-
Notifications
You must be signed in to change notification settings - Fork 131
/
LoginResult.java
432 lines (342 loc) · 12 KB
/
LoginResult.java
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
package org.dcache.gplazma.monitor;
import static com.google.common.base.Preconditions.checkState;
import com.google.common.collect.Sets;
import java.security.Principal;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import org.dcache.gplazma.configuration.ConfigurationItemControl;
import org.dcache.gplazma.monitor.LoginMonitor.Result;
/**
* This class holds a detailed report of the activity when gPlazma processes a login request.
*/
public class LoginResult {
private static final SetDiff<Principal> EMPTY_TO_EMPTY =
new SetDiff(Collections.emptySet(), Collections.emptySet());
private final AuthPhaseResult _authPhase = new AuthPhaseResult();
private final MapPhaseResult _mapPhase = new MapPhaseResult();
private final AccountPhaseResult _accountPhase = new AccountPhaseResult();
private final SessionPhaseResult _sessionPhase = new SessionPhaseResult();
private Result _validationResult;
private String _validationError = "unknown";
private boolean _validationHasHappened;
public AuthPhaseResult getAuthPhase() {
return _authPhase;
}
public MapPhaseResult getMapPhase() {
return _mapPhase;
}
public AccountPhaseResult getAccountPhase() {
return _accountPhase;
}
public SessionPhaseResult getSessionPhase() {
return _sessionPhase;
}
public void setValidationResult(Result result) {
_validationHasHappened = true;
_validationResult = result;
}
public Result getValidationResult() {
return _validationResult;
}
public boolean hasValidationHappened() {
return _validationHasHappened;
}
public void setValidationError(String error) {
_validationError = error;
}
public String getValidationError() {
checkState(_validationResult == Result.FAIL, "Validation error is " +
"only valid if the plugin has failed");
return _validationError;
}
/**
* Query whether the user was successfully logged in.
* @return true if (and only if) the login was successful.
*/
public boolean isSuccessful() {
return _validationHasHappened && _validationResult == Result.SUCCESS;
}
/**
* Returns whether gPlazma started processing the login request represent by this LoginResult
* object.
* <p>
* A login request may fail before the first phase was attempted. This can happen, for
* examples, if the gPlazma configuration is syntactically wrong or one of the plugins fails
* when being instantiated (throws an exception when being instantiated).
*/
public boolean hasStarted() {
return getAuthPhase().hasHappened();
}
/**
* Store the initial set of principals, as received by gPlazma from the
* door.
* @param initial The door-supplied set of principals.
*/
public void setInitialPrincipals(Set<Principal> initial) {
_authPhase.setPrincipals(initial, initial);
}
/**
* Returns whether gPlazma finished all four phases of the login process.
* <p>
* This is not the same as the login being successful. This value will return true yet the
* login has failed if the session phase or the final validation step fails.
*/
public boolean hasCompleted() {
return getSessionPhase().hasHappened();
}
/**
* Base class for storing the result of running a phase.
*
* @param <T> the class for storing the result of running a plugin
*/
public static class PhaseResult<T extends PAMPluginResult> {
private final List<T> _plugins = new ArrayList<>();
private final String _name;
private SetDiff<Principal> _principals = EMPTY_TO_EMPTY;
private Result _result;
private boolean _hasHappened;
public PhaseResult(String name) {
_name = name;
}
public String getName() {
return _name;
}
public void addPluginResult(T result) {
_plugins.add(result);
}
public List<T> getPluginResults() {
return _plugins;
}
public boolean hasPlugins() {
return !_plugins.isEmpty();
}
public T getLastPlugin() {
return _plugins.get(_plugins.size() - 1);
}
public void setPrincipals(Set<Principal> before, Set<Principal> after) {
_principals = new SetDiff<>(before, after);
}
public SetDiff<Principal> getPrincipals() {
return _principals;
}
public void setResult(Result result) {
_result = result;
_hasHappened = true;
}
public Result getResult() {
return _result;
}
public boolean hasHappened() {
return _hasHappened;
}
}
/**
* Class that stores the result of the AUTH phase.
*/
public static class AuthPhaseResult extends PhaseResult<AuthPluginResult> {
private final Set<Object> _publicCredentials = new HashSet<>();
private final Set<Object> _privateCredentials = new HashSet<>();
public AuthPhaseResult() {
super("AUTH");
}
public void setPublicCredentials(Set<Object> publicCredentials) {
_publicCredentials.clear();
_publicCredentials.addAll(publicCredentials);
}
public void setPrivateCredentials(Set<Object> privateCredentials) {
_privateCredentials.clear();
_privateCredentials.addAll(privateCredentials);
}
public Set<Object> getPublicCredentials() {
return _publicCredentials;
}
public Set<Object> getPrivateCredentials() {
return _privateCredentials;
}
}
/**
* Class that stores the result of the MAP phase
*/
public static class MapPhaseResult extends PhaseResult<MapPluginResult> {
public MapPhaseResult() {
super("MAP");
}
}
/**
* Class that stores the result of the ACCOUNT phase.
