// OSecuritySystem (via OServerSecurity) // Used for generating the appropriate HTTP authentication mechanism. public String getAuthenticationHeader(final String databaseName) { String header = null; // Default to Basic. if (databaseName != null) header = "WWW-Authenticate: Basic realm=\"OrientDB db-" + databaseName + "\""; else header = "WWW-Authenticate: Basic realm=\"OrientDB Server\""; if (isEnabled()) { synchronized (authenticatorsList) { StringBuilder sb = new StringBuilder(); // Walk through the list of OSecurityAuthenticators. for (OSecurityAuthenticator sa : authenticatorsList) { if (sa.isEnabled()) { String sah = sa.getAuthenticationHeader(databaseName); if (sah != null && sah.trim().length() > 0) { // If we're not the first authenticator, then append "\n". if (sb.length() > 0) { sb.append("\n"); } sb.append(sah); } } } if (sb.length() > 0) { header = sb.toString(); } } } return header; }
// OSecuritySystem (via OServerSecurity) public String authenticate(final String username, final String password) { try { // It's possible for the username to be null or an empty string in the case of SPNEGO Kerberos // tickets. if (username != null && !username.isEmpty()) { if (debug) OLogManager.instance() .info( this, "ODefaultServerSecurity.authenticate() ** Authenticating username: %s", username); // This means it originates from us (used by openDatabase). if (username.equals(superUser) && password.equals(superUserPassword)) return superUser; } synchronized (authenticatorsList) { // Walk through the list of OSecurityAuthenticators. for (OSecurityAuthenticator sa : authenticatorsList) { if (sa.isEnabled()) { String principal = sa.authenticate(username, password); if (principal != null) return principal; } } } } catch (Exception ex) { OLogManager.instance() .error(this, "ODefaultServerSecurity.authenticate() Exception: %s", ex.getMessage()); } return null; // Indicates authentication failed. }
// OSecuritySystem (via OServerSecurity) // This will first look for a user in the security.json "users" array and then check if a resource // matches. public boolean isAuthorized(final String username, final String resource) { if (isEnabled()) { if (username == null || resource == null) return false; if (username.equals(superUser)) return true; synchronized (authenticatorsList) { // Walk through the list of OSecurityAuthenticators. for (OSecurityAuthenticator sa : authenticatorsList) { if (sa.isEnabled()) { if (sa.isAuthorized(username, resource)) return true; } } } } return false; }
// OServerSecurity public OServerUserConfiguration getUser(final String username) { OServerUserConfiguration userCfg = null; if (isEnabled()) { if (username.equals(superUser)) return superUserCfg; synchronized (authenticatorsList) { // Walk through the list of OSecurityAuthenticators. for (OSecurityAuthenticator sa : authenticatorsList) { if (sa.isEnabled()) { userCfg = sa.getUser(username); if (userCfg != null) break; } } } } return userCfg; }