You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by tr...@apache.org on 2005/06/23 10:47:53 UTC
svn commit: r193113 - in
/directory/apacheds/branches/db_refactor/core/src/main/java/org/apache/ldap/server:
authn/ authz/
Author: trustin
Date: Thu Jun 23 01:47:51 2005
New Revision: 193113
URL: http://svn.apache.org/viewcvs?rev=193113&view=rev
Log:
* Removed unused classes.
* Revised JavaDoc
* Renamed LdapPrincipal.getDn() to getJndiName()
Removed:
directory/apacheds/branches/db_refactor/core/src/main/java/org/apache/ldap/server/authn/AuthenticatorContext.java
directory/apacheds/branches/db_refactor/core/src/main/java/org/apache/ldap/server/authn/GenericAuthenticatorContext.java
Modified:
directory/apacheds/branches/db_refactor/core/src/main/java/org/apache/ldap/server/authn/AbstractAuthenticator.java
directory/apacheds/branches/db_refactor/core/src/main/java/org/apache/ldap/server/authn/AnonymousAuthenticator.java
directory/apacheds/branches/db_refactor/core/src/main/java/org/apache/ldap/server/authn/AuthenticationService.java
directory/apacheds/branches/db_refactor/core/src/main/java/org/apache/ldap/server/authn/Authenticator.java
directory/apacheds/branches/db_refactor/core/src/main/java/org/apache/ldap/server/authn/LdapPrincipal.java
directory/apacheds/branches/db_refactor/core/src/main/java/org/apache/ldap/server/authn/SimpleAuthenticator.java
directory/apacheds/branches/db_refactor/core/src/main/java/org/apache/ldap/server/authz/AuthorizationService.java
Modified: directory/apacheds/branches/db_refactor/core/src/main/java/org/apache/ldap/server/authn/AbstractAuthenticator.java
URL: http://svn.apache.org/viewcvs/directory/apacheds/branches/db_refactor/core/src/main/java/org/apache/ldap/server/authn/AbstractAuthenticator.java?rev=193113&r1=193112&r2=193113&view=diff
==============================================================================
--- directory/apacheds/branches/db_refactor/core/src/main/java/org/apache/ldap/server/authn/AbstractAuthenticator.java (original)
+++ directory/apacheds/branches/db_refactor/core/src/main/java/org/apache/ldap/server/authn/AbstractAuthenticator.java Thu Jun 23 01:47:51 2005
@@ -18,6 +18,7 @@
import javax.naming.NamingException;
+import javax.naming.spi.InitialContextFactory;
import org.apache.ldap.common.name.LdapName;
import org.apache.ldap.server.configuration.AuthenticatorConfiguration;
@@ -29,6 +30,7 @@
* Base class for all Authenticators.
*
* @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ * @version $Rev$, $Date$
*/
public abstract class AbstractAuthenticator implements Authenticator
{
@@ -40,9 +42,9 @@
/**
- * Create a new AuthenticationService.
+ * Creates a new instance.
*
- * @param type authenticator's type
+ * @param type the type of this authenticator (e.g. <tt>'simple'</tt>, <tt>'none'</tt>...)
*/
protected AbstractAuthenticator( String type )
{
@@ -50,20 +52,23 @@
}
+ /**
+ * Returns {@link ContextFactoryConfiguration} of {@link InitialContextFactory}
+ * which initialized this authenticator.
+ */
public ContextFactoryConfiguration getFactoryConfiguration()
{
return factoryCfg;
}
+ /**
+ * Returns the configuration of this authenticator.
+ */
public AuthenticatorConfiguration getConfiguration()
{
return cfg;
}
-
- /**
- * Returns this authenticator's type.
- */
public String getAuthenticatorType()
{
return authenticatorType;
@@ -71,8 +76,9 @@
/**
- * Called by the server to indicate to an authenticator that the authenticator
- * is being placed into service.
+ * Initializes default properties (<tt>factoryConfiguration</tt> and
+ * <tt>configuration</tt>, and calls {@link #doInit()} method.
+ * Please put your initialization code into {@link #doInit()}.