*/
public static class AccountPhaseResult
extends PhaseResult<AccountPluginResult> {
public AccountPhaseResult() {
super("ACCOUNT");
}
}
/**
* Class that stores the result of the SESSION phase
*/
public static class SessionPhaseResult
extends PhaseResult<SessionPluginResult> {
private final Set<Object> _attributes = new HashSet<>();
public SessionPhaseResult() {
super("SESSION");
}
void setAttributes(Set<Object> attributes) {
_attributes.clear();
_attributes.addAll(attributes);
}
public Set<Object> getAttributes() {
return _attributes;
}
}
/**
* Store two sets (with same Generics interface) and allow discovery of how the objects has
* changed.
*/
public static class SetDiff<T> {
private final Set<T> _before;
private final Set<T> _after;
SetDiff(Iterable<T> before, Iterable<T> after) {
_before = Sets.newHashSet(before);
_after = Sets.newHashSet(after);
}
public Set<T> getBefore() {
return _before;
}
public Set<T> getAfter() {
return _after;
}
public Set<T> getAdded() {
Set<T> added = new HashSet<>(_after);
added.removeAll(_before);
return added;
}
public Set<T> getRemoved() {
Set<T> removed = new HashSet<>(_before);
removed.removeAll(_after);
return removed;
}
}
/**
* Class for holding the result of running a PAM-style plugin, irrespective of in which phase
* the plugin was run. This serves as a base class for phase-specific result classes
* <p>
* If a plugin fails then there should be an associated error message.
*/
public static class PAMPluginResult {
private final String _name;
private final ConfigurationItemControl _control;
private Result _result;
private String _error = "unknown";
PAMPluginResult(String name, ConfigurationItemControl control) {
_name = name;
_control = control;
}
void setResult(Result result) {
_result = result;
}
void setError(String error) {
_error = error;
}
public String getName() {
return _name;
}
public ConfigurationItemControl getControl() {
return _control;
}
public Result getResult() {
return _result;
}
/**
* Provide the error message the plugin supplied if a call fails.
*/
public String getError() {
checkState(_result == Result.FAIL, "error message only available "
+ "if the plugin failed");
return _error;
}
}
/**
* Store the result of an AUTH plugin
*/
public static class AuthPluginResult extends PAMPluginResult {
private SetDiff<Principal> _identified;
private SetDiff<Object> _publicCredentials;
private SetDiff<Object> _privateCredentials;
AuthPluginResult(String name, ConfigurationItemControl control) {
super(name, control);
}
public void setIdentified(Set<Principal> before, Set<Principal> after) {
_identified = new SetDiff<>(before, after);
}
public void setPublicCredentials(Set<Object> before, Set<Object> after) {
_publicCredentials = new SetDiff<>(before, after);
}
public void setPrivateCredentials(Set<Object> before, Set<Object> after) {
_privateCredentials = new SetDiff<>(before, after);
}
public SetDiff<Principal> getIdentified() {
return _identified;
}
public SetDiff<Object> getPublicCredentials() {
return _publicCredentials;
}
public SetDiff<Object> getPrivateCredentials() {
return _privateCredentials;
}
}
/**
* Store the result of running a MAP plugin
*/
public static class MapPluginResult extends PAMPluginResult {
private SetDiff<Principal> _principals;
MapPluginResult(String name, ConfigurationItemControl control) {
super(name, control);
}
public void setPrincipals(Iterable<Principal> before, Iterable<Principal> after) {
_principals = new SetDiff<>(before, after);
}
public SetDiff<Principal> getPrincipals() {
return _principals;
}
}
/**
* Store the result of running an ACCOUNT plugin
*/
public static class AccountPluginResult extends PAMPluginResult {
private SetDiff<Principal> _authorized;
AccountPluginResult(String name, ConfigurationItemControl control) {
super(name, control);
}
void setAuthorized(Set<Principal> before, Set<Principal> after) {
_authorized = new SetDiff<>(before, after);
}
public SetDiff<Principal> getAuthorized() {
return _authorized;
}
}
/**
* Store the result of running a SESSION plugin.
*/
public static class SessionPluginResult extends PAMPluginResult {
private SetDiff<Principal> _principals;
private Set<Object> _attributes;
SessionPluginResult(String name, ConfigurationItemControl control) {
super(name, control);
}
public void setAuthorized(Set<Principal> before, Set<Principal> after) {
_principals = new SetDiff<>(before, after);
}
public SetDiff<Principal> getAuthorized() {
return _principals;
}
public void setAttributes(Set<Object> attributes) {
_attributes = new HashSet<>(attributes);
}
public Set<Object> getAttributes() {
return _attributes;
}
}
}