org.apache.lucene.gdata.server.authentication
Class BlowfishAuthenticationController

java.lang.Object
  extended by org.apache.lucene.gdata.server.authentication.BlowfishAuthenticationController
All Implemented Interfaces:
AuthenticationController, ServerComponent

public class BlowfishAuthenticationController
extends Object
implements AuthenticationController

A AuthenticationController implmentation using a Blowfish algorithmn to en/decrpyt the authentification token. The Blowfish algorithmn enables a stateless authetication of the client. The token contains all information to authenticate the client on possible other hosts.

The token contains the first 32 bit of the client ip (e.g. 192.168.0), account name, GDataAccount.AccountRole and the cration time as a timestamp. The timestamp will be checked on every subsequent request. If the timestamp plus the configured timeout is less than the current time the client has to reauthenticate again.

The auth token returned by the authenticatAccount(GDataAccount, String) method is a BASE64 encoded string.

Author:
Simon Willnauer
See Also:
Cipher, BASE64Encoder, BASE64Decoder

Field Summary
 
Fields inherited from interface org.apache.lucene.gdata.server.authentication.AuthenticationController
ACCOUNT_PARAMETER, APPLICATION_PARAMETER, AUTHORIZATION_HEADER, PASSWORD_PARAMETER, SERVICE_PARAMETER, TOKEN_KEY
 
Constructor Summary
BlowfishAuthenticationController()
           
 
Method Summary
 String authenticatAccount(GDataAccount account, String requestIp)
          Creates a authentication token for the given account.
 boolean authenticateToken(String token, String requestIp, GDataAccount.AccountRole role, String accountName)
          Authenticates the given auth token and checks the given parameter for matching the information contained inside the token.
protected  String calculateAuthToken(String ipAddress, String role, String accountName)
           
protected  String deCryptAuthToken(String authToken)
           
 void destroy()
          will be called when the registry is going down e.g.
 String getKey()
           
 int getLoginTimeout()
           
 void initialize()
          will be call when the component is registered.
 void setKey(String key)
           
 void setLoginTimeout(int minuteOffset)
           
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

BlowfishAuthenticationController

public BlowfishAuthenticationController()
Method Detail

initialize

public void initialize()
Description copied from interface: ServerComponent
will be call when the component is registered. if this fails the server must not startup.

Specified by:
initialize in interface ServerComponent
See Also:
ServerComponent.initialize()

authenticatAccount

public String authenticatAccount(GDataAccount account,
                                 String requestIp)
Description copied from interface: AuthenticationController
Creates a authentication token for the given account. The token will be calculated based on a part of the clients ip address, the account role and the account name and the time in millisecond at the point of creation.

Specified by:
authenticatAccount in interface AuthenticationController
Parameters:
account - - the account to create the token for
requestIp - - the clients request ip address
Returns:
- a BASE64 encoded authentification token
See Also:
AuthenticationController.authenticatAccount(org.apache.lucene.gdata.data.GDataAccount, java.lang.String)

authenticateToken

public boolean authenticateToken(String token,
                                 String requestIp,
                                 GDataAccount.AccountRole role,
                                 String accountName)
Description copied from interface: AuthenticationController
Authenticates the given auth token and checks the given parameter for matching the information contained inside the token.

if the given account name is null the authentication will ignore the account name and the decision whether the token is valid or not will be based on the given role compared to the role inside the token

Specified by:
authenticateToken in interface AuthenticationController
Parameters:
token - - the token to authenticate
requestIp - - the client request IP address
role - - the required role
accountName - - the name of the account
Returns:
true if the given values match the values inside the token and if the timestamp plus the configured timeout is greater than the current time, if one of the values does not match or the token has timed out it will return false
See Also:
AuthenticationController.authenticateToken(java.lang.String, java.lang.String, org.apache.lucene.gdata.data.GDataAccount.AccountRole, java.lang.String)

calculateAuthToken

protected String calculateAuthToken(String ipAddress,
                                    String role,
                                    String accountName)
                             throws IllegalBlockSizeException,
                                    BadPaddingException,
                                    UnsupportedEncodingException
Throws:
IllegalBlockSizeException
BadPaddingException
UnsupportedEncodingException

deCryptAuthToken

protected String deCryptAuthToken(String authToken)
                           throws IOException,
                                  IllegalBlockSizeException,
                                  BadPaddingException
Throws:
IOException
IllegalBlockSizeException
BadPaddingException

getLoginTimeout

public int getLoginTimeout()
Returns:
Returns the minuteOffset.

setLoginTimeout

public void setLoginTimeout(int minuteOffset)
Parameters:
minuteOffset - The minuteOffset to set.

getKey

public String getKey()
Returns:
Returns the key.

setKey

public void setKey(String key)
Parameters:
key - The key to set.

destroy

public void destroy()
Description copied from interface: ServerComponent
will be called when the registry is going down e.g. when the GDataServerRegistry.destroy() method is called.

Specified by:
destroy in interface ServerComponent
See Also:
ServerComponent.destroy()


Copyright © 2000-2008 Apache Software Foundation. All Rights Reserved.