From: Greg W. <gre...@us...> - 2002-07-31 19:07:05
|
User: gregwilkins Date: 02/07/31 12:07:04 Modified: src/org/mortbay/util JarResource.java Password.java Added: src/org/mortbay/util Credential.java Removed: src/org/mortbay/util Credentials.java Log: Renamed Credentials Fixed getRealPath added some accessors for webAppHandler Revision Changes Path 1.6 +1 -3 Jetty/src/org/mortbay/util/JarResource.java Index: JarResource.java =================================================================== RCS file: /cvsroot/jetty/Jetty/src/org/mortbay/util/JarResource.java,v retrieving revision 1.5 retrieving revision 1.6 diff -u -r1.5 -r1.6 --- JarResource.java 1 Jun 2002 10:50:36 -0000 1.5 +++ JarResource.java 31 Jul 2002 19:07:04 -0000 1.6 @@ -73,8 +73,6 @@ public File getFile() throws IOException { - if (_urlString.endsWith("!/")) - return super.getFile(); return null; } 1.6 +16 -16 Jetty/src/org/mortbay/util/Password.java Index: Password.java =================================================================== RCS file: /cvsroot/jetty/Jetty/src/org/mortbay/util/Password.java,v retrieving revision 1.5 retrieving revision 1.6 diff -u -r1.5 -r1.6 --- Password.java 26 Jul 2002 16:35:49 -0000 1.5 +++ Password.java 31 Jul 2002 19:07:04 -0000 1.6 @@ -39,7 +39,7 @@ * @version $Id$ * @author Greg Wilkins (gregw) */ -public class Password extends Credentials +public class Password extends Credential { private String _pw; @@ -81,8 +81,8 @@ if (credentials instanceof String) return credentials.equals(_pw); - if (credentials instanceof Credentials) - return ((Credentials)credentials).check(_pw); + if (credentials instanceof Credential) + return ((Credential)credentials).check(_pw); return false; } @@ -153,10 +153,15 @@ } /* ------------------------------------------------------------ */ - /** XXXX - * @param realm - * @param dft - * @param promptDft + /** Get a password. + * A password is obtained by trying <UL> + * <LI>Calling <Code>System.getProperty(realm,dft)</Code> + * <LI>Prompting for a password + * <LI>Using promptDft if nothing was entered. + * </UL> + * @param realm The realm name for the password, used as a SystemProperty name. + * @param dft The default password. + * @param promptDft The default to use if prompting for the password. * @return */ public static Password getPassword(String realm,String dft, String promptDft) @@ -185,11 +190,6 @@ return new Password(passwd); } - /* ------------------------------------------------------------ */ - public static String crypt(String user, String pw) - { - return "CRYPT:"+UnixCrypt.crypt(pw,user); - } /* ------------------------------------------------------------ */ /** @@ -207,9 +207,9 @@ Password pw = "?".equals(p)?new Password(p):new Password(p); System.err.println(pw.toString()); System.err.println(obfuscate(pw.toString())); - System.err.println(Credentials.MD5.digest(p)); + System.err.println(Credential.MD5.digest(p)); if (arg.length==2) - System.err.println(crypt(arg[0],pw.toString())); + System.err.println(Credential.Crypt.crypt(arg[0],pw.toString())); } } 1.1 Jetty/src/org/mortbay/util/Credential.java Index: Credential.java =================================================================== // ======================================================================== // Copyright (c) 1998 Mort Bay Consulting (Australia) Pty. Ltd. // $Id: Credential.java,v 1.1 2002/07/31 19:07:04 gregwilkins Exp $ // ======================================================================== package org.mortbay.util; import java.security.MessageDigest; /* ------------------------------------------------------------ */ /** Credentials. * The Credential class represents an abstract mechanism for checking * authentication credentials. A credential instance either represents a * secret, or some data that could only be derived from knowing the secret. * <p> * Often a Credential is related to a Password via a one way algorithm, so * while a Password itself is a Credential, a UnixCrypt or MD5 digest of a * a password is only a credential that can be checked against the password. * <p> * This class includes an implementation for unix Crypt an MD5 digest. * @see Password * @version $Id: Credential.java,v 1.1 2002/07/31 19:07:04 gregwilkins Exp $ * @author Greg Wilkins (gregw) */ public abstract class Credential { /* ------------------------------------------------------------ */ /** Check a credential * @param credentials The credential to check against. This may either be * another Credential object, a Password object or a String which is * interpreted by this credential. * @return True if the credentials indicated that the shared secret is * known to both this Credential and the passed credential. */ public abstract boolean check(Object credentials); /* ------------------------------------------------------------ */ /** Get a credential from a String. * If the credential String starts with a known Credential type (eg * "CRYPT:" or "MD5:" ) then a Credential of that type is returned. Else the * credential is assumed to be a Password. * @param credential String representation of the credential * @return A Credential or Password instance. */ public static Credential getCredential(String credential) { if (credential.startsWith(Crypt.__TYPE)) return new Crypt(credential); if (credential.startsWith(MD5.__TYPE)) return new MD5(credential); return new Password(credential); } /* ------------------------------------------------------------ */ /** Unix Crypt Credentials */ public static class Crypt extends Credential { public static final String __TYPE="CRYPT:"; private String _cooked; Crypt(String cooked) { _cooked=cooked.startsWith(Crypt.__TYPE) ?cooked.substring(__TYPE.length()) :cooked; } public boolean check(Object credentials) { if (!(credentials instanceof String) && !(credentials instanceof Password)) Code.warning("Can't check "+credentials.getClass()+" against CRYPT"); String passwd = credentials.toString(); return _cooked.equals(UnixCrypt.crypt(passwd,_cooked)); } public static String crypt(String user,String pw) { return "CRYPT:"+UnixCrypt.crypt(pw,user); } } /* ------------------------------------------------------------ */ /** Unix Crypt Credentials */ public static class MD5 extends Credential { public static final String __TYPE="MD5:"; private static MessageDigest __md; private byte[] _digest; /* ------------------------------------------------------------ */ MD5(String digest) { digest=digest.startsWith(__TYPE) ?digest.substring(__TYPE.length()) :digest; _digest=TypeUtil.parseBytes(digest,16); } /* ------------------------------------------------------------ */ public boolean check(Object credentials) { try { byte[] digest=null; if (credentials instanceof Password || credentials instanceof String) { synchronized(__TYPE) { if (__md==null) __md = MessageDigest.getInstance("MD5"); __md.reset(); __md.update(credentials.toString().getBytes(StringUtil.__ISO_8859_1)); digest=__md.digest(); } } else Code.warning("Can't check "+credentials.getClass()+" against MD5"); if (digest==null || digest.length!=_digest.length) return false; for (int i=0;i<digest.length;i++) if (digest[i]!=_digest[i]) return false; return true; } catch (Exception e) { Code.warning(e); return false; } } /* ------------------------------------------------------------ */ public static String digest(String password) { try { byte[] digest; synchronized(__TYPE) { if (__md==null) { try{__md = MessageDigest.getInstance("MD5");} catch (Exception e ) {Code.warning(e);return null;} } __md.reset(); __md.update(password.getBytes(StringUtil.__ISO_8859_1)); digest=__md.digest(); } return __TYPE+TypeUtil.toString(digest,16); } catch (Exception e) { Code.warning(e); return null; } } } } |