Source Code of org.apache.cocoon.auth.impl.DAOSecurityHandler

/*
 * Licensed to the Apache Software Foundation (ASF) under one or more
 * contributor license agreements.  See the NOTICE file distributed with
 * this work for additional information regarding copyright ownership.
 * The ASF licenses this file to You under the Apache License, Version 2.0
 * (the "License"); you may not use this file except in compliance with
 * the License.  You may obtain a copy of the License at
 *
 *   http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed  under the  License is distributed on an "AS IS" BASIS,
 * WITHOUT  WARRANTIES OR CONDITIONS  OF ANY KIND, either  express  or
 * implied.
 *
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package org.apache.cocoon.auth.impl;

import java.util.Date;
import java.util.Map;

import org.apache.cocoon.auth.ApplicationManager;
import org.apache.cocoon.auth.AuthenticationException;
import org.apache.cocoon.auth.User;
import org.apache.commons.lang.StringUtils;

/**
 * Implementation of a DAO security handler.
 * This implementation supports:
 * - a retry count (counting up and down)
 * - an expires date for the user account.
 *
 * The database access is forwarded to a configured UserDAO instance.
 *
 * @version $Id: DAOSecurityHandler.java 587757 2007-10-24 02:52:49Z vgritsenko $
 */
public class DAOSecurityHandler extends AbstractSecurityHandler {

    protected UserDAO userDAO;

    protected boolean checkExpires = true;
    protected boolean useRetryCount = true;
    protected boolean negateRetryCount = false;
    protected int defaultRetryCount = 3;

    public void setCheckExpires(boolean checkExpires) {
        this.checkExpires = checkExpires;
    }

    public void setDefaultRetryCount(int defaultRetryCount) {
        this.defaultRetryCount = defaultRetryCount;
    }

    public void setNegateRetryCount(boolean negateRetryCount) {
        this.negateRetryCount = negateRetryCount;
    }

    public void setUserDAO(UserDAO userDAO) {
        this.userDAO = userDAO;
    }

    public void setUseRetryCount(boolean useRetryCount) {
        this.useRetryCount = useRetryCount;
    }

    /**
     * @see org.apache.cocoon.auth.SecurityHandler#login(java.util.Map)
     */
    public User login(Map loginContext)
    throws AuthenticationException {
        // get user name and password
        final String name = (String)loginContext.get(ApplicationManager.LOGIN_CONTEXT_USERNAME_KEY);
        if ( name == null ) {
            throw new AuthenticationException("Required user name property is missing for login.");
        }
        final String password = (String)loginContext.get(ApplicationManager.LOGIN_CONTEXT_PASSWORD_KEY);

        final UserInfo userinfo = this.userDAO.getUserInfo(name);
        if ( userinfo == null ) {
            return null;
        }
        boolean pwCorrect = StringUtils.equals(userinfo.getPassword(), password);
        // check retry count
        if ( this.useRetryCount ) {
            if ( !negateRetryCount ) {
                if ( userinfo.getRetryCount() >= this.defaultRetryCount ) {
                    throw new AuthenticationException(AuthenticationException.AUTHENTICATION_FAILED_ACCOUNT_IS_CLOSED);
                }
                if ( !pwCorrect ) {
                    userinfo.setRetryCount(userinfo.getRetryCount() + 1);
                    this.userDAO.storeUserInfo(userinfo);
                    if ( userinfo.getRetryCount() == this.defaultRetryCount ) {
                        throw new AuthenticationException(AuthenticationException.AUTHENTICATION_FAILED_ACCOUNT_CLOSED);
                    }
                } else {
                    // reset retry count
                    if ( userinfo.getRetryCount() != 0 ) {
                        userinfo.setRetryCount(0);
                        this.userDAO.storeUserInfo(userinfo);
                    }
                }
            } else {
                // the account is disabled when the counter is zero!
                if ( userinfo.getRetryCount() == 0 ) {
                    throw new AuthenticationException(AuthenticationException.AUTHENTICATION_FAILED_ACCOUNT_IS_CLOSED);
                }
                if ( !pwCorrect ) {
                    userinfo.setRetryCount(userinfo.getRetryCount() - 1);
                    this.userDAO.storeUserInfo(userinfo);
                    if ( userinfo.getRetryCount() == 0 ) {
                        throw new AuthenticationException(AuthenticationException.AUTHENTICATION_FAILED_ACCOUNT_CLOSED);
                    }
                } else {
                    // reset retry count
                    if ( userinfo.getRetryCount() != this.defaultRetryCount ) {
                        userinfo.setRetryCount(this.defaultRetryCount);
                        this.userDAO.storeUserInfo(userinfo);
                    }
                }
            }
        }
        // check expires
        if ( pwCorrect && this.checkExpires ) {
            final Date now = new Date();
            if ( userinfo.getExpires() != null ) {
                if ( userinfo.getExpires().before(now) ) {
                    throw new AuthenticationException(AuthenticationException.AUTHENTICATION_FAILED_PASSWORD_EXPIRED);
                }
            }
        }
        // everything still correct?
        if ( !pwCorrect ) {
            return null;
        }
        return this.userDAO.getUser(userinfo);
    }

    /**
     * @see org.apache.cocoon.auth.SecurityHandler#logout(java.util.Map, org.apache.cocoon.auth.User)
     */
    public void logout(Map context, User user) {
        // nothing to do here
    }

}