*/
public final void init( ContextFactoryConfiguration factoryCfg, AuthenticatorConfiguration cfg ) throws NamingException
{
@@ -83,32 +89,51 @@
/**
- * A convenience method which can be overridden so that there's no need to
- * call super.init( authenticatorConfig ).
+ * Implement your initialization code here.
*/
- protected abstract void doInit();
-
- public void destroy()
+ protected void doInit() throws NamingException
{
}
/**
- * Perform the authentication operation and return the authorization id if successfull.
+ * Calls {@link #doDestroy()} method, and clears default properties
+ * (<tt>factoryConfiguration</tt> and <tt>configuration</tt>).
+ * Please put your deinitialization code into {@link #doDestroy()}.
*/
+ public final void destroy()
+ {
+ try
+ {
+ doDestroy();
+ }
+ finally
+ {
+ this.factoryCfg = null;
+ this.cfg = null;
+ }
+ }
+
+ /**
+ * Implement your deinitialization code here.
+ */
+ protected void doDestroy()
+ {
+ }
+
public abstract LdapPrincipal authenticate( ServerContext ctx ) throws NamingException;
/**
- * Allows a means to create an LDAP principal without exposing LdapPrincipal creation
- * to the rest of the world.
+ * Returns a new {@link LdapPrincipal} instance whose value is the specified
+ * <tt>name</tt>.
*
- * @param dn the distinguished name of the X.500 principal
- * @return the principal for the dn
- * @throws NamingException if there is a problem parsing the dn
+ * @param name the distinguished name of the X.500 principal
+ * @return the principal for the <tt>name</tt>
+ * @throws NamingException if there is a problem parsing <tt>name</tt>
*/
- protected LdapPrincipal createLdapPrincipal( String dn ) throws NamingException
+ protected static LdapPrincipal createLdapPrincipal( String name ) throws NamingException
{
- LdapName principalDn = new LdapName( dn );
+ LdapName principalDn = new LdapName( name );
return new LdapPrincipal( principalDn );
}
}
Modified: directory/apacheds/branches/db_refactor/core/src/main/java/org/apache/ldap/server/authn/AnonymousAuthenticator.java
URL: http://svn.apache.org/viewcvs/directory/apacheds/branches/db_refactor/core/src/main/java/org/apache/ldap/server/authn/AnonymousAuthenticator.java?rev=193113&r1=193112&r2=193113&view=diff
==============================================================================
--- directory/apacheds/branches/db_refactor/core/src/main/java/org/apache/ldap/server/authn/AnonymousAuthenticator.java (original)
+++ directory/apacheds/branches/db_refactor/core/src/main/java/org/apache/ldap/server/authn/AnonymousAuthenticator.java Thu Jun 23 01:47:51 2005
@@ -22,24 +22,24 @@
import org.apache.ldap.server.jndi.ServerContext;
/**
- * A default implentation of an AuthenticationService for handling anonymous connections.
+ * An {@link Authenticator} that handles anonymous connections
+ * (type <tt>'none'</tt>).
*
* @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
*/
public class AnonymousAuthenticator extends AbstractAuthenticator
{
+ /**
+ * Creates a new instance.
+ */
public AnonymousAuthenticator()
{
super( "none" );
}
- protected void doInit()
- {
- }
-
/**
- * This will be called when the authentication is set to "none" on the client.
- * If server is not configured to allow anonymous connections, it throws an exception.
+ * If the context is not configured to allow anonymous connections,
+ * this method throws a {@link javax.naming.NoPermissionException}.
*/
public LdapPrincipal authenticate( ServerContext ctx ) throws NamingException
{
Modified: directory/apacheds/branches/db_refactor/core/src/main/java/org/apache/ldap/server/authn/AuthenticationService.java
URL: http://svn.apache.org/viewcvs/directory/apacheds/branches/db_refactor/core/src/main/java/org/apache/ldap/server/authn/AuthenticationService.java?rev=193113&r1=193112&r2=193113&view=diff
==============================================================================
--- directory/apacheds/branches/db_refactor/core/src/main/java/org/apache/ldap/server/authn/AuthenticationService.java (original)
+++ directory/apacheds/branches/db_refactor/core/src/main/java/org/apache/ldap/server/authn/AuthenticationService.java Thu Jun 23 01:47:51 2005
@@ -55,12 +55,6 @@
*/
public class AuthenticationService implements Interceptor
{
- /** short for Context.SECURITY_AUTHENTICATION */
- private static final String AUTH_TYPE = Context.SECURITY_AUTHENTICATION;
-
- /** short for Context.SECURITY_CREDENTIALS */
- private static final String CREDS = Context.SECURITY_CREDENTIALS;
-
/** authenticators **/
public Map authenticators = new HashMap();
@@ -73,6 +67,9 @@
{
}
+ /**
+ * Registers and initializes all {@link Authenticator}s to this service.
