velosurf.web.auth
Class BaseAuthenticator

java.lang.Object
  velosurf.web.auth.BaseAuthenticator

Direct Known Subclasses:

SimpleDBAuthenticator

public abstract class BaseAuthenticator
extends java.lang.Object

This abstract class implements an authentication mechanism. It is meant to be declared in toolbox.xml as a session-scoped tool. The password encryption method can be specified in toolbox.xml using the method parameter (when not specified, passwords are passed in clear). You will need to implement the same password encryption on the client side using the adequate javascript files. A /src/javascript/md5.js file is provided to help implementing the HmacMD5 method. Still, if you really want security, use HTTPS!

Author:

Claude Brisson

Field Summary

private java.lang.String	challenge challenge value
private static int	CHALLENGE_LENGTH length of challenge
private java.lang.String	method encryption method
private static java.util.Random	random random number generator
private java.lang.ref.WeakReference<javax.servlet.http.HttpSession>	session keep a reference on the session

Constructor Summary

BaseAuthenticator()

Method Summary

boolean	checkLogin(java.lang.String login, java.lang.String answer) Check received answer.
void	configure(java.util.Map config) configure this tool.
private java.lang.String	generateAnswer(java.lang.String password) Generate the correct answer.
java.lang.String	getChallenge() This method generates a new challenge each time it is called.
java.lang.Object	getLoggedUser()
abstract java.lang.String	getPassword(java.lang.String login) get the password corresponding to a login.
abstract java.lang.Object	getUser(java.lang.String login) Get the user object corresponding to a login
void	init(java.lang.Object initData) initialize this tool.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

method

private java.lang.String method

encryption method

challenge

private java.lang.String challenge

challenge value

random

private static java.util.Random random

random number generator

CHALLENGE_LENGTH

private static final int CHALLENGE_LENGTH

length of challenge

See Also:

Constant Field Values

session

private java.lang.ref.WeakReference<javax.servlet.http.HttpSession> session

keep a reference on the session

Constructor Detail

BaseAuthenticator

public BaseAuthenticator()

Method Detail

getPassword

public abstract java.lang.String getPassword(java.lang.String login)

get the password corresponding to a login.

Parameters:

login - login

Returns:

password or null

getUser

public abstract java.lang.Object getUser(java.lang.String login)

Get the user object corresponding to a login

Parameters:

login - login

Returns:

user object

init

public void init(java.lang.Object initData)

initialize this tool.

Parameters:

initData - a view context

configure

public void configure(java.util.Map config)

configure this tool.

Parameters:

config - map containing an optional "method" parameter

getChallenge

public java.lang.String getChallenge()

This method generates a new challenge each time it is called.

Returns:

a new 1024-bit challenge in base64

checkLogin

public boolean checkLogin(java.lang.String login,
                          java.lang.String answer)

Check received answer.

Parameters:

login - login

answer - received answer

Returns:

true if received answer is valid

generateAnswer

private java.lang.String generateAnswer(java.lang.String password)

Generate the correct answer.

Parameters:

password -

Returns:

encrypted answer

getLoggedUser

public java.lang.Object getLoggedUser()