All Packages  Class Hierarchy  This Package  Previous  Next  Index

Class w3c.jigsaw.auth.GenericAuthFilter

java.lang.Object
   |
   +----w3c.tools.store.AttributeHolder
           |
           +----w3c.tools.store.Resource
                   |
                   +----w3c.tools.store.ResourceFrame
                           |
                           +----w3c.jigsaw.resources.ResourceFilter
                                   |
                                   +----w3c.jigsaw.auth.AuthFilter
                                           |
                                           +----w3c.jigsaw.auth.GenericAuthFilter

public class GenericAuthFilter
extends AuthFilter

GenericAuthFilter provides for both IP and basic authentication. This is really a first implementation. It looses on several points:

AuthUser instances, being a subclass of resource dump their classes along with their attributes, although here we know that they will all be instances of AuthUser.
The way the ipmatcher is maintained doesn't make much sense.
The way groups are handled is no good.
The SimpleResourceStore is not an adequat store for the user database, it should rather use the jdbmResourceStore (not written yet).

However, this provides for the basic functionnalities.

ATTR_ALLOWED_GROUPS: Attribute index - The list of allowed groups.
ATTR_ALLOWED_USERS: Attribute index - The list of allowed users.
catalog: The catalog of realms that make our scope.
challenge: The challenge to issue to any client for Basic Authentication.
ipmatcher: The IPMatcher to match IP templates to user records.
loaded_realm: The nam of the realm we cache in realm.
realm: Our associated realm.

GenericAuthFilter()

acquireRealm(): Get a pointer to our realm, and initialize our ipmatcher.
authenticate(Request): Authenticate the given request.
checkBasicAuth(BasicAuthContext): Check the given Basic context against our database.
checkRealm(): Check that our realm does exist.
checkUser(AuthUser): Is this user allowed in the realm ? First check in the list of allowed users (if any), than in the list of allowed groups (if any).
getAllowedGroups(): Get the list of allowed groups.
getAllowedUsers(): Get the list of allowed users.
initialize(Object[]): Initialize the filter.
lookupUser(InetAddress): Lookup a user by its IP address.
lookupUser(String): Lookup a user by its name.
setValue(int, Object): Catch set value on the realm, to maintain cached values.

ATTR_ALLOWED_USERS

 protected static int ATTR_ALLOWED_USERS

Attribute index - The list of allowed users.

ATTR_ALLOWED_GROUPS

 protected static int ATTR_ALLOWED_GROUPS

Attribute index - The list of allowed groups.

ipmatcher

 protected IPMatcher ipmatcher

The IPMatcher to match IP templates to user records.

catalog

 protected RealmsCatalog catalog

The catalog of realms that make our scope.

realm

 protected AuthRealm realm

Our associated realm.

loaded_realm

 protected String loaded_realm

The nam of the realm we cache in realm.

challenge

 protected HttpChallenge challenge

The challenge to issue to any client for Basic Authentication.

GenericAuthFilter

 public GenericAuthFilter()

acquireRealm

 protected synchronized void acquireRealm()

Get a pointer to our realm, and initialize our ipmatcher.

checkRealm

 protected synchronized boolean checkRealm()

Check that our realm does exist. Otherwise we are probably being initialized, and we don't authenticate yet.

Returns:: A boolean true if realm can be initialized.

getAllowedUsers

 public String[] getAllowedUsers()

Get the list of allowed users.

getAllowedGroups

 public String[] getAllowedGroups()

Get the list of allowed groups.

lookupUser

 public synchronized AuthUser lookupUser(InetAddress ipaddr)

Lookup a user by its IP address.

Parameters:: ipaddr - The IP address to look for.
Returns:: An AuthUser instance or null.

lookupUser

 public synchronized AuthUser lookupUser(String name)

Lookup a user by its name.

Parameters:: name - The user's name.
Returns:: An AuthUser instance, or null.

checkBasicAuth

 protected AuthUser checkBasicAuth(BasicAuthContext ctxt)

Check the given Basic context against our database.

Parameters:: ctxt - The basic auth context to check.
Returns:: A AuthUser instance if check succeeded, null otherwise.

checkUser

 protected boolean checkUser(AuthUser user)

Is this user allowed in the realm ? First check in the list of allowed users (if any), than in the list of allowed groups (if any). If no allowed users or allowed groups are defined, than simply check for the existence of this user.

Returns:: A boolean true if access allowed.

setValue

 public void setValue(int idx,
                      Object value)

Catch set value on the realm, to maintain cached values.

Overrides:: setValue in class Resource

authenticate

 public void authenticate(Request request) throws HTTPException

Authenticate the given request. We first check for valid authentication information. If no authentication is provided, than we try to map the IP address to some of the ones we know about. If the IP address is not found, we challenge the client for a password.

If the IP address is found, than either our user entry requires an extra password step (in wich case we challenge it), or simple IP based authentication is enough, so we allow the request.

Parameters:: request - The request to be authentified.
Overrides:: authenticate in class AuthFilter

initialize

 public void initialize(Object values[])

Initialize the filter.

Overrides:: initialize in class ResourceFilter

All Packages  Class Hierarchy  This Package  Previous  Next  Index