// OSecuritySystem (via OServerSecurity)
// Used for generating the appropriate HTTP authentication mechanism.
public String getAuthenticationHeader(final String databaseName) {
String header = null;
// Default to Basic.
if (databaseName != null)
header = "WWW-Authenticate: Basic realm=\"OrientDB db-" + databaseName + "\"";
else header = "WWW-Authenticate: Basic realm=\"OrientDB Server\"";
if (isEnabled()) {
synchronized (authenticatorsList) {
StringBuilder sb = new StringBuilder();
// Walk through the list of OSecurityAuthenticators.
for (OSecurityAuthenticator sa : authenticatorsList) {
if (sa.isEnabled()) {
String sah = sa.getAuthenticationHeader(databaseName);
if (sah != null && sah.trim().length() > 0) {
// If we're not the first authenticator, then append "\n".
if (sb.length() > 0) {
sb.append("\n");
}
sb.append(sah);
}
}
}
if (sb.length() > 0) {
header = sb.toString();
}
}
}
return header;
}
// OSecuritySystem (via OServerSecurity)
public String authenticate(final String username, final String password) {
try {
// It's possible for the username to be null or an empty string in the case of SPNEGO Kerberos
// tickets.
if (username != null && !username.isEmpty()) {
if (debug)
OLogManager.instance()
.info(
this,
"ODefaultServerSecurity.authenticate() ** Authenticating username: %s",
username);
// This means it originates from us (used by openDatabase).
if (username.equals(superUser) && password.equals(superUserPassword)) return superUser;
}
synchronized (authenticatorsList) {
// Walk through the list of OSecurityAuthenticators.
for (OSecurityAuthenticator sa : authenticatorsList) {
if (sa.isEnabled()) {
String principal = sa.authenticate(username, password);
if (principal != null) return principal;
}
}
}
} catch (Exception ex) {
OLogManager.instance()
.error(this, "ODefaultServerSecurity.authenticate() Exception: %s", ex.getMessage());
}
return null; // Indicates authentication failed.
}
// OSecuritySystem (via OServerSecurity)
// This will first look for a user in the security.json "users" array and then check if a resource
// matches.
public boolean isAuthorized(final String username, final String resource) {
if (isEnabled()) {
if (username == null || resource == null) return false;
if (username.equals(superUser)) return true;
synchronized (authenticatorsList) {
// Walk through the list of OSecurityAuthenticators.
for (OSecurityAuthenticator sa : authenticatorsList) {
if (sa.isEnabled()) {
if (sa.isAuthorized(username, resource)) return true;
}
}
}
}
return false;
}
// OServerSecurity
public OServerUserConfiguration getUser(final String username) {
OServerUserConfiguration userCfg = null;
if (isEnabled()) {
if (username.equals(superUser)) return superUserCfg;
synchronized (authenticatorsList) {
// Walk through the list of OSecurityAuthenticators.
for (OSecurityAuthenticator sa : authenticatorsList) {
if (sa.isEnabled()) {
userCfg = sa.getUser(username);
if (userCfg != null) break;
}
}
}
}
return userCfg;
}
