public Authenticator() { // create bob as valid user User u = new User("bob", "1234", "Bob"); u.setPasswordHash(CryptoStuff.hashSha256(u.getPassword())); credentials = new ArrayList<User>(); credentials.add(u); // init the session list sessions = new ArrayList<Session>(); // create a default ABAC policy and add some permissions for user bob accessPolicy = new ABACPolicy(); // bob can view, add and edit people but cannot delete nor do anything with dogs accessPolicy.createSimpleUserACLEntry(u.getLogin(), true, true, true, false, true); u = new User("sue", "5678", "Sue"); u.setPasswordHash(CryptoStuff.hashSha256(u.getPassword())); credentials.add(u); // sue can only do stuff with warehouses accessPolicy.createSimpleUserACLEntry(u.getLogin(), false, false, false, false, true); u = new User("ragnar", "0000", "Ragnar"); u.setPasswordHash(CryptoStuff.hashSha256(u.getPassword())); credentials.add(u); // ragnar can access everything accessPolicy.createSimpleUserACLEntry(u.getLogin(), true, true, true, true, true); }
/** * login and create a new session if credentials match * * @param l * @param cs * @return id of newly created session * @throws SecurityException */ public int login(String l, String cs) throws SecurityException { // iterate through user credentials and see if l and pw match. if so, make a session and returns // its id for (User u : credentials) { if (u.getLogin().equals(l) && u.getPassword().equals(cs)) { // create a fake server-side session from the user object given to us // in reality this makes no sense. authentication happens on the server side Session s = new Session(u); sessions.add(s); return s.getSessionId(); } } throw new SecurityException("Authentication failed"); }