mirror
/
DMDirc-Plugins
mirror of https://github.com/DMDirc/Plugins.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 7 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
596 Commits
3 Branches
Tree: 0.6.5
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '0.6.5'
${ noResults }
DMDirc-Plugins/src/com/dmdirc/addons/ui_web/WebUserRealm.java

WebUserRealm.java 4.6KB
Permalink History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146 
  1. /*

  2.  * Copyright (c) 2006-2011 Chris Smith, Shane Mc Cormack, Gregory Holmes

  3.  *

  4.  * Permission is hereby granted, free of charge, to any person obtaining a copy

  5.  * of this software and associated documentation files (the "Software"), to deal

  6.  * in the Software without restriction, including without limitation the rights

  7.  * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell

  8.  * copies of the Software, and to permit persons to whom the Software is

  9.  * furnished to do so, subject to the following conditions:

  10.  *

  11.  * The above copyright notice and this permission notice shall be included in

  12.  * all copies or substantial portions of the Software.

  13.  *

  14.  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR

  15.  * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,

  16.  * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE

  17.  * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER

  18.  * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,

  19.  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE

  20.  * SOFTWARE.

  21.  */

  22. 

  23. package com.dmdirc.addons.ui_web;

  24. 

  25. import com.dmdirc.config.ConfigManager;

  26. import com.dmdirc.config.IdentityManager;

  27. 

  28. import java.math.BigInteger;

  29. import java.security.MessageDigest;

  30. import java.security.NoSuchAlgorithmException;

  31. import java.security.Principal;

  32. import java.util.ArrayList;

  33. import java.util.HashMap;

  34. import java.util.List;

  35. import java.util.Map;

  36. import org.mortbay.jetty.Request;

  37. import org.mortbay.jetty.security.UserRealm;

  38. 

  39. /**

  40.  * Describes the users allowed to access the web UI.

  41.  *

  42.  * @author chris

  43.  */

  44. public class WebUserRealm implements UserRealm {

  45. 

  46.     private final Map<String, Principal> principals

  47.             = new HashMap<String, Principal>();

  48. 

  49.     private final ConfigManager config = IdentityManager.getGlobalConfig();

  50. 

  51.     /** {@inheritDoc} */

  52.     @Override

  53.     public String getName() {

  54.         if (config.hasOptionString(WebInterfaceUI.DOMAIN, "users")) {

  55.             return "DMDirc web UI";

  56.         } else {

  57.             return "DMDirc web UI first run -- "

  58.                     + "enter the username and password you wish to use in "

  59.                     + "the future";

  60.         }

  61.     }

  62. 

  63.     /** {@inheritDoc} */

  64.     @Override

  65.     public Principal getPrincipal(final String username) {

  66.         return principals.get(username);

  67.     }

  68. 

  69.     /** {@inheritDoc} */

  70.     @Override

  71.     public Principal authenticate(final String username,

  72.             final Object credentials, final Request request) {

  73.         if (!config.hasOptionString(WebInterfaceUI.DOMAIN, "users")) {

  74.             final List<String> users = new ArrayList<String>();

  75.             users.add(username + ":" + getHash(username, credentials));

  76.             IdentityManager.getConfigIdentity().setOption(WebInterfaceUI.DOMAIN,

  77.                     "users", users);

  78.         }

  79. 

  80.         for (String userinfo : config.getOptionList(WebInterfaceUI.DOMAIN,

  81.                 "users")) {

  82.             if (userinfo.startsWith(username + ":")) {

  83.                 final String pass = userinfo.substring(username.length() + 1);

  84. 

  85.                 if (pass.equals(getHash(username, credentials))) {

  86.                     principals.put(username, new WebPrincipal(username));

  87.                     return getPrincipal(username);

  88.                 }

  89.             }

  90.         }

  91. 

  92.         return null;

  93.     }

  94. 

  95.     /** {@inheritDoc} */

  96.     @Override

  97.     public boolean reauthenticate(final Principal user) {

  98.         return principals.containsValue(user);

  99.     }

  100. 

  101.     /** {@inheritDoc} */

  102.     @Override

  103.     public boolean isUserInRole(final Principal user, final String role) {

  104.         return true;

  105.     }

  106. 

  107.     /** {@inheritDoc} */

  108.     @Override

  109.     public void disassociate(final Principal user) {

  110.         // Do nothing

  111.     }

  112. 

  113.     /** {@inheritDoc} */

  114.     @Override

  115.     public Principal pushRole(final Principal user, final String role) {

  116.         // Do nothing

  117.         return user;

  118.     }

  119. 

  120.     /** {@inheritDoc} */

  121.     @Override

  122.     public Principal popRole(final Principal user) {

  123.         // Do nothing

  124.         return user;

  125.     }

  126. 

  127.     /** {@inheritDoc} */

  128.     @Override

  129.     public void logout(final Principal user) {

  130.         principals.remove(user.getName());

  131.     }

  132. 

  133.     private String getHash(final String username, final Object credentials) {

  134.         final String target = username + "--" + (String) credentials;

  135. 

  136.         try {

  137.             final MessageDigest md = MessageDigest.getInstance("SHA-512");

  138. 

  139.             return new BigInteger(md.digest(target.getBytes())).toString(16);

  140.         } catch (NoSuchAlgorithmException ex) {

  141.             // Don't hash

  142.             return target;

  143.         }

  144.     }

  145. 

  146. }