You are viewing a plain text version of this content. The canonical link for it is here.
Posted to jetspeed-dev@portals.apache.org by ta...@apache.org on 2008/02/08 01:56:52 UTC
svn commit: r619714 - in /portals/jetspeed-2/trunk:
components/jetspeed-sso/src/main/java/org/apache/jetspeed/sso/impl/PersistenceBrokerSSOProvider.java
jetspeed-api/src/main/java/org/apache/jetspeed/sso/SSOProvider.java
Author: taylor
Date: Thu Feb 7 16:56:49 2008
New Revision: 619714
URL: http://svn.apache.org/viewvc?rev=619714&view=rev
Log:
add transactional support to SSO addCredentials
the other signature had serious performance issues storing the Site everytime
Modified:
portals/jetspeed-2/trunk/components/jetspeed-sso/src/main/java/org/apache/jetspeed/sso/impl/PersistenceBrokerSSOProvider.java
portals/jetspeed-2/trunk/jetspeed-api/src/main/java/org/apache/jetspeed/sso/SSOProvider.java
Modified: portals/jetspeed-2/trunk/components/jetspeed-sso/src/main/java/org/apache/jetspeed/sso/impl/PersistenceBrokerSSOProvider.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/trunk/components/jetspeed-sso/src/main/java/org/apache/jetspeed/sso/impl/PersistenceBrokerSSOProvider.java?rev=619714&r1=619713&r2=619714&view=diff
==============================================================================
--- portals/jetspeed-2/trunk/components/jetspeed-sso/src/main/java/org/apache/jetspeed/sso/impl/PersistenceBrokerSSOProvider.java (original)
+++ portals/jetspeed-2/trunk/components/jetspeed-sso/src/main/java/org/apache/jetspeed/sso/impl/PersistenceBrokerSSOProvider.java Thu Feb 7 16:56:49 2008
@@ -1434,4 +1434,97 @@
}
return result;
}
+
+ public void addCredentialsForSite(SSOSite ssoSite, Subject subject, String remoteUser, String pwd)
+ throws SSOException
+ {
+ String fullPath = ((BasePrincipal) SecurityHelper.getBestPrincipal(
+ subject, UserPrincipal.class)).getFullPath();
+ String principalName = ((BasePrincipal) SecurityHelper
+ .getBestPrincipal(subject, UserPrincipal.class)).getName();
+
+ // Add an entry for the principal to the site if it doesn't exist
+ SSOPrincipal principal = this.getPrincipalForSite(ssoSite, fullPath);
+
+ if (principal == null)
+ {
+ principal = getSSOPrincipal(fullPath);
+ ssoSite.addPrincipal(principal);
+ } else
+ {
+ // Check if the entry the user likes to update exists already
+ Collection remoteForSite = ssoSite.getRemotePrincipals();
+ Collection principalsForSite = ssoSite.getPrincipals();
+
+ if (remoteForSite != null && principalsForSite != null)
+ {
+ Collection remoteForPrincipals = this
+ .getRemotePrincipalsForPrincipal(principalsForSite,
+ fullPath);
+ if (remoteForPrincipals != null)
+ {
+ if (findRemoteMatch(remoteForPrincipals, remoteForSite) != null)
+ {
+ // Entry exists can't to an add has to call update
+ throw new SSOException(
+ SSOException.REMOTE_PRINCIPAL_EXISTS_CALL_UPDATE);
+ }
+ }
+ }
+ }
+
+ if (principal == null)
+ throw new SSOException(
+ SSOException.FAILED_ADDING_PRINCIPAL_TO_MAPPING_TABLE_FOR_SITE);
+
+ // Create a remote principal and credentials
+ InternalUserPrincipalImpl remotePrincipal = new InternalUserPrincipalImpl(
+ remoteUser);
+
+ /*
+ * The RemotePrincipal (class InternalUserPrincipal) will have a
+ * fullPath that identifies the entry as an SSO credential. The entry
+ * has to be unique for a site and principal (GROUP -or- USER ) an
+ * therefore it needs to be encoded as following: The convention for the
+ * path is the following: /sso/SiteID/{user|group}/{user name | group
+ * name}/remote user name
+ */
+ if (fullPath.indexOf("/group/") > -1)
+ remotePrincipal.setFullPath("/sso/" + ssoSite.getSiteId()
+ + "/group/" + principalName + "/" + remoteUser);
+ else
+ remotePrincipal.setFullPath("/sso/" + ssoSite.getSiteId()
+ + "/user/" + principalName + "/" + remoteUser);
+
+ // New credential object for remote principal
+ InternalCredentialImpl credential = new InternalCredentialImpl(
+ remotePrincipal.getPrincipalId(), this.scramble(pwd), 0,
+ DefaultPasswordCredentialImpl.class.getName());
+
+ if (remotePrincipal.getCredentials() == null)
+ remotePrincipal.setCredentials(new ArrayList(0));
+
+ remotePrincipal.getCredentials().add(credential);
+
+ // Add it to Principals remotePrincipals list
+ principal.addRemotePrincipal(remotePrincipal);
+
+ // Update the site remotePrincipals list
+ ssoSite.getRemotePrincipals().add(remotePrincipal);
+
+ // Update database and reset cache
+ try
+ {
+ getPersistenceBrokerTemplate().store(ssoSite);
+
+ // Persist Principal/Remote
+ getPersistenceBrokerTemplate().store(principal);
+ } catch (Exception e)
+ {
+ e.printStackTrace();
+ throw new SSOException(SSOException.FAILED_STORING_SITE_INFO_IN_DB
+ + e.toString());
+ }
+ }
+
}
Modified: portals/jetspeed-2/trunk/jetspeed-api/src/main/java/org/apache/jetspeed/sso/SSOProvider.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/trunk/jetspeed-api/src/main/java/org/apache/jetspeed/sso/SSOProvider.java?rev=619714&r1=619713&r2=619714&view=diff
==============================================================================
--- portals/jetspeed-2/trunk/jetspeed-api/src/main/java/org/apache/jetspeed/sso/SSOProvider.java (original)
+++ portals/jetspeed-2/trunk/jetspeed-api/src/main/java/org/apache/jetspeed/sso/SSOProvider.java Thu Feb 7 16:56:49 2008
@@ -22,6 +22,9 @@
import javax.security.auth.Subject;
+import org.apache.jetspeed.sso.SSOException;
+import org.apache.jetspeed.sso.SSOSite;
+
/**
* <p>Utility component to handle SSO requests</p>
@@ -126,6 +129,18 @@
* @throws SSOException
*/
void addCredentialsForSite(String fullPath, String remoteUser, String site, String pwd) throws SSOException;
+
+ /**
+ * Add credentials inside a transaction using existing ssoSite
+ *
+ * @param ssoSite
+ * @param subject
+ * @param remoteUser
+ * @param pwd
+ * @throws SSOException
+ */
+ public void addCredentialsForSite(SSOSite ssoSite, Subject subject, String remoteUser, String pwd)
+ throws SSOException;
/**
* removeCredentialsForSite()
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org