--- /dev/null
+//
+// ========================================================================
+// Copyright (c) 1995-2014 Mort Bay Consulting Pty. Ltd.
+// ------------------------------------------------------------------------
+// All rights reserved. This program and the accompanying materials
+// are made available under the terms of the Eclipse Public License v1.0
+// and Apache License v2.0 which accompanies this distribution.
+//
+// The Eclipse Public License is available at
+// http://www.eclipse.org/legal/epl-v10.html
+//
+// The Apache License v2.0 is available at
+// http://www.opensource.org/licenses/apache2.0.php
+//
+// You may elect to redistribute this code under either of these licenses.
+// ========================================================================
+//
+
+package org.eclipse.jetty.security;
+
+import java.io.File;
+import java.io.FilenameFilter;
+import java.io.IOException;
+import java.security.Principal;
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+import java.util.Properties;
+import java.util.Set;
+
+import javax.security.auth.Subject;
+
+import org.eclipse.jetty.security.MappedLoginService.KnownUser;
+import org.eclipse.jetty.security.MappedLoginService.RolePrincipal;
+import org.eclipse.jetty.server.UserIdentity;
+import org.eclipse.jetty.util.Scanner;
+import org.eclipse.jetty.util.Scanner.BulkListener;
+import org.eclipse.jetty.util.component.AbstractLifeCycle;
+import org.eclipse.jetty.util.log.Log;
+import org.eclipse.jetty.util.log.Logger;
+import org.eclipse.jetty.util.resource.Resource;
+import org.eclipse.jetty.util.security.Credential;
+
+/**
+ * PropertyUserStore
+ *
+ * This class monitors a property file of the format mentioned below and notifies registered listeners of the changes to the the given file.
+ *
+ * <PRE>
+ * username: password [,rolename ...]
+ * </PRE>
+ *
+ * Passwords may be clear text, obfuscated or checksummed. The class com.eclipse.Util.Password should be used to generate obfuscated passwords or password
+ * checksums.
+ *
+ * If DIGEST Authentication is used, the password must be in a recoverable format, either plain text or OBF:.
+ */
+public class PropertyUserStore extends AbstractLifeCycle
+{
+ private static final Logger LOG = Log.getLogger(PropertyUserStore.class);
+
+ private String _config;
+ private Resource _configResource;
+ private Scanner _scanner;
+ private int _refreshInterval = 0;// default is not to reload
+
+ private IdentityService _identityService = new DefaultIdentityService();
+ private boolean _firstLoad = true; // true if first load, false from that point on
+ private final List<String> _knownUsers = new ArrayList<String>();
+ private final Map<String, UserIdentity> _knownUserIdentities = new HashMap<String, UserIdentity>();
+ private List<UserListener> _listeners;
+
+ /* ------------------------------------------------------------ */
+ public String getConfig()
+ {
+ return _config;
+ }
+
+ /* ------------------------------------------------------------ */
+ public void setConfig(String config)
+ {
+ _config = config;
+ }
+
+ /* ------------------------------------------------------------ */
+ public UserIdentity getUserIdentity(String userName)
+ {
+ return _knownUserIdentities.get(userName);
+ }
+
+ /* ------------------------------------------------------------ */
+ /**
+ * returns the resource associated with the configured properties file, creating it if necessary
+ */
+ public Resource getConfigResource() throws IOException
+ {
+ if (_configResource == null)
+ {
+ _configResource = Resource.newResource(_config);
+ }
+
+ return _configResource;
+ }
+
+ /* ------------------------------------------------------------ */
+ /**
+ * sets the refresh interval (in seconds)
+ */
+ public void setRefreshInterval(int msec)
+ {
+ _refreshInterval = msec;
+ }
+
+ /* ------------------------------------------------------------ */
+ /**
+ * refresh interval in seconds for how often the properties file should be checked for changes
+ */
+ public int getRefreshInterval()
+ {
+ return _refreshInterval;
+ }
+
+ /* ------------------------------------------------------------ */
+ private void loadUsers() throws IOException
+ {
+ if (_config == null)
+ return;
+
+ if (LOG.isDebugEnabled())
+ LOG.debug("Load " + this + " from " + _config);
+ Properties properties = new Properties();
+ if (getConfigResource().exists())
+ properties.load(getConfigResource().getInputStream());
+ Set<String> known = new HashSet<String>();
+
+ for (Map.Entry<Object, Object> entry : properties.entrySet())
+ {
+ String username = ((String)entry.getKey()).trim();
+ String credentials = ((String)entry.getValue()).trim();
+ String roles = null;
