impostor
Class EmptyManager

java.lang.Object
  |
  +--impostor.EmptyManager

All Implemented Interfaces:

ChallengeResponseManager, ContentFilter, RequestRecognizer, UserManager

class EmptyManager

extends java.lang.Object

implements ContentFilter, ChallengeResponseManager, UserManager, RequestRecognizer

This class provides simple or empty implementations of the interfaces of the impostor package. It is used internally by an Impostor daemon that is instantiated without all arguments.

Constructor Summary

(package private)

EmptyManager()

Method Summary

java.lang.String	fillInUsernameAndPassword(java.lang.String username, java.lang.String password) A RequestRecognizer must also implement the functionality to fill a given username and password into the HTTP request with which is was initialized, such that the resulting HTTP request effectively logs the specified username into the site, using the specified password.
java.lang.String	filterHTTPHeaders(java.lang.String string) The Impostor daemon calls this method in order to remove sensitive information from HTTP headers sent from websites to the user's browser.
java.lang.String	filterWebPageLine(java.lang.String string) The Impostor daemon calls this method in order to remove sensitive information from HTML pages sent from websites to the user's browser.
java.lang.String	getLogEntry() The Impostor daemon calls this method in order to store an entry in a log for this RequestRecognizer.
java.lang.Object	getNewChallenge() The Impostor daemon calls this method in order to get the next challenge for carrying out user authentication.
java.lang.String	getPasswordForIdentifier(java.lang.Object identifier, RequestRecognizer rr) The Impostor daemon calls this method in order to determine the password that the Impostor user identified by the given identifier maintains at the website for which the given RequestRecognizer recognized a login request.
RequestRecognizer	getRequestRecognizerInstance() A UserManager implementation has to work very close with a RequestRecognizer implementation: the UserManager implementation knows the usernames and passwords of Impostor users at a specific set of websites, while the RequestRecognizer implementation recognizes HTTP login requests for exactly this set of websites.
java.lang.String	getServiceName() The Impostor daemon calls this method only if this RequestRecognizer's isRecognized method returns true.
java.lang.String	getUsernameForIdentifier(java.lang.Object identifier, RequestRecognizer rr) The Impostor daemon calls this method in order to determine the username that the Impostor user identified by the given identifier maintains at the website for which the given RequestRecognizer recognized a login request.
void	init(java.lang.String host, int port, java.lang.String request) The Impostor daemon calls this method in order to initialize the RequestRecognizer.
boolean	isRecognized() The Impostor daemon calls this method in order to determine whether this RequestRecognizer recognized the HTTP request with which it was initialized as a login attempt into a website.
boolean	isValidIdentifier(java.lang.Object identifier) The Impostor daemon calls this method in order to determine whether or not a given user identifier is valid (known).
boolean	verifyResponse(java.lang.Object identifier, java.lang.Object challenge, java.lang.Object response) The Impostor daemon calls this method in order to verify whether or not the response from the user identified by the given identifier matches the given challenge.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

EmptyManager

EmptyManager()

Method Detail

filterHTTPHeaders

public java.lang.String filterHTTPHeaders(java.lang.String string)

Description copied from interface: ContentFilter

The Impostor daemon calls this method in order to remove sensitive information from HTTP headers sent from websites to the user's browser.

Specified by:

filterHTTPHeaders in interface ContentFilter

filterWebPageLine

public java.lang.String filterWebPageLine(java.lang.String string)

Description copied from interface: ContentFilter

The Impostor daemon calls this method in order to remove sensitive information from HTML pages sent from websites to the user's browser. The method is called on a line-by-line basis.

Specified by:

filterWebPageLine in interface ContentFilter

getNewChallenge

public java.lang.Object getNewChallenge()

Description copied from interface: ChallengeResponseManager

The Impostor daemon calls this method in order to get the next challenge for carrying out user authentication. Note that it is independent of any particular user since the challenge is issued BEFORE the user has a chance to identify him/herself.

Specified by:

getNewChallenge in interface ChallengeResponseManager

isValidIdentifier

public boolean isValidIdentifier(java.lang.Object identifier)

Description copied from interface: ChallengeResponseManager

The Impostor daemon calls this method in order to determine whether or not a given user identifier is valid (known). At the moment, the identifier is a String object that is retrieved from the user input of the Impostor login page (login.html).

Specified by:

isValidIdentifier in interface ChallengeResponseManager

verifyResponse

public boolean verifyResponse(java.lang.Object identifier,
                              java.lang.Object challenge,
                              java.lang.Object response)

Description copied from interface: ChallengeResponseManager

The Impostor daemon calls this method in order to verify whether or not the response from the user identified by the given identifier matches the given challenge. The challenge object had been previously acquired using the getNewChallenge method. The identifier and response parameters are String objects, as entered by the user into the Impostor login page (login.html).

