001: // AuthFilter.java
002: // $Id: AuthFilter.java,v 1.17 2000/08/16 21:37:34 ylafon Exp $
003: // (c) COPYRIGHT MIT and INRIA, 1996.
004: // Please first read the full copyright statement in file COPYRIGHT.html
005:
006: package org.w3c.jigsaw.auth;
007:
008: import org.w3c.tools.resources.Attribute;
009: import org.w3c.tools.resources.AttributeHolder;
010: import org.w3c.tools.resources.AttributeRegistry;
011: import org.w3c.tools.resources.BooleanAttribute;
012: import org.w3c.tools.resources.LookupResult;
013: import org.w3c.tools.resources.LookupState;
014: import org.w3c.tools.resources.ProtocolException;
015: import org.w3c.tools.resources.ReplyInterface;
016: import org.w3c.tools.resources.RequestInterface;
017: import org.w3c.tools.resources.Resource;
018: import org.w3c.tools.resources.ResourceFilter;
019: import org.w3c.tools.resources.StringArrayAttribute;
020: import org.w3c.tools.resources.StringAttribute;
021:
022: import org.w3c.jigsaw.http.HTTPException;
023: import org.w3c.jigsaw.http.Reply;
024: import org.w3c.jigsaw.http.Request;
025:
026: import org.w3c.www.http.HTTP;
027: import org.w3c.www.http.HttpReplyMessage;
028: import org.w3c.www.http.HttpRequestMessage;
029:
030: import org.w3c.tools.resources.ProtocolException;
031:
032: /**
033: * General authentication filters.
034: */
035:
036: public class AuthFilter extends ResourceFilter {
037: /**
038: * The user as authentified from the request.
039: * FIXME
040: */
041: public static final String STATE_AUTHUSER = "org.w3c.jigsaw.auth.AuthFilter.user";
042: /**
043: * The authentication method used to authenticate above user.
044: * FIXME
045: */
046: public static final String STATE_AUTHTYPE = "org.w3c.jigsaw.auth.AuthFilter.type";
047: /**
048: * The authentication context used to authenticate the above user
049: * FIXME
050: */
051: public static final String STATE_AUTHCONTEXT = "org.w3c.jigsaw.auth.AuthFilter.context";
052:
053: /**
054: * Attribute index - The methods protected by the filter.
055: */
056: protected static int ATTR_METHODS = -1;
057: /**
058: * Attribute index - The realm name for this filter.
059: */
060: protected static int ATTR_REALM = -1;
061: /**
062: * Attribute index - Is caching allowed by a shared cache ?
063: */
064: protected static int ATTR_SHARED_CACHABILITY = -1;
065: /**
066: * Attribute index - Is caching allowed in private cache ?
067: */
068: protected static int ATTR_PRIVATE_CACHABILITY = -1;
069: /**
070: * Attribute index - Is public caching of protected documents allowed ?
071: */
072: protected static int ATTR_PUBLIC_CACHABILITY = -1;
073:
074: static {
075: Attribute a = null;
076: Class c = null;
077: try {
078: c = Class.forName("org.w3c.jigsaw.auth.AuthFilter");
079: } catch (Exception ex) {
080: ex.printStackTrace();
081: System.exit(1);
082: }
083: // The protected methods
084: a = new StringArrayAttribute("methods", null,
085: Attribute.EDITABLE);
086: ATTR_METHODS = AttributeRegistry.registerAttribute(c, a);
087: // The realm name (to be resolved by the RealmFactory).
088: a = new StringAttribute("realm", null, Attribute.EDITABLE
089: | Attribute.MANDATORY);
090: ATTR_REALM = AttributeRegistry.registerAttribute(c, a);
091: // Can protected documents be saved in shared cache ?
092: a = new BooleanAttribute("shared-cachability", Boolean.FALSE,
093: Attribute.EDITABLE);
094: ATTR_SHARED_CACHABILITY = AttributeRegistry.registerAttribute(
095: c, a);
096: // Can protected documents be shared in private cache ?
