2 // ========================================================================
3 // Copyright (c) 1995-2016 Mort Bay Consulting Pty. Ltd.
4 // ------------------------------------------------------------------------
5 // All rights reserved. This program and the accompanying materials
6 // are made available under the terms of the Eclipse Public License v1.0
7 // and Apache License v2.0 which accompanies this distribution.
9 // The Eclipse Public License is available at
10 // http://www.eclipse.org/legal/epl-v10.html
12 // The Apache License v2.0 is available at
13 // http://www.opensource.org/licenses/apache2.0.php
15 // You may elect to redistribute this code under either of these licenses.
16 // ========================================================================
19 package org.eclipse.jetty.security;
22 import java.io.FilenameFilter;
23 import java.io.IOException;
24 import java.security.Principal;
25 import java.util.ArrayList;
26 import java.util.HashMap;
27 import java.util.HashSet;
28 import java.util.Iterator;
29 import java.util.List;
31 import java.util.Properties;
34 import javax.security.auth.Subject;
36 import org.eclipse.jetty.security.MappedLoginService.KnownUser;
37 import org.eclipse.jetty.security.MappedLoginService.RolePrincipal;
38 import org.eclipse.jetty.server.UserIdentity;
39 import org.eclipse.jetty.util.Scanner;
40 import org.eclipse.jetty.util.Scanner.BulkListener;
41 import org.eclipse.jetty.util.StringUtil;
42 import org.eclipse.jetty.util.component.AbstractLifeCycle;
43 import org.eclipse.jetty.util.log.Log;
44 import org.eclipse.jetty.util.log.Logger;
45 import org.eclipse.jetty.util.resource.Resource;
46 import org.eclipse.jetty.util.security.Credential;
51 * This class monitors a property file of the format mentioned below and notifies registered listeners of the changes to the the given file.
54 * username: password [,rolename ...]
57 * Passwords may be clear text, obfuscated or checksummed. The class com.eclipse.Util.Password should be used to generate obfuscated passwords or password
60 * If DIGEST Authentication is used, the password must be in a recoverable format, either plain text or OBF:.
62 public class PropertyUserStore extends AbstractLifeCycle
64 private static final Logger LOG = Log.getLogger(PropertyUserStore.class);
66 private String _config;
67 private Resource _configResource;
68 private Scanner _scanner;
69 private int _refreshInterval = 0;// default is not to reload
71 private IdentityService _identityService = new DefaultIdentityService();
72 private boolean _firstLoad = true; // true if first load, false from that point on
73 private final List<String> _knownUsers = new ArrayList<String>();
74 private final Map<String, UserIdentity> _knownUserIdentities = new HashMap<String, UserIdentity>();
75 private List<UserListener> _listeners;
77 /* ------------------------------------------------------------ */
78 public String getConfig()
83 /* ------------------------------------------------------------ */
84 public void setConfig(String config)
89 /* ------------------------------------------------------------ */
90 public UserIdentity getUserIdentity(String userName)
92 return _knownUserIdentities.get(userName);
95 /* ------------------------------------------------------------ */
97 * returns the resource associated with the configured properties file, creating it if necessary
99 public Resource getConfigResource() throws IOException
101 if (_configResource == null)
103 _configResource = Resource.newResource(_config);
106 return _configResource;
109 /* ------------------------------------------------------------ */
111 * sets the refresh interval (in seconds)
113 public void setRefreshInterval(int msec)
115 _refreshInterval = msec;
118 /* ------------------------------------------------------------ */
120 * refresh interval in seconds for how often the properties file should be checked for changes
122 public int getRefreshInterval()
124 return _refreshInterval;
127 /* ------------------------------------------------------------ */
128 private void loadUsers() throws IOException
133 if (LOG.isDebugEnabled())
134 LOG.debug("Load " + this + " from " + _config);
135 Properties properties = new Properties();
136 if (getConfigResource().exists())
