Package ome.security.auth

Class ConfigurablePasswordProvider

java.lang.Object

ome.security.auth.ConfigurablePasswordProvider

All Implemented Interfaces:

PasswordProvider, PasswordUtility, org.springframework.beans.factory.Aware, org.springframework.context.ApplicationContextAware

Direct Known Subclasses:

FilePasswordProvider, JdbcPasswordProvider, LdapPasswordProvider, LdapPasswordProvider431

public abstract class ConfigurablePasswordProvider
extends java.lang.Object
implements PasswordProvider, PasswordUtility, org.springframework.context.ApplicationContextAware

Base class for most PasswordProvider implementations, providing configuration for default behaviors. There is no need for a subclass to use this implementation.

Since:

4.0

See Also:

SecuritySystem, Permissions

Field Summary

Fields

Modifier and Type	Field	Description
protected ome.system.OmeroContext	ctx
protected java.lang.String	hash	Hash implementation to use for encoding passwords to check and changed passwords.
protected boolean	ignoreUnknown	If true, this implementation should return a null on checkPassword(String, String, boolean) if the user is unknown, otherwise a Boolean.FALSE.
protected PasswordUtil	legacyUtil	Possibly null PasswordUtil instance which will be used as a fallback for password checks if the util instance fails.
protected org.slf4j.Logger	log
protected boolean	salt	Whether or not salting based on the user ID should be attempted.
protected PasswordUtil	util

Constructor Summary

Constructors

Constructor	Description
ConfigurablePasswordProvider(PasswordUtil util)	Call ConfigurablePasswordProvider(PasswordUtil, boolean) with "ignoreUnknown" equal to false.
ConfigurablePasswordProvider(PasswordUtil util, boolean ignoreUnknown)	Call ConfigurablePasswordProvider(PasswordUtil, boolean, boolean) with "salt" equal to false.
ConfigurablePasswordProvider(PasswordUtil util, boolean ignoreUnknown, boolean salt)

Method Summary

Modifier and Type	Method	Description
void	changePassword(java.lang.String user, java.lang.String password)	Throws by default.
java.lang.Boolean	checkPassword(java.lang.String user, java.lang.String password, boolean readOnly)	If this was constructed with the ignoreUnknown argument set to true, returns null, since the base class knows no users.
java.lang.Boolean	comparePasswords(java.lang.Long userId, java.lang.String trusted, java.lang.String provided)	Compares the password provided by the user (unhashed) against the given trusted password.
protected boolean	comparePasswords(java.lang.Long userId, java.lang.String trusted, java.lang.String provided, PasswordUtil util)
java.lang.Boolean	comparePasswords(java.lang.String trusted, java.lang.String provided)	Compares the password provided by the user (unhashed) against the given trusted password.
protected java.lang.String	encodePassword(java.lang.Long userId, java.lang.String newPassword, boolean salt, PasswordUtil util)
java.lang.String	encodePassword(java.lang.String newPassword)	Encodes the password as it would be encoded for a check by comparePasswords(String, String)
java.lang.String	encodeSaltedPassword(java.lang.Long userId, java.lang.String newPassword)	Encodes the password as it would be encoded for a check by comparePasswords(String, String) salting the password with the given userId if it's provided.
boolean	hasPassword(java.lang.String user)	Always returns false, override with specific logic.
protected java.lang.Boolean	loginAttempt(java.lang.String user, java.lang.Boolean success)
void	setApplicationContext(org.springframework.context.ApplicationContext ctx)
void	setLegacyUtil(PasswordUtil legacy)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

log

protected final org.slf4j.Logger log

hash

protected final java.lang.String hash

Hash implementation to use for encoding passwords to check and changed passwords. Default value: MD5 (For the moment, the only supported value!)

salt

protected final boolean salt

Whether or not salting based on the user ID should be attempted.

ignoreUnknown

protected final boolean ignoreUnknown

If true, this implementation should return a null on checkPassword(String, String, boolean) if the user is unknown, otherwise a Boolean.FALSE. Default value: false

util

protected final PasswordUtil util

legacyUtil

protected PasswordUtil legacyUtil

Possibly null PasswordUtil instance which will be used as a fallback for password checks if the util instance fails.

ctx

protected ome.system.OmeroContext ctx

Constructor Detail

ConfigurablePasswordProvider

public ConfigurablePasswordProvider(PasswordUtil util)

Call ConfigurablePasswordProvider(PasswordUtil, boolean) with "ignoreUnknown" equal to false.

