FilePasswordRealm.java

/*
 * Copyright (C) 2013 Intel Corporation
 * All rights reserved.
 */
package com.intel.mtwilson.shiro.file;

import com.intel.mtwilson.shiro.Username;
import com.intel.mtwilson.shiro.authc.password.HashedPassword;
import com.intel.mtwilson.shiro.authc.password.PasswordAuthenticationInfo;
import com.intel.mtwilson.shiro.file.model.UserPassword;
import com.intel.mtwilson.shiro.file.model.UserPermission;
import java.io.File;
import java.util.Collection;
import java.util.List;
import org.apache.shiro.authc.AccountException;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authz.AuthorizationException;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.subject.SimplePrincipalCollection;

/**
 * 
 * @author jbuhacoff
 */
public class FilePasswordRealm extends AuthorizingRealm {

    private static final org.slf4j.Logger log = org.slf4j.LoggerFactory.getLogger(FilePasswordRealm.class);
    
    private String userFilePath;
    private String permissionFilePath;

    public void setUserFilePath(String userFilePath) {
        this.userFilePath = userFilePath;
    }

    public void setPermissionFilePath(String permissionFilePath) {
        this.permissionFilePath = permissionFilePath;
    }
    
    
    
    @Override
    public boolean supports(AuthenticationToken token) {
        return token instanceof UsernamePasswordToken;
    }
    
    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection pc) {
        if (pc == null) {
            throw new AuthorizationException("Principal must be provided");
        }
        SimpleAuthorizationInfo authzInfo = new SimpleAuthorizationInfo();
        for (String realmName : pc.getRealmNames()) {
            log.debug("doGetAuthorizationInfo for realm: {}", realmName);
        }
        try {
            LoginDAO dao = new LoginDAO(new File(userFilePath), new File(permissionFilePath));
            Collection<Username> usernames = pc.byType(Username.class);
            for(Username username : usernames) {
                log.debug("doGetAuthorizationInfo for username: {}", username.getUsername());
                List<UserPermission> permissions = dao.getPermissions(username.getUsername());
                for(UserPermission permission : permissions) {
                    authzInfo.addStringPermission(permission.toString());
                }
            }
        } catch (Exception e) {
            log.debug("doGetAuthorizationInfo error", e);
            throw new AuthenticationException("Internal server error", e); 
        }

        return authzInfo;
    }
    
    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
        UsernamePasswordToken upToken = (UsernamePasswordToken) token;
        String username = upToken.getUsername();
        if (username == null) {
            log.debug("doGetAuthenticationInfo null username");
            throw new AccountException("Username must be provided");
        }
        log.debug("doGetAuthenticationInfo for username {}", username);
        UserPassword userLoginPassword;
        try {
            LoginDAO dao = new LoginDAO(new File(userFilePath), new File(permissionFilePath));
            userLoginPassword = dao.findUserByName(username);
            if (userLoginPassword == null) {
                return null;
            }
        } catch (Exception e) {
            log.debug("doGetAuthenticationInfo error", e);
            throw new AuthenticationException("Internal server error", e); 
        }
        log.debug("doGetAuthenticationInfo found user {}", userLoginPassword.getUsername());
        SimplePrincipalCollection principals = new SimplePrincipalCollection();
        principals.add(new Username(username), getName());

        PasswordAuthenticationInfo info = new PasswordAuthenticationInfo();
        info.setPrincipals(principals);
        info.setCredentials(toHashedPassword(userLoginPassword));

        return info;
    }

    private HashedPassword toHashedPassword(UserPassword userLoginPassword) {
        HashedPassword hashedPassword = new HashedPassword();
        hashedPassword.setAlgorithm(userLoginPassword.getAlgorithm());
        hashedPassword.setSalt(userLoginPassword.getSalt());
        hashedPassword.setIterations(userLoginPassword.getIterations());
        hashedPassword.setPasswordHash(userLoginPassword.getPasswordHash());
        return hashedPassword;
    }

}