View Javadoc

1   /*
2   jGuard is a security framework based on top of jaas (java authentication and authorization security).
3   it is written for web applications, to resolve simply, access control problems.
4   version $Name$
5   http://sourceforge.net/projects/jguard/
6   
7   Copyright (C) 2004  Charles GAY
8   
9   This library is free software; you can redistribute it and/or
10  modify it under the terms of the GNU Lesser General Public
11  License as published by the Free Software Foundation; either
12  version 2.1 of the License, or (at your option) any later version.
13  
14  This library is distributed in the hope that it will be useful,
15  but WITHOUT ANY WARRANTY; without even the implied warranty of
16  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
17  Lesser General Public License for more details.
18  
19  You should have received a copy of the GNU Lesser General Public
20  License along with this library; if not, write to the Free Software
21  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
22  
23  
24  jGuard project home page:
25  http://sourceforge.net/projects/jguard/
26  
27  */
28  
29  package net.sf.jguard.jee.authentication.http;
30  
31  import java.util.ArrayList;
32  import java.util.Arrays;
33  import java.util.Collection;
34  import java.util.Iterator;
35  import java.util.List;
36  
37  import javax.servlet.ServletException;
38  import javax.servlet.http.HttpServletRequest;
39  import javax.servlet.http.HttpSession;
40  
41  /**
42   * Authentication utility class to handle authentication schemes.
43   * @author <a href="mailto:diabolo512@users.sourceforge.net">Charles Gay</a>
44   */
45  public class AuthSchemesHelper {
46  	/**
47  	 * return the authScheme used to try to authenticate the user
48  	 * among an AuthSChemes list. 
49  	 * @param request
50  	 * @return
51  	 */
52  	public static String getCurrentAuthScheme(HttpServletRequest request) {
53  		HttpSession session = request.getSession(true);
54  		String currentAuthScheme = (String)session.getAttribute(HttpConstants.CURRENT_AUTH_SCHEME);
55  		if(currentAuthScheme==null){
56  			List authSchemes = (List)session.getAttribute(HttpConstants.AUTH_SCHEMES);
57  			currentAuthScheme  = (String)authSchemes.get(0);
58  			session.setAttribute(HttpConstants.CURRENT_AUTH_SCHEME,currentAuthScheme);
59  		}
60  		return currentAuthScheme;
61  	}
62  	
63  	/**
64  	 * advance tp to the next scheme. 
65  	 * @param request
66  	 * @return <strong>true</strong> if there is a next scheme, <strong>false</strong> otherwise.
67  	 */
68  	public static boolean advanceToNextScheme(HttpServletRequest request){
69  		HttpSession session = request.getSession(true);
70  		List authSchemes = (List)session.getAttribute(HttpConstants.AUTH_SCHEMES);
71  		String oldCurrentScheme = getCurrentAuthScheme(request);
72  		int oldCurrentSchemeIndex = authSchemes.indexOf(oldCurrentScheme);
73  		//the end of the scheme array
74  		//currentScheme is the last scheme
75  		if(authSchemes.size()<=oldCurrentSchemeIndex+1){
76  			return false;
77  		}
78  		String currentAuthScheme  = (String)authSchemes.get(oldCurrentSchemeIndex+1);
79  		session.setAttribute(HttpConstants.CURRENT_AUTH_SCHEME,currentAuthScheme);
80  		return true;
81  	}
82  	
83  	
84  	/**
85  	 * validate that the authentication schemes are handled by jGuard.
86  	 * @param authSchemes
87  	 * @throws ServletException
88  	 */
89  	public static Collection validateAuthScheme(String authSchemes) {
90  		Collection authSchemesList = null;
91  		//default authentication is FORM authentication
92          if(authSchemes==null){
93  			authSchemes = HttpConstants.FORM_AUTH;
94  			authSchemesList = new ArrayList();
95  			authSchemesList.add(authSchemes);
96  			return authSchemesList;
97          }
98  
99          String[] schemes = authSchemes.split(",");
100 		authSchemesList = Arrays.asList(schemes);
101 		Iterator itAutSchemes = authSchemesList.iterator();
102 		while(itAutSchemes.hasNext()){
103 			String autScheme = (String)itAutSchemes.next();
104 			if(!HttpConstants.FORM_AUTH.equalsIgnoreCase(autScheme)
105 				&&!HttpConstants.BASIC_AUTH.equalsIgnoreCase(autScheme)
106 				&&!HttpConstants.DIGEST_AUTH.equalsIgnoreCase(autScheme)
107 				&&!HttpConstants.CLIENT_CERT_AUTH.equalsIgnoreCase(autScheme)){
108 				throw new IllegalArgumentException(
109 						" each authentication scheme should be 'BASIC','FORM','DIGEST',or 'CLIENT-CERT' and not '"
110 						+authSchemes+"' ");
111 			}
112 			autScheme = autScheme.toUpperCase();
113 		}
114 		
115 		return authSchemesList;
116 
117 	}
118 
119 
120 
121 }