You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@roller.apache.org by jt...@apache.org on 2006/09/29 20:27:27 UTC
svn commit: r451378 - in
/incubator/roller/trunk/src/org/apache/roller/webservices/adminapi:
Authenticator.java BasicAuthenticator.java
Author: jtb
Date: Fri Sep 29 11:27:26 2006
New Revision: 451378
URL: http://svn.apache.org/viewvc?view=rev&rev=451378
Log:
1. in previous commit, accidently added 2nd check for disabled user
2. re-factor auth code to be more understandable. move all verification into the verifyUser() method
Modified:
incubator/roller/trunk/src/org/apache/roller/webservices/adminapi/Authenticator.java
incubator/roller/trunk/src/org/apache/roller/webservices/adminapi/BasicAuthenticator.java
Modified: incubator/roller/trunk/src/org/apache/roller/webservices/adminapi/Authenticator.java
URL: http://svn.apache.org/viewvc/incubator/roller/trunk/src/org/apache/roller/webservices/adminapi/Authenticator.java?view=diff&rev=451378&r1=451377&r2=451378
==============================================================================
--- incubator/roller/trunk/src/org/apache/roller/webservices/adminapi/Authenticator.java (original)
+++ incubator/roller/trunk/src/org/apache/roller/webservices/adminapi/Authenticator.java Fri Sep 29 11:27:26 2006
@@ -19,6 +19,7 @@
import org.apache.roller.RollerException;
import org.apache.roller.model.Roller;
import org.apache.roller.model.RollerFactory;
+import org.apache.roller.model.UserManager;
import org.apache.roller.pojos.UserData;
/**
@@ -39,20 +40,26 @@
public abstract void authenticate() throws HandlerException;
- /**
+ /**
* This method should be called by extensions of this class within their
* implementation of authenticate().
*/
- protected void verifyUser() throws HandlerException {
- try {
- UserData user = getRoller().getUserManager().getUserByUserName(getUserName());
- if (user != null && user.hasRole("admin") && user.getEnabled().booleanValue()) {
- // success! no exception
- } else {
- throw new UnauthorizedException("ERROR: User must have the admin role to use the AAPP endpoint: " + getUserName());
- }
- } catch (RollerException re) {
- throw new InternalException("ERROR: Could not verify user: " + getUserName(), re);
+ protected void verifyUser(String userName, String password) throws HandlerException {
+ UserData ud = getUserData(userName);
+ String realpassword = ud.getPassword();
+
+ if (!userName.trim().equals(ud.getUserName())) {
+ throw new UnauthorizedException("ERROR: User is not authorized: " + userName);
+ }
+ if (!password.trim().equals(realpassword)) {
+ throw new UnauthorizedException("ERROR: User is not authorized: " + userName);
+ }
+
+ if (!ud.hasRole("admin")) {
+ throw new UnauthorizedException("ERROR: User must have the admin role to use the AAPP endpoint: " + userName);
+ }
+ if (!ud.getEnabled().booleanValue()) {
+ throw new UnauthorizedException("ERROR: User is disabled: " + userName);
}
}
@@ -79,4 +86,22 @@
protected void setRoller(Roller roller) {
this.roller = roller;
}
+
+ protected UserData getUserData(String name) throws NotFoundException, InternalException {
+ try {
+ UserManager mgr = getRoller().getUserManager();
+ UserData ud = mgr.getUserByUserName(name, Boolean.TRUE);
+ if (ud == null) {
+ ud = mgr.getUserByUserName(name, Boolean.FALSE);
+ }
+ if (ud == null) {
+ throw new NotFoundException("ERROR: Unknown user: " + name);
+ }
+
+ return ud;
+ } catch (RollerException re) {
+ throw new InternalException("ERROR: Could not get user: " + name, re);
+ }
+ }
+
}
Modified: incubator/roller/trunk/src/org/apache/roller/webservices/adminapi/BasicAuthenticator.java
URL: http://svn.apache.org/viewvc/incubator/roller/trunk/src/org/apache/roller/webservices/adminapi/BasicAuthenticator.java?view=diff&rev=451378&r1=451377&r2=451378
==============================================================================
--- incubator/roller/trunk/src/org/apache/roller/webservices/adminapi/BasicAuthenticator.java (original)
+++ incubator/roller/trunk/src/org/apache/roller/webservices/adminapi/BasicAuthenticator.java Fri Sep 29 11:27:26 2006
@@ -37,46 +37,27 @@
public void authenticate() throws HandlerException {
setUserName(null);
- String userName = null;
- String password = null;
String authHeader = getRequest().getHeader("Authorization");
if (authHeader == null) {
throw new UnauthorizedException("ERROR: Authorization header was not set");
}
- try {
- StringTokenizer st = new StringTokenizer(authHeader);
- if (st.hasMoreTokens()) {
- String basic = st.nextToken();
- if (basic.equalsIgnoreCase("Basic")) {
- String credentials = st.nextToken();
- String userPass = new String(Base64.decodeBase64(credentials.getBytes()));
- int p = userPass.indexOf(":");
- if (p != -1) {
- userName = userPass.substring(0, p);
- UserData user = getRoller().getUserManager().getUserByUserName(userName);
- if (user == null) {
- throw new UnauthorizedException("ERROR: User does not exist: " + userName);
- }
- if (!user.getEnabled().booleanValue()) {
- throw new UnauthorizedException("ERROR: User is disabled: " + userName);
- }
- String realpassword = user.getPassword();
- password = userPass.substring(p+1);
- if ((userName.trim().equals(user.getUserName())) && (password.trim().equals(realpassword))) {
- setUserName(userName);
- }
- }
+ StringTokenizer st = new StringTokenizer(authHeader);
+ if (st.hasMoreTokens()) {
+ String basic = st.nextToken();
+ if (basic.equalsIgnoreCase("Basic")) {
+ String credentials = st.nextToken();
+ String userPass = new String(Base64.decodeBase64(credentials.getBytes()));
+ int p = userPass.indexOf(":");
+ if (p != -1) {
+ String userName = userPass.substring(0, p);
+ String password = userPass.substring(p+1);
+ verifyUser(userName, password);
+
+ //success
+ setUserName(userName);
}
}
- } catch (RollerException re) {
- throw new InternalException("ERROR: Could not authorize user: " + userName, re);
}
- if (getUserName() == null) {
- throw new UnauthorizedException("ERROR: User is not authorized to use the AAPP endpoint: " + userName);
- }
-
- // make sure the user has the admin role
- verifyUser();
}
}