1 | // License: GPL. For details, see LICENSE file.
|
---|
2 | package org.openstreetmap.josm.io.auth;
|
---|
3 |
|
---|
4 | import java.net.Authenticator;
|
---|
5 | import java.net.PasswordAuthentication;
|
---|
6 | import java.util.Collection;
|
---|
7 | import java.util.HashSet;
|
---|
8 | import java.util.Objects;
|
---|
9 |
|
---|
10 | import org.openstreetmap.josm.io.OsmApi;
|
---|
11 | import org.openstreetmap.josm.tools.Logging;
|
---|
12 | import org.openstreetmap.josm.tools.Pair;
|
---|
13 |
|
---|
14 | /**
|
---|
15 | * This is the default authenticator used in JOSM. It delegates lookup of credentials
|
---|
16 | * for the OSM API and an optional proxy server to the currently configured {@link CredentialsManager}.
|
---|
17 | * @since 2641
|
---|
18 | */
|
---|
19 | public final class DefaultAuthenticator extends Authenticator {
|
---|
20 | private static final DefaultAuthenticator INSTANCE = new DefaultAuthenticator();
|
---|
21 |
|
---|
22 | /**
|
---|
23 | * Returns the unique instance
|
---|
24 | * @return The unique instance
|
---|
25 | */
|
---|
26 | public static DefaultAuthenticator getInstance() {
|
---|
27 | return INSTANCE;
|
---|
28 | }
|
---|
29 |
|
---|
30 | private final Collection<Pair<String, RequestorType>> failedCredentials = new HashSet<>();
|
---|
31 | private boolean enabled = true;
|
---|
32 |
|
---|
33 | private DefaultAuthenticator() {
|
---|
34 | }
|
---|
35 |
|
---|
36 | /**
|
---|
37 | * Called by the Java HTTP stack when either the OSM API server or a proxy requires authentication.
|
---|
38 | */
|
---|
39 | @Override
|
---|
40 | protected PasswordAuthentication getPasswordAuthentication() {
|
---|
41 | if (!enabled)
|
---|
42 | return null;
|
---|
43 | try {
|
---|
44 | if (OsmApi.isUsingOAuth()
|
---|
45 | && Objects.equals(OsmApi.getOsmApi().getHost(), getRequestingHost())
|
---|
46 | && RequestorType.SERVER == getRequestorType()) {
|
---|
47 | // if we are working with OAuth we don't prompt for a password
|
---|
48 | return null;
|
---|
49 | }
|
---|
50 | final Pair<String, RequestorType> hostTypePair = Pair.create(getRequestingHost(), getRequestorType());
|
---|
51 | final boolean hasFailedPreviously = failedCredentials.contains(hostTypePair);
|
---|
52 | final CredentialsAgentResponse response = CredentialsManager.getInstance().getCredentials(
|
---|
53 | getRequestorType(), getRequestingHost(), hasFailedPreviously);
|
---|
54 | if (response == null || response.isCanceled()) {
|
---|
55 | return null;
|
---|
56 | }
|
---|
57 | if (RequestorType.PROXY == getRequestorType()) {
|
---|
58 | // Query user in case this authenticator is called (indicating that the authentication failed) the next time.
|
---|
59 | failedCredentials.add(hostTypePair);
|
---|
60 | } else {
|
---|
61 | // Other parallel requests should not ask the user again, thus wait till this request is finished.
|
---|
62 | // In case of invalid authentication, the host is added again to failedCredentials at HttpClient.connect()
|
---|
63 | failedCredentials.remove(hostTypePair);
|
---|
64 | }
|
---|
65 | return new PasswordAuthentication(response.getUsername(), response.getPassword());
|
---|
66 | } catch (CredentialsAgentException e) {
|
---|
67 | Logging.error(e);
|
---|
68 | return null;
|
---|
69 | }
|
---|
70 | }
|
---|
71 |
|
---|
72 | /**
|
---|
73 | * Determines whether this authenticator is enabled, i.e.,
|
---|
74 | * provides {@link #getPasswordAuthentication() password authentication} via {@link CredentialsManager}.
|
---|
75 | * @return whether this authenticator is enabled
|
---|
76 | */
|
---|
77 | public boolean isEnabled() {
|
---|
78 | return enabled;
|
---|
79 | }
|
---|
80 |
|
---|
81 | /**
|
---|
82 | * Enabled/disables this authenticator, i.e., decides whether it
|
---|
83 | * should provide {@link #getPasswordAuthentication() password authentication} via {@link CredentialsManager}.
|
---|
84 | * @param enabled whether this authenticator should be enabled
|
---|
85 | */
|
---|
86 | public void setEnabled(boolean enabled) {
|
---|
87 | this.enabled = enabled;
|
---|
88 | }
|
---|
89 |
|
---|
90 | /**
|
---|
91 | * Marks for this host that the authentication failed, i.e.,
|
---|
92 | * the {@link CredentialsManager} will show a dialog at the next time.
|
---|
93 | * @param host the host to mark
|
---|
94 | * @return as per {@link Collection#add(Object)}
|
---|
95 | */
|
---|
96 | public boolean addFailedCredentialHost(String host) {
|
---|
97 | return failedCredentials.add(Pair.create(host, RequestorType.SERVER));
|
---|
98 | }
|
---|
99 |
|
---|
100 | /**
|
---|
101 | * Un-marks the failed authentication attempt for the host
|
---|
102 | * @param host the host to un-mark
|
---|
103 | * @return as per {@link Collection#remove(Object)}
|
---|
104 | */
|
---|
105 | public boolean removeFailedCredentialHost(String host) {
|
---|
106 | return failedCredentials.remove(Pair.create(host, RequestorType.SERVER));
|
---|
107 | }
|
---|
108 | }
|
---|