README.md
New file @@ -0,0 +1,7 @@ # http-auth Eine Klassenbibliothek mit Erweiterungen zur Authentifizierung für die Package `jdk.httpserver`. ## Lizenz Veröffentlicht unter den Bedingungen der [GNU Affero General Public License](http://www.gnu.org/licenses/agpl-3.0) src/de/uhilger/httpserver/auth/ApiAuthenticator.java
@@ -1,5 +1,5 @@ /* jwtTest - JSON Web Token Testimplementierung http-auth - Authentication Extensions to jdk.httpserver Copyright (C) 2021 Ulrich Hilger This program is free software: you can redistribute it and/or modify src/de/uhilger/httpserver/auth/FormAuthenticator.java
@@ -1,5 +1,5 @@ /* jwtTest - JSON Web Token Testimplementierung http-auth - Authentication Extensions to jdk.httpserver Copyright (C) 2021 Ulrich Hilger This program is free software: you can redistribute it and/or modify src/de/uhilger/httpserver/auth/TokenAuthenticator.java
@@ -1,5 +1,5 @@ /* jwtTest - JSON Web Token Testimplementierung http-auth - Authentication Extensions to jdk.httpserver Copyright (C) 2021 Ulrich Hilger This program is free software: you can redistribute it and/or modify src/de/uhilger/httpserver/auth/handler/ApiLoginHandler.java
@@ -1,5 +1,5 @@ /* jwtTest - JSON Web Token Testimplementierung http-auth - Authentication Extensions to jdk.httpserver Copyright (C) 2021 Ulrich Hilger This program is free software: you can redistribute it and/or modify src/de/uhilger/httpserver/auth/handler/FormLoginHandler.java
@@ -1,5 +1,5 @@ /* jwtTest - JSON Web Token Testimplementierung http-auth - Authentication Extensions to jdk.httpserver Copyright (C) 2021 Ulrich Hilger This program is free software: you can redistribute it and/or modify src/de/uhilger/httpserver/auth/handler/LoginHandler.java
@@ -1,5 +1,5 @@ /* jwtTest - JSON Web Token Testimplementierung http-auth - Authentication Extensions to jdk.httpserver Copyright (C) 2021 Ulrich Hilger This program is free software: you can redistribute it and/or modify src/de/uhilger/httpserver/auth/handler/LogoutHandler.java
@@ -1,5 +1,5 @@ /* jwtTest - JSON Web Token Testimplementierung http-auth - Authentication Extensions to jdk.httpserver Copyright (C) 2021 Ulrich Hilger This program is free software: you can redistribute it and/or modify src/de/uhilger/httpserver/auth/realm/Encoder.java
@@ -1,7 +1,19 @@ /* * To change this license header, choose License Headers in Project Properties. * To change this template file, choose Tools | Templates * and open the template in the editor. http-auth - Authentication Extensions to jdk.httpserver Copyright (C) 2021 Ulrich Hilger This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details. You should have received a copy of the GNU Affero General Public License along with this program. If not, see <https://www.gnu.org/licenses/>. */ package de.uhilger.httpserver.auth.realm; src/de/uhilger/httpserver/auth/realm/Realm.java
@@ -1,5 +1,5 @@ /* jwtTest - JSON Web Token Testimplementierung http-auth - Authentication Extensions to jdk.httpserver Copyright (C) 2021 Ulrich Hilger This program is free software: you can redistribute it and/or modify @@ -19,34 +19,14 @@ /** * A Realm is a "database" of usernames and passwords that identify valid * users of an application (or a set of applications), plus an enumeration * of the list of roles associated with each valid user. * users of an application (or a set of applications), plus a list of roles * associated with each valid user. * * You can think of roles as similar to groups in Unix-like operating systems, * because access to specific web application resources is granted to all * users possessing a particular role (rather than enumerating the list of * associated usernames). A particular user can have any number of roles * associated with their username. * * * * * Die Klasse Realm liefert Angaben zu Benutzern, die zu deren * Authentifizierung benoetigt werden. * * Ein Benutzer Authentisiert sich gegenueber einem System z.B. mit * seiner Benutzerkennung und einem Kennwort. * * Das System vergleicht die Authentisierungsangaben den Benutzers mit * Angaben, die fuer diesen Benutzer im System hinterlegt wurden. Stimmen die * Angaben ueberein, gibt das System eine Bestaetigung aus, die den Benutzer * authentifiziert. * * Diese Authentifizierungsbestaetigung dient zur Ausfuehrung * von Transaktionen, die nur von bestimmten Benutzern durchgefuehrt * werden duerfen. Anhand der Authentifizierungsbestaetigung kann das System * bei jeder Anfrage pruefen, ob der Benutzer, von dem die Anfrage kommt, der * Benutzer ist, der er vorgibt zu sein. * * @author Ulrich Hilger * @version 1, 22.05.2021 @@ -56,16 +36,16 @@ /** * Uberpruefen, ob die Benutzerkennung und das Kennwort gueltig sind. * * @param user der Benutzer * @param kennwort das Kennwort des Benutzers * @param userId der Benutzer * @param password das Kennwort des Benutzers * @return true, wenn die Angaben stimmen, false wenn nicht */ public boolean isValid(String userId, String kennwort); public boolean isValid(String userId, String password); /** * Pruefen, ob ein Benutzer eine Rolle hat * * @param user der Benutzer * @param userId der Benutzer * @param roleId die Kennung der Rolle * @return true, wenn der Benutzer die Rolle hat, false wenn nicht */ src/de/uhilger/httpserver/auth/realm/SimpleRealm.java
