View Javadoc

1   // 
2   // Copyright (c) 2003, Caltha - Gajda, Krzewski, Mach, Potempski Sp.J. 
3   // All rights reserved. 
4   // 
5   // Redistribution and use in source and binary forms, with or without modification,  
6   // are permitted provided that the following conditions are met: 
7   //  
8   // * Redistributions of source code must retain the above copyright notice,  
9   //	 this list of conditions and the following disclaimer. 
10  // * Redistributions in binary form must reproduce the above copyright notice,  
11  //	 this list of conditions and the following disclaimer in the documentation  
12  //	 and/or other materials provided with the distribution. 
13  // * Neither the name of the Caltha - Gajda, Krzewski, Mach, Potempski Sp.J.  
14  //	 nor the names of its contributors may be used to endorse or promote products  
15  //	 derived from this software without specific prior written permission. 
16  // 
17  // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"  
18  // AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED  
19  // WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 
20  // IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,  
21  // INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,  
22  // BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, 
23  // OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,  
24  // WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)  
25  // ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE  
26  // POSSIBILITY OF SUCH DAMAGE. 
27  // 
28  package org.objectledge.authentication;
29  
30  import java.security.Principal;
31  
32  import javax.naming.InvalidNameException;
33  import javax.naming.NamingException;
34  import javax.naming.directory.DirContext;
35  
36  import org.objectledge.parameters.Parameters;
37  
38  /***
39   * A base implementation of the UserManager interface.
40   * 
41   * @author <a href="mailto:rafal@caltha.pl">Rafal Krzewski</a>
42   * @version $Id: UserManager.java,v 1.5 2006/04/24 09:50:50 rafal Exp $
43   */
44  public abstract class UserManager
45  {
46      // instance variables ///////////////////////////////////////////////////////////////////////
47      
48      /*** the naming policy to be used. */
49      protected NamingPolicy namingPolicy;
50      
51      /*** the login verifier to be used. */
52      protected LoginVerifier loginVerifier;
53      
54      /*** the password digester to be used. */
55      protected PasswordDigester passwordDigester;
56      
57      /*** the password generator to be used. */
58      protected PasswordGenerator passwordGenerator;
59      
60      // initialization ///////////////////////////////////////////////////////////////////////////
61      
62      /***
63       * No-arg ctor for mock object testing.
64       */
65      protected UserManager()
66      {       
67      }
68      
69      /***
70       * Creates an instance of the user manager.
71       * 
72       * @param namingPolicy the namig policy to be used.
73       * @param loginVerifier the login verifier.
74       * @param passwordGenerator the password generator.
75       * @param passwordDigester the password digester.
76       */
77      public UserManager(NamingPolicy namingPolicy, 
78          LoginVerifier loginVerifier, PasswordGenerator passwordGenerator, 
79          PasswordDigester passwordDigester) 
80      {
81          this.namingPolicy = namingPolicy;
82          this.loginVerifier = loginVerifier;
83          this.passwordGenerator = passwordGenerator;
84          this.passwordDigester = passwordDigester;
85      }
86      
87      // account creation + removal ///////////////////////////////////////////////////////////////
88      
89      /***
90       * Checks if a login name is a non-occupied and non-reserved one.
91       * 
92       * @param login the login name to be checked.
93       * @return <code>true</code> if a login name is a non-occupied and non-reserved.
94       */
95      public boolean checkLogin(String login)
96      {
97          return loginVerifier.checkLogin(login);
98      }
99  
100     /***
101      * Checks if a login name is acceptable.
102      * 
103      * @param login the login name to be checked.
104      * @return <code>true</code> if a login name is correct.
105      */
106     public boolean validateLogin(String login)
107     {
108         return loginVerifier.validate(login);
109     }
110     
111     /***
112      * Creates a distinguished name from provided parameters in conformance to configured naming 
113      * policy.
114      * 
115      * @param parameters the parameters to generate name from.
116      * @return the distinghished name.
117      */
118     public String createDN(Parameters parameters)
119     {
120         return namingPolicy.getDn(parameters);
121     }
122 
123     /*** 
124      * Check if user exists.
125      * 
126      * @param dn the name of the user.
127      * @return <code>true</code> if user exists in system.
128      */
129     public abstract boolean userExists(String dn);
130     
131     /***
132      * Creates a new user account.
133      * 
134      * @param login login name of the user.
135      * @param dn distinguished name of the user.
136      * @param password initial password of the user.
137      * @return the newly created account.
138      * @throws AuthenticationException if the account could no be created.
