Authenticator

Object
- Authenticator

```
class Authenticator
extends Object
```
Performs all authentication tasks for the servlet, including IP-based, LDAP, and external authentication.

Nested Class Summary

Nested Classes
Modifier and Type	Class and Description
`private class`	`Authenticator.AllAuthSpec` Allow or deny all access
`private class`	`Authenticator.AuthSpec` Holds information on a particular authorization specification
`private class`	`Authenticator.ExternalAuthSpec` Allow or deny based on an external login page
`private class`	`Authenticator.IPAuthSpec` Allow or deny based on whether requestor's IP address is in the specified list.
`private class`	`Authenticator.IpListCache` This class is used to cache IP maps so we don't have to load the same ones over and over.
`private class`	`Authenticator.LdapAuthSpec` Allow or deny based on looking up an entry in an LDAP database.

Field Summary

Fields
Modifier and Type	Field and Description
`private StringCache`	`authCache` Caches authorized session IDs
`private DynaXMLConfig`	`config` Configuration info
`private Authenticator.IpListCache`	`ipListCache` Caches IP maps
`private StringCache`	`loginCache` Caches nonce values for external log-ins
`private SecureRandom`	`secureRandom` Used for generating random nonce values
`private DynaXML`	`servlet` Servlet to get dependencies from

Constructor Summary

Constructors
Constructor and Description

Authenticator(DynaXML servlet)
Construct an authorizer, initializing all the caches.

Constructors
Constructor and Description
`Authenticator(DynaXML servlet)` Construct an authorizer, initializing all the caches.

Method Summary

All Methods Static Methods Instance Methods Concrete Methods
Modifier and Type	Method and Description
`private boolean`	`authExternal(Authenticator.ExternalAuthSpec spec, HttpServletRequest req, HttpServletResponse res)` Uses an external login web page to authorize user access.
`private void`	`authLdap(Authenticator.LdapAuthSpec spec, HttpServletRequest req, HttpServletResponse res)` Uses an LDAP server to authorize user access with a username and password.
`private static String`	`bytesToHex(byte[] bytes)` Converts an array of bytes to the hex representation of them, two digits per byte and no spaces.
`boolean`	`checkAuth(String ipAddr, Vector authSpecs, HttpServletRequest req, HttpServletResponse res)` Based on a list of authentication specifications, checks if the current session is allowed to access this document.
`void`	`clearCaches()` Clears all the caches used by the authenticator.
`private boolean`	`isEmpty(String s)` Utility method to check if a string is null or ""
`Authenticator.AuthSpec`	`processAuthTag(EasyNode el)` Creates an AuthSpec from an 'auth' element produced by the docReqParser stylesheet.

Methods inherited from class Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Field Detail
  - secureRandom
```
private SecureRandom secureRandom
```
    Used for generating random nonce values
  - ipListCache
```
private Authenticator.IpListCache ipListCache
```
    Caches IP maps
  - authCache
```
private StringCache authCache
```
    Caches authorized session IDs
  - loginCache
```
private StringCache loginCache
```
    Caches nonce values for external log-ins
  - servlet
```
private DynaXML servlet
```
    Servlet to get dependencies from
  - config
```
private DynaXMLConfig config
```
    Configuration info
- Constructor Detail
  - Authenticator
```
public Authenticator(DynaXML servlet)
```
    Construct an authorizer, initializing all the caches.
    
    Parameters:
    
    servlet - Servlet whose cache we will access
- Method Detail
  - isEmpty
```
private boolean isEmpty(String s)
```
    Utility method to check if a string is null or ""
  - processAuthTag
```
public Authenticator.AuthSpec processAuthTag(EasyNode el)
                                      throws DynaXMLException
```
    Creates an AuthSpec from an 'auth' element produced by the docReqParser stylesheet. Parses the various parameters depending on the type.
    
    Throws:
    
    DynaXMLException
  - clearCaches
```
public void clearCaches()
```
    Clears all the caches used by the authenticator.
  - authLdap
```
private void authLdap(Authenticator.LdapAuthSpec spec,
                      HttpServletRequest req,
                      HttpServletResponse res)
               throws Exception
```
    Uses an LDAP server to authorize user access with a username and password. Name and password are gathered using the HTTP 'basic' authentication mechanism.
    
    Parameters:
    
    spec - The authorization spec containing details (server to connect to, what to look up, etc.)
    
    req - The HTTP request (contains username and password)
    
    res - The HTTP response (only used to re-request user auth)
    
    Throws:
    
    NoPermissionException - If permission isn't granted, or the browser must re-validate the password.
    
    Exception - Communication or other miscellaneous problems.
  - authExternal
```
private boolean authExternal(Authenticator.ExternalAuthSpec spec,
                             HttpServletRequest req,
                             HttpServletResponse res)
                      throws Exception
```
    Uses an external login web page to authorize user access. Redirects to an external login page and sends a 'nonce' value along with the redirect. Eventually the login gets back to our page with an encrypted version of the nonce so we can prevent spurious returns.
    
    Parameters:
    
    spec - The authorization spec containing URL to contact.
    
    req - The HTTP request (contains nonce when we get the return from the authorization page).
    
    res - The HTTP response
    
    Returns:
    
    true if granted, false if redirected
    
    Throws:
    
    NoPermissionException - If permission isn't granted.
    
    Exception - For miscellaneous problems.
  - checkAuth
```
public boolean checkAuth(String ipAddr,
                         Vector authSpecs,
                         HttpServletRequest req,
                         HttpServletResponse res)
                  throws Exception
```
    Based on a list of authentication specifications, checks if the current session is allowed to access this document. Handles IP-based, LDAP, and external authentication methods.
    
    Parameters:
    
    ipAddr - Real IP address of the requestor
    
    authSpecs - List of authentication specifications (allow/deny), processed in order.
    
    req - The HTTP request that was made
    
    res - The HTTP response being generated
    
    Returns:
    
    true if ok, false to redirect.
    
    Throws:
    
    NoPermissionException - Authentication failed
    
    Exception - Miscellaneous problems
  - bytesToHex
```
private static String bytesToHex(byte[] bytes)
```
    Converts an array of bytes to the hex representation of them, two digits per byte and no spaces.
    
    Parameters:
    
    bytes - An array of bytes to convert
    
    Returns:
    
    A long string representing those bytes in hex form

Class Authenticator

Nested Class Summary

Field Summary

Constructor Summary

Method Summary

Methods inherited from class Object

Field Detail

secureRandom

ipListCache

authCache

loginCache

servlet

config

Constructor Detail

Authenticator

Method Detail

isEmpty

processAuthTag

clearCaches

authLdap

authExternal

checkAuth

bytesToHex