Package org.jcsp.net.security

Class SimpleSecurityAuthority

java.lang.Object
org.jcsp.net.security.SimpleSecurityAuthority
All Implemented Interfaces:
Serializable, SecurityAuthority, SecurityService, Service, ServiceUserObject
public class SimpleSecurityAuthority extends Object implements SecurityService

Provides a basic security authority based on unique names. No passwords are used - a user is identified by a name which is guarded by a minimal protection scheme. This class is supplied as an example of implementing a security authority and not a robust implementation suitable for long term use.

See Also:

  • Field Details

    • CHALLENGE_LENGTH

      private static final int CHALLENGE_LENGTH
      Sets the length of the challenge packet.
      See Also:

    • currentUser

      private UserToken currentUser
      The token of the current user.

    • rnd

      private static final Random rnd
      A random number generater for creating challenges.

    • allowedUsers

      private Vector allowedUsers
      Set of permitted users.

    • serviceRunning

      private boolean serviceRunning
      Flag indicating if the service is running or not.

    • userObject

      private SecurityAuthority userObject
      The user control object that avoids giving out the full administrative interface.

  • Constructor Details

    • SimpleSecurityAuthority

      public SimpleSecurityAuthority()
      Creates a new simple authority. The current username will be found from the preferences if available under the "user" variable. The system property "org.jcsp.net.security.user" will be checked first and take preference. If no user is found the name "default_user" is assumed.

  • Method Details

    • createChallenge

      public Challenge createChallenge()
      Creates a new challenge packet containing a timestamp and some random data. The response must be returned within around 1 minute for the response to be considered valid so don't keep it too long.
      Specified by:
      createChallenge in interface SecurityAuthority
      Returns:
      the new challenge packet.

    • validateResponse

      public boolean validateResponse(Challenge c, Response r)
      Checks if the generated response corresponds to one expected from a permitted user. The response must have come within a minute of the challenge being generated.
      Specified by:
      validateResponse in interface SecurityAuthority
      Parameters:
      c - the challenge returned by createChallenge.
      r - the response generated by the other authority.
      Returns:
      true if the response is permitted.

    • createResponse

      public Response createResponse(Challenge c)
      Creates a response to the challenge based on the currently logged in user.
      Specified by:
      createResponse in interface SecurityAuthority
      Parameters:
      c - the challenge to respond to.
      Returns:
      the response.

    • logonUser

      public void logonUser(UserToken u) throws AccessDeniedException
      Sets the currently logged on user. If there is already a user logged in, they are logged off.
      Specified by:
      logonUser in interface SecurityAuthority
      Parameters:
      u - the user's token.
      Throws:
      AccessDeniedException - if the user token is not valid for this authority.

    • logoffUser

      public void logoffUser()
      Clears the currently logged on user. After this call the createResponse method will fail until another user is logged in.
      Specified by:
      logoffUser in interface SecurityAuthority

    • permitUserAccess

      public void permitUserAccess(UserID u) throws AccessDeniedException
      Adds a user to the set of permitted users.
      Specified by:
      permitUserAccess in interface SecurityAuthority
      Parameters:
      u - the user ID to add.
      Throws:
      AccessDeniedException - if the ID was not allocated by this authority.

    • denyUserAccess

      public void denyUserAccess(UserID u) throws AccessDeniedException
      Removes a user from the set of permitted users.
      Specified by:
      denyUserAccess in interface SecurityAuthority
      Parameters:
      u - the user ID to remove.
      Throws:
      AccessDeniedException - if the ID was not allocated by this authority.

    • start

      public boolean start()
      Sets the service running.
      Specified by:
      start in interface Service
      Returns:
      true - this service can always start.

    • stop

      public boolean stop()
      Stops the service.
      Specified by:
      stop in interface Service
      Returns:
      true - this service can always stop.

    • isRunning

      public boolean isRunning()
      Returns true iff the service is running.
      Specified by:
      isRunning in interface Service
      Returns:
      true iff the service is currently running.

    • init

      public boolean init(ServiceSettings s)

      Initializes the service, setting a current user and the list of permitted users from the XML configuration file. For example:

              <SERVICE ...>
           <SETTING name="logonUser" value="foo@bar.com"/>
           <SETTING name="permitUser0" value="a"/>
           <SETTING name="permitUser1" value="b"/>
        </SETTING>

      This sets the current user to be "foo@bar.com" but will allow responses from users "a" and "b".

      Specified by:
      init in interface Service
      Parameters:
      s - The settings used by the service.
      Returns:
      true iff the service has been initialized.

    • getUserObject

      public ServiceUserObject getUserObject()
      Returns the authority interface for this service. A seperate user object is returned to avoid giving away the service control interface also.
      Specified by:
      getUserObject in interface Service
      Returns:
      a ServiceUserObject.

    • createUserID

      public UserID createUserID(String username)
      Creates and returns a user ID valid for this authority that represents the given user name.
      Parameters:
      username - the unique user name.
      Returns:
      the user ID.

    • createUserToken

      public UserToken createUserToken(UserID user) throws AccessDeniedException
      Creates and returns an authentication token valid for this authority that represents the given user name. Note that no additional credentials are supplied because this authority does not support passwords or anything more secure (hence the word 'Simple' in its name :).
      Parameters:
      user - the user ID to authenticate.
      Returns:
      the authentication token.
      Throws:
      AccessDeniedException - if the user ID is not valid for this authority.

    • toString

      public String toString()
      Returns a string description of this authority.
      Overrides:
      toString in class Object

    • createResponse

      private void createResponse(SimpleSecurityAuthority.SimpleChallenge c, SimpleSecurityAuthority.SimpleUserID u, byte[] b)
      Creates a response for the given challenge using a given user ID. This is used to create an actual response and also to create the expected response for a given user.
      Parameters:
      c - the challenge request.
      u - the user ID to create a response for.
      b - the array to place the response in.

    • accessDenied

      private AccessDeniedException accessDenied(String reason)
      Creates and returns an exception associated with this authority.
      Parameters:
      reason - the reason field of the exception.

    • getUserFromPrefs

      private String getUserFromPrefs()
      Returns the initial username if one is specified in the preferences. The user preferences take precedence over the system preferences.
      Returns:
      the user name or null if none is found.