Package com.wesabe.grendel.auth

Source Code of com.wesabe.grendel.auth.Credentials

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
package com.wesabe.grendel.auth;

import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.HttpHeaders;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.Response.Status;

import com.wesabe.grendel.entities.User;
import com.wesabe.grendel.entities.dao.UserDAO;
import com.wesabe.grendel.openpgp.CryptographicException;
import com.wesabe.grendel.openpgp.UnlockedKeySet;

/**
* A set of Basic authentication credentials.
*
* @see BasicAuthProvider
* @see Session
* @author coda
*/
public class Credentials {
  /**
   * An authentication challenge {@link Response}. Use this when a client's
   * provided credentials are invalid.
   */
  public static final Response CHALLENGE =
    Response.status(Status.UNAUTHORIZED)
      .header(HttpHeaders.WWW_AUTHENTICATE, "Basic realm=\"Grendel\"")
      .build();
 
  private final String username;
  private final String password;
 
  /**
   * Creates a new set of credentials.
   *
   * @param username the client's provided username
   * @param password the client's provided password
   */
  public Credentials(String username, String password) {
    this.username = username;
    this.password = password;
  }
 
  /**
   * Returns the client's provided username.
   */
  public String getUsername() {
    return username;
  }
 
  /**
   * Returns the client's provided password.
   */
  public String getPassword() {
    return password;
  }
 
  /**
   * Given a {@link UserDAO}, finds the associated {@link User} and returns a
   * {@link Session}.
   *
   * @param userDAO
   *            a {@link UserDAO}
   * @throws WebApplicationException
   *             if the user can't be found, or if the user's password is
   *             incorrect
   */
  public Session buildSession(UserDAO userDAO) throws WebApplicationException {
    final User user = userDAO.findById(username);
    if (user != null) {
      try {
        final UnlockedKeySet keySet = user.getKeySet().unlock(password.toCharArray());
        return new Session(user, keySet);
      } catch (CryptographicException e) {
        throw new WebApplicationException(CHALLENGE);
      }
    }
   
    throw new WebApplicationException(CHALLENGE);
  }
 
  /**
   * Given a {@link UserDAO} and an allowed {@link User} id, finds the
   * associated {@link User} and returns a {@link Session}.
   *
   * @param userDAO
   *            a {@link UserDAO}
   * @param allowedId
   *            the id of the only {@link User} which should be allowed access
   *            to session context
   * @throws WebApplicationException
   *             if the user can't be found, or if the user's password is
   *             incorrect
   */
  public Session buildSession(UserDAO userDAO, String allowedId) {
    final Session session = buildSession(userDAO);
    if (session.getUser().getId().equals(allowedId)) {
      return session;
    }
   
    throw new WebApplicationException(Status.FORBIDDEN);
  }
}
TOP

Related Classes of com.wesabe.grendel.auth.Credentials

  • com.wesabe.grendel.auth.tests.BasicAuthProviderTest$Decoding_A_Valid_Auth_Header
  • com.wesabe.grendel.auth.tests.CredentialsTest$A_Set_Of_Credentials
  • com.wesabe.grendel.auth.tests.CredentialsTest$Session_Context
  • com.wesabe.grendel.entities.User
  • com.wesabe.grendel.openpgp.UnlockedKeySet
  • javax.ws.rs.WebApplicationException
    • TOP
    Copyright © 2018 www.massapi.com. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.