+ int c = credentials.indexOf(',');
+ if (c > 0)
+ {
+ roles = credentials.substring(c + 1).trim();
+ credentials = credentials.substring(0,c).trim();
+ }
+
+ if (username != null && username.length() > 0 && credentials != null && credentials.length() > 0)
+ {
+ String[] roleArray = IdentityService.NO_ROLES;
+ if (roles != null && roles.length() > 0)
+ {
+ roleArray = roles.split(",");
+ }
+ known.add(username);
+ Credential credential = Credential.getCredential(credentials);
+
+ Principal userPrincipal = new KnownUser(username,credential);
+ Subject subject = new Subject();
+ subject.getPrincipals().add(userPrincipal);
+ subject.getPrivateCredentials().add(credential);
+
+ if (roles != null)
+ {
+ for (String role : roleArray)
+ {
+ subject.getPrincipals().add(new RolePrincipal(role));
+ }
+ }
+
+ subject.setReadOnly();
+
+ _knownUserIdentities.put(username,_identityService.newUserIdentity(subject,userPrincipal,roleArray));
+ notifyUpdate(username,credential,roleArray);
+ }
+ }
+
+ synchronized (_knownUsers)
+ {
+ /*
+ * if its not the initial load then we want to process removed users
+ */
+ if (!_firstLoad)
+ {
+ Iterator<String> users = _knownUsers.iterator();
+ while (users.hasNext())
+ {
+ String user = users.next();
+ if (!known.contains(user))
+ {
+ _knownUserIdentities.remove(user);
+ notifyRemove(user);
+ }
+ }
+ }
+
+ /*
+ * reset the tracked _users list to the known users we just processed
+ */
+
+ _knownUsers.clear();
+ _knownUsers.addAll(known);
+
+ }
+
+ /*
+ * set initial load to false as there should be no more initial loads
+ */
+ _firstLoad = false;
+ }
+
+ /* ------------------------------------------------------------ */
+ /**
+ * Depending on the value of the refresh interval, this method will either start up a scanner thread that will monitor the properties file for changes after
+ * it has initially loaded it. Otherwise the users will be loaded and there will be no active monitoring thread so changes will not be detected.
+ *
+ *
+ * @see org.eclipse.jetty.util.component.AbstractLifeCycle#doStart()
+ */
+ protected void doStart() throws Exception
+ {
+ super.doStart();
+
+ if (getRefreshInterval() > 0)
+ {
+ _scanner = new Scanner();
+ _scanner.setScanInterval(getRefreshInterval());
+ List<File> dirList = new ArrayList<File>(1);
+ dirList.add(getConfigResource().getFile().getParentFile());
+ _scanner.setScanDirs(dirList);
+ _scanner.setFilenameFilter(new FilenameFilter()
+ {
+ public boolean accept(File dir, String name)
+ {
+ File f = new File(dir,name);
+ try
+ {
+ if (f.compareTo(getConfigResource().getFile()) == 0)
+ {
+ return true;
+ }
+ }
+ catch (IOException e)
+ {
+ return false;
+ }
+
+ return false;
+ }
+
+ });
+
+ _scanner.addListener(new BulkListener()
+ {
+ public void filesChanged(List<String> filenames) throws Exception
+ {
+ if (filenames == null)
+ return;
+ if (filenames.isEmpty())
+ return;
+ if (filenames.size() == 1)
+ {
+ Resource r = Resource.newResource(filenames.get(0));
+ if (r.getFile().equals(_configResource.getFile()))
+ loadUsers();
+ }
+ }
+
+ public String toString()
+ {
+ return "PropertyUserStore$Scanner";
+ }
+
+ });
+
+ _scanner.setReportExistingFilesOnStartup(true);
+ _scanner.setRecursive(false);
+ _scanner.start();
+ }
+ else
+ {
+ loadUsers();
+ }
+ }
+
+ /* ------------------------------------------------------------ */
+ /**
+ * @see org.eclipse.jetty.util.component.AbstractLifeCycle#doStop()
+ */
+ protected void doStop() throws Exception
+ {
+ super.doStop();
+ if (_scanner != null)
+ _scanner.stop();
+ _scanner = null;
+ }
+
+ /**
+ * Notifies the registered listeners of potential updates to a user
+ *
+ * @param username
+ * @param credential
+ * @param roleArray
+ */
+ private void notifyUpdate(String username, Credential credential, String[] roleArray)
+ {
+ if (_listeners != null)
+ {
+ for (Iterator<UserListener> i = _listeners.iterator(); i.hasNext();)
+ {
+ i.next().update(username,credential,roleArray);
+ }
+ }
+ }
+
+ /**
+ * notifies the registered listeners that a user has been removed.
+ *
+ * @param username
+ */
+ private void notifyRemove(String username)
+ {
+ if (_listeners != null)
+ {
+ for (Iterator<UserListener> i = _listeners.iterator(); i.hasNext();)
+ {
+ i.next().remove(username);
+ }
+ }
+ }
+
+ /**
+ * registers a listener to be notified of the contents of the property file
+ */
+ public void registerUserListener(UserListener listener)
+ {
+ if (_listeners == null)
+ {
+ _listeners = new ArrayList<UserListener>();
+ }
+ _listeners.add(listener);
+ }
+
+ /**
+ * UserListener
+ */
+ public interface UserListener
+ {
+ public void update(String username, Credential credential, String[] roleArray);
+
+ public void remove(String username);
+ }
+}