Revamping/cleanup of how we handle authentication usernames as well as chained

authenticators and chained session factories. We can share a lot more code this
way and the implicit requirement that the default authenticator/factory had to
be configured before anyone else configured a chanied author/factory is gone.

The other big change is that Credentials doesn't require a username
(UsernamePasswordCreds inherits that username so most derived classes don't
notice any difference). Instead we require that a canonical authentication
username be determined and configured in AuthingConnection during the
authentication process. This canonical username is then used to resolve the
client session and map everything in the client manager.

This is pretty much exactly what was going on before except that we were doing
it all in an ad hoc way by jamming a new name into Credentials during the
authentication process and also doing jiggery pokery in
PresentsSession.assignStartingUsername. That all goes away and/or becomes
cleaner and more explicit.

This is going to impact some Yohoho jiggery pokery, which I will shortly commit
a patch for, but we're going to need to test it. Omelets, eggs, etc.


git-svn-id: svn+ssh://src.earth.threerings.net/narya/trunk@5828 542714f4-19e9-0310-aa3c-eee0fc999fb1
This commit is contained in:
Michael Bayne
2009-06-20 00:56:01 +00:00
parent 7d125bec73
commit a1aa2d77ae
35 changed files with 622 additions and 656 deletions
@@ -24,6 +24,7 @@ package com.threerings.presents.server.net;
import java.net.InetSocketAddress;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import java.util.Set;
@@ -39,6 +40,7 @@ import java.nio.channels.ServerSocketChannel;
import java.nio.channels.SocketChannel;
import java.nio.channels.spi.SelectorProvider;
import com.google.common.collect.Lists;
import com.google.common.collect.Maps;
import com.google.inject.Inject;
import com.google.inject.Singleton;
@@ -134,12 +136,11 @@ public class ConnectionManager extends LoopingThread
/**
* Adds an authenticator to the authentication chain. This authenticator will be offered a
* chance to authenticate incoming connections in lieu of the main autuenticator.
* chance to authenticate incoming connections before falling back to the main authenticator.
*/
public void addChainedAuthenticator (ChainedAuthenticator author)
{
author.setChainedAuthenticator(_author);
_author = author;
_authors.add(author);
}
/**
@@ -266,7 +267,14 @@ public class ConnectionManager extends LoopingThread
*/
protected void authenticateConnection (AuthingConnection conn)
{
_author.authenticateConnection(_authInvoker, conn, new ResultListener<AuthingConnection>() {
Authenticator author = _author;
for (ChainedAuthenticator cauthor : _authors) {
if (cauthor.shouldHandleConnection(conn)) {
author = cauthor;
break;
}
}
author.authenticateConnection(_authInvoker, conn, new ResultListener<AuthingConnection>() {
public void requestCompleted (AuthingConnection conn) {
_authq.append(conn);
}
@@ -547,7 +555,8 @@ public class ConnectionManager extends LoopingThread
}
// and let the client manager know about our new connection
_clmgr.connectionEstablished(rconn, conn.getAuthRequest(), conn.getAuthResponse());
_clmgr.connectionEstablished(rconn, conn.getAuthName(), conn.getAuthRequest(),
conn.getAuthResponse());
} catch (IOException ioe) {
log.warning("Failure upgrading authing connection to running.", ioe);
@@ -1187,6 +1196,7 @@ public class ConnectionManager extends LoopingThread
* like the PeerManager may replace this authenticator with one that intercepts certain types
* of authentication and then passes normal authentications through. */
@Inject(optional=true) protected Authenticator _author = new DummyAuthenticator();
protected List<ChainedAuthenticator> _authors = Lists.newArrayList();
protected int[] _ports, _datagramPorts;
protected String _datagramHostname;