+ */
public void init( ContextFactoryConfiguration factoryCfg, InterceptorConfiguration cfg ) throws NamingException
{
this.factoryCfg = factoryCfg;
@@ -94,6 +91,9 @@
}
}
+ /**
+ * Deinitializes and deregisters all {@link Authenticator}s from this service.
+ */
public void destroy()
{
Iterator i = new ArrayList( authenticators.values() ).iterator();
@@ -110,9 +110,8 @@
}
/**
- * Registers an AuthenticationService with the AuthenticationService. Called by each
- * AuthenticationService implementation after it has started to register for
- * authentication operation calls.
+ * Initializes the specified {@link Authenticator} and registers it to
+ * this service.
*/
private void register( AuthenticatorConfiguration cfg ) throws NamingException
{
@@ -129,13 +128,8 @@
}
/**
- * Unregisters an AuthenticationService with the AuthenticationService. Called for each
- * registered AuthenticationService right before it is to be stopped. This prevents
- * protocol server calls from reaching the Backend and effectively puts
- * the ContextPartition's naming context offline.
- *
- * @param authenticator AuthenticationService component to unregister with this
- * AuthenticationService.
+ * Deinitializes the specified {@link Authenticator} and deregisters it from
+ * this service.
*/
private void unregister( Authenticator authenticator )
{
@@ -159,14 +153,21 @@
}
/**
- * Gets the authenticators with a specific type.
- *
- * @param type the authentication type
- * @return the authenticators with the specified type
+ * Returns the list of {@link Authenticator}s with the specified type.
+ *
+ * @return <tt>null</tt> if no authenticator is found.
*/
private Collection getAuthenticators( String type )
{
- return ( Collection ) authenticators.get( type );
+ Collection result = ( Collection ) authenticators.get( type );
+ if( result != null && result.size() > 0 )
+ {
+ return result;
+ }
+ else
+ {
+ return null;
+ }
}
@@ -298,18 +299,18 @@
if ( ctx.getPrincipal() != null )
{
- if ( ctx.getEnvironment().containsKey( CREDS ) )
+ if ( ctx.getEnvironment().containsKey( Context.SECURITY_CREDENTIALS ) )
{
- ctx.removeFromEnvironment( CREDS );
+ ctx.removeFromEnvironment( Context.SECURITY_CREDENTIALS );
}
return;
}
- String authList = ( String ) ctx.getEnvironment().get( AUTH_TYPE );
+ String authList = ( String ) ctx.getEnvironment().get( Context.SECURITY_AUTHENTICATION );
if ( authList == null )
{
- if ( ctx.getEnvironment().containsKey( CREDS ) )
+ if ( ctx.getEnvironment().containsKey( Context.SECURITY_CREDENTIALS ) )
{
// authentication type is simple here
@@ -368,7 +369,7 @@
// remove creds so there is no security risk
- ctx.removeFromEnvironment( CREDS );
+ ctx.removeFromEnvironment( Context.SECURITY_CREDENTIALS );
return;
}
catch ( LdapAuthenticationException e )
@@ -382,6 +383,8 @@
/**
+ * FIXME This doesn't secure anything actually.
