View Javadoc

1   //
2   //  ========================================================================
3   //  Copyright (c) 1995-2013 Mort Bay Consulting Pty. Ltd.
4   //  ------------------------------------------------------------------------
5   //  All rights reserved. This program and the accompanying materials
6   //  are made available under the terms of the Eclipse Public License v1.0
7   //  and Apache License v2.0 which accompanies this distribution.
8   //
9   //      The Eclipse Public License is available at
10  //      http://www.eclipse.org/legal/epl-v10.html
11  //
12  //      The Apache License v2.0 is available at
13  //      http://www.opensource.org/licenses/apache2.0.php
14  //
15  //  You may elect to redistribute this code under either of these licenses.
16  //  ========================================================================
17  //
18  
19  package org.eclipse.jetty.security;
20  
21  import java.io.File;
22  import java.io.FilenameFilter;
23  import java.io.IOException;
24  import java.security.Principal;
25  import java.util.ArrayList;
26  import java.util.HashMap;
27  import java.util.HashSet;
28  import java.util.Iterator;
29  import java.util.List;
30  import java.util.Map;
31  import java.util.Properties;
32  import java.util.Set;
33  
34  import javax.security.auth.Subject;
35  
36  import org.eclipse.jetty.security.MappedLoginService.KnownUser;
37  import org.eclipse.jetty.security.MappedLoginService.RolePrincipal;
38  import org.eclipse.jetty.server.UserIdentity;
39  import org.eclipse.jetty.util.Scanner;
40  import org.eclipse.jetty.util.Scanner.BulkListener;
41  import org.eclipse.jetty.util.component.AbstractLifeCycle;
42  import org.eclipse.jetty.util.log.Log;
43  import org.eclipse.jetty.util.log.Logger;
44  import org.eclipse.jetty.util.resource.Resource;
45  import org.eclipse.jetty.util.security.Credential;
46  
47  /**
48   * PropertyUserStore
49   *
50   * This class monitors a property file of the format mentioned below and notifies registered listeners of the changes to the the given file.
51   *
52   * <PRE>
53   *  username: password [,rolename ...]
54   * </PRE>
55   *
56   * Passwords may be clear text, obfuscated or checksummed. The class com.eclipse.Util.Password should be used to generate obfuscated passwords or password
57   * checksums.
58   *
59   * If DIGEST Authentication is used, the password must be in a recoverable format, either plain text or OBF:.
60   */
61  public class PropertyUserStore extends AbstractLifeCycle
62  {
63      private static final Logger LOG = Log.getLogger(PropertyUserStore.class);
64  
65      private String _config;
66      private Resource _configResource;
67      private Scanner _scanner;
68      private int _refreshInterval = 0;// default is not to reload
69  
70      private IdentityService _identityService = new DefaultIdentityService();
71      private boolean _firstLoad = true; // true if first load, false from that point on
72      private final List<String> _knownUsers = new ArrayList<String>();
73      private final Map<String, UserIdentity> _knownUserIdentities = new HashMap<String, UserIdentity>();
74      private List<UserListener> _listeners;
75  
76      /* ------------------------------------------------------------ */
77      public String getConfig()
78      {
79          return _config;
80      }
81  
82      /* ------------------------------------------------------------ */
83      public void setConfig(String config)
84      {
85          _config = config;
86      }
87  
88      /* ------------------------------------------------------------ */
89          public UserIdentity getUserIdentity(String userName)
90          {
91              return _knownUserIdentities.get(userName);
92          }
93  
94      /* ------------------------------------------------------------ */
95      /**
96       * returns the resource associated with the configured properties file, creating it if necessary
97       */
98      public Resource getConfigResource() throws IOException
99      {
100         if (_configResource == null)
101         {
102             _configResource = Resource.newResource(_config);
103         }
104 
105         return _configResource;
106     }
107 
108     /* ------------------------------------------------------------ */
109     /**
110      * sets the refresh interval (in seconds)
111      */
112     public void setRefreshInterval(int msec)
113     {
114         _refreshInterval = msec;
115     }
116 
117     /* ------------------------------------------------------------ */
118     /**
119      * refresh interval in seconds for how often the properties file should be checked for changes
120      */
121     public int getRefreshInterval()
122     {
123         return _refreshInterval;
124     }
125 
126     /* ------------------------------------------------------------ */
127     private void loadUsers() throws IOException
128     {
129         if (_config == null)
130             return;
131 
132         if (LOG.isDebugEnabled())
133             LOG.debug("Load " + this + " from " + _config);
134         Properties properties = new Properties();
135         if (getConfigResource().exists())
136             properties.load(getConfigResource().getInputStream());
137         Set<String> known = new HashSet<String>();
138 
139         for (Map.Entry<Object, Object> entry : properties.entrySet())
140         {
141             String username = ((String)entry.getKey()).trim();
142             String credentials = ((String)entry.getValue()).trim();
143             String roles = null;
144             int c = credentials.indexOf(',');
145             if (c > 0)
146             {
147                 roles = credentials.substring(c + 1).trim();
148                 credentials = credentials.substring(0,c).trim();
149             }
150 
151             if (username != null && username.length() > 0 && credentials != null && credentials.length() > 0)
152             {
153                 String[] roleArray = IdentityService.NO_ROLES;
154                 if (roles != null && roles.length() > 0)
155                 {
156                     roleArray = roles.split(",");
157                 }
158                 known.add(username);
159                 Credential credential = Credential.getCredential(credentials);
160 
161                 Principal userPrincipal = new KnownUser(username,credential);
162                 Subject subject = new Subject();
163                 subject.getPrincipals().add(userPrincipal);
