001    /*
002     * $Id: SimpleLoginService.java 1069 2006-05-23 19:07:51Z rbair $
003     *
004     * Copyright 2004 Sun Microsystems, Inc., 4150 Network Circle,
005     * Santa Clara, California 95054, U.S.A. All rights reserved.
006     *
007     * This library is free software; you can redistribute it and/or
008     * modify it under the terms of the GNU Lesser General Public
009     * License as published by the Free Software Foundation; either
010     * version 2.1 of the License, or (at your option) any later version.
011     * 
012     * This library is distributed in the hope that it will be useful,
013     * but WITHOUT ANY WARRANTY; without even the implied warranty of
014     * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
015     * Lesser General Public License for more details.
016     * 
017     * You should have received a copy of the GNU Lesser General Public
018     * License along with this library; if not, write to the Free Software
019     * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
020     */
021    
022    package org.jdesktop.swingx.auth;
023    import java.util.Arrays;
024    import java.util.HashMap;
025    import java.util.Map;
026    
027    /**
028     * An implementation of LoginService that simply matches
029     * the username/password against a list of known users and their passwords.
030     * This is useful for demos or prototypes where a proper login server is not available.
031     *
032     * <em>This Implementation is NOT secure. DO NOT USE this in a real application</em>
033     * To make this implementation more secure, the passwords should be passed in and
034     * stored as the result of a one way hash algorithm. That way an attacker cannot 
035     * simply read the password in memory to crack into the system.
036     *
037     * @author rbair
038     */
039    public final class SimpleLoginService extends LoginService {
040        private Map<String,char[]> passwordMap;
041        
042        /**
043         * Creates a new SimpleLoginService based on the given password map.
044         */
045        public SimpleLoginService(Map<String,char[]> passwordMap) {
046            if (passwordMap == null) {
047                passwordMap = new HashMap<String,char[]>();
048            }
049            this.passwordMap = passwordMap;
050        }
051    
052        /**
053         * Attempts to authenticate the given username and password against the password map
054         */
055        public boolean authenticate(String name, char[] password, String server) throws Exception {
056            char[] p = passwordMap.get(name);
057            return Arrays.equals(password, p);
058        }
059    }