You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sling.apache.org by as...@apache.org on 2014/10/09 21:15:44 UTC

svn commit: r1630560 - in /sling/trunk/bundles/auth/core/src/main: java/org/apache/sling/auth/core/impl/SlingAuthenticator.java resources/OSGI-INF/metatype/metatype.properties

Author: asanso
Date: Thu Oct  9 19:15:43 2014
New Revision: 1630560

URL: http://svn.apache.org/r1630560
Log:
SLING-3991 - Support Password Change Upon Expiry Via SimpleCredentials Attribute (applied patch from Dominique Jaeggi)

Modified:
    sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/impl/SlingAuthenticator.java
    sling/trunk/bundles/auth/core/src/main/resources/OSGI-INF/metatype/metatype.properties

Modified: sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/impl/SlingAuthenticator.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/impl/SlingAuthenticator.java?rev=1630560&r1=1630559&r2=1630560&view=diff
==============================================================================
--- sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/impl/SlingAuthenticator.java (original)
+++ sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/impl/SlingAuthenticator.java Thu Oct  9 19:15:43 2014
@@ -113,6 +113,12 @@ public class SlingAuthenticator implemen
     @Property(value = DEFAULT_IMPERSONATION_PARAMETER)
     public static final String PAR_IMPERSONATION_PAR_NAME = "auth.sudo.parameter";
 
+    /** The default new password parameter name */
+    private static final String DEFAULT_NEWPASSWORD_PARAMETER = "newpassword";
+
+    @Property(value = DEFAULT_NEWPASSWORD_PARAMETER)
+    public static final String PAR_NEWPASSWORD_PAR_NAME = "auth.newpassword.parameter";
+
     /** The default value for allowing anonymous access */
     private static final boolean DEFAULT_ANONYMOUS_ALLOWED = true;
 
@@ -233,6 +239,9 @@ public class SlingAuthenticator implemen
      */
     private char[] anonPassword;
 
+    /** name of the new password parameter */
+    private String newPasswordParameterName;
+
     /** HTTP Basic authentication handler */
     private HttpBasicAuthenticationHandler httpBasicHandler;
 
@@ -350,6 +359,8 @@ public class SlingAuthenticator implemen
             this.anonPassword = null;
         }
 
+        this.newPasswordParameterName = OsgiUtil.toString(properties.get(PAR_NEWPASSWORD_PAR_NAME), "");
+
         authUriSuffices = OsgiUtil.toStringArray(properties.get(PAR_AUTH_URI_SUFFIX),
             new String[] { DEFAULT_AUTH_URI_SUFFIX });
 
@@ -760,6 +771,7 @@ public class SlingAuthenticator implemen
         // try to connect
         try {
             handleImpersonation(request, authInfo);
+            handlePasswordChange(request, authInfo);
             ResourceResolver resolver = resourceResolverFactory.getResourceResolver(authInfo);
             final boolean impersChanged = setSudoCookie(request, response, authInfo);
 
@@ -1241,6 +1253,25 @@ public class SlingAuthenticator implemen
         }
     }
 
+    /**
+     * Handles password change based on the request parameter for the new password
+     * (see {@link #newPasswordParameterName}).
+     * <p>
+     * If the new password request parameter is present, it is added to the authInfo
+     * object, which is later transformed to SimpleCredentials attributes.
+     *
+     * @param req The {@link HttpServletRequest} optionally containing
+     *            the new password parameter.
+     * @param authInfo The authentication info into which the
+     *            <code>newPassword</code> property is set.
+     */
+    private void handlePasswordChange(HttpServletRequest req, AuthenticationInfo authInfo) {
+        String newPassword = req.getParameter(this.newPasswordParameterName);
+        if (newPassword != null && newPassword.length() > 0) {
+            authInfo.put("user.newpassword", newPassword);
+        }
+    }
+
     private String getSudoCookieValue(HttpServletRequest req) {
         // the current state of impersonation
         String currentSudo = null;

Modified: sling/trunk/bundles/auth/core/src/main/resources/OSGI-INF/metatype/metatype.properties
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/auth/core/src/main/resources/OSGI-INF/metatype/metatype.properties?rev=1630560&r1=1630559&r2=1630560&view=diff
==============================================================================
--- sling/trunk/bundles/auth/core/src/main/resources/OSGI-INF/metatype/metatype.properties (original)
+++ sling/trunk/bundles/auth/core/src/main/resources/OSGI-INF/metatype/metatype.properties Thu Oct  9 19:15:43 2014
@@ -96,6 +96,11 @@ auth.sudo.parameter.description = The na
  impersonated session (instead of the actually authenticated session) and set \
  a session cookie of the name defined in the Impersonation Cookie setting.
 
+auth.newpassword.parameter.name = New Password Parameter
+auth.newpassword.parameter.description = The name of the request POST parameter \
+ used for changing the password alongside a login request when the user's password \
+ has expired.
+
 auth.http.name = HTTP Basic Authentication
 auth.http.description = Level of support for HTTP Basic Authentication. Such \
  support can be provided in three levels: (1) no support at all, that is \