Parameters:

util - an instance of the password utility class

ConfigurablePasswordProvider

public ConfigurablePasswordProvider(PasswordUtil util,
                                    boolean ignoreUnknown)

Call ConfigurablePasswordProvider(PasswordUtil, boolean, boolean) with "salt" equal to false.

Parameters:

util - an instance of the password utility class

ignoreUnknown - if checkPassword(String, String, boolean) should return null rather than Boolean.FALSE for unknown users

ConfigurablePasswordProvider

public ConfigurablePasswordProvider(PasswordUtil util,
                                    boolean ignoreUnknown,
                                    boolean salt)

Method Detail

setApplicationContext

public void setApplicationContext(org.springframework.context.ApplicationContext ctx)
                           throws org.springframework.beans.BeansException

Specified by:

setApplicationContext in interface org.springframework.context.ApplicationContextAware

Throws:

org.springframework.beans.BeansException

setLegacyUtil

public void setLegacyUtil(PasswordUtil legacy)

loginAttempt

protected java.lang.Boolean loginAttempt(java.lang.String user,
                                         java.lang.Boolean success)

hasPassword

public boolean hasPassword(java.lang.String user)

Always returns false, override with specific logic.

Specified by:

hasPassword in interface PasswordProvider

checkPassword

public java.lang.Boolean checkPassword(java.lang.String user,
                                       java.lang.String password,
                                       boolean readOnly)

If this was constructed with the ignoreUnknown argument set to true, returns null, since the base class knows no users. Otherwise, returns Boolean.FALSE specifying that authentication should fail.

Specified by:

checkPassword in interface PasswordProvider

changePassword

public void changePassword(java.lang.String user,
                           java.lang.String password)
                    throws PasswordChangeException

Throws by default.

Specified by:

changePassword in interface PasswordProvider

Throws:

PasswordChangeException

encodePassword

public java.lang.String encodePassword(java.lang.String newPassword)

Encodes the password as it would be encoded for a check by comparePasswords(String, String)

Specified by:

encodePassword in interface PasswordUtility

encodeSaltedPassword

public java.lang.String encodeSaltedPassword(java.lang.Long userId,
                                             java.lang.String newPassword)

Encodes the password as it would be encoded for a check by comparePasswords(String, String) salting the password with the given userId if it's provided.

Parameters:

userId - a user ID (may be null)

newPassword - a password

Returns:

the encoded password

encodePassword

protected java.lang.String encodePassword(java.lang.Long userId,
                                          java.lang.String newPassword,
                                          boolean salt,
                                          PasswordUtil util)

comparePasswords

public java.lang.Boolean comparePasswords(java.lang.String trusted,
                                          java.lang.String provided)

Compares the password provided by the user (unhashed) against the given trusted password. A return value of null, however, is also possible with the same semantics as a null from checkPassword(String, String, boolean). For this implementation, if the trusted password is null, return Boolean.FALSE. If the trusted password is empty (only whitespace), return Boolean.TRUE. Otherwise return the result of String.equals(Object).

Specified by:

comparePasswords in interface PasswordUtility

comparePasswords

public java.lang.Boolean comparePasswords(java.lang.Long userId,
                                          java.lang.String trusted,
                                          java.lang.String provided)

Compares the password provided by the user (unhashed) against the given trusted password. In general, if the trusted password is null, return Boolean.FALSE. If the trusted password is empty (only whitespace), return Boolean.TRUE. Otherwise return the results of String.equals(Object). If necessary, falls back to using a legacy password utility class if one was set by setLegacyUtil(PasswordUtil).

Parameters:

userId - a user ID

trusted - the user's trusted password

provided - the provided password

Returns:

if the provided password matches the trusted password (for which blank matches anything)

comparePasswords

protected boolean comparePasswords(java.lang.Long userId,
                                   java.lang.String trusted,
                                   java.lang.String provided,
                                   PasswordUtil util)