/** User authenticate method */
public synchronized User authenticate(Authentication authentication)
throws AuthenticationFailedException {
lazyInit();
if (authentication instanceof UsernamePasswordAuthentication) {
UsernamePasswordAuthentication upauth = (UsernamePasswordAuthentication) authentication;
String user = upauth.getUsername();
String password = upauth.getPassword();
if (user == null) {
throw new AuthenticationFailedException("Authentication failed");
}
if (password == null) {
password = "";
}
String storedPassword = userDataProp.getProperty(PREFIX + user + '.' + ATTR_PASSWORD);
if (storedPassword == null) {
// user does not exist
throw new AuthenticationFailedException("Authentication failed");
}
if (passwordEncryptor.matches(password, storedPassword)) {
return getUserByName(user);
} else {
throw new AuthenticationFailedException("Authentication failed");
}
} else if (authentication instanceof AnonymousAuthentication) {
if (doesExist("anonymous")) {
return getUserByName("anonymous");
} else {
throw new AuthenticationFailedException("Authentication failed");
}
} else {
throw new IllegalArgumentException("Authentication not supported by this user manager");
}
}
/**
* @param ftpAuthRequest one of {@link org.apache.ftpserver.usermanager.AnonymousAuthentication}
* or {@link org.apache.ftpserver.usermanager.UsernamePasswordAuthentication}
* @throws AuthenticationFailedException if given an {@code AnonymousAuthentication}, or an
* invalid/disabled user credentials
* @see UserManager#authenticate(Authentication)
*/
public User authenticate(final Authentication ftpAuthRequest)
throws AuthenticationFailedException {
if (!(ftpAuthRequest instanceof UsernamePasswordAuthentication)) {
throw new AuthenticationFailedException();
}
final UsernamePasswordAuthentication upa = (UsernamePasswordAuthentication) ftpAuthRequest;
final String principal = upa.getUsername();
final String credentials = upa.getPassword();
org.springframework.security.core.Authentication gsAuth =
new UsernamePasswordAuthenticationToken(principal, credentials);
try {
gsAuth = authManager.authenticate(gsAuth);
} catch (org.springframework.security.core.AuthenticationException authEx) {
throw new AuthenticationFailedException(authEx);
}
try {
// gather the user
BaseUser user = getUserByName(principal);
user.setPassword(credentials);
// is the user enabled?
if (!user.getEnabled()) {
throw new AuthenticationFailedException();
}
// scary message for admins if the username/password has not
// been changed
if (DEFAULT_USER.equals(user.getName()) && DEFAULT_PASSWORD.equals(credentials)) {
LOGGER.log(
Level.SEVERE,
"The default admin/password combination has not been "
+ "modified, this makes the embedded FTP server an "
+ "open file host for everybody to use!!!");
}
final File dataRoot = dataDir.findOrCreateDataRoot();
// enable only admins and non anonymous users
boolean isGSAdmin = false;
for (GrantedAuthority authority : gsAuth.getAuthorities()) {
final String userRole = authority.getAuthority();
if (ADMIN_ROLE.equals(userRole)) {
isGSAdmin = true;
break;
}
}
final File homeDirectory;
if (isGSAdmin) {
homeDirectory = dataRoot;
} else {
/*
* This resolves the user's home directory to data/incoming/<user name> but does not
* create the directory if it does not already exist. That is left to when the user
* is authenticated, check the authenticate() method above.
*/
homeDirectory = new File(new File(dataRoot, "incoming"), user.getName());
}
String normalizedPath = homeDirectory.getAbsolutePath();
normalizedPath = FilenameUtils.normalize(normalizedPath);
user.setHomeDirectory(normalizedPath);
if (!homeDirectory.exists()) {
LOGGER.fine(
"Creating FTP home directory for user " + user.getName() + " at " + normalizedPath);
homeDirectory.mkdirs();
}
return user;
} catch (AuthenticationFailedException e) {
throw e;
} catch (Exception e) {
LOGGER.log(Level.INFO, "FTP authentication failure", e);
throw new AuthenticationFailedException(e);
}
}