Specified by:

verifyResponse in interface ChallengeResponseManager

getUsernameForIdentifier

public java.lang.String getUsernameForIdentifier(java.lang.Object identifier,
                                                 RequestRecognizer rr)
                                          throws java.lang.Exception

Description copied from interface: UserManager

The Impostor daemon calls this method in order to determine the username that the Impostor user identified by the given identifier maintains at the website for which the given RequestRecognizer recognized a login request. The identifier is a String object, obtained from the user input from the Impostor login page, and the RequestRecognizer is the RequestRecognizer instance that recognized the HTTP request as a login request into a website.
Note that before calling this method the Impostor daemon checks the validity of the user identifier using the isValid method of the ChallengeResponseManager implementation with which the daemon was instantiated Thus, a UserManager and a ChallengeResponseManager have common user identifiers: the identifiers of Impostor users.

Specified by:

getUsernameForIdentifier in interface UserManager

java.lang.Exception

getPasswordForIdentifier

public java.lang.String getPasswordForIdentifier(java.lang.Object identifier,
                                                 RequestRecognizer rr)
                                          throws java.lang.Exception

Description copied from interface: UserManager

The Impostor daemon calls this method in order to determine the password that the Impostor user identified by the given identifier maintains at the website for which the given RequestRecognizer recognized a login request. The identifier is a String object, obtained from the user input from the Impostor login page, and the RequestRecognizer is a RequestRecognizer implementation previously obtained using the getRequestRecognizerInstance method.

Specified by:

getPasswordForIdentifier in interface UserManager

java.lang.Exception

getRequestRecognizerInstance

public RequestRecognizer getRequestRecognizerInstance()

Description copied from interface: UserManager

A UserManager implementation has to work very close with a RequestRecognizer implementation: the UserManager implementation knows the usernames and passwords of Impostor users at a specific set of websites, while the RequestRecognizer implementation recognizes HTTP login requests for exactly this set of websites. This method should return a new RequestRecognizer instance of the RequestRecognizer this UserManager implementation works with. The Impostor daemon calls this method for every incoming HTTP request, as it needs a fresh RequestRecognizer.
Note that before calling this method the Impostor daemon checks the validity of the user identifier using the isValid method of the ChallengeResponseManager implementation with which the Impostor was instantiated. Thus, a UserManager and a ChallengeResponseManager have common user identifiers: the identifiers of Impostor users.

Specified by:

getRequestRecognizerInstance in interface UserManager

init

public void init(java.lang.String host,
                 int port,
                 java.lang.String request)

Description copied from interface: RequestRecognizer

The Impostor daemon calls this method in order to initialize the RequestRecognizer. It is called for every HTML request coming from a user. The parameters passed to the method is the host name of the website, the port number of the TCP socket (this is typically 80 for HTTP or 447 for HTTPS) and the HTTP request itself. This includes HTML request headers and, only in the case of a POST request, the POST string that follows immetiately after the headers. An implementing class should analyze the request and determine whether this is a login request for a website or not.

Specified by:

init in interface RequestRecognizer

isRecognized

public boolean isRecognized()

Description copied from interface: RequestRecognizer

The Impostor daemon calls this method in order to determine whether this RequestRecognizer recognized the HTTP request with which it was initialized as a login attempt into a website. The method should return false if the init method of this object has not been called yet, or if the request was not recognized as a login attempt. If this method returns true, the Impostor daemon expects the remaining methods to return non-null values.

Specified by:

isRecognized in interface RequestRecognizer

getServiceName

public java.lang.String getServiceName()

Description copied from interface: RequestRecognizer

The Impostor daemon calls this method only if this RequestRecognizer's isRecognized method returns true. This method should return the name of the service or website this recognized request is a login attempt for. The daemon uses this name in order to generate the Impostor login page.

Specified by:

getServiceName in interface RequestRecognizer

fillInUsernameAndPassword

public java.lang.String fillInUsernameAndPassword(java.lang.String username,
                                                  java.lang.String password)

Description copied from interface: RequestRecognizer

A RequestRecognizer must also implement the functionality to fill a given username and password into the HTTP request with which is was initialized, such that the resulting HTTP request effectively logs the specified username into the site, using the specified password. The Impostor daemon calls this method only if this RequestRecognizer's isRecognized method returns true. The daemon will call this method only after a valid Impostor user has successfully authenticated him/herself. (as determined by the imlementation of a ChallengeResponseManager). The username and password the Impostor daemon passes as parameters to this method are determined by the implementation of a UserManager.

Specified by:

fillInUsernameAndPassword in interface RequestRecognizer

getLogEntry

public java.lang.String getLogEntry()

Description copied from interface: RequestRecognizer

The Impostor daemon calls this method in order to store an entry in a log for this RequestRecognizer. An implementation should return the details of an HTTP request if, of course, it has been initialized.

Specified by:

getLogEntry in interface RequestRecognizer