*/
public TafResp validate(Taf.LifeForm reading, HttpServletRequest req, HttpServletResponse resp) {
// See if Request implements BasicCred (aka CadiWrap or other), and if User/Pass has already been set separately
- if(req instanceof BasicCred) {
+ if (req instanceof BasicCred) {
BasicCred bc = (BasicCred)req;
- if(bc.getUser()!=null) { // CadiWrap, if set, makes sure User & Password are both valid, or both null
- if(DenialOfServiceTaf.isDeniedID(bc.getUser())!=null) {
+ if (bc.getUser()!=null) { // CadiWrap, if set, makes sure User & Password are both valid, or both null
+ if (DenialOfServiceTaf.isDeniedID(bc.getUser())!=null) {
return DenialOfServiceTaf.respDenyID(access,bc.getUser());
}
CachedBasicPrincipal bp = new CachedBasicPrincipal(this,bc,realm,timeToLive);
// Be able to do Organizational specific lookups by Domain
CredVal cv = rbacs.get(bp.getDomain());
- if(cv==null) {
+ if (cv==null) {
cv = rbac;
}
// ONLY FOR Last Ditch DEBUGGING...
// access.log(Level.WARN,bp.getName() + ":" + new String(bp.getCred()));
- if(cv.validate(bp.getName(),Type.PASSWORD,bp.getCred(),req)) {
+ if (cv.validate(bp.getName(),Type.PASSWORD,bp.getCred(),req)) {
return new BasicHttpTafResp(access,bp,bp.getName()+" authenticated by password",RESP.IS_AUTHENTICATED,resp,realm,false);
} else {
//TODO may need timed retries in a given time period
}
// Get User/Password from Authorization Header value
String authz = req.getHeader("Authorization");
- if(authz != null && authz.startsWith("Basic ")) {
- if(warn&&!req.isSecure()) {
+ if (authz != null && authz.startsWith("Basic ")) {
+ if (warn&&!req.isSecure()) {
access.log(Level.WARN,"WARNING! BasicAuth has been used over an insecure channel");
}
try {
CachedBasicPrincipal ba = new CachedBasicPrincipal(this,authz,realm,timeToLive);
- if(DenialOfServiceTaf.isDeniedID(ba.getName())!=null) {
+ if (DenialOfServiceTaf.isDeniedID(ba.getName())!=null) {
return DenialOfServiceTaf.respDenyID(access,ba.getName());
}
final int at = ba.getName().indexOf('@');
CredVal cv = rbacs.get(ba.getName().substring(at+1));
- if(cv==null) {
+ if (cv==null) {
cv = rbac; // default
}
// ONLY FOR Last Ditch DEBUGGING...
// access.log(Level.WARN,ba.getName() + ":" + new String(ba.getCred()));
- if(cv.validate(ba.getName(), Type.PASSWORD, ba.getCred(), req)) {
+ if (cv.validate(ba.getName(), Type.PASSWORD, ba.getCred(), req)) {
return new BasicHttpTafResp(access,ba, ba.getName()+" authenticated by BasicAuth password",RESP.IS_AUTHENTICATED,resp,realm,false);
} else {
//TODO may need timed retries in a given time period
protected String buildMsg(Principal pr, HttpServletRequest req, Object ... msg) {
StringBuilder sb = new StringBuilder();
- if(pr!=null) {
+ if (pr!=null) {
sb.append("user=");
sb.append(pr.getName());
sb.append(',');
sb.append(req.getRemoteAddr());
sb.append(",port=");
sb.append(req.getRemotePort());
- if(msg.length>0) {
+ if (msg.length>0) {
sb.append(",msg=\"");
- for(Object s : msg) {
+ for (Object s : msg) {
sb.append(s.toString());
}
sb.append('"');
public CredVal getCredVal(String key) {
CredVal cv = rbacs.get(key);
- if(cv==null) {
+ if (cv==null) {
cv = rbac;
}
return cv;
@Override
public Resp revalidate(CachedPrincipal prin, Object state) {
- if(prin instanceof BasicPrincipal) {
+ if (prin instanceof BasicPrincipal) {
BasicPrincipal ba = (BasicPrincipal)prin;
- if(DenialOfServiceTaf.isDeniedID(ba.getName())!=null) {
+ if (DenialOfServiceTaf.isDeniedID(ba.getName())!=null) {
return Resp.UNVALIDATED;
}
return rbac.validate(ba.getName(), Type.PASSWORD, ba.getCred(), state)?Resp.REVALIDATED:Resp.UNVALIDATED;