AuthenticationManager.java example

Explorer
hydra-master
/*
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package com.addthis.hydra.job.auth;

import java.io.Closeable;
import java.io.IOException;

import java.util.List;

import com.google.common.collect.ImmutableList;

/**
 * Clients outside this package should not communicate
 * directly with AuthenticationManagers. They should use the
 * {@link PermissionsManager} API for authentication.
 */
abstract class AuthenticationManager implements Closeable {

    /**
     * Returns a non-null secret token if authentication
     * was successful. Or null if authentication failed.
     * An authentication manager can choose to deny requests
     * that are not transmitted over ssl. At this point the password
     * has already been transmitted but denying the request may
     * be preferable to encouraging this behavior.
     *
     * @param username
     * @param password
     * @param ssl
     * @return non-null secret if authentication succeeded
     */
    abstract String login(String username, String password, boolean ssl);

    /**
     * Verifies the username and password are correct.
     */
    public abstract boolean verify(String username, String password, boolean ssl);

    /**
     * Return the user object if the username and secret token are valid.
     *
     * @param username
     * @param secret
     * @return
     */
    abstract User authenticate(String username, String secret);


    /**
     * Bypasses authentication. Protected visibility should only
     * be used by internal methods.
     *
     * @param username
     * @return
     */
    abstract User getUser(String username);

    /**
     * Optionally provides a sudo token for the user
     * or return null to delegate sudo token generation to the
     * authorization manager.
     *
     * @param username
     * @return
     */
    abstract String sudoToken(String username);

    /**
     * Remove all tokens associated with this user.
     *
     * @param username
     */
    public abstract void evict(String username);

    /**
     * Logout the user from the authentication manager. The secret
     * token for the user should be invalidated.
     *
     * @param username
     * @param secret
     */
    abstract void logout(String username, String secret);

    abstract ImmutableList<String> adminGroups();

    abstract ImmutableList<String> adminUsers();

    boolean isAdmin(User user) {
        if (user == null) {
            return false;
        }
        List<String> adminUsers = adminUsers();
        List<String> adminGroups = adminGroups();
        if (adminUsers.contains(user.name())) {
            return true;
        }
        List<String> groups = user.groups();
        for (String group : groups) {
            if (adminGroups.contains(group)) {
                return true;
            }
        }
        return false;
    }

    @Override
    public void close() throws IOException {}

}