+ *
* Created this wrapper to pass to ctx.setPrincipal() which is public for added
* security. This adds more security because an instance of this class is not
* easily accessible whereas LdapPrincipals can be accessed easily from a context
Modified: directory/apacheds/branches/db_refactor/core/src/main/java/org/apache/ldap/server/authn/Authenticator.java
URL: http://svn.apache.org/viewcvs/directory/apacheds/branches/db_refactor/core/src/main/java/org/apache/ldap/server/authn/Authenticator.java?rev=193113&r1=193112&r2=193113&view=diff
==============================================================================
--- directory/apacheds/branches/db_refactor/core/src/main/java/org/apache/ldap/server/authn/Authenticator.java (original)
+++ directory/apacheds/branches/db_refactor/core/src/main/java/org/apache/ldap/server/authn/Authenticator.java Thu Jun 23 01:47:51 2005
@@ -17,41 +17,53 @@
package org.apache.ldap.server.authn;
+import javax.naming.Context;
import javax.naming.NamingException;
import org.apache.ldap.server.configuration.AuthenticatorConfiguration;
import org.apache.ldap.server.jndi.ContextFactoryConfiguration;
import org.apache.ldap.server.jndi.ServerContext;
+import org.apache.ldap.server.partition.ContextPartitionNexus;
/**
- * Defines methods that all Authenticators must implement.
+ * Authenticates users who access {@link ContextPartitionNexus}.
+ * <p>
+ * {@link Authenticator}s are registered to and configured by
+ * {@link AuthenticationService} interceptor.
+ * <p>
+ * {@link AuthenticationService} authenticates users by calling
+ * {@link #authenticate(ServerContext)}, and then {@link Authenticator}
+ * checks JNDI {@link Context} environment properties
+ * ({@link Context#SECURITY_PRINCIPAL} and {@link Context#SECURITY_CREDENTIALS})
+ * of current {@link Context}.
*
- * <p>An AuthenticationService is a program that performs client authentication based on the authentication
- * method/type that the client specifies in the JNDI properties.
- *
- * <p>To implement this interface, you can write an authenticator that extends org.apache.ldap.server.authn.AbstractAuthenticator.
- *
- * @see org.apache.ldap.server.authn.AbstractAuthenticator
+ * @see AbstractAuthenticator
* @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
* @version $Rev$
*/
public interface Authenticator
{
+ /**
+ * Returns the type of this authenticator (e.g. <tt>'simple'</tt>,
+ * <tt>'none'</tt>,...).
+ */
public String getAuthenticatorType();
/**
- * Called by the authenticator container to indicate that the authenticator is being placed into service.
+ * Called by {@link AuthenticationService} to indicate that this
+ * authenticator is being placed into service.
*/
public void init( ContextFactoryConfiguration factoryCfg, AuthenticatorConfiguration cfg ) throws NamingException;
/**
- * Called by the authenticator container to indicate that the authenticator is being removed from service.
+ * Called by {@link AuthenticationService} to indicate that this
+ * authenticator is being removed from service.
*/
public void destroy();
/**
- * Perform the authentication operation and return the authorization id if successfull.
+ * Performs authentication and returns the principal if succeeded.
*/
public LdapPrincipal authenticate( ServerContext ctx ) throws NamingException;
}
Modified: directory/apacheds/branches/db_refactor/core/src/main/java/org/apache/ldap/server/authn/LdapPrincipal.java
URL: http://svn.apache.org/viewcvs/directory/apacheds/branches/db_refactor/core/src/main/java/org/apache/ldap/server/authn/LdapPrincipal.java?rev=193113&r1=193112&r2=193113&view=diff
==============================================================================
--- directory/apacheds/branches/db_refactor/core/src/main/java/org/apache/ldap/server/authn/LdapPrincipal.java (original)
+++ directory/apacheds/branches/db_refactor/core/src/main/java/org/apache/ldap/server/authn/LdapPrincipal.java Thu Jun 23 01:47:51 2005
@@ -67,23 +67,29 @@
/**
* Gets a cloned copy of the normalized distinguished name of this
- * principal as a JNDI Name. It must be cloned to protect this Principal
- * from alteration.
+ * principal as a JNDI {@link Name}.
*
- * @return the normalized distinguished name of the principal as a JNDI Name
+ * @return the normalized distinguished name of the principal as a JNDI {@link Name}
*/
- public Name getDn()
+ public Name getJndiName()
{
return ( Name ) name.clone();
}
/**
- * Gets the normalized distinguished name of the principal as a String.
- *
- * @see Principal#getName()
+ * Returns the normalized distinguished name of the principal as a String.
*/
public String getName()
+ {
+ return name.toString();
+ }
+
+ /**
+ * Returns string representation of the normalized distinguished name
+ * of this principal.
