2 // ========================================================================
3 // Copyright (c) 1995-2014 Mort Bay Consulting Pty. Ltd.
4 // ------------------------------------------------------------------------
5 // All rights reserved. This program and the accompanying materials
6 // are made available under the terms of the Eclipse Public License v1.0
7 // and Apache License v2.0 which accompanies this distribution.
9 // The Eclipse Public License is available at
10 // http://www.eclipse.org/legal/epl-v10.html
12 // The Apache License v2.0 is available at
13 // http://www.opensource.org/licenses/apache2.0.php
15 // You may elect to redistribute this code under either of these licenses.
16 // ========================================================================
19 package org.eclipse.jetty.security;
22 import java.io.FilenameFilter;
23 import java.io.IOException;
24 import java.security.Principal;
25 import java.util.ArrayList;
26 import java.util.HashMap;
27 import java.util.HashSet;
28 import java.util.Iterator;
29 import java.util.List;
31 import java.util.Properties;
34 import javax.security.auth.Subject;
36 import org.eclipse.jetty.security.MappedLoginService.KnownUser;
37 import org.eclipse.jetty.security.MappedLoginService.RolePrincipal;
38 import org.eclipse.jetty.server.UserIdentity;
39 import org.eclipse.jetty.util.Scanner;
40 import org.eclipse.jetty.util.Scanner.BulkListener;
41 import org.eclipse.jetty.util.component.AbstractLifeCycle;
42 import org.eclipse.jetty.util.log.Log;
43 import org.eclipse.jetty.util.log.Logger;
44 import org.eclipse.jetty.util.resource.Resource;
45 import org.eclipse.jetty.util.security.Credential;
50 * This class monitors a property file of the format mentioned below and notifies registered listeners of the changes to the the given file.
53 * username: password [,rolename ...]
56 * Passwords may be clear text, obfuscated or checksummed. The class com.eclipse.Util.Password should be used to generate obfuscated passwords or password
59 * If DIGEST Authentication is used, the password must be in a recoverable format, either plain text or OBF:.
61 public class PropertyUserStore extends AbstractLifeCycle
63 private static final Logger LOG = Log.getLogger(PropertyUserStore.class);
65 private String _config;
66 private Resource _configResource;
67 private Scanner _scanner;
68 private int _refreshInterval = 0;// default is not to reload
70 private IdentityService _identityService = new DefaultIdentityService();
71 private boolean _firstLoad = true; // true if first load, false from that point on
72 private final List<String> _knownUsers = new ArrayList<String>();
73 private final Map<String, UserIdentity> _knownUserIdentities = new HashMap<String, UserIdentity>();
74 private List<UserListener> _listeners;
76 /* ------------------------------------------------------------ */
77 public String getConfig()
82 /* ------------------------------------------------------------ */
83 public void setConfig(String config)
88 /* ------------------------------------------------------------ */
89 public UserIdentity getUserIdentity(String userName)
91 return _knownUserIdentities.get(userName);
94 /* ------------------------------------------------------------ */
96 * returns the resource associated with the configured properties file, creating it if necessary
98 public Resource getConfigResource() throws IOException
100 if (_configResource == null)
102 _configResource = Resource.newResource(_config);
105 return _configResource;
108 /* ------------------------------------------------------------ */
110 * sets the refresh interval (in seconds)
112 public void setRefreshInterval(int msec)
114 _refreshInterval = msec;
117 /* ------------------------------------------------------------ */
119 * refresh interval in seconds for how often the properties file should be checked for changes
121 public int getRefreshInterval()
123 return _refreshInterval;
126 /* ------------------------------------------------------------ */
127 private void loadUsers() throws IOException
132 if (LOG.isDebugEnabled())
133 LOG.debug("Load " + this + " from " + _config);
134 Properties properties = new Properties();
135 if (getConfigResource().exists())
136 properties.load(getConfigResource().getInputStream());
