Пример #1
0
  /** User authenticate method */
  public synchronized User authenticate(Authentication authentication)
      throws AuthenticationFailedException {
    lazyInit();

    if (authentication instanceof UsernamePasswordAuthentication) {
      UsernamePasswordAuthentication upauth = (UsernamePasswordAuthentication) authentication;

      String user = upauth.getUsername();
      String password = upauth.getPassword();

      if (user == null) {
        throw new AuthenticationFailedException("Authentication failed");
      }

      if (password == null) {
        password = "";
      }

      String storedPassword = userDataProp.getProperty(PREFIX + user + '.' + ATTR_PASSWORD);

      if (storedPassword == null) {
        // user does not exist
        throw new AuthenticationFailedException("Authentication failed");
      }

      if (passwordEncryptor.matches(password, storedPassword)) {
        return getUserByName(user);
      } else {
        throw new AuthenticationFailedException("Authentication failed");
      }

    } else if (authentication instanceof AnonymousAuthentication) {
      if (doesExist("anonymous")) {
        return getUserByName("anonymous");
      } else {
        throw new AuthenticationFailedException("Authentication failed");
      }
    } else {
      throw new IllegalArgumentException("Authentication not supported by this user manager");
    }
  }
Пример #2
0
  /**
   * @param ftpAuthRequest one of {@link org.apache.ftpserver.usermanager.AnonymousAuthentication}
   *     or {@link org.apache.ftpserver.usermanager.UsernamePasswordAuthentication}
   * @throws AuthenticationFailedException if given an {@code AnonymousAuthentication}, or an
   *     invalid/disabled user credentials
   * @see UserManager#authenticate(Authentication)
   */
  public User authenticate(final Authentication ftpAuthRequest)
      throws AuthenticationFailedException {
    if (!(ftpAuthRequest instanceof UsernamePasswordAuthentication)) {
      throw new AuthenticationFailedException();
    }
    final UsernamePasswordAuthentication upa = (UsernamePasswordAuthentication) ftpAuthRequest;
    final String principal = upa.getUsername();
    final String credentials = upa.getPassword();
    org.springframework.security.core.Authentication gsAuth =
        new UsernamePasswordAuthenticationToken(principal, credentials);
    try {
      gsAuth = authManager.authenticate(gsAuth);
    } catch (org.springframework.security.core.AuthenticationException authEx) {
      throw new AuthenticationFailedException(authEx);
    }

    try {
      // gather the user
      BaseUser user = getUserByName(principal);
      user.setPassword(credentials);
      // is the user enabled?
      if (!user.getEnabled()) {
        throw new AuthenticationFailedException();
      }

      // scary message for admins if the username/password has not
      // been changed
      if (DEFAULT_USER.equals(user.getName()) && DEFAULT_PASSWORD.equals(credentials)) {
        LOGGER.log(
            Level.SEVERE,
            "The default admin/password combination has not been "
                + "modified, this makes the embedded FTP server an "
                + "open file host for everybody to use!!!");
      }

      final File dataRoot = dataDir.findOrCreateDataRoot();

      // enable only admins and non anonymous users
      boolean isGSAdmin = false;
      for (GrantedAuthority authority : gsAuth.getAuthorities()) {
        final String userRole = authority.getAuthority();
        if (ADMIN_ROLE.equals(userRole)) {
          isGSAdmin = true;
          break;
        }
      }

      final File homeDirectory;
      if (isGSAdmin) {
        homeDirectory = dataRoot;
      } else {
        /*
         * This resolves the user's home directory to data/incoming/<user name> but does not
         * create the directory if it does not already exist. That is left to when the user
         * is authenticated, check the authenticate() method above.
         */
        homeDirectory = new File(new File(dataRoot, "incoming"), user.getName());
      }
      String normalizedPath = homeDirectory.getAbsolutePath();
      normalizedPath = FilenameUtils.normalize(normalizedPath);
      user.setHomeDirectory(normalizedPath);
      if (!homeDirectory.exists()) {
        LOGGER.fine(
            "Creating FTP home directory for user " + user.getName() + " at " + normalizedPath);
        homeDirectory.mkdirs();
      }

      return user;
    } catch (AuthenticationFailedException e) {
      throw e;
    } catch (Exception e) {
      LOGGER.log(Level.INFO, "FTP authentication failure", e);
      throw new AuthenticationFailedException(e);
    }
  }