+ */
+ public String toString()
{
return name.toString();
}
Modified: directory/apacheds/branches/db_refactor/core/src/main/java/org/apache/ldap/server/authn/SimpleAuthenticator.java
URL: http://svn.apache.org/viewcvs/directory/apacheds/branches/db_refactor/core/src/main/java/org/apache/ldap/server/authn/SimpleAuthenticator.java?rev=193113&r1=193112&r2=193113&view=diff
==============================================================================
--- directory/apacheds/branches/db_refactor/core/src/main/java/org/apache/ldap/server/authn/SimpleAuthenticator.java (original)
+++ directory/apacheds/branches/db_refactor/core/src/main/java/org/apache/ldap/server/authn/SimpleAuthenticator.java Thu Jun 23 01:47:51 2005
@@ -31,30 +31,25 @@
/**
- * A simple AuthenticationService that just authenticates clear text passwords
- * contained within the <code>userPassword</code> attribute.
+ * A simple {@link Authenticator} that authenticates clear text passwords
+ * contained within the <code>userPassword</code> attribute in DIT.
*
* @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
*/
public class SimpleAuthenticator extends AbstractAuthenticator
{
/**
- * Creates a simple authenticator for clear text passwords in
- * userPassword attributes.
+ * Creates a new instance.
*/
public SimpleAuthenticator( )
{
super( "simple" );
}
- protected void doInit()
- {
- }
-
/**
- * Uses the userPassword field of the user to authenticate.
- *
- * @see org.apache.ldap.server.authn.Authenticator#authenticate(org.apache.ldap.server.jndi.ServerContext)
+ * Looks up <tt>userPassword</tt> attribute of the entry whose name is
+ * the value of {@link Context#SECURITY_PRINCIPAL} environment variable,
+ * and authenticates a user with the plain-text password.
*/
public LdapPrincipal authenticate( ServerContext ctx ) throws NamingException
{
Modified: directory/apacheds/branches/db_refactor/core/src/main/java/org/apache/ldap/server/authz/AuthorizationService.java
URL: http://svn.apache.org/viewcvs/directory/apacheds/branches/db_refactor/core/src/main/java/org/apache/ldap/server/authz/AuthorizationService.java?rev=193113&r1=193112&r2=193113&view=diff
==============================================================================
--- directory/apacheds/branches/db_refactor/core/src/main/java/org/apache/ldap/server/authz/AuthorizationService.java (original)
+++ directory/apacheds/branches/db_refactor/core/src/main/java/org/apache/ldap/server/authz/AuthorizationService.java Thu Jun 23 01:47:51 2005
@@ -103,7 +103,7 @@
public void delete( NextInterceptor nextInterceptor, Name name ) throws NamingException
{
- Name principalDn = getPrincipal().getDn();
+ Name principalDn = getPrincipal().getJndiName();
if ( name.toString().equals( "" ) )
{
@@ -186,7 +186,7 @@
private void protectModifyAlterations( Name dn ) throws LdapNoPermissionException
{
- Name principalDn = getPrincipal().getDn();
+ Name principalDn = getPrincipal().getJndiName();
if ( dn.toString().equals( "" ) )
{
@@ -259,7 +259,7 @@
private void protectDnAlterations( Name dn ) throws LdapNoPermissionException
{
- Name principalDn = getPrincipal().getDn();
+ Name principalDn = getPrincipal().getJndiName();
if ( dn.toString().equals( "" ) )
{
@@ -325,7 +325,7 @@
{
LdapContext ctx =
( LdapContext ) InvocationStack.getInstance().peek().getTarget();
- Name principalDn = ( ( ServerContext ) ctx ).getPrincipal().getDn();
+ Name principalDn = ( ( ServerContext ) ctx ).getPrincipal().getJndiName();
if ( !principalDn.equals( ADMIN_DN ) )
{
@@ -428,7 +428,7 @@
dn = dnParser.parse( result.getName() );
}
- Name principalDn = ( ( ServerContext ) ctx ).getPrincipal().getDn();
+ Name principalDn = ( ( ServerContext ) ctx ).getPrincipal().getJndiName();
if ( !principalDn.equals( ADMIN_DN ) )
{
if ( dn.size() > 2 )