137 Set<String> known = new HashSet<String>();
139 for (Map.Entry<Object, Object> entry : properties.entrySet())
141 String username = ((String)entry.getKey()).trim();
142 String credentials = ((String)entry.getValue()).trim();
144 int c = credentials.indexOf(',');
147 roles = credentials.substring(c + 1).trim();
148 credentials = credentials.substring(0,c).trim();
151 if (username != null && username.length() > 0 && credentials != null && credentials.length() > 0)
153 String[] roleArray = IdentityService.NO_ROLES;
154 if (roles != null && roles.length() > 0)
156 roleArray = roles.split(",");
159 Credential credential = Credential.getCredential(credentials);
161 Principal userPrincipal = new KnownUser(username,credential);
162 Subject subject = new Subject();
163 subject.getPrincipals().add(userPrincipal);
164 subject.getPrivateCredentials().add(credential);
168 for (String role : roleArray)
170 subject.getPrincipals().add(new RolePrincipal(role));
174 subject.setReadOnly();
176 _knownUserIdentities.put(username,_identityService.newUserIdentity(subject,userPrincipal,roleArray));
177 notifyUpdate(username,credential,roleArray);
181 synchronized (_knownUsers)
184 * if its not the initial load then we want to process removed users
188 Iterator<String> users = _knownUsers.iterator();
189 while (users.hasNext())
191 String user = users.next();
192 if (!known.contains(user))
194 _knownUserIdentities.remove(user);
201 * reset the tracked _users list to the known users we just processed
205 _knownUsers.addAll(known);
210 * set initial load to false as there should be no more initial loads
215 /* ------------------------------------------------------------ */
217 * Depending on the value of the refresh interval, this method will either start up a scanner thread that will monitor the properties file for changes after
218 * it has initially loaded it. Otherwise the users will be loaded and there will be no active monitoring thread so changes will not be detected.
221 * @see org.eclipse.jetty.util.component.AbstractLifeCycle#doStart()
223 protected void doStart() throws Exception
227 if (getRefreshInterval() > 0)
229 _scanner = new Scanner();
230 _scanner.setScanInterval(getRefreshInterval());
231 List<File> dirList = new ArrayList<File>(1);
232 dirList.add(getConfigResource().getFile().getParentFile());
233 _scanner.setScanDirs(dirList);
234 _scanner.setFilenameFilter(new FilenameFilter()
236 public boolean accept(File dir, String name)
238 File f = new File(dir,name);
241 if (f.compareTo(getConfigResource().getFile()) == 0)
246 catch (IOException e)
256 _scanner.addListener(new BulkListener()
258 public void filesChanged(List<String> filenames) throws Exception
260 if (filenames == null)
262 if (filenames.isEmpty())
264 if (filenames.size() == 1)
266 Resource r = Resource.newResource(filenames.get(0));
267 if (r.getFile().equals(_configResource.getFile()))
272 public String toString()
274 return "PropertyUserStore$Scanner";
279 _scanner.setReportExistingFilesOnStartup(true);
280 _scanner.setRecursive(false);
289 /* ------------------------------------------------------------ */
291 * @see org.eclipse.jetty.util.component.AbstractLifeCycle#doStop()
293 protected void doStop() throws Exception
296 if (_scanner != null)
302 * Notifies the registered listeners of potential updates to a user
308 private void notifyUpdate(String username, Credential credential, String[] roleArray)
310 if (_listeners != null)
312 for (Iterator<UserListener> i = _listeners.iterator(); i.hasNext();)
314 i.next().update(username,credential,roleArray);
320 * notifies the registered listeners that a user has been removed.
324 private void notifyRemove(String username)
326 if (_listeners != null)
328 for (Iterator<UserListener> i = _listeners.iterator(); i.hasNext();)
330 i.next().remove(username);
336 * registers a listener to be notified of the contents of the property file
338 public void registerUserListener(UserListener listener)
340 if (_listeners == null)
342 _listeners = new ArrayList<UserListener>();
344 _listeners.add(listener);
350 public interface UserListener
352 public void update(String username, Credential credential, String[] roleArray);
354 public void remove(String username);