139      */
140     public abstract Principal createAccount(String login, String dn, String password)
141         throws AuthenticationException;
142     
143     /***
144      * Removes an user account.
145      * 
146      * @param account the account.
147      * @throws AuthenticationException if the account could no be removed.
148      */
149     public abstract void removeAccount(Principal account)
150         throws AuthenticationException;
151 
152     // user lookups /////////////////////////////////////////////////////////////////////////////
153 
154     /***
155      * Lookup user by distinguised name.
156      *
157      * @param dn the users's distinguished name.
158      * @return the account's descriptor.
159      * @throws AuthenticationException if there is a problem performing the operation.
160      */
161     public abstract Principal getUserByName(String dn)
162         throws AuthenticationException;
163 
164     /***
165      * Lookup user by login name.
166      *
167      * @param login the name used for authentication.
168      * @return the account's descriptor.
169      * @throws AuthenticationException if there is a problem performing the operation.
170      */
171     public abstract Principal getUserByLogin(String login)
172         throws AuthenticationException;
173 
174     /***
175      * Maps user's distinguished name to login name.
176      *
177      * @param dn full user name.
178      * @return the login name, or <code>null</code> if not found.
179      * @throws AuthenticationException if there is a problem performing the operation.
180      * @throws InvalidNameException if the name does not conform to the configured naming policy.
181      */
182     public String getLogin(String dn)
183         throws AuthenticationException, InvalidNameException
184     {
185         return namingPolicy.getLogin(dn);
186     }
187 
188     /***
189      * Returns the login name of an user.
190      *
191      * @param account the account.
192      * @return the login name, or <code>null</code> if not found.
193      * @throws AuthenticationException if there is a problem performing the operation.
194      * @throws InvalidNameException if the name does not conform to the configured naming policy.
195      */
196     public String getLogin(Principal account)
197         throws AuthenticationException, InvalidNameException
198     {
199         return namingPolicy.getLogin(account.getName());
200     }
201         
202     // system users /////////////////////////////////////////////////////////////////////////////
203     
204     /***
205      * Returns the anonymous account.
206      * 
207      * @return the anonyomous user.
208      * @throws AuthenticationException if there is a problem performing the operation.
209      */
210     public abstract Principal getAnonymousAccount()
211         throws AuthenticationException;
212 
213     /***
214      * Returns the superuser account.
215      * 
216      * @return the superuser.
217      * @throws AuthenticationException if there is a problem performing the operation.
218      */
219     public abstract Principal getSuperuserAccount()
220         throws AuthenticationException;
221 
222     // passwords ////////////////////////////////////////////////////////////////////////////////
223 
224     /***
225      * Changes user password.
226      * 
227      * @param account the account.
228      * @param password the new password for the account.
229      * @throws AuthenticationException if the password could not be changed.
230      */
231     public abstract void changeUserPassword(Principal account, String password)
232         throws AuthenticationException;
233         
234     /***
235      * Checks user supplied password.
236      * 
237      * @param account the account.
238      * @param password the password to be checked.
239      * @return <code>true</code> if the supplied password is correct.
240      * @throws AuthenticationException if there is a problem performing the operation.
241      */
242     public abstract boolean checkUserPassword(Principal account, String password)
243         throws AuthenticationException;
244         
245     /***
246      * Generates a random password.
247      * 
248      * @param min minimum length.
249      * @param max maximum length.
250      * @return a random passeword.
251      */
252     public String createRandomPassword(int min, int max)
253     {
254         return passwordGenerator.createRandomPassword(min, max);
255     }
256     
257     // personal data ////////////////////////////////////////////////////////////////////////////
258     
259     /***
260      * Returns the personal data of the accoun't owner.
261      * 
262      * @param account the account.
263      * @return Parameters view of the account's owner personal data. 
264      * @throws AuthenticationException if there is a problem performing the operation.
265      */
266     public abstract DirContext getPersonalData(Principal account)
267         throws AuthenticationException;
268         
269     /***
270      * Looks up user accounts according to personal data attributes.
271      * 
272      * @param attribute the personal data attribute name.
273      * @param value the personal data attribute value.
274      * @return the accounts that fulfill the condition.
275      * @throws NamingException if the opertion could not be performed.
276      */
277     public abstract Principal[] lookupAccounts(String attribute, String value)
278         throws NamingException;
279         
280     /***
281      * Looks up user accounts according to personal data attributes.
282      * 
283      * @param query the JNDI query in format supported by the underlying directory.
284      * @return the accounts that fulfill the condition.
285      * @throws NamingException if the opertion could not be performed.
286      */
287     public abstract Principal[] lookupAccounts(String query)
288         throws NamingException;    
289 }