TomcatLoginCommand.java

/* license-start
 * 
 * Copyright (C) 2008 - 2013 Crispico, <http://www.crispico.com/>.
 * 
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation version 3.
 * 
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details, at <http://www.gnu.org/licenses/>.
 * 
 * Contributors:
 *   Crispico - Initial API and implementation
 *
 * license-end
 */
package org.flowerplatform.blazeds;


import java.security.Principal;
import java.util.List;

import javax.servlet.ServletConfig;

import org.flowerplatform.communication.CommunicationPlugin;
import org.flowerplatform.communication.IAuthenticator.AuthenticationResult;
import flex.messaging.security.LoginCommand;
import flex.messaging.security.SecurityException;

/**
 * @author Sorin
 * 
 */
public class TomcatLoginCommand implements LoginCommand {

	/**
	 * @param username contains the username and an optional activation code,
	 * formatted as <code>username|activation_code</code>
	 * @param credentials password
	 * 
	 * @author Sorin
	 * @author Mariana
	 * 
	 * 
	 */
	@Override
	public Principal doAuthentication(final String username, Object credentials) {
		String[] credentialsProps = username.toString().split("\\|");
		String login = credentialsProps[0];
		String activationCode = credentialsProps.length > 1 ? credentialsProps[1] : null;
		String password = credentials.toString();
		
		AuthenticationResult result = CommunicationPlugin.getInstance().getAuthenticator().authenticate(login, password, activationCode);
		
		switch (result) {
		case OK:
			return CommunicationPlugin.getInstance().getAuthenticator().getPrincipal(result.getId());
		
		// we throw an exception to differentiate from the case when username or password is incorrect
		case ALREADY_ACTIVATED:
			SecurityException seAlreadyActivated = new SecurityException();
			seAlreadyActivated.setCode(SecurityException.CLIENT_AUTHENTICATION_CODE + ".UserAlreadyActivated");
			throw seAlreadyActivated;
		case NOT_ACTIVATED:
			SecurityException seNotActivated = new SecurityException();
			seNotActivated.setCode(SecurityException.CLIENT_AUTHENTICATION_CODE + ".NotActivated");
			throw seNotActivated;
		
		default:
			return null;
		}
	}

	/**
	 * 
	 */
	@SuppressWarnings("rawtypes")
	@Override
	public boolean doAuthorization(Principal principal, List roles) {
		return true;
	}

	/**
	 * 
	 */
	@Override
	public boolean logout(Principal principal) {
		// No problem logging out
		return true;
	}

	/**
	 * 
	 */
	@Override
	public void start(ServletConfig servletConfig) {
		// nothing
		// This could be used maybe to establish connection to the DB.
	}

	/**
	 * 
	 */
	@Override
	public void stop() {
		// nothing
		// This could be used to stop the connection to the DB.
	}

}