import org.jivesoftware.openfire.auth.AuthToken; //导入依赖的package包/类
private static void authenticationSuccessful(LocalSession session, String username,
        byte[] successData) {
    if (username != null && LockOutManager.getInstance().isAccountDisabled(username)) {
        // Interception!  This person is locked out, fail instead!
        LockOutManager.getInstance().recordFailedLogin(username);
        authenticationFailed(session, Failure.ACCOUNT_DISABLED);
        return;
    }
    sendElement(session, "success", successData);
    // We only support SASL for c2s
    if (session instanceof ClientSession) {
        ((LocalClientSession) session).setAuthToken(new AuthToken(username));
    }
    else if (session instanceof IncomingServerSession) {
        String hostname = username;
        // Add the validated domain as a valid domain. The remote server can
        // now send packets from this address
        ((LocalIncomingServerSession) session).addValidatedDomain(hostname);
        Log.info("Inbound Server {} authenticated (via TLS)", username);
    }
}
 

import org.jivesoftware.openfire.auth.AuthToken; //导入依赖的package包/类
private boolean authUserFromRequest(final HttpServletRequest request) {

        final String userFromRequest = servletRequestAuthenticator == null ? null : servletRequestAuthenticator.authenticateRequest(request);
        if (userFromRequest == null) {
            // The user is not authenticated
            return false;
        }

        if (!adminManager.isUserAdmin(userFromRequest, true)) {
            // The user is not authorised
            Log.warn("The user '" + userFromRequest + "' is not an Openfire administrator.");
            return false;
        }

        // We're authenticated and authorised, so record the login,
        loginLimitManager.recordSuccessfulAttempt(userFromRequest, request.getRemoteAddr());

        // Set the auth token
        request.getSession().setAttribute("jive.admin.authToken", new AuthToken(userFromRequest));

        // And proceed
        return true;
    }
 

import org.jivesoftware.openfire.auth.AuthToken; //导入依赖的package包/类
/**
 * Returns the page user or <tt>null</tt> if one is not found.
 */
public User getUser() {
    User pageUser = null;
    try {
        final AuthToken authToken = getAuthToken();
        if (authToken == null )
        {
            Log.debug( "Unable to get user: no auth token on session." );
            return null;
        }
        final String username = authToken.getUsername();
        if (username == null || username.isEmpty())
        {
            Log.debug( "Unable to get user: no username in auth token on session." );
            return null;
        }
        pageUser = getUserManager().getUser(username);
    }
    catch (Exception ex) {
        Log.debug("Unexpected exception (which is ignored) while trying to obtain user.", ex);
    }
    return pageUser;
}
 

import org.jivesoftware.openfire.auth.AuthToken; //导入依赖的package包/类
/**
 * Removes a session.
 *
 * @param session the session.
 * @return true if the requested session was successfully removed.
 */
public boolean removeSession(LocalClientSession session) {
    // Do nothing if session is null or if the server is shutting down. Note: When the server
    // is shutting down the serverName will be null.
    if (session == null || serverName == null) {
        return false;
    }

    AuthToken authToken = session.getAuthToken();
    // Consider session anonymous (for this matter) if we are closing a session that never authenticated
    boolean anonymous = authToken == null || authToken.isAnonymous();
    return removeSession(session, session.getAddress(), anonymous, false);
}
 

import org.jivesoftware.openfire.auth.AuthToken; //导入依赖的package包/类
/**
 * Initialize the session with a valid authentication token and
 * resource name. This automatically upgrades the session's
 * status to authenticated and enables many features that are not
 * available until authenticated (obtaining managers for example).
 *
 * @param auth the authentication token obtained from the AuthFactory.
 * @param resource the resource this session authenticated under.
 */
public void setAuthToken(AuthToken auth, String resource) {
    setAddress(new JID(auth.getUsername(), getServerName(), resource));
    authToken = auth;
    setStatus(Session.STATUS_AUTHENTICATED);

    // Set default privacy list for this session
    setDefaultList(PrivacyListManager.getInstance().getDefaultPrivacyList(auth.getUsername()));
    // Add session to the session manager. The session will be added to the routing table as well
    sessionManager.addSession(this);
}
 

import org.jivesoftware.openfire.auth.AuthToken; //导入依赖的package包/类
/**
 * Should this session be allowed to resume?
 * This is used while processed <enable/> and <resume/>
 *
 * @return True if the session is allowed to resume.
 */
private boolean allowResume() {
    boolean allow = false;
    // Ensure that resource binding has occurred.
    if (session instanceof ClientSession) {
        AuthToken authToken = ((LocalClientSession)session).getAuthToken();
        if (authToken != null) {
            if (!authToken.isAnonymous()) {
                allow = true;
            }
        }
    }
    return allow;
}
 

import org.jivesoftware.openfire.auth.AuthToken; //导入依赖的package包/类
@Test
public void willNotRedirectARequestFromAnAdminUser() throws Exception {