137 properties.load(getConfigResource().getInputStream());
138 Set<String> known = new HashSet<String>();
140 for (Map.Entry<Object, Object> entry : properties.entrySet())
142 String username = ((String)entry.getKey()).trim();
143 String credentials = ((String)entry.getValue()).trim();
145 int c = credentials.indexOf(',');
148 roles = credentials.substring(c + 1).trim();
149 credentials = credentials.substring(0,c).trim();
152 if (username != null && username.length() > 0 && credentials != null && credentials.length() > 0)
154 String[] roleArray = IdentityService.NO_ROLES;
155 if (roles != null && roles.length() > 0)
157 roleArray = StringUtil.csvSplit(roles);
160 Credential credential = Credential.getCredential(credentials);
162 Principal userPrincipal = new KnownUser(username,credential);
163 Subject subject = new Subject();
164 subject.getPrincipals().add(userPrincipal);
165 subject.getPrivateCredentials().add(credential);
169 for (String role : roleArray)
171 subject.getPrincipals().add(new RolePrincipal(role));
175 subject.setReadOnly();
177 _knownUserIdentities.put(username,_identityService.newUserIdentity(subject,userPrincipal,roleArray));
178 notifyUpdate(username,credential,roleArray);
182 synchronized (_knownUsers)
185 * if its not the initial load then we want to process removed users
189 Iterator<String> users = _knownUsers.iterator();
190 while (users.hasNext())
192 String user = users.next();
193 if (!known.contains(user))
195 _knownUserIdentities.remove(user);
202 * reset the tracked _users list to the known users we just processed
206 _knownUsers.addAll(known);
211 * set initial load to false as there should be no more initial loads
216 /* ------------------------------------------------------------ */
218 * Depending on the value of the refresh interval, this method will either start up a scanner thread that will monitor the properties file for changes after
219 * it has initially loaded it. Otherwise the users will be loaded and there will be no active monitoring thread so changes will not be detected.
222 * @see org.eclipse.jetty.util.component.AbstractLifeCycle#doStart()
224 protected void doStart() throws Exception
228 if (getRefreshInterval() > 0)
230 _scanner = new Scanner();
231 _scanner.setScanInterval(getRefreshInterval());
232 List<File> dirList = new ArrayList<File>(1);
233 dirList.add(getConfigResource().getFile().getParentFile());
234 _scanner.setScanDirs(dirList);
235 _scanner.setFilenameFilter(new FilenameFilter()
237 public boolean accept(File dir, String name)
239 File f = new File(dir,name);
242 if (f.compareTo(getConfigResource().getFile()) == 0)
247 catch (IOException e)
257 _scanner.addListener(new BulkListener()
259 public void filesChanged(List<String> filenames) throws Exception
261 if (filenames == null)
263 if (filenames.isEmpty())
265 if (filenames.size() == 1)
267 Resource r = Resource.newResource(filenames.get(0));
268 if (r.getFile().equals(_configResource.getFile()))
273 public String toString()
275 return "PropertyUserStore$Scanner";
280 _scanner.setReportExistingFilesOnStartup(true);
281 _scanner.setRecursive(false);
290 /* ------------------------------------------------------------ */
292 * @see org.eclipse.jetty.util.component.AbstractLifeCycle#doStop()
294 protected void doStop() throws Exception
297 if (_scanner != null)
303 * Notifies the registered listeners of potential updates to a user
309 private void notifyUpdate(String username, Credential credential, String[] roleArray)
311 if (_listeners != null)
313 for (Iterator<UserListener> i = _listeners.iterator(); i.hasNext();)
315 i.next().update(username,credential,roleArray);
321 * notifies the registered listeners that a user has been removed.
325 private void notifyRemove(String username)
327 if (_listeners != null)
329 for (Iterator<UserListener> i = _listeners.iterator(); i.hasNext();)
331 i.next().remove(username);
337 * registers a listener to be notified of the contents of the property file
339 public void registerUserListener(UserListener listener)
341 if (_listeners == null)
343 _listeners = new ArrayList<UserListener>();
345 _listeners.add(listener);
351 public interface UserListener
353 public void update(String username, Credential credential, String[] roleArray);
355 public void remove(String username);