001    /*
002     * $Id: SimpleLoginService.java,v 1.4 2005/11/11 23:05:15 rbair Exp $
003     *
004     * Copyright 2004 Sun Microsystems, Inc., 4150 Network Circle,
005     * Santa Clara, California 95054, U.S.A. All rights reserved.
006     *
007     * This library is free software; you can redistribute it and/or
008     * modify it under the terms of the GNU Lesser General Public
009     * License as published by the Free Software Foundation; either
010     * version 2.1 of the License, or (at your option) any later version.
011     * 
012     * This library is distributed in the hope that it will be useful,
013     * but WITHOUT ANY WARRANTY; without even the implied warranty of
014     * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
015     * Lesser General Public License for more details.
016     * 
017     * You should have received a copy of the GNU Lesser General Public
018     * License along with this library; if not, write to the Free Software
019     * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
020     */
021    
022    package org.jdesktop.swingx.auth;
023    import java.util.Arrays;
024    import java.util.HashMap;
025    import java.util.Map;
026    /**
027     * An implementation of LoginService that simply matches
028     * the username/password against a list of known users and their passwords.
029     * This is useful for demos or prototypes where a proper login server is not available.
030     *
031     * <em>This Implementation is NOT secure. DO NOT USE this in a real application</em>
032     * To make this implementation more secure, the passwords should be passed in and
033     * stored as the result of a one way hash algorithm. That way an attacker cannot 
034     * simply read the password in memory to crack into the system.
035     *
036     * @author rbair
037     */
038    public final class SimpleLoginService extends LoginService {
039        private Map<String,char[]> passwordMap;
040        
041        /**
042         * Creates a new SimpleLoginService based on the given password map.
043         */
044        public SimpleLoginService(Map<String,char[]> passwordMap) {
045            if (passwordMap == null) {
046                passwordMap = new HashMap<String,char[]>();
047            }
048            this.passwordMap = passwordMap;
049        }
050    
051        /**
052         * Attempts to authenticate the given username and password against the password map
053         */
054        public boolean authenticate(String name, char[] password, String server) throws Exception {
055            char[] p = passwordMap.get(name);
056            return Arrays.equals(password, p);
057        }
058    }