From 2823686137590922453b9f3370d248b04f56a821 Mon Sep 17 00:00:00 2001 From: Cleverson Sacramento Date: Wed, 17 Dec 2014 14:26:49 -0200 Subject: [PATCH] FWK-211: Autenticação com Token via TokenAuthenticator e TokenManager --- impl/extension/rest/src/main/java/br/gov/frameworkdemoiselle/internal/implementation/MetadataREST.java | 4 ---- impl/extension/rest/src/main/java/br/gov/frameworkdemoiselle/security/TokenAuthenticator.java | 99 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ impl/extension/rest/src/main/java/br/gov/frameworkdemoiselle/security/TokenManager.java | 46 ++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 145 insertions(+), 4 deletions(-) create mode 100644 impl/extension/rest/src/main/java/br/gov/frameworkdemoiselle/security/TokenAuthenticator.java create mode 100644 impl/extension/rest/src/main/java/br/gov/frameworkdemoiselle/security/TokenManager.java diff --git a/impl/extension/rest/src/main/java/br/gov/frameworkdemoiselle/internal/implementation/MetadataREST.java b/impl/extension/rest/src/main/java/br/gov/frameworkdemoiselle/internal/implementation/MetadataREST.java index 25bec81..961254d 100644 --- a/impl/extension/rest/src/main/java/br/gov/frameworkdemoiselle/internal/implementation/MetadataREST.java +++ b/impl/extension/rest/src/main/java/br/gov/frameworkdemoiselle/internal/implementation/MetadataREST.java @@ -39,7 +39,6 @@ package br.gov.frameworkdemoiselle.internal.implementation; import static javax.ws.rs.core.MediaType.TEXT_HTML; import java.util.ResourceBundle; -import java.util.logging.Logger; import javax.inject.Inject; import javax.ws.rs.GET; @@ -55,9 +54,6 @@ import br.gov.frameworkdemoiselle.util.Metadata; public class MetadataREST { @Inject - private Logger logger; - - @Inject private ResourceBundle bundle; @GET diff --git a/impl/extension/rest/src/main/java/br/gov/frameworkdemoiselle/security/TokenAuthenticator.java b/impl/extension/rest/src/main/java/br/gov/frameworkdemoiselle/security/TokenAuthenticator.java new file mode 100644 index 0000000..2b574f9 --- /dev/null +++ b/impl/extension/rest/src/main/java/br/gov/frameworkdemoiselle/security/TokenAuthenticator.java @@ -0,0 +1,99 @@ +/* + * Demoiselle Framework + * Copyright (C) 2010 SERPRO + * ---------------------------------------------------------------------------- + * This file is part of Demoiselle Framework. + * + * Demoiselle Framework is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public License version 3 + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License version 3 + * along with this program; if not, see + * or write to the Free Software Foundation, Inc., 51 Franklin Street, + * Fifth Floor, Boston, MA 02110-1301, USA. + * ---------------------------------------------------------------------------- + * Este arquivo é parte do Framework Demoiselle. + * + * O Framework Demoiselle é um software livre; você pode redistribuí-lo e/ou + * modificá-lo dentro dos termos da GNU LGPL versão 3 como publicada pela Fundação + * do Software Livre (FSF). + * + * Este programa é distribuído na esperança que possa ser útil, mas SEM NENHUMA + * GARANTIA; sem uma garantia implícita de ADEQUAÇÃO a qualquer MERCADO ou + * APLICAÇÃO EM PARTICULAR. Veja a Licença Pública Geral GNU/LGPL em português + * para maiores detalhes. + * + * Você deve ter recebido uma cópia da GNU LGPL versão 3, sob o título + * "LICENCA.txt", junto com esse programa. Se não, acesse + * ou escreva para a Fundação do Software Livre (FSF) Inc., + * 51 Franklin St, Fifth Floor, Boston, MA 02111-1301, USA. + */ +package br.gov.frameworkdemoiselle.security; + +import static br.gov.frameworkdemoiselle.annotation.Priority.L2_PRIORITY; + +import java.security.Principal; + +import javax.enterprise.context.RequestScoped; + +import br.gov.frameworkdemoiselle.annotation.Priority; +import br.gov.frameworkdemoiselle.util.Beans; + +@RequestScoped +@Priority(L2_PRIORITY) +public class TokenAuthenticator implements Authenticator { + + private static final long serialVersionUID = 1L; + + private Principal user; + + @Override + public void authenticate() throws Exception { + Token token = Beans.getReference(Token.class); + TokenManager tokenManager = Beans.getReference(TokenManager.class); + + if (token.isEmpty()) { + this.user = customAuthentication(); + + String newToken = tokenManager.persist(this.user); + token.setValue(newToken); + + } else { + this.user = tokenAuthentication(token, tokenManager); + } + } + + protected Principal customAuthentication() throws Exception { + ServletAuthenticator authenticator = Beans.getReference(ServletAuthenticator.class); + authenticator.authenticate(); + + return authenticator.getUser(); + } + + private Principal tokenAuthentication(Token token, TokenManager tokenManager) throws Exception { + Principal principal = tokenManager.load(token.getValue()); + + if (principal == null) { + throw new InvalidCredentialsException("token inválido"); + } + + return principal; + } + + @Override + // TODO Apagar o token + public void unauthenticate() { + this.user = null; + } + + @Override + public Principal getUser() { + return this.user; + } +} diff --git a/impl/extension/rest/src/main/java/br/gov/frameworkdemoiselle/security/TokenManager.java b/impl/extension/rest/src/main/java/br/gov/frameworkdemoiselle/security/TokenManager.java new file mode 100644 index 0000000..71bc5cd --- /dev/null +++ b/impl/extension/rest/src/main/java/br/gov/frameworkdemoiselle/security/TokenManager.java @@ -0,0 +1,46 @@ +/* + * Demoiselle Framework + * Copyright (C) 2010 SERPRO + * ---------------------------------------------------------------------------- + * This file is part of Demoiselle Framework. + * + * Demoiselle Framework is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public License version 3 + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License version 3 + * along with this program; if not, see + * or write to the Free Software Foundation, Inc., 51 Franklin Street, + * Fifth Floor, Boston, MA 02110-1301, USA. + * ---------------------------------------------------------------------------- + * Este arquivo é parte do Framework Demoiselle. + * + * O Framework Demoiselle é um software livre; você pode redistribuí-lo e/ou + * modificá-lo dentro dos termos da GNU LGPL versão 3 como publicada pela Fundação + * do Software Livre (FSF). + * + * Este programa é distribuído na esperança que possa ser útil, mas SEM NENHUMA + * GARANTIA; sem uma garantia implícita de ADEQUAÇÃO a qualquer MERCADO ou + * APLICAÇÃO EM PARTICULAR. Veja a Licença Pública Geral GNU/LGPL em português + * para maiores detalhes. + * + * Você deve ter recebido uma cópia da GNU LGPL versão 3, sob o título + * "LICENCA.txt", junto com esse programa. Se não, acesse + * ou escreva para a Fundação do Software Livre (FSF) Inc., + * 51 Franklin St, Fifth Floor, Boston, MA 02111-1301, USA. + */ +package br.gov.frameworkdemoiselle.security; + +import java.security.Principal; + +public interface TokenManager { + + String persist(Principal user) throws Exception; + + Principal load(String token) throws Exception; +} -- libgit2 0.21.2