@@ -1,7 +1,19 @@ /* * To change this license header, choose License Headers in Project Properties. * To change this template file, choose Tools | Templates * and open the template in the editor. http-auth - Authentication Extensions to jdk.httpserver Copyright (C) 2021 Ulrich Hilger This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details. You should have received a copy of the GNU Affero General Public License along with this program. If not, see <https://www.gnu.org/licenses/>. */ package de.uhilger.httpserver.auth.realm; @@ -9,23 +21,24 @@ import java.io.File; import java.io.FileReader; import java.io.IOException; import java.security.InvalidKeyException; import java.security.NoSuchAlgorithmException; import java.security.spec.InvalidKeySpecException; import java.util.ArrayList; import java.util.HashMap; import java.util.List; import java.util.Map; import java.util.logging.Level; import java.util.logging.Logger; import javax.crypto.BadPaddingException; import javax.crypto.IllegalBlockSizeException; import javax.crypto.NoSuchPaddingException; /** * * Eine einfache Implementierung der Schnittstelle Realm, die * Benutzerinformationen aus einer Datei liest. Die Datei ist dabei * wie folgt aufgebaut. * * test=test,testRolle * ulrich=ulrich,testRolle,andereRolle * * Der erste Eintrag nach dem Gleichheitszeichen ist das Passwort, die restlichen * Eintrage sind Rollen. * * @author Ulrich Hilger * @version 1, 03.06.2021 @@ -34,14 +47,13 @@ private static final Logger logger = Logger.getLogger(SimpleRealm.class.getName()); public static final String LIST_INDICATOR = "="; public static final String ROLE_SEPARATOR = ","; public static final String COMMENT_INDICATOR = "#"; private String name; private Map<String, User> users; private Map<String, List> userRoles; private final Map<String, User> users; private final Map<String, List> userRoles; public SimpleRealm() { users = new HashMap<>(); src/de/uhilger/httpserver/auth/realm/User.java
@@ -1,5 +1,5 @@ /* jwtTest - JSON Web Token Testimplementierung http-auth - Authentication Extensions to jdk.httpserver Copyright (C) 2021 Ulrich Hilger This program is free software: you can redistribute it and/or modify @@ -25,27 +25,7 @@ public class User { private String name; private String password; //private String hash; //private List<String> roles; public User() { //this.roles = new ArrayList(); } /* public void addRole(String role) { roles.add(role); } public void revokeRole(String role) { roles.remove(role); } public boolean hasRole(String role) { return roles.contains(role); } */ public String getName() { return name; } @@ -63,17 +43,6 @@ this.password = password; } /* public void setHash(String hash) { this.hash = hash; } public String getHash() { return hash; } */ @Override public int hashCode() { return this.getName().hashCode(); src/de/uhilger/httpserver/auth/session/AuthenticatedSession.java
@@ -1,5 +1,5 @@ /* jwtTest - JSON Web Token Testimplementierung http-auth - Authentication Extensions to jdk.httpserver Copyright (C) 2021 Ulrich Hilger This program is free software: you can redistribute it and/or modify src/de/uhilger/httpserver/auth/session/LoginSession.java
@@ -1,5 +1,5 @@ /* jwtTest - JSON Web Token Testimplementierung http-auth - Authentication Extensions to jdk.httpserver Copyright (C) 2021 Ulrich Hilger This program is free software: you can redistribute it and/or modify src/de/uhilger/httpserver/auth/session/Session.java
@@ -1,5 +1,5 @@ /* jwtTest - JSON Web Token Testimplementierung http-auth - Authentication Extensions to jdk.httpserver Copyright (C) 2021 Ulrich Hilger This program is free software: you can redistribute it and/or modify src/de/uhilger/httpserver/auth/session/SessionManager.java
@@ -1,5 +1,5 @@ /* jwtTest - JSON Web Token Testimplementierung http-auth - Authentication Extensions to jdk.httpserver Copyright (C) 2021 Ulrich Hilger This program is free software: you can redistribute it and/or modify @@ -16,9 +16,9 @@ along with this program. If not, see <https://www.gnu.org/licenses/>. */ package de.uhilger.httpserver.auth.session; import java.util.Iterator; /** * * @author Ulrich Hilger @@ -36,8 +36,4 @@ public Iterator sessions(); //public void tempSessionEntfernen(String sessionId); //public Iterator tempSessions(); } } src/de/uhilger/httpserver/auth/session/Sessions.java
@@ -1,5 +1,5 @@ /* jwtTest - JSON Web Token Testimplementierung http-auth - Authentication Extensions to jdk.httpserver Copyright (C) 2021 Ulrich Hilger This program is free software: you can redistribute it and/or modify src/de/uhilger/httpserver/auth/session/SweepThread.java
@@ -1,5 +1,5 @@ /* jwtTest - JSON Web Token Testimplementierung http-auth - Authentication Extensions to jdk.httpserver Copyright (C) 2021 Ulrich Hilger This program is free software: you can redistribute it and/or modify