001    /*
002      Copyright (C) 2002-2003 Renaud Pawlak <renaud@aopsys.com>
003      
004      This program is free software; you can redistribute it and/or modify
005      it under the terms of the GNU Lesser General Public License as
006      published by the Free Software Foundation; either version 2 of the
007      License, or (at your option) any later version.
008    
009      This program is distributed in the hope that it will be useful,
010      but WITHOUT ANY WARRANTY; without even the implied warranty of
011      MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
012      GNU Lesser General Public License for more details.
013    
014      You should have received a copy of the GNU Lesser General Public License
015      along with this program; if not, write to the Free Software
016      Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */
017    
018    package org.objectweb.jac.aspects.authentication;
019    
020    import org.objectweb.jac.aspects.user.UserAC;
021    import org.objectweb.jac.core.ACManager;
022    import org.objectweb.jac.util.Log;
023    
024    /**
025     * This Authenticator asks for a username and password and checks them
026     * by using the user aspect.
027     *
028     * @see org.objectweb.jac.aspects.user.UserAC */
029    
030    public class UserPasswordAuthenticator extends PasswordAuthenticator {
031    
032        UserAC userAC;
033        String userAspectName;
034    
035        /**
036         * Constructor.
037         *
038         * @param userAspectName the name of the user aspect for the
039         * configured application (note that we should implement a means to
040         * resolve an aspect). It has the form 
041         * <application_name>.<aspect_name> 
042         */
043        public UserPasswordAuthenticator(String userAspectName) {
044            this.userAspectName=userAspectName;
045        }
046    
047        /**
048         * Implements the password checking.
049         *
050         * <p>This method asks to the user aspect which is the currently
051         * user's instance of the current session and checks if the
052         * username and password values corresponds to the values of the
053         * corresponding fields as declared in the user aspect.
054         *
055         * @param username the username to check
056         * @param password the password to check
057         * @return true if matching, false otherwise
058         *
059         * @see org.objectweb.jac.aspects.user.UserAC
060         * @see org.objectweb.jac.aspects.user.UserAC#setUserClass(ClassItem,String,String)
061         * @see org.objectweb.jac.aspects.user.UserAC#getUserFromLogin(String)
062         * @see org.objectweb.jac.aspects.user.UserAC#getUserLogin(Object)
063         * @see org.objectweb.jac.aspects.user.UserAC#getUserPassword(Object) 
064         */
065        boolean checkPassword(String username, String password) {
066            if (userAC==null) {
067                userAC=(UserAC)ACManager.get().getObject(userAspectName);
068            }
069            if (userAC==null) {
070                Log.error("UserPasswordAuthenticator: cannot perform "+
071                          "password authentication, no user aspect found.");
072                return false;
073            } else {
074                Object user=userAC.getUserFromLogin(username);
075                Log.trace("authentication","checking "+username+"=="+
076                          userAC.getUserLogin(user)+" && "+password+"=="+
077                          userAC.getUserPassword(user)+" (user="+user+")");
078                return username.equals(userAC.getUserLogin(user)) &&
079                    password.equals(userAC.getUserPassword(user));
080            }
081        }
082    
083    }