164                 subject.getPrivateCredentials().add(credential);
165 
166                 if (roles != null)
167                 {
168                     for (String role : roleArray)
169                     {
170                         subject.getPrincipals().add(new RolePrincipal(role));
171                     }
172                 }
173 
174                 subject.setReadOnly();
175 
176                 _knownUserIdentities.put(username,_identityService.newUserIdentity(subject,userPrincipal,roleArray));
177                 notifyUpdate(username,credential,roleArray);
178             }
179         }
180 
181         synchronized (_knownUsers)
182         {
183             /*
184              * if its not the initial load then we want to process removed users
185              */
186             if (!_firstLoad)
187             {
188                 Iterator<String> users = _knownUsers.iterator();
189                 while (users.hasNext())
190                 {
191                     String user = users.next();
192                     if (!known.contains(user))
193                     {
194                         _knownUserIdentities.remove(user);
195                         notifyRemove(user);
196                     }
197                 }
198             }
199 
200             /*
201              * reset the tracked _users list to the known users we just processed
202              */
203 
204             _knownUsers.clear();
205             _knownUsers.addAll(known);
206 
207         }
208 
209         /*
210          * set initial load to false as there should be no more initial loads
211          */
212         _firstLoad = false;
213     }
214 
215     /* ------------------------------------------------------------ */
216     /**
217      * Depending on the value of the refresh interval, this method will either start up a scanner thread that will monitor the properties file for changes after
218      * it has initially loaded it. Otherwise the users will be loaded and there will be no active monitoring thread so changes will not be detected.
219      *
220      *
221      * @see org.eclipse.jetty.util.component.AbstractLifeCycle#doStart()
222      */
223     protected void doStart() throws Exception
224     {
225         super.doStart();
226 
227         if (getRefreshInterval() > 0)
228         {
229             _scanner = new Scanner();
230             _scanner.setScanInterval(getRefreshInterval());
231             List<File> dirList = new ArrayList<File>(1);
232             dirList.add(getConfigResource().getFile().getParentFile());
233             _scanner.setScanDirs(dirList);
234             _scanner.setFilenameFilter(new FilenameFilter()
235             {
236                 public boolean accept(File dir, String name)
237                 {
238                     File f = new File(dir,name);
239                     try
240                     {
241                         if (f.compareTo(getConfigResource().getFile()) == 0)
242                         {
243                             return true;
244                         }
245                     }
246                     catch (IOException e)
247                     {
248                         return false;
249                     }
250 
251                     return false;
252                 }
253 
254             });
255 
256             _scanner.addListener(new BulkListener()
257             {
258                 public void filesChanged(List<String> filenames) throws Exception
259                 {
260                     if (filenames == null)
261                         return;
262                     if (filenames.isEmpty())
263                         return;
264                     if (filenames.size() == 1)
265                     {
266                         Resource r = Resource.newResource(filenames.get(0));
267                         if (r.getFile().equals(_configResource.getFile()))
268                             loadUsers();
269                     }
270                 }
271 
272                 public String toString()
273                 {
274                     return "PropertyUserStore$Scanner";
275                 }
276 
277             });
278 
279             _scanner.setReportExistingFilesOnStartup(true);
280             _scanner.setRecursive(false);
281             _scanner.start();
282         }
283         else
284         {
285             loadUsers();
286         }
287     }
288 
289     /* ------------------------------------------------------------ */
290     /**
291      * @see org.eclipse.jetty.util.component.AbstractLifeCycle#doStop()
292      */
293     protected void doStop() throws Exception
294     {
295         super.doStop();
296         if (_scanner != null)
297             _scanner.stop();
298         _scanner = null;
299     }
300 
301     /**
302      * Notifies the registered listeners of potential updates to a user
303      *
304      * @param username
305      * @param credential
306      * @param roleArray
307      */
308     private void notifyUpdate(String username, Credential credential, String[] roleArray)
309     {
310         if (_listeners != null)
311         {
312             for (Iterator<UserListener> i = _listeners.iterator(); i.hasNext();)
313             {
314                 i.next().update(username,credential,roleArray);
315             }
316         }
317     }
318 
319     /**
320      * notifies the registered listeners that a user has been removed.
321      *
322      * @param username
323      */
324     private void notifyRemove(String username)
325     {
326         if (_listeners != null)
327         {
328             for (Iterator<UserListener> i = _listeners.iterator(); i.hasNext();)
329             {
330                 i.next().remove(username);
331             }
332         }
333     }
334 
335     /**
336      * registers a listener to be notified of the contents of the property file
337      */
338     public void registerUserListener(UserListener listener)
339     {
340         if (_listeners == null)
341         {
342             _listeners = new ArrayList<UserListener>();
343         }
344         _listeners.add(listener);
345     }
346 
347     /**
348      * UserListener
349      */
350     public interface UserListener
351     {
352         public void update(String username, Credential credential, String[] roleArray);
353 
354         public void remove(String username);
355     }
356 }