: Class AuthChecker

Overview

Package

Class

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: INNER | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

com.ibm.tspaces.ac
Class AuthChecker

java.lang.Object
  |
  +--com.ibm.tspaces.ac.AuthChecker

public class AuthChecker
extends java.lang.Object

This class will handle the authentication of a User/Password pair without sending the Password over the network. The class contains both the code that runs at the server and at the Client. The "database" of userid/passwordkeys is a Hashtable that is provided initially by the server via the setUsers() method. At the Client side, AuthChecker is called with the following method calls

   try {
     AuthChecker authck = new AuthChecker();
     authck.clientLogin(ObjectOutputStream s, String user, String password);
   } catch (Exception e) {
   }

At the Server side, AuthChecker is used as follows.

   try {
     AuthChecker authck = TSServer.getAuthChecker();
     authck.authenticate(ObjectInputStream s);
   } catch (Exception ae) {
   }

Additional notes. Currently the Hashtable that is contains the Userid and Password keys is stored in the Admin space. It is also saved in a backup file that is specified by the configuration file. The backup file is so that the server can be reinitialized without losing the userid and password information.
When we write a GUI client that will update this table, we are going to need to have an interface for updating the Hashtable without having to give the Hashtable itself to the Gui app.

The authentication is pretty lame. Basically all this does is remove the exposure of having the user password in clear text be sprayed over the net and hard drive. The next step would be to authenticate using a challenge protocol (or some other protocol.) This is left as an exercise for future T Spaces developers. The book Java Network Programming by Hughes etal, has a good section on how to do this in theory but in practice, one needs to use the facilities that will be available in Java 1.2 JCE.

Author:: John Thomas

Field Summary

static java.lang.String USERS_TUPLE
          Tuple Identifier (Field[0])

Constructor Summary

AuthChecker()
          Default constructor This will obtain an implementation of SHA (SecureHashAlgorithm) Sun provides this implementation.

Method Summary

boolean authenticate(java.io.ObjectInputStream objectIn_)
          This is the authentication method that is invoked by the server at the start of a session.

boolean authenticate(java.lang.String user_, java.lang.Object password_)
          This is the authentication method that is invoked by the server when it has the userid and password in hand (instead of an ObjectStream) It will then validate the user/key combination by checking the Hashtable where we have stored all the user/key combinations.

void clientLogin(java.io.ObjectOutputStream oos_, java.lang.String user_, java.lang.String password_)
          This is the method that the client issues when it makes the connection to the server and only has the cleartext password.

boolean contains(java.lang.String user)
          Return true if the specified user exists in the HashTable

java.math.BigInteger getKeyFromPassword(java.lang.String password)
          This will take a Password in cleartext and convert it to a key based on the SHA MessageDigest algoritms

java.lang.String getUser()
          Return the Userid that has been validated.

java.util.Enumeration getUserElements()
          Return an enumeration of Userid Elements in the Hashtable Each element in the Enumeration will be a Userid String.

java.util.Hashtable getUsers()
          Get a reference to the Hashtable

static java.util.Hashtable readUserFile(java.lang.String filename)
          readUserFile will read a file that contains the user and password Key info

static java.util.Hashtable readUserFileTuple(TupleSpace ts)
          readUserFileTuple will read the UserFile object from the Admin space

void setSeed(java.lang.String seed)
          Set the Encryption seed.

void setUsers(java.util.Hashtable users)
          Set the Hashtable that contains the user/key combinations

void storePassword(java.lang.String user, java.lang.String password)
          StorePassword will update the list of passwords that are maintained

boolean verifyUser(java.lang.String user, java.lang.String password)
          Method that verififies a user

static void writeUserFile(java.lang.String filename, java.util.Hashtable hashtable)
          writeUserFile will write a file that contains the user and password Key info

static void writeUserFileTuple(TupleSpace ts, java.util.Hashtable userTable)
          writeUserFileTuple will write the UserFile to the Admin space

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

USERS_TUPLE

public static final java.lang.String USERS_TUPLE

Tuple Identifier (Field[0])

Constructor Detail

AuthChecker

public AuthChecker()
            throws TupleSpaceCommunicationException

Default constructor This will obtain an implementation of SHA (SecureHashAlgorithm) Sun provides this implementation.

Method Detail

clientLogin

public void clientLogin(java.io.ObjectOutputStream oos_,
                        java.lang.String user_,
                        java.lang.String password_)
                 throws java.io.IOException

This is the method that the client issues when it makes the connection to the server and only has the cleartext password. e.g. in TupleSpace.connectionToServer() Currently the caller just obtains the password from the user and then invokes clientLogin(Socket s, String user, BigInteger pwKey) Eventually (using Java 1.2 services) it could authenticate to the server by sending only the userid. The server would then return a session key that has been encrypted by the server using servers version of the password key. The client would decrypt the session key using the client version of the password key, Then it would add 1 to the session key and encrypt the result and return it to the server. The server decrypt it and verify it equals the session key+1. If this all succeeds, then we are really authenticated.

Parameters:: oos_ - The stream that we're talking on; user_ - The user that is to be authenticated; password_ - The password (clear text) that is to be checked.

authenticate

public boolean authenticate(java.io.ObjectInputStream objectIn_)
                     throws TupleSpaceServerException

This is the authentication method that is invoked by the server at the start of a session. The connection from the Client has just been established and the next expected data to arrive is the userid and PasswordKey It will read the User and Key (Password converted to digest to BigInteger) from the ObjectStream that is passed in. It will then validate the user/key combination by checking the Hashtable where we have stored all the user/key combinations. The Hashtable that is used is referenced via the _Users variable that is provided at startup by the setUsers() method. The server is responsible for updating this Hashtable as users are added or deleted.

