public Authenticator() {
// create bob as valid user
User u = new User("bob", "1234", "Bob");
u.setPasswordHash(CryptoStuff.hashSha256(u.getPassword()));
credentials = new ArrayList<User>();
credentials.add(u);
// init the session list
sessions = new ArrayList<Session>();
// create a default ABAC policy and add some permissions for user bob
accessPolicy = new ABACPolicy();
// bob can view, add and edit people but cannot delete nor do anything with dogs
accessPolicy.createSimpleUserACLEntry(u.getLogin(), true, true, true, false, true);
u = new User("sue", "5678", "Sue");
u.setPasswordHash(CryptoStuff.hashSha256(u.getPassword()));
credentials.add(u);
// sue can only do stuff with warehouses
accessPolicy.createSimpleUserACLEntry(u.getLogin(), false, false, false, false, true);
u = new User("ragnar", "0000", "Ragnar");
u.setPasswordHash(CryptoStuff.hashSha256(u.getPassword()));
credentials.add(u);
// ragnar can access everything
accessPolicy.createSimpleUserACLEntry(u.getLogin(), true, true, true, true, true);
}
/**
* login and create a new session if credentials match
*
* @param l
* @param cs
* @return id of newly created session
* @throws SecurityException
*/
public int login(String l, String cs) throws SecurityException {
// iterate through user credentials and see if l and pw match. if so, make a session and returns
// its id
for (User u : credentials) {
if (u.getLogin().equals(l) && u.getPassword().equals(cs)) {
// create a fake server-side session from the user object given to us
// in reality this makes no sense. authentication happens on the server side
Session s = new Session(u);
sessions.add(s);
return s.getSessionId();
}
}
throw new SecurityException("Authentication failed");
}