org.eclipse.jetty.security.PropertyUserStore Maven / Gradle / Ivy
//
// ========================================================================
// Copyright (c) 1995-2016 Mort Bay Consulting Pty. Ltd.
// ------------------------------------------------------------------------
// All rights reserved. This program and the accompanying materials
// are made available under the terms of the Eclipse Public License v1.0
// and Apache License v2.0 which accompanies this distribution.
//
// The Eclipse Public License is available at
// http://www.eclipse.org/legal/epl-v10.html
//
// The Apache License v2.0 is available at
// http://www.opensource.org/licenses/apache2.0.php
//
// You may elect to redistribute this code under either of these licenses.
// ========================================================================
//
package org.eclipse.jetty.security;
import java.io.File;
import java.io.FilenameFilter;
import java.io.IOException;
import java.security.Principal;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.Set;
import javax.security.auth.Subject;
import org.eclipse.jetty.security.MappedLoginService.KnownUser;
import org.eclipse.jetty.security.MappedLoginService.RolePrincipal;
import org.eclipse.jetty.server.UserIdentity;
import org.eclipse.jetty.util.Scanner;
import org.eclipse.jetty.util.Scanner.BulkListener;
import org.eclipse.jetty.util.component.AbstractLifeCycle;
import org.eclipse.jetty.util.log.Log;
import org.eclipse.jetty.util.log.Logger;
import org.eclipse.jetty.util.resource.Resource;
import org.eclipse.jetty.util.security.Credential;
/**
* PropertyUserStore
*
* This class monitors a property file of the format mentioned below and notifies registered listeners of the changes to the the given file.
*
*
* username: password [,rolename ...]
*
*
* Passwords may be clear text, obfuscated or checksummed. The class com.eclipse.Util.Password should be used to generate obfuscated passwords or password
* checksums.
*
* If DIGEST Authentication is used, the password must be in a recoverable format, either plain text or OBF:.
*/
public class PropertyUserStore extends AbstractLifeCycle
{
private static final Logger LOG = Log.getLogger(PropertyUserStore.class);
private String _config;
private Resource _configResource;
private Scanner _scanner;
private int _refreshInterval = 0;// default is not to reload
private IdentityService _identityService = new DefaultIdentityService();
private boolean _firstLoad = true; // true if first load, false from that point on
private final List _knownUsers = new ArrayList();
private final Map _knownUserIdentities = new HashMap();
private List _listeners;
/* ------------------------------------------------------------ */
public String getConfig()
{
return _config;
}
/* ------------------------------------------------------------ */
public void setConfig(String config)
{
_config = config;
}
/* ------------------------------------------------------------ */
public UserIdentity getUserIdentity(String userName)
{
return _knownUserIdentities.get(userName);
}
/* ------------------------------------------------------------ */
/**
* returns the resource associated with the configured properties file, creating it if necessary
*/
public Resource getConfigResource() throws IOException
{
if (_configResource == null)
{
_configResource = Resource.newResource(_config);
}
return _configResource;
}
/* ------------------------------------------------------------ */
/**
* sets the refresh interval (in seconds)
*/
public void setRefreshInterval(int msec)
{
_refreshInterval = msec;
}
/* ------------------------------------------------------------ */
/**
* refresh interval in seconds for how often the properties file should be checked for changes
*/
public int getRefreshInterval()
{
return _refreshInterval;
}
/* ------------------------------------------------------------ */
private void loadUsers() throws IOException
{
if (_config == null)
return;
if (LOG.isDebugEnabled())
LOG.debug("Load " + this + " from " + _config);
Properties properties = new Properties();
if (getConfigResource().exists())
properties.load(getConfigResource().getInputStream());
Set known = new HashSet();
for (Map.Entry