org.awakefw.commons.api.server
Class DefaultAwakeCommonsConfigurator

java.lang.Object
  org.awakefw.commons.api.server.DefaultAwakeCommonsConfigurator

All Implemented Interfaces:

AwakeCommonsConfigurator

public class DefaultAwakeCommonsConfigurator
extends Object
implements AwakeCommonsConfigurator

Default implementation of the commons User Configuration for the Awake Framework.

This defaults implementation will help for a quick start and to test the Awake Framework, but please note that is implementation is not secure at all.
Especially: the login method will always return true.

So:

• The forceSecureHttp method should be set to true by your implementation in order to prevent the login info and the data to be send in clear over the Internet with http protocol
frameworks.
• The login method should be overridden by your specific implementation.

Since:

1.0

Constructor Summary

DefaultAwakeCommonsConfigurator()
Constructor.

Method Summary

String	addSecretForAuthToken() Allows to define a secret value that will enforce the security of the authentication defined in computeAuthToken.
String	computeAuthToken(String username) This default method is secure if client side always use SSL/TLS httpS calls.
boolean	forceSecureHttp() Allows to define if the host url must be accessed in secured httpS.
List<String>	getBannedIPs() Allows to define the list of banned IP addresses.
Set<String>	getBannedUsernames() Allows to define the set of banned usernames.
Connection	getConnection() Attempts to establish a connection with an underlying data source.
char[]	getEncryptionPassword() Allows to define the password that is used to encrypt from the Client all the request parameters values for security reason (obfuscation and transport encryption).
Logger	getLogger() Returns the Logger that will be used by Awake File or Awake SQL logging: All Exceptions thrown by server side will be logged.
boolean	login(String username, char[] password) Allows to authenticate the remote (username, password) couple send by the client side and to give access to the Awaker Server.

Methods inherited from class java.lang.Object

equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

DefaultAwakeCommonsConfigurator

public DefaultAwakeCommonsConfigurator()

Constructor.

Method Detail

addSecretForAuthToken

public String addSecretForAuthToken()
                             throws IOException,
                                    SQLException

Description copied from interface: AwakeCommonsConfigurator

Allows to define a secret value that will enforce the security of the authentication defined in computeAuthToken.

Specified by:

addSecretForAuthToken in interface AwakeCommonsConfigurator

Returns:

null. It is highly recommended to override this method in order to set a secret value in order to reinforce the security of the Awake Server.

Throws:

IOException - if an IOException occurs

SQLException - if a SQLException occurs

See Also:

AwakeCommonsConfigurator.computeAuthToken(java.lang.String)

computeAuthToken

public String computeAuthToken(String username)
                        throws Exception

This default method is secure if client side always use SSL/TLS httpS calls.

You may override the method if you want to create the Authentication Token with your own security rules (adding random values stored in database, etc.)

Specified by:

computeAuthToken in interface AwakeCommonsConfigurator

Parameters:

username - the database user on whose behalf the connection is being made

Returns:

SHA-1(username + hostname + addSecretForAuthToken()) first 20 hexadecimal characters.
where:

• hostname: the hostname returned by the Unix/Linux/Window shell command "hostname" on the server side.

Throws:

Exception - if an Exception occurs

forceSecureHttp

public boolean forceSecureHttp()

Description copied from interface: AwakeCommonsConfigurator

Allows to define if the host url must be accessed in secured httpS. If true, the Awake File Manager or Awake SQL Manager (AwakeFileManager or AwakeSqlManager Servlet) will ask the client side to convert the url scheme from "http" to secure "https" for all server requests. This will be done automatically on the client side prior to authentication.

Specified by:

forceSecureHttp in interface AwakeCommonsConfigurator

Returns:

false. (Client programs will be allowed to send unsecured http requests).

getBannedIPs

public List<String> getBannedIPs()
                          throws IOException,
                                 SQLException

Description copied from interface: AwakeCommonsConfigurator

Allows to define the list of banned IP addresses. The Awake Server will refuse access to client programs calling with an address in the list.

Subnet notations are supported: 1.1.1.1/255.255.255.255 or 1.1.1.1/32 (CIDR-Notation).

Specified by:

getBannedIPs in interface AwakeCommonsConfigurator

Returns:

Empty ArrayList. (No banned IP addresses.)

Throws:

IOException - if an IOException occurs

SQLException - if a SQLException occurs

getBannedUsernames

public Set<String> getBannedUsernames()
                               throws IOException,
                                      SQLException

Description copied from interface: AwakeCommonsConfigurator

Allows to define the set of banned usernames. The Awake Server will refuse access to client programs calling with a username in the set.

Specified by:

getBannedUsernames in interface AwakeCommonsConfigurator

Returns:

Empty HashSet. (No banned IP usernames.)

Throws:

IOException - if an IOException occurs

SQLException - if a SQLException occurs

getConnection

public Connection getConnection()
                         throws SQLException

Description copied from interface: AwakeCommonsConfigurator

Attempts to establish a connection with an underlying data source.

Specified by:

getConnection in interface AwakeCommonsConfigurator

Returns:

the Connection extracted from the AwakeDataSource DataSource defined as a 'jdbc/awake-default' Resource in server.xml or context.xml. The Awake DataSource implements a default connection pool manager.

Throws:

SQLException - if a database access error occurs

getEncryptionPassword

public char[] getEncryptionPassword()

Description copied from interface: AwakeCommonsConfigurator

Allows to define the password that is used to encrypt from the Client all the request parameters values for security reason (obfuscation and transport encryption).

Specified by:

getEncryptionPassword in interface AwakeCommonsConfigurator

Returns:

null. It is highly recommended to override this method in order to set a secret password in order to reinforce the security of the transport of request parameters.

getLogger

public Logger getLogger()
                 throws IOException

Description copied from interface: AwakeCommonsConfigurator

Returns the Logger that will be used by Awake File or Awake SQL logging:

• All Exceptions thrown by server side will be logged.
• Exceptions thrown are logged with Level.WARNING.

It is not necessary nor recommended to implement this method; do it only if you want take control of the logging to modify the default characteristics of getLogger().

Specified by:

getLogger in interface AwakeCommonsConfigurator

Returns:

a Logger whose pattern is located in user.home/.awake/log/Awake.log, that uses a SimpleFormatter and that logs 50Mb into 4 rotating files.

Throws:

IOException

login

public boolean login(String username,
                     char[] password)
              throws IOException,
                     SQLException

Description copied from interface: AwakeCommonsConfigurator

Allows to authenticate the remote (username, password) couple send by the client side and to give access to the Awaker Server.

The Awake Server will call the method in order to grant or not client access.

Typical usage would be to check the (username, password) couple against a table in a SQL database or against a LDAP, etc.

Specified by:

login in interface AwakeCommonsConfigurator

Parameters:

username - the username sent by the client login

password - the password to connect to the server

Returns:

true. (Client is always granted access).

Throws:

IOException - if an IOException occurs

SQLException - if a SQLException occurs