1 /* 2 * Copyright (c) 2002-2017, Mairie de Paris 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 9 * 1. Redistributions of source code must retain the above copyright notice 10 * and the following disclaimer. 11 * 12 * 2. Redistributions in binary form must reproduce the above copyright notice 13 * and the following disclaimer in the documentation and/or other materials 14 * provided with the distribution. 15 * 16 * 3. Neither the name of 'Mairie de Paris' nor 'Lutece' nor the names of its 17 * contributors may be used to endorse or promote products derived from 18 * this software without specific prior written permission. 19 * 20 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 21 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR CONTRIBUTORS BE 24 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 25 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 26 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 27 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 28 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 29 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 30 * POSSIBILITY OF SUCH DAMAGE. 31 * 32 * License 1.0 33 */ 34 package fr.paris.lutece.plugins.adminauthenticationdatabase; 35 36 import fr.paris.lutece.portal.business.user.AdminUser; 37 import fr.paris.lutece.portal.business.user.authentication.AdminAuthentication; 38 import fr.paris.lutece.portal.business.user.log.UserLog; 39 import fr.paris.lutece.portal.business.user.log.UserLogHome; 40 import fr.paris.lutece.portal.service.util.AppPropertiesService; 41 42 import java.util.Collection; 43 44 import javax.security.auth.login.FailedLoginException; 45 import javax.security.auth.login.LoginException; 46 47 import javax.servlet.http.HttpServletRequest; 48 49 50 /** 51 * Data authentication module for admin authentication 52 */ 53 public class AdminDatabaseAuthentication implements AdminAuthentication 54 { 55 private static final String PROPERTY_MAX_ACCESS_FAILED = "admindatabaseauthentication.access.failures.max"; 56 private static final String PROPERTY_INTERVAL_MINUTES = "admindatabaseauthentication.access.failures.interval.minutes"; 57 private static final String PROPERTY_SERVICE_NAME = "admindatabaseauthentication.auth.service.name"; 58 private static final String PROPERTY_LOGIN_PAGE_URL = "admindatabaseauthentication.login.page.url"; 59 private AdminDatabaseUserDAO _dao = new AdminDatabaseUserDAO( ); 60 61 /** 62 * 63 */ 64 public AdminDatabaseAuthentication( ) 65 { 66 super( ); 67 } 68 69 /** 70 * @see fr.paris.lutece.portal.business.user.authentication.AdminAuthentication#getAuthServiceName() 71 */ 72 public String getAuthServiceName( ) 73 { 74 return AppPropertiesService.getProperty( PROPERTY_SERVICE_NAME ); 75 } 76 77 /** 78 * @return {@link javax.servlet.http.HttpServletRequest#BASIC_AUTH} 79 * @see fr.paris.lutece.portal.business.user.authentication.AdminAuthentication#getAuthType(javax.servlet.http.HttpServletRequest) 80 */ 81 public String getAuthType( HttpServletRequest request ) 82 { 83 return HttpServletRequest.BASIC_AUTH; 84 } 85 86 /* (non-Javadoc) 87 * @see fr.paris.lutece.portal.business.user.authentication.AdminAuthentication#login(java.lang.String, java.lang.String, javax.servlet.http.HttpServletRequest) 88 */ 89 public AdminUser login( String strAccessCode, String strUserPassword, HttpServletRequest request ) 90 throws LoginException 91 { 92 // Creating a record of connections log 93 UserLog userLog = new UserLog( ); 94 userLog.setAccessCode( strAccessCode ); 95 userLog.setIpAddress( request.getRemoteAddr( ) ); 96 userLog.setDateLogin( new java.sql.Timestamp( new java.util.Date( ).getTime( ) ) ); 97 98 // Test the number of errors during an interval of minutes 99 int nMaxFailed = AppPropertiesService.getPropertyInt( PROPERTY_MAX_ACCESS_FAILED, 3 ); 100 int nIntervalMinutes = AppPropertiesService.getPropertyInt( PROPERTY_INTERVAL_MINUTES, 10 ); 101 int nNbFailed = UserLogHome.getLoginErrors( userLog, nIntervalMinutes ); 102 103 if ( nNbFailed > nMaxFailed ) 104 { 105 throw new FailedLoginException( ); 106 } 107 108 int nUserCode = _dao.checkPassword( strAccessCode, strUserPassword ); 109 110 if ( nUserCode != AdminDatabaseUserDAO.USER_OK ) 111 { 112 throw new FailedLoginException( ); 113 } 114 115 AdminUser user = _dao.load( strAccessCode, this ); 116 117 return user; 118 } 119 120 /** 121 * For non-external authentication : nothing to do 122 * @see fr.paris.lutece.portal.business.user.authentication.AdminAuthentication#logout(fr.paris.lutece.portal.business.user.authentication.AdminUser) 123 */ 124 public void logout( AdminUser user ) 125 { 126 } 127 128 /* (non-Javadoc) 129 * @see fr.paris.lutece.portal.business.user.authentication.AdminAuthentication#getAnonymousUser() 130 */ 131 public AdminUser getAnonymousUser( ) 132 { 133 // TODO Auto-generated method stub 134 return null; 135 } 136 137 /** 138 * @see fr.paris.lutece.portal.business.user.authentication.AdminAuthentication#isExternalAuthentication() 139 * @return false always 140 */ 141 public boolean isExternalAuthentication( ) 142 { 143 return false; 144 } 145 146 /** 147 * @see fr.paris.lutece.portal.business.user.authentication.AdminAuthentication#getHttpAuthenticatedUser(javax.servlet.http.HttpServletRequest) 148 * @return null always 149 */ 150 public AdminUser getHttpAuthenticatedUser( HttpServletRequest request ) 151 { 152 return null; 153 } 154 155 /** 156 * @see fr.paris.lutece.portal.business.user.authentication.AdminAuthentication#getLoginPageUrl() 157 */ 158 public String getLoginPageUrl( ) 159 { 160 return AppPropertiesService.getProperty( PROPERTY_LOGIN_PAGE_URL ); 161 } 162 163 /* (non-Javadoc) 164 * @see fr.paris.lutece.portal.business.user.authentication.AdminAuthentication#getNewAccountPageUrl() 165 */ 166 public String getChangePasswordPageUrl( ) 167 { 168 // TODO Auto-generated method stub 169 return null; 170 } 171 172 /* (non-Javadoc) 173 * @see fr.paris.lutece.portal.business.user.authentication.AdminAuthentication#getDoLoginUrl() 174 */ 175 public String getDoLoginUrl( ) 176 { 177 // TODO Auto-generated method stub 178 return null; 179 } 180 181 /* (non-Javadoc) 182 * @see fr.paris.lutece.portal.business.user.authentication.AdminAuthentication#getDoLogoutUrl() 183 */ 184 public String getDoLogoutUrl( ) 185 { 186 // TODO Auto-generated method stub 187 return null; 188 } 189 190 /* (non-Javadoc) 191 * @see fr.paris.lutece.portal.business.user.authentication.AdminAuthentication#getNewAccountPageUrl() 192 */ 193 public String getNewAccountPageUrl( ) 194 { 195 // TODO Auto-generated method stub 196 return null; 197 } 198 199 /* (non-Javadoc) 200 * @see fr.paris.lutece.portal.business.user.authentication.AdminAuthentication#getViewAccountPageUrl() 201 */ 202 public String getViewAccountPageUrl( ) 203 { 204 // TODO Auto-generated method stub 205 return null; 206 } 207 208 /* (non-Javadoc) 209 * @see fr.paris.lutece.portal.business.user.authentication.AdminAuthentication#getLostPasswordPageUrl() 210 */ 211 public String getLostPasswordPageUrl( ) 212 { 213 // TODO Auto-generated method stub 214 return null; 215 } 216 217 /* (non-Javadoc) 218 * @see fr.paris.lutece.portal.business.user.authentication.AdminAuthentication#getLostPasswordPageUrl() 219 */ 220 public String getLostLoginPageUrl( ) 221 { 222 // TODO Auto-generated method stub 223 return null; 224 } 225 226 /** 227 * @see fr.paris.lutece.portal.business.user.authentication.AdminAuthentication#getUserList() 228 */ 229 public Collection getUserList( String strLastName, String strFirstName, String strEmail ) 230 { 231 return _dao.selectAllDatabaseUsers( strLastName, strFirstName, strEmail, this ); 232 } 233 234 /** 235 * @see fr.paris.lutece.portal.business.user.authentication.AdminAuthentication#getUserPublicData(java.lang.String) 236 */ 237 public AdminUser getUserPublicData( String strLogin ) 238 { 239 return _dao.selectUserPublicData( strLogin, this ); 240 } 241 }