/* * (non-Javadoc) * * @see org.deegree.security.AbstractAuthentication#authenticate(java.util.Map) */ public User authenticate(Map<String, String> params) throws WrongCredentialsException { String tmp = initParams.get(INIT_PARAM_PATTERN); List<String> patterns = StringTools.toList(tmp, ",;", true); String ipAddress = params.get(AUTH_PARAM_IPADDRESS); if (ipAddress != null) { for (String p : patterns) { if (ipAddress.matches(p)) { User usr = null; try { SecurityAccessManager sam = SecurityAccessManager.getInstance(); // use matching pattern as username and password usr = sam.getUserByName(p); usr.authenticate(null); } catch (Exception e) { LOG.logError(e.getMessage()); String msg = Messages.getMessage("OWSPROXY_USER_AUTH_ERROR", ipAddress); throw new WrongCredentialsException(msg); } return usr; } } throw new WrongCredentialsException( Messages.getMessage("OWSPROXY_USER_AUTH_ERROR", ipAddress)); } return null; }
/* * (non-Javadoc) * * @see org.deegree.security.AbstractAuthentication#authenticate(java.util.Map, * javax.servlet.http.HttpServletRequest) */ public User authenticate(Map<String, String> params, HttpServletRequest request) throws WrongCredentialsException { String sessionID = params.get(AUTH_PARAM_SESSIONID); User usr = null; if (sessionID != null) { String[] user = new String[3]; String urlStr = initParams.get(INIT_PARAM_WAS); urlStr = urlStr.replaceFirst("\\[SESSIONID\\]", sessionID); LOG.logDebug("request WAS for user information: " + urlStr); Document doc = null; try { URL url = new URL(urlStr); XMLFragment xml = new XMLFragment(url); doc = xml.getRootElement().getOwnerDocument(); user[0] = XMLTools.getNodeAsString(doc, "/User/UserName", nsContext, null); user[1] = XMLTools.getNodeAsString(doc, "/User/Password", nsContext, null); } catch (Exception e) { LOG.logError(e.getMessage(), e); throw new WrongCredentialsException(Messages.getMessage("OWSProxyServletFilter.WASACCESS")); } if (user[0] != null) { try { SecurityAccessManager sam = SecurityAccessManager.getInstance(); usr = sam.getUserByName(user[0]); usr.authenticate(user[1]); } catch (Exception e) { throw new WrongCredentialsException( Messages.getMessage("OWSPROXY_USER_AUTH_ERROR", user[0])); } } else { String msg = "undefined error"; try { msg = XMLTools.getNodeAsString(doc, "//ServiceException", nsContext, "general error"); } catch (Exception e) { // should never happen } throw new WrongCredentialsException(msg); } } return usr; }