コード例 #1
0
  // OSecuritySystem (via OServerSecurity)
  // Used for generating the appropriate HTTP authentication mechanism.
  public String getAuthenticationHeader(final String databaseName) {
    String header = null;

    // Default to Basic.
    if (databaseName != null)
      header = "WWW-Authenticate: Basic realm=\"OrientDB db-" + databaseName + "\"";
    else header = "WWW-Authenticate: Basic realm=\"OrientDB Server\"";

    if (isEnabled()) {
      synchronized (authenticatorsList) {
        StringBuilder sb = new StringBuilder();

        // Walk through the list of OSecurityAuthenticators.
        for (OSecurityAuthenticator sa : authenticatorsList) {
          if (sa.isEnabled()) {
            String sah = sa.getAuthenticationHeader(databaseName);

            if (sah != null && sah.trim().length() > 0) {
              // If we're not the first authenticator, then append "\n".
              if (sb.length() > 0) {
                sb.append("\n");
              }
              sb.append(sah);
            }
          }
        }

        if (sb.length() > 0) {
          header = sb.toString();
        }
      }
    }

    return header;
  }
コード例 #2
0
  // OSecuritySystem (via OServerSecurity)
  public String authenticate(final String username, final String password) {
    try {
      // It's possible for the username to be null or an empty string in the case of SPNEGO Kerberos
      // tickets.
      if (username != null && !username.isEmpty()) {
        if (debug)
          OLogManager.instance()
              .info(
                  this,
                  "ODefaultServerSecurity.authenticate() ** Authenticating username: %s",
                  username);

        // This means it originates from us (used by openDatabase).
        if (username.equals(superUser) && password.equals(superUserPassword)) return superUser;
      }

      synchronized (authenticatorsList) {
        // Walk through the list of OSecurityAuthenticators.
        for (OSecurityAuthenticator sa : authenticatorsList) {
          if (sa.isEnabled()) {
            String principal = sa.authenticate(username, password);

            if (principal != null) return principal;
          }
        }
      }
    } catch (Exception ex) {
      OLogManager.instance()
          .error(this, "ODefaultServerSecurity.authenticate() Exception: %s", ex.getMessage());
    }

    return null; // Indicates authentication failed.
  }
コード例 #3
0
  // OSecuritySystem (via OServerSecurity)
  // Indicates if the primary security mechanism supports single sign-on.
  public boolean isSingleSignOnSupported() {
    if (isEnabled()) {
      OSecurityAuthenticator priAuth = getPrimaryAuthenticator();

      if (priAuth != null) return priAuth.isSingleSignOnSupported();
    }

    return false;
  }
コード例 #4
0
  // OServerSecurity
  public OSecurityAuthenticator getAuthenticator(final String authMethod) {
    if (isEnabled()) {
      synchronized (authenticatorsList) {
        for (OSecurityAuthenticator am : authenticatorsList) {
          // If authMethod is null or an empty string, then return the first OSecurityAuthenticator.
          if (authMethod == null || authMethod.isEmpty()) return am;

          if (am.getName() != null && am.getName().equalsIgnoreCase(authMethod)) return am;
        }
      }
    }

    return null;
  }
コード例 #5
0
  // OSecuritySystem (via OServerSecurity)
  // This will first look for a user in the security.json "users" array and then check if a resource
  // matches.
  public boolean isAuthorized(final String username, final String resource) {
    if (isEnabled()) {
      if (username == null || resource == null) return false;

      if (username.equals(superUser)) return true;

      synchronized (authenticatorsList) {
        // Walk through the list of OSecurityAuthenticators.
        for (OSecurityAuthenticator sa : authenticatorsList) {
          if (sa.isEnabled()) {
            if (sa.isAuthorized(username, resource)) return true;
          }
        }
      }
    }

    return false;
  }
コード例 #6
0
  // OServerSecurity
  public OServerUserConfiguration getUser(final String username) {
    OServerUserConfiguration userCfg = null;

    if (isEnabled()) {
      if (username.equals(superUser)) return superUserCfg;

      synchronized (authenticatorsList) {
        // Walk through the list of OSecurityAuthenticators.
        for (OSecurityAuthenticator sa : authenticatorsList) {
          if (sa.isEnabled()) {
            userCfg = sa.getUser(username);
            if (userCfg != null) break;
          }
        }
      }
    }

    return userCfg;
  }
コード例 #7
0
  // OServerLifecycleListener Interface
  public void onBeforeDeactivate() {
    if (enabled) {
      unregisterRESTCommands();

      synchronized (importLDAPSynch) {
        if (importLDAP != null) {
          importLDAP.dispose();
          importLDAP = null;
        }
      }

      synchronized (passwordValidatorSynch) {
        if (passwordValidator != null) {
          passwordValidator.dispose();
          passwordValidator = null;
        }
      }

      synchronized (auditingSynch) {
        if (auditingService != null) {
          auditingService.dispose();
          auditingService = null;
        }
      }

      synchronized (authenticatorsList) {
        // Notify all the security components that the server is active.
        for (OSecurityAuthenticator sa : authenticatorsList) {
          sa.dispose();
        }

        authenticatorsList.clear();
      }

      enabled = false;
    }
  }
コード例 #8
0
  private void loadAuthenticators(final ODocument authDoc) {
    synchronized (authenticatorsList) {
      for (OSecurityAuthenticator sa : authenticatorsList) {
        sa.dispose();
      }

      authenticatorsList.clear();

      if (authDoc.containsField("authenticators")) {
        List<ODocument> authMethodsList = authDoc.field("authenticators");

        for (ODocument authMethodDoc : authMethodsList) {
          try {
            if (authMethodDoc.containsField("name")) {
              final String name = authMethodDoc.field("name");

              // defaults to enabled if "enabled" is missing
              boolean enabled = true;

              if (authMethodDoc.containsField("enabled")) enabled = authMethodDoc.field("enabled");

              if (enabled) {
                Class<?> authClass = getClass(authMethodDoc);

                if (authClass != null) {
                  if (OSecurityAuthenticator.class.isAssignableFrom(authClass)) {
                    OSecurityAuthenticator authPlugin =
                        (OSecurityAuthenticator) authClass.newInstance();

                    authPlugin.config(server, serverConfig, authMethodDoc);
                    authPlugin.active();

                    authenticatorsList.add(authPlugin);
                  } else {
                    OLogManager.instance()
                        .error(
                            this,
                            "ODefaultServerSecurity.loadAuthenticators() class is not an OSecurityAuthenticator");
                  }
                } else {
                  OLogManager.instance()
                      .error(
                          this,
                          "ODefaultServerSecurity.loadAuthenticators() authentication class is null for %s",
                          name);
                }
              }
            } else {
              OLogManager.instance()
                  .error(
                      this,
                      "ODefaultServerSecurity.loadAuthenticators() authentication object is missing name");
            }
          } catch (Throwable ex) {
            OLogManager.instance()
                .error(this, "ODefaultServerSecurity.loadAuthenticators() Exception: ", ex);
          }
        }
      }
    }
  }