001/* 002 * (C) Copyright 2006-2007 Nuxeo SA (http://nuxeo.com/) and others. 003 * 004 * Licensed under the Apache License, Version 2.0 (the "License"); 005 * you may not use this file except in compliance with the License. 006 * You may obtain a copy of the License at 007 * 008 * http://www.apache.org/licenses/LICENSE-2.0 009 * 010 * Unless required by applicable law or agreed to in writing, software 011 * distributed under the License is distributed on an "AS IS" BASIS, 012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 013 * See the License for the specific language governing permissions and 014 * limitations under the License. 015 * 016 * Contributors: 017 * Nuxeo - initial API and implementation 018 * 019 * $Id: JOOoConvertPluginImpl.java 18651 2007-05-13 20:28:53Z sfermigier $ 020 */ 021 022package org.nuxeo.ecm.platform.ui.web.auth.portal; 023 024import java.security.MessageDigest; 025import java.security.NoSuchAlgorithmException; 026import java.util.Date; 027import java.util.List; 028import java.util.Map; 029 030import javax.servlet.http.HttpServletRequest; 031import javax.servlet.http.HttpServletResponse; 032 033import org.nuxeo.ecm.platform.api.login.UserIdentificationInfo; 034import org.nuxeo.ecm.platform.ui.web.auth.interfaces.NuxeoAuthenticationPlugin; 035 036import com.noelios.restlet.util.Base64; 037 038public class PortalAuthenticator implements NuxeoAuthenticationPlugin { 039 040 private static final String SECRET_KEY_NAME = "secret"; 041 042 private static final String MAX_AGE_KEY_NAME = "maxAge"; 043 044 private static final String TS_HEADER = "NX_TS"; 045 046 private static final String RANDOM_HEADER = "NX_RD"; 047 048 private static final String TOKEN_HEADER = "NX_TOKEN"; 049 050 private static final String USER_HEADER = "NX_USER"; 051 052 private static final String TOKEN_SEP = ":"; 053 054 // 055 private String secret = "secret"; 056 057 // one hour by default 058 private long maxAge = 60 * 60; 059 060 public List<String> getUnAuthenticatedURLPrefix() { 061 return null; 062 } 063 064 public Boolean handleLoginPrompt(HttpServletRequest httpRequest, HttpServletResponse httpResponse, String baseURL) { 065 return false; 066 } 067 068 public UserIdentificationInfo handleRetrieveIdentity(HttpServletRequest httpRequest, 069 HttpServletResponse httpResponse) { 070 071 String ts = httpRequest.getHeader(TS_HEADER); 072 String random = httpRequest.getHeader(RANDOM_HEADER); 073 String token = httpRequest.getHeader(TOKEN_HEADER); 074 String userName = httpRequest.getHeader(USER_HEADER); 075 076 if (userName == null || ts == null || random == null || token == null) { 077 return null; 078 } 079 080 if (validateToken(ts, random, token, userName)) { 081 return new UserIdentificationInfo(userName, userName); 082 } else { 083 return null; 084 } 085 } 086 087 public void initPlugin(Map<String, String> parameters) { 088 if (parameters.containsKey(SECRET_KEY_NAME)) { 089 secret = parameters.get(SECRET_KEY_NAME); 090 } 091 if (parameters.containsKey(MAX_AGE_KEY_NAME)) { 092 String maxAgeStr = parameters.get(MAX_AGE_KEY_NAME); 093 if (maxAgeStr != null && !maxAgeStr.equals("")) { 094 maxAge = Long.parseLong(maxAgeStr); 095 } 096 } 097 } 098 099 public Boolean needLoginPrompt(HttpServletRequest httpRequest) { 100 return false; 101 } 102 103 private Boolean validateToken(String ts, String random, String token, String userName) { 104 // reconstruct the token 105 String clearToken = ts + TOKEN_SEP + random + TOKEN_SEP + secret + TOKEN_SEP + userName; 106 107 byte[] hashedToken; 108 try { 109 hashedToken = MessageDigest.getInstance("MD5").digest(clearToken.getBytes()); 110 } catch (NoSuchAlgorithmException e) { 111 return false; 112 } 113 String base64HashedToken = Base64.encodeBytes(hashedToken); 114 115 // check that tokens are the same => that we have the same shared key 116 if (!base64HashedToken.equals(token)) { 117 return false; 118 } 119 120 // check time stamp 121 long portalTS = Long.parseLong(ts); 122 long currentTS = (new Date()).getTime(); 123 124 return (currentTS - portalTS) / 1000 <= maxAge; 125 } 126 127}