Source Code of org.apache.cocoon.auth.impl.SimpleSecurityHandler

/*
 * Licensed to the Apache Software Foundation (ASF) under one or more
 * contributor license agreements.  See the NOTICE file distributed with
 * this work for additional information regarding copyright ownership.
 * The ASF licenses this file to You under the Apache License, Version 2.0
 * (the "License"); you may not use this file except in compliance with
 * the License.  You may obtain a copy of the License at
 *
 *   http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed  under the  License is distributed on an "AS IS" BASIS,
 * WITHOUT  WARRANTIES OR CONDITIONS  OF ANY KIND, either  express  or
 * implied.
 *
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package org.apache.cocoon.auth.impl;

import java.util.Iterator;
import java.util.Map;
import java.util.Properties;

import org.apache.cocoon.auth.ApplicationManager;
import org.apache.cocoon.auth.AuthenticationException;
import org.apache.cocoon.auth.SecurityHandler;
import org.apache.cocoon.auth.User;
import org.apache.commons.lang.StringUtils;

/**
 * The simple security handler implements the {@link SecurityHandler} interface.
 * The user configuration is done through a properties object which can be configured
 * in the Spring application context.
 * The property file should have the following format:
 * {username}={userpassword}
 *
 * For example:
 * cziegeler=secret_password
 * cocoon=apache
 *
 * If you want to specify additional user attributes, use this format:
 * {username}.{attributename}={attributevalue}
 *
 * @version $Id: SimpleSecurityHandler.java 587757 2007-10-24 02:52:49Z vgritsenko $
 */
public class SimpleSecurityHandler
    extends AbstractSecurityHandler {

    /** The properties. */
    protected Properties userProperties;

    public void setUserProperties(Properties p) {
        this.userProperties = p;
    }

    /**
     * @see org.apache.cocoon.auth.SecurityHandler#login(java.util.Map)
     */
    public User login(final Map loginContext)
    throws AuthenticationException {
        // get user name and password
        final String name = (String)loginContext.get(ApplicationManager.LOGIN_CONTEXT_USERNAME_KEY);
        if ( name == null ) {
            throw new AuthenticationException("Required user name property is missing for login.");
        }
        final String password = (String)loginContext.get(ApplicationManager.LOGIN_CONTEXT_PASSWORD_KEY);
        // compare password
        if ( !StringUtils.equals(password, this.userProperties.getProperty(name)) ) {
            return null;
        }
        final User user = new StandardUser(name);
        // check for additional attributes
        final String prefix = name + '.';
        final Iterator i = this.userProperties.entrySet().iterator();
        while ( i.hasNext() ) {
            final Map.Entry current = (Map.Entry)i.next();
            if ( current.getKey().toString().startsWith(prefix) ) {
                final String key = current.getKey().toString().substring(prefix.length());
                user.setAttribute(key, current.getValue());
            }
        }
        return user;
    }

    /**
     * @see org.apache.cocoon.auth.SecurityHandler#logout(java.util.Map, org.apache.cocoon.auth.User)
     */
    public void logout(final Map logoutContext, final User user) {
        // nothing to do here
    }
}