    final AuthCheckFilter filter = new AuthCheckFilter(adminManager, loginLimitManager, AdminUserServletAuthenticatorClass.class.getName());

    filter.doFilter(request, response, filterChain);

    verify(response, never()).sendRedirect(anyString());
    verify(loginLimitManager).recordSuccessfulAttempt(adminUser, remoteAddr);
    final ArgumentCaptor<AuthToken> argumentCaptor = ArgumentCaptor.forClass(AuthToken.class);
    verify(httpSession).setAttribute(eq("jive.admin.authToken"), argumentCaptor.capture());
    final AuthToken authToken = argumentCaptor.getValue();
    assertThat(authToken.getUsername(), is(adminUser));
}
 

import org.jivesoftware.openfire.auth.AuthToken; //导入依赖的package包/类
/**
 * Authenticates a user with a username, token, and digest and returns an AuthToken.
 * The digest should be generated using the {@link AuthFactory#createDigest(String, String)} method.
 * If the username and digest do not match the record of any user in the system, the
 * method throws an UnauthorizedException.
 *
 * @param username the username.
 * @param token the token that was used with plain-text password to generate the digest.
 * @param digest the digest generated from plain-text password and unique token.
 * @return an AuthToken token if the username and digest are correct for the user's
 *      password and given token.
 * @throws UnauthorizedException if the username and password do not match any
 *      existing user or the account is locked out.
 */
public static AuthToken authenticate(String username, String token, String digest)
        throws UnauthorizedException, ConnectionException, InternalUnauthenticatedException {
    if (username == null || token == null || digest == null) {
        throw new UnauthorizedException();
    }
    if ( LockOutManager.getInstance().isAccountDisabled(username)) {
        LockOutManager.getInstance().recordFailedLogin(username);
        throw new UnauthorizedException();
    }
    username = username.trim().toLowerCase();
    if (username.contains("@")) {
        // Check that the specified domain matches the server's domain
        int index = username.indexOf("@");
        String domain = username.substring(index + 1);
        if (domain.equals( XMPPServer.getInstance().getServerInfo().getXMPPDomain())) {
            username = username.substring(0, index);
        } else {
            // Unknown domain. Return authentication failed.
            throw new UnauthorizedException();
        }
    }
    try {
        String password = AuthFactory.getPassword( username );
        String anticipatedDigest = AuthFactory.createDigest(token, password);
        if (!digest.equalsIgnoreCase(anticipatedDigest)) {
            throw new UnauthorizedException();
        }
    }
    catch (UserNotFoundException unfe) {
        throw new UnauthorizedException();
    }
    // Got this far, so the user must be authorized.
    return new AuthToken(username);
}
 

import org.jivesoftware.openfire.auth.AuthToken; //导入依赖的package包/类
private static void authenticationSuccessful(LocalSession session, String username,
        byte[] successData) {
    if (username != null && LockOutManager.getInstance().isAccountDisabled(username)) {
        // Interception!  This person is locked out, fail instead!
        LockOutManager.getInstance().recordFailedLogin(username);
        authenticationFailed(session);
        return;
    }
    StringBuilder reply = new StringBuilder(80);
    reply.append("<success xmlns=\"urn:ietf:params:xml:ns:xmpp-sasl\"");
    if (successData != null) {
        String successData_b64 = StringUtils.encodeBase64(successData).trim();
        reply.append(">").append(successData_b64).append("</success>");
    }
    else {
        reply.append("/>");
    }
    session.deliverRawText(reply.toString());
    // We only support SASL for c2s
    if (session instanceof ClientSession) {
        ((LocalClientSession) session).setAuthToken(new AuthToken(username));
    }
    else if (session instanceof IncomingServerSession) {
        String hostname = username;
        // Add the validated domain as a valid domain. The remote server can
        // now send packets from this address
        ((LocalIncomingServerSession) session).addValidatedDomain(hostname);
    }
}
 

import org.jivesoftware.openfire.auth.AuthToken; //导入依赖的package包/类
private static void authenticationSuccessful(LocalSession session, String username,
        byte[] successData) {
    if (username != null && LockOutManager.getInstance().isAccountDisabled(username)) {
        // Interception!  This person is locked out, fail instead!
        LockOutManager.getInstance().recordFailedLogin(username);
        authenticationFailed(session, Failure.ACCOUNT_DISABLED);
        return;
    }
    StringBuilder reply = new StringBuilder(80);
    reply.append("<success xmlns=\"urn:ietf:params:xml:ns:xmpp-sasl\"");
    if (successData != null) {
        String successData_b64 = StringUtils.encodeBase64(successData).trim();
        reply.append(">").append(successData_b64).append("</success>");
    }
    else {
        reply.append("/>");
    }
    session.deliverRawText(reply.toString());
    // We only support SASL for c2s
    if (session instanceof ClientSession) {
        ((LocalClientSession) session).setAuthToken(new AuthToken(username));
    }
    else if (session instanceof IncomingServerSession) {
        String hostname = username;
        // Add the validated domain as a valid domain. The remote server can
        // now send packets from this address
        ((LocalIncomingServerSession) session).addValidatedDomain(hostname);
    }
}
 

import org.jivesoftware.openfire.auth.AuthToken; //导入依赖的package包/类
/**
 *
 *
 */
public void occupantJoined(JID roomJID, JID user, String nickname)
{
	Log.info("ColibriIQHandler occupantJoined " + roomJID + " " + user + " " + nickname);

