronize") || userData.getId() == 0))
     {
       userData.setName(info.name == null ? info.login : info.name);

trunk/src/core/net/sf/basedb/core/authentication/AuthenticationException.java

@@ -32 +32 @@
 */
 public class AuthenticationException
-  extends Exception
+  extends RuntimeException
 
 {

trunk/src/core/net/sf/basedb/core/authentication/AuthenticationInformation.java

@@ -41 +41 @@
 public class AuthenticationInformation
 {
+  /**
+    TRUE if the contructor with extra information was used, FALSE if the minial constructor was used.
+    @since 3.3
+  */
+  public final boolean hasExtraInfo;
+  
   /**
     A unique id for the user in the authentication system.
@@ -100 +106 @@
   public AuthenticationInformation(String login, String id)
   {
-    this(login, id, null, null, null, null, null, null, null, null);
+    this(login, id, null, null, null, null, null, null, null, null, false);
   }
 
@@ -132 +138 @@
   )
   {
+    this(login, id, name, organisation, address, phone, fax, email, url, description, true);
+  }
+  
+  private AuthenticationInformation
+  (
+    String login,
+    String id,
+    String name,
+    String organisation,
+    String address,
+    String phone,
+    String fax,
+    String email,
+    String url,
+    String description,
+    boolean hasExtraInfo
+  )
+  {
     if (id == null) throw new NullPointerException("id");
     if (login == null) throw new NullPointerException("login");
@@ -144 +168 @@
     this.url = url;
     this.description = description;
+    this.hasExtraInfo = hasExtraInfo;
   }
 

trunk/src/core/net/sf/basedb/core/authentication/Authenticator.java

@@ -31 +31 @@
   @version 2.0
   @base.modified $Date$
+  @deprecated In 3.3, use {@link AuthenticationManager} instead
 */
+@Deprecated
 public interface Authenticator
 {

trunk/src/core/net/sf/basedb/core/authentication/POP3Authenticator.java

@@ -50 +50 @@
   @version 2.0
   @base.modified $Date$
+  @deprecated In 3.3, no replacement
 */
+@Deprecated
 public class POP3Authenticator
   implements Authenticator

trunk/src/core/net/sf/basedb/core/authentication/SimpleAuthenticator.java

@@ -33 +33 @@
   @version 2.0
   @base.modified $Date$
+  @deprecated In 3.3, no replacement
 */
+@Deprecated
 public class SimpleAuthenticator
   implements Authenticator

trunk/src/core/net/sf/basedb/util/extensions/debug/BeanActionFactory.java

@@ -168 +168 @@
       // Set parameters on the bean
       actions = new Action[] { bean };
-      for (Map.Entry<String, String> entry : parameters.entrySet())
+      if (parameters != null)
       {
-        String name = entry.getKey();
-        String value = entry.getValue();
-        
-        // Find a setParam() method. Ignore parameter if not found
-        Method setter = findSetterMethod(name, bean.getClass());            
-        if (setter == null)
+        for (Map.Entry<String, String> entry : parameters.entrySet())
         {
-          /* #### CONTINUE-STATEMENT #### */
-          continue;
+          String name = entry.getKey();
+          String value = entry.getValue();
+          
+          // Find a setParam() method. Ignore parameter if not found
+          Method setter = findSetterMethod(name, bean.getClass());            
+          if (setter == null)
+          {
+            /* #### CONTINUE-STATEMENT #### */
+            continue;
+          }
+          
+          // Convert value to correct type for setParam(T) method
+          Object o = convertValue(value, setter.getParameterTypes()[0]);
+          try
+          {
+            setter.invoke(bean, o);
+          }
+          catch (IllegalAccessException ex)
+          {}
+          catch (InvocationTargetException ex)
+          {}
         }
-        
-        // Convert value to correct type for setParam(T) method
-        Object o = convertValue(value, setter.getParameterTypes()[0]);
-        try
-        {
-          setter.invoke(bean, o);
-        }
-        catch (IllegalAccessException ex)
-        {}
-        catch (InvocationTargetException ex)
-        {}
       }
     }

trunk/src/core/net/sf/basedb/util/extensions/debug/ProxyActionFactory.java

@@ -226 +226 @@
       value = valueCache.get(parameterName);
     }
-    else
+    else if (parameters != null)
     {
       // Get the string value from the XML file