Parameters:: objectln_ - Inputstream from which to read authentication objects
Returns:: true if Validated userid.

authenticate

public boolean authenticate(java.lang.String user_,
                            java.lang.Object password_)
                     throws TupleSpaceServerException

This is the authentication method that is invoked by the server when it has the userid and password in hand (instead of an ObjectStream) It will then validate the user/key combination by checking the Hashtable where we have stored all the user/key combinations. The Hashtable that is used is referenced via the _Users variable that is provided at startup by the setUsers() method. The server is responsible for updating this Hashtable as users are added or deleted.

Parameters:: user_ - Userid; password_ - Password
Returns:: true if user/password is valid.

getUser

public java.lang.String getUser()

Return the Userid that has been validated.

Returns:: the user that was verified by the authenticate method.

verifyUser

public boolean verifyUser(java.lang.String user,
                          java.lang.String password)

Method that verififies a user

Parameters:: user - Verify this user
Returns:: "yay" or "nay"

setSeed

public void setSeed(java.lang.String seed)

Set the Encryption seed. Not currently used!

setUsers

public void setUsers(java.util.Hashtable users)

Set the Hashtable that contains the user/key combinations

Parameters:: users - hash these guys

getUsers

public java.util.Hashtable getUsers()

Get a reference to the Hashtable

Returns:: give back the reference to the hashtable

getUserElements

public java.util.Enumeration getUserElements()

Return an enumeration of Userid Elements in the Hashtable Each element in the Enumeration will be a Userid String.

contains

public boolean contains(java.lang.String user)

Return true if the specified user exists in the HashTable

Returns:: true if user exists.

storePassword

public void storePassword(java.lang.String user,
                          java.lang.String password)

StorePassword will update the list of passwords that are maintained

Parameters:: user - Store the password for this user; password - Store this password for above user

readUserFile

public static java.util.Hashtable readUserFile(java.lang.String filename)

readUserFile will read a file that contains the user and password Key info

Parameters:: filename - Read this file and return the hashtable
Returns:: Return the hashtable found in the file; null if not found.

writeUserFile

public static void writeUserFile(java.lang.String filename,
                                 java.util.Hashtable hashtable)

writeUserFile will write a file that contains the user and password Key info

Parameters:: filename - Write into this filename; hashtable - Write this hashtable into the specified filename

readUserFileTuple

public static java.util.Hashtable readUserFileTuple(TupleSpace ts)

readUserFileTuple will read the UserFile object from the Admin space

Parameters:: ts - The admin TS?

writeUserFileTuple

public static void writeUserFileTuple(TupleSpace ts,
                                      java.util.Hashtable userTable)

writeUserFileTuple will write the UserFile to the Admin space

Parameters:: ts - write to this space; userTable - Write this hashtable

getKeyFromPassword

public java.math.BigInteger getKeyFromPassword(java.lang.String password)

This will take a Password in cleartext and convert it to a key based on the SHA MessageDigest algoritms

Parameters:: password - Turn this password into glorp
Returns:: the Glorp

Overview

Package

Class

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: INNER | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

Field Summary
`static java.lang.String`	`USERS_TUPLE` Tuple Identifier (Field[0])

Constructor Summary
`AuthChecker()` Default constructor This will obtain an implementation of SHA (SecureHashAlgorithm) Sun provides this implementation.

Method Summary
`boolean`	`authenticate(java.io.ObjectInputStream objectIn_)` This is the authentication method that is invoked by the server at the start of a session.
`boolean`	`authenticate(java.lang.String user_, java.lang.Object password_)` This is the authentication method that is invoked by the server when it has the userid and password in hand (instead of an ObjectStream) It will then validate the user/key combination by checking the Hashtable where we have stored all the user/key combinations.
`void`	`clientLogin(java.io.ObjectOutputStream oos_, java.lang.String user_, java.lang.String password_)` This is the method that the client issues when it makes the connection to the server and only has the cleartext password.
`boolean`	`contains(java.lang.String user)` Return true if the specified user exists in the HashTable
`java.math.BigInteger`	`getKeyFromPassword(java.lang.String password)` This will take a Password in cleartext and convert it to a key based on the SHA MessageDigest algoritms
`java.lang.String`	`getUser()` Return the Userid that has been validated.
`java.util.Enumeration`	`getUserElements()` Return an enumeration of Userid Elements in the Hashtable Each element in the Enumeration will be a Userid String.
`java.util.Hashtable`	`getUsers()` Get a reference to the Hashtable
`static java.util.Hashtable`	`readUserFile(java.lang.String filename)` readUserFile will read a file that contains the user and password Key info
`static java.util.Hashtable`	`readUserFileTuple(TupleSpace ts)` readUserFileTuple will read the UserFile object from the Admin space
`void`	`setSeed(java.lang.String seed)` Set the Encryption seed.
`void`	`setUsers(java.util.Hashtable users)` Set the Hashtable that contains the user/key combinations
`void`	`storePassword(java.lang.String user, java.lang.String password)` StorePassword will update the list of passwords that are maintained
`boolean`	`verifyUser(java.lang.String user, java.lang.String password)` Method that verififies a user
`static void`	`writeUserFile(java.lang.String filename, java.util.Hashtable hashtable)` writeUserFile will write a file that contains the user and password Key info
`static void`	`writeUserFileTuple(TupleSpace ts, java.util.Hashtable userTable)` writeUserFileTuple will write the UserFile to the Admin space

com.ibm.tspaces.ac Class AuthChecker

USERS_TUPLE

AuthChecker

clientLogin

authenticate

authenticate

getUser

verifyUser

setSeed

setUsers

getUsers

getUserElements

contains

storePassword

readUserFile

writeUserFile

readUserFileTuple

writeUserFileTuple

getKeyFromPassword

com.ibm.tspaces.ac
Class AuthChecker