/* see superclass */
@Override
public String getUsernameForToken(String authToken) throws Exception {
// use guest user for null auth token
if (authToken == null)
throw new LocalException(
"Attempt to access a service without an authorization token, the user is likely not logged in.");
// Replace double quotes in auth token.
String parsedToken = authToken.replace("\"", "");
// Check auth token against the username map
if (tokenUsernameMap.containsKey(parsedToken)) {
String username = tokenUsernameMap.get(parsedToken);
// Validate that the user has not timed out.
if (handler.timeoutUser(username)) {
if (tokenTimeoutMap.get(parsedToken) == null) {
throw new Exception("No login timeout set for authToken.");
}
if (tokenTimeoutMap.get(parsedToken).before(new Date())) {
throw new LocalException("AuthToken has expired. Please reload and log in again.");
}
tokenTimeoutMap.put(parsedToken, new Date(new Date().getTime() + timeout));
}
return username;
} else {
throw new LocalException(
"AuthToken does not have a valid username - " + authToken + ", " + tokenUsernameMap);
}
}
/**
* Auth helper.
*
* @param authUser the auth user
* @return the user
* @throws Exception the exception
*/
private User authHelper(User authUser) throws Exception {
if (authUser == null) return null;
// check if authenticated user matches one of our users
UserList userList = getUsers();
User userFound = null;
for (User user : userList.getObjects()) {
if (user.getUserName().equals(authUser.getUserName())) {
userFound = user;
break;
}
}
// if user was found, update to match settings
if (userFound != null) {
Logger.getLogger(getClass()).info("Update user = "******"Add user = "******"User = " + authUser.getUserName());
authUser.setAuthToken(token);
return authUser;
}
/* see superclass */
@Override
public User authenticate(String username, String password) throws Exception {
// Check username and password are not null
if (username == null || username.isEmpty()) throw new LocalException("Invalid username: null");
if (password == null || password.isEmpty()) throw new LocalException("Invalid password: null");
Properties config = ConfigUtility.getConfigProperties();
if (handler == null) {
timeout = Integer.valueOf(config.getProperty("security.timeout"));
String handlerName = config.getProperty("security.handler");
handler =
ConfigUtility.newStandardHandlerInstanceWithConfiguration(
"security.handler", handlerName, SecurityServiceHandler.class);
}
//
// Call the security service
//
User authUser = handler.authenticate(username, password);
return authHelper(authUser);
}