View Javadoc
1   /*
2    * Copyright (c) 2002-2017, Mairie de Paris
3    * All rights reserved.
4    *
5    * Redistribution and use in source and binary forms, with or without
6    * modification, are permitted provided that the following conditions
7    * are met:
8    *
9    *  1. Redistributions of source code must retain the above copyright notice
10   *     and the following disclaimer.
11   *
12   *  2. Redistributions in binary form must reproduce the above copyright notice
13   *     and the following disclaimer in the documentation and/or other materials
14   *     provided with the distribution.
15   *
16   *  3. Neither the name of 'Mairie de Paris' nor 'Lutece' nor the names of its
17   *     contributors may be used to endorse or promote products derived from
18   *     this software without specific prior written permission.
19   *
20   * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
21   * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22   * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23   * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR CONTRIBUTORS BE
24   * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
25   * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
26   * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
27   * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
28   * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
29   * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
30   * POSSIBILITY OF SUCH DAMAGE.
31   *
32   * License 1.0
33   */
34  package fr.paris.lutece.plugins.adminauthenticationdatabase;
35  
36  import fr.paris.lutece.portal.business.user.AdminUser;
37  import fr.paris.lutece.portal.business.user.authentication.AdminAuthentication;
38  import fr.paris.lutece.portal.business.user.log.UserLog;
39  import fr.paris.lutece.portal.business.user.log.UserLogHome;
40  import fr.paris.lutece.portal.service.util.AppPropertiesService;
41  
42  import java.util.Collection;
43  
44  import javax.security.auth.login.FailedLoginException;
45  import javax.security.auth.login.LoginException;
46  
47  import javax.servlet.http.HttpServletRequest;
48  
49  
50  /**
51   * Data authentication module for admin authentication
52   */
53  public class AdminDatabaseAuthentication implements AdminAuthentication
54  {
55      private static final String PROPERTY_MAX_ACCESS_FAILED = "admindatabaseauthentication.access.failures.max";
56      private static final String PROPERTY_INTERVAL_MINUTES = "admindatabaseauthentication.access.failures.interval.minutes";
57      private static final String PROPERTY_SERVICE_NAME = "admindatabaseauthentication.auth.service.name";
58      private static final String PROPERTY_LOGIN_PAGE_URL = "admindatabaseauthentication.login.page.url";
59      private AdminDatabaseUserDAO _dao = new AdminDatabaseUserDAO(  );
60  
61      /**
62       *
63       */
64      public AdminDatabaseAuthentication(  )
65      {
66          super(  );
67      }
68  
69      /**
70       * @see fr.paris.lutece.portal.business.user.authentication.AdminAuthentication#getAuthServiceName()
71       */
72      public String getAuthServiceName(  )
73      {
74          return AppPropertiesService.getProperty( PROPERTY_SERVICE_NAME );
75      }
76  
77      /**
78       * @return {@link javax.servlet.http.HttpServletRequest#BASIC_AUTH}
79       * @see fr.paris.lutece.portal.business.user.authentication.AdminAuthentication#getAuthType(javax.servlet.http.HttpServletRequest)
80       */
81      public String getAuthType( HttpServletRequest request )
82      {
83          return HttpServletRequest.BASIC_AUTH;
84      }
85  
86      /* (non-Javadoc)
87       * @see fr.paris.lutece.portal.business.user.authentication.AdminAuthentication#login(java.lang.String, java.lang.String, javax.servlet.http.HttpServletRequest)
88       */
89      public AdminUser login( String strAccessCode, String strUserPassword, HttpServletRequest request )
90          throws LoginException
91      {
92          // Creating a record of connections log
93          UserLog userLog = new UserLog(  );
94          userLog.setAccessCode( strAccessCode );
95          userLog.setIpAddress( request.getRemoteAddr(  ) );
96          userLog.setDateLogin( new java.sql.Timestamp( new java.util.Date(  ).getTime(  ) ) );
97  
98          // Test the number of errors during an interval of minutes
99          int nMaxFailed = AppPropertiesService.getPropertyInt( PROPERTY_MAX_ACCESS_FAILED, 3 );
100         int nIntervalMinutes = AppPropertiesService.getPropertyInt( PROPERTY_INTERVAL_MINUTES, 10 );
101         int nNbFailed = UserLogHome.getLoginErrors( userLog, nIntervalMinutes );