	String focusAgentName = "jitsi.videobridge." + roomJID.getNode();

	FocusAgent focusAgent;

	Participant participant = new Participant(nickname, user, focusAgentName);

	if (sessions.containsKey(focusAgentName))
	{
		focusAgent = sessions.get(focusAgentName);

	} else {
		focusAgent = new FocusAgent(focusAgentName, roomJID);
		LocalClientSession session = SessionManager.getInstance().createClientSession(focusAgent, new BasicStreamID(focusAgentName + "-" + System.currentTimeMillis() ) );
		focusAgent.setRouter( new SessionPacketRouter(session), session);
		AuthToken authToken = new AuthToken(focusAgentName, true);
		session.setAuthToken(authToken, focusAgentName);
		sessions.put(focusAgentName, focusAgent);

		Presence presence = new Presence();
		focusAgent.getRouter().route(presence);
	}

	if (registry.containsKey(user.toString()))
	{
		focusAgent.createColibriChannel(participant);

	} else {

		pending.put(user.toString() + roomJID.toString(), participant);
	}
}
 

import org.jivesoftware.openfire.auth.AuthToken; //导入依赖的package包/类
private void startResume(String namespace, String previd, long h) {
    Log.debug("Attempting resumption for {}, h={}", previd, h);
    this.namespace = namespace;
    // Ensure that resource binding has NOT occurred.
    if (!allowResume() ) {
        sendUnexpectedError();
        return;
    }
    if (session.getStatus() == Session.STATUS_AUTHENTICATED) {
        sendUnexpectedError();
        return;
    }
    AuthToken authToken = null;
    // Ensure that resource binding has occurred.
    if (session instanceof ClientSession) {
        authToken = ((LocalClientSession) session).getAuthToken();
    }
    if (authToken == null) {
        sendUnexpectedError();
        return;
    }
    // Decode previd.
    String resource;
    String streamId;
    try {
        StringTokenizer toks = new StringTokenizer(new String(StringUtils.decodeBase64(previd), StandardCharsets.UTF_8), "\0");
        resource = toks.nextToken();
        streamId = toks.nextToken();
    } catch (Exception e) {
        Log.debug("Exception from previd decode:", e);
        sendUnexpectedError();
        return;
    }
    JID fullJid = new JID(authToken.getUsername(), authToken.getDomain(), resource, true);
    Log.debug("Resuming session {}", fullJid);

    // Locate existing session.
    LocalClientSession otherSession = (LocalClientSession)XMPPServer.getInstance().getRoutingTable().getClientRoute(fullJid);
    if (otherSession == null) {
        sendError(new PacketError(PacketError.Condition.item_not_found));
        return;
    }
    if (!otherSession.getStreamID().getID().equals(streamId)) {
        sendError(new PacketError(PacketError.Condition.item_not_found));
        return;
    }
    Log.debug("Found existing session, checking status");
    // Previd identifies proper session. Now check SM status
    if (!otherSession.getStreamManager().namespace.equals(namespace)) {
        sendError(new PacketError(PacketError.Condition.unexpected_request));
        return;
    }
    if (!otherSession.getStreamManager().resume) {
        sendError(new PacketError(PacketError.Condition.unexpected_request));
        return;
    }
    if (!otherSession.isDetached()) {
        Log.debug("Existing session is not detached; detaching.");
        Connection oldConnection = otherSession.getConnection();
        otherSession.setDetached();
        oldConnection.close();
    }
    Log.debug("Attaching to other session.");
    // If we're all happy, disconnect this session.
    Connection conn = session.getConnection();
    session.setDetached();
    // Connect new session.
    otherSession.reattach(conn, h);
    // Perform resumption on new session.
    session.close();
}
 

import org.jivesoftware.openfire.auth.AuthToken; //导入依赖的package包/类
/**
 * Returns the auth token redirects to the login page if an auth token is not found.
 */
public AuthToken getAuthToken() {
    return (AuthToken)session.getAttribute("jive.admin.authToken");
}
 

import org.jivesoftware.openfire.auth.AuthToken; //导入依赖的package包/类
/**
 * Returns the authentication token associated with this session.
 *
 * @return the authentication token associated with this session (can be null).
 */
public AuthToken getAuthToken() {
    return authToken;
}