097: a = new BooleanAttribute("private-cachability", Boolean.FALSE,
098: Attribute.EDITABLE);
099: ATTR_PRIVATE_CACHABILITY = AttributeRegistry.registerAttribute(
100: c, a);
101: // Can protected documents be publicly cached ?
102: a = new BooleanAttribute("public-cachability", Boolean.FALSE,
103: Attribute.EDITABLE);
104: ATTR_PUBLIC_CACHABILITY = AttributeRegistry.registerAttribute(
105: c, a);
106: }
107:
108: /**
109: * Get the list of methods that this filter protect
110: * @return An array of String giving the name of the protected methods,
111: * or <strong>null</strong>, in wich case <em>all</em> methods are
112: * to be protected.
113: */
114:
115: public String[] getMethods() {
116: return (String[]) getValue(ATTR_METHODS, null);
117: }
118:
119: /**
120: * Get the realm of this filter.
121: */
122:
123: public String getRealm() {
124: return (String) getValue(ATTR_REALM, null);
125: }
126:
127: /**
128: * Is this document publicly cachable ?
129: * @return A boolean.
130: */
131:
132: public boolean getPublicCachability() {
133: return getBoolean(ATTR_PUBLIC_CACHABILITY, false);
134: }
135:
136: /**
137: * Is this document cachable in private caches ?
138: * @return A boolean.
139: */
140:
141: public boolean getPrivateCachability() {
142: return getBoolean(ATTR_PRIVATE_CACHABILITY, false);
143: }
144:
145: /**
146: * Is this document cachable in shared caches ?
147: * @return A boolean.
148: */
149:
150: public boolean getSharedCachability() {
151: return getBoolean(ATTR_SHARED_CACHABILITY, false);
152: }
153:
154: /**
155: * Authenticate the request from the given client.
156: * An authentication filter should only override this method.
157: * @param request The request to be handled.
158: * @exception ProtocolException If authentication failed.
159: */
160:
161: public void authenticate(Request request) throws ProtocolException {
162: Reply error = request.makeReply(HTTP.UNAUTHORIZED);
163: error.setContent("<p>Invalid server configuration</p>"
164: + "<p>The server defines an authentication filter "
165: + " with no <strong>authenticate</strong> method.");
166: throw new HTTPException(error);
167: }
168:
169: /**
170: * Authenticate the given request for the given client.
171: * This method is invoked prior to any request handling on its target
172: * entity. If the used authentication method allows so, AuthFilters
173: * should set the <strong>authuser</strong> attribute of the request.
174: * @param request The request.
175: * @exception ProtocolException If authentication failed.
176: */
177:
178: public boolean lookup(LookupState ls, LookupResult lr)
179: throws ProtocolException {
180: Request request = (Request) (ls.hasRequest() ? ls.getRequest()
181: : null);
182: if ((request == null) || ls.isInternal())
183: // Internal lookups always allowed
184: return false;
185: // Check the request, and authenticate if needed:
186: String method = request.getMethod();
187: String methods[] = getMethods();
188: if (methods == null) {
189: authenticate(request);
190: return false;
191: } else {
192: for (int i = 0; i < methods.length; i++) {
193: if (methods[i].equalsIgnoreCase(method)) {
194: authenticate(request);
195: return false;
196: }
197: }
198: }
199: return false;
200: }
201:
202: /**
203: * Add the appropriate cache control directives on the way back.
204: * @param request The request that has been processed.
205: * @param reply The original reply.
206: * @return Always <strong>null</strong>.
207: */
208:
209: public ReplyInterface outgoingFilter(RequestInterface request,
210: ReplyInterface reply) {
211: Reply rep = (Reply) reply;
212: if (getPrivateCachability()) {
213: rep.setMustRevalidate(true);
214: } else if (getSharedCachability()) {
215: rep.setProxyRevalidate(true);
216: } else if (getPublicCachability()) {
217: rep.setPublic(true);
218: }
219: return null;
220: }
221:
222: }
|