102 
103         if ( nNbFailed > nMaxFailed )
104         {
105             throw new FailedLoginException(  );
106         }
107 
108         int nUserCode = _dao.checkPassword( strAccessCode, strUserPassword );
109 
110         if ( nUserCode != AdminDatabaseUserDAO.USER_OK )
111         {
112             throw new FailedLoginException(  );
113         }
114 
115         AdminUser user = _dao.load( strAccessCode, this );
116 
117         return user;
118     }
119 
120     /**
121      * For non-external authentication : nothing to do
122      * @see fr.paris.lutece.portal.business.user.authentication.AdminAuthentication#logout(fr.paris.lutece.portal.business.user.authentication.AdminUser)
123      */
124     public void logout( AdminUser user )
125     {
126     }
127 
128     /* (non-Javadoc)
129      * @see fr.paris.lutece.portal.business.user.authentication.AdminAuthentication#getAnonymousUser()
130      */
131     public AdminUser getAnonymousUser(  )
132     {
133         // TODO Auto-generated method stub
134         return null;
135     }
136 
137     /**
138      * @see fr.paris.lutece.portal.business.user.authentication.AdminAuthentication#isExternalAuthentication()
139      * @return false always
140      */
141     public boolean isExternalAuthentication(  )
142     {
143         return false;
144     }
145 
146     /**
147      * @see fr.paris.lutece.portal.business.user.authentication.AdminAuthentication#getHttpAuthenticatedUser(javax.servlet.http.HttpServletRequest)
148      * @return null always
149      */
150     public AdminUser getHttpAuthenticatedUser( HttpServletRequest request )
151     {
152         return null;
153     }
154 
155     /**
156      * @see fr.paris.lutece.portal.business.user.authentication.AdminAuthentication#getLoginPageUrl()
157      */
158     public String getLoginPageUrl(  )
159     {
160         return AppPropertiesService.getProperty( PROPERTY_LOGIN_PAGE_URL );
161     }
162 
163     /* (non-Javadoc)
164      * @see fr.paris.lutece.portal.business.user.authentication.AdminAuthentication#getNewAccountPageUrl()
165      */
166     public String getChangePasswordPageUrl(  )
167     {
168         // TODO Auto-generated method stub
169         return null;
170     }
171 
172     /* (non-Javadoc)
173      * @see fr.paris.lutece.portal.business.user.authentication.AdminAuthentication#getDoLoginUrl()
174      */
175     public String getDoLoginUrl(  )
176     {
177         // TODO Auto-generated method stub
178         return null;
179     }
180 
181     /* (non-Javadoc)
182      * @see fr.paris.lutece.portal.business.user.authentication.AdminAuthentication#getDoLogoutUrl()
183      */
184     public String getDoLogoutUrl(  )
185     {
186         // TODO Auto-generated method stub
187         return null;
188     }
189 
190     /* (non-Javadoc)
191      * @see fr.paris.lutece.portal.business.user.authentication.AdminAuthentication#getNewAccountPageUrl()
192      */
193     public String getNewAccountPageUrl(  )
194     {
195         // TODO Auto-generated method stub
196         return null;
197     }
198 
199     /* (non-Javadoc)
200      * @see fr.paris.lutece.portal.business.user.authentication.AdminAuthentication#getViewAccountPageUrl()
201      */
202     public String getViewAccountPageUrl(  )
203     {
204         // TODO Auto-generated method stub
205         return null;
206     }
207 
208     /* (non-Javadoc)
209      * @see fr.paris.lutece.portal.business.user.authentication.AdminAuthentication#getLostPasswordPageUrl()
210      */
211     public String getLostPasswordPageUrl(  )
212     {
213         // TODO Auto-generated method stub
214         return null;
215     }
216     
217     /* (non-Javadoc)
218      * @see fr.paris.lutece.portal.business.user.authentication.AdminAuthentication#getLostPasswordPageUrl()
219      */
220     public String getLostLoginPageUrl(  )
221     {
222         // TODO Auto-generated method stub
223         return null;
224     }
225 
226     /**
227      * @see fr.paris.lutece.portal.business.user.authentication.AdminAuthentication#getUserList()
228      */
229     public Collection getUserList( String strLastName, String strFirstName, String strEmail )
230     {
231         return _dao.selectAllDatabaseUsers( strLastName, strFirstName, strEmail, this );
232     }
233 
234     /**
235      * @see fr.paris.lutece.portal.business.user.authentication.AdminAuthentication#getUserPublicData(java.lang.String)
236      */
237     public AdminUser getUserPublicData( String strLogin )
238     {
239         return _dao.selectUserPublicData( strLogin, this );
240     }
241 }