/*
 * $Header: /home/cvs/jakarta-slide/src/wrappers/catalina/SlideRealm.java,v 1.8 2001/09/10 09:21:03 juergen Exp $
 * $Revision: 1.8 $
 * $Date: 2001/09/10 09:21:03 $
 *
 * ====================================================================
 *
 * The Apache Software License, Version 1.1
 *
 * Copyright (c) 1999 The Apache Software Foundation.  All rights
 * reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
 *    the documentation and/or other materials provided with the
 *    distribution.
 *
 * 3. The end-user documentation included with the redistribution, if
 *    any, must include the following acknowlegement:
 *       "This product includes software developed by the
 *        Apache Software Foundation (http://www.apache.org/)."
 *    Alternately, this acknowlegement may appear in the software itself,
 *    if and wherever such third-party acknowlegements normally appear.
 *
 * 4. The names "The Jakarta Project", "Tomcat", and "Apache Software
 *    Foundation" must not be used to endorse or promote products derived
 *    from this software without prior written permission. For written
 *    permission, please contact apache@apache.org.
 *
 * 5. Products derived from this software may not be called "Apache"
 *    nor may "Apache" appear in their names without prior written
 *    permission of the Apache Group.
 *
 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
 * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
 * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 * ====================================================================
 *
 * This software consists of voluntary contributions made by many
 * individuals on behalf of the Apache Software Foundation.  For more
 * information on the Apache Software Foundation, please see
 * <http://www.apache.org/>.
 *
 * [Additional notices, if required by prior licensing conditions]
 *
 */

package wrappers.catalina;

import java.security.Principal;
import java.io.File;
import java.util.Enumeration;
import java.util.Hashtable;
import java.util.Vector;
import org.apache.catalina.Container;
import org.apache.catalina.LifecycleException;
import org.apache.catalina.Logger;
import org.apache.catalina.Realm;
import org.apache.catalina.realm.RealmBase;
import org.apache.catalina.util.LifecycleSupport;
import org.apache.catalina.util.StringManager;

import org.apache.slide.common.NamespaceAccessToken;
import org.apache.slide.common.Domain;
import org.apache.slide.common.SlideToken;
import org.apache.slide.common.SlideTokenImpl;
import org.apache.slide.common.SlideException;
import org.apache.slide.content.Content;
import org.apache.slide.content.NodeRevisionDescriptors;
import org.apache.slide.content.NodeRevisionDescriptor;
import org.apache.slide.content.NodeProperty;
import org.apache.slide.structure.ObjectNode;
import org.apache.slide.authenticate.CredentialsToken;
import org.apache.slide.authenticate.SecurityToken;
import org.apache.slide.security.Security;


/**
 * Implemetation of a Catalina realm which authenticates users defined
 * in a Slide namespace.
 * <p>
 * The namespace used will have the same name as the container to which the
 * realm is associated. If such a namespace doesn't exist, it falls back
 * to tomcat, webdav or default.
 *
 * @author Remy Maucherat
 * @version $Revision: 1.8 $ $Date: 2001/09/10 09:21:03 $
 */

public final class SlideRealm /*extends RealmBase*/ {


    // ----------------------------------------------------- Instance Variables


    /**
     * Descriptive information about this Realm implementation.
     */
    private static final String info =
    "wrappers.catalina.SlideRealm/1.2";


    /**
     * Set of access tokens.
     */
    private NamespaceAccessToken accessToken;

    /**
     * Container.
     */
    private Container container;

    /**
     * Content helper.
     */
    private Content contentHelper;


    /**
     * Security halper.
     */
    private Security securityHelper;


    /**
     * Users path.
     */
    private String usersPath;


    /**
     * Root credentials token.
     */
    private CredentialsToken rootCredentials;


    /**
     * Namepsace to which this realm will connect.
     */
    private String namespace;


    // ------------------------------------------------------------- Properties


    /**
     * Set the namespace name to which this realm will connect.
     */
    public void setNamespace(String namespace) {
        this.namespace = namespace;
    }


    /**
     * Set the namespace name to which this realm will connect.
     */
    public void setContainer(Container container) {
        this.container = container;
    }

    /**
     * Set the namespace access token used by this realm.
     */
    public void setAccessToken(NamespaceAccessToken accessToken) {
        this.accessToken = accessToken;
    }


    /**
     * Get name.
     */
    public String getName() {
        return "Slide realm";
    }


    // --------------------------------------------------------- Public Methods


    /**
     * Return <code>true</code> if the specified Principal has the specified
     * security role, within the context of this Realm; otherwise return
     * <code>false</code>.
     *
     * @param principal Principal for whom the role is to be checked
     * @param role Security role to be checked
     */
    public boolean hasRole(Principal principal, String role) {

        CredentialsToken credToken = new CredentialsToken(principal);
        SlideToken slideToken = new SlideTokenImpl(credToken);
        try {
            return securityHelper.hasRole(slideToken, role);
        } catch (SlideException e) {
            return (false);
        }

    }


    /**
     * Start the realm.
     */
    public void start() throws LifecycleException {

        //super.start();

        //if (namespace == null)
        //    namespace = container.getName();

        //if (accessToken == null)
            accessToken = Domain.accessNamespace(new SecurityToken(container), namespace);

        if (accessToken == null)
            throw new IllegalStateException
                ("Invalid Slide Realm configuration : "
                 + "Couldn't access namespace " + namespace);

        contentHelper = accessToken.getContentHelper();
        securityHelper = accessToken.getSecurityHelper();

        usersPath = accessToken.getNamespaceConfig().getUsersPath();

    }


    // ------------------------------------------------------ Protected Methods


    /**
     * Return the password associated with the given principal's user name.
     */
    protected String getPassword(String username) {
        
        Principal userPrincipal = getPrincipal(username);
        CredentialsToken credToken = new CredentialsToken(userPrincipal);
        SlideToken slideToken = new SlideTokenImpl(credToken);
        
        // Fetch the Slide object representing the user.
        try {
            
            ObjectNode user = securityHelper.getPrincipal(slideToken);
            
        } catch (SlideException e) {
            return null;
        }
        
        String passwordValue = null;
        
        try {
            
            NodeRevisionDescriptors revisionDescriptors =
                contentHelper.retrieve(slideToken, usersPath + "/" + username);
            NodeRevisionDescriptor revisionDescriptor =
                contentHelper.retrieve(slideToken, revisionDescriptors);
            NodeProperty password =
                revisionDescriptor.getProperty
                ("password", NodeProperty.SLIDE_NAMESPACE);
            if (password != null) {
                passwordValue = (String) password.getValue();
            }
            
        } catch (SlideException e) {
            // Whatever happens doesn't really matter
            // The stack trace is displayed for now for debug purposes
        }
        
        // no log since we don't subclass RealmBase anymore
        if (passwordValue == null) {
            System.err.println(
            "User " + username
                + " doesn't have his password property set : "
                + "can't authenticate");
        }
        
        return passwordValue;
        
    }


    /**
     * Return the Principal associated with the given user name.
     */
    protected Principal getPrincipal(String username) {
    return new SlideRealmPrincipal(username);
    }


}


/**
 * Private class representing an individual user's Principal object.
 */

final class SlideRealmPrincipal implements Principal {

    /**
     * The username for this Principal.
     */
    private String username = null;


    /**
     * Construct a new MemoryRealmPrincipal instance.
     *
     * @param username The username for this Principal
     */
    public SlideRealmPrincipal(String username) {

    this.username = username;

    }


    /**
     * Return the name of this Principal.
     */
    public String getName() {

    return (username);

    }


}