You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by dj...@apache.org on 2007/09/30 21:02:13 UTC
svn commit: r580769 - in /directory/apacheds/branches/bigbang:
core/src/main/java/org/apache/directory/server/core/authn/
core/src/main/java/org/apache/directory/server/core/configuration/
server-jndi/src/main/java/org/apache/directory/server/configura...
Author: djencks
Date: Sun Sep 30 12:02:12 2007
New Revision: 580769
URL: http://svn.apache.org/viewvc?rev=580769&view=rev
Log:
DIRSERVER-1074 move autenticator setup to AuthenticationService
Modified:
directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/authn/AbstractAuthenticator.java
directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/authn/AuthenticationService.java
directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/configuration/MutableStartupConfiguration.java
directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/configuration/StartupConfiguration.java
directory/apacheds/branches/bigbang/server-jndi/src/main/java/org/apache/directory/server/configuration/MutableServerStartupConfiguration.java
Modified: directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/authn/AbstractAuthenticator.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/authn/AbstractAuthenticator.java?rev=580769&r1=580768&r2=580769&view=diff
==============================================================================
--- directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/authn/AbstractAuthenticator.java (original)
+++ directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/authn/AbstractAuthenticator.java Sun Sep 30 12:02:12 2007
@@ -40,7 +40,7 @@
private DirectoryServiceConfiguration factoryCfg;
/** authenticator type */
- private String authenticatorType;
+ private final String authenticatorType;
/**
@@ -125,21 +125,5 @@
public void invalidateCache( LdapDN bindDn )
{
}
-
- /**
- * Returns a new {@link LdapPrincipal} instance whose value is the specified
- * <tt>name</tt>.
- *
- * @param name the distinguished name of the X.500 principal
- * @param authenticationLeve
- * @return the principal for the <tt>name</tt>
- * @throws NamingException if there is a problem parsing <tt>name</tt>
- */
- protected static LdapPrincipal createLdapPrincipal( String name, AuthenticationLevel authenticationLeve )
- throws NamingException
- {
- LdapDN principalDn = new LdapDN( name );
- return new LdapPrincipal( principalDn, AuthenticationLevel.SIMPLE );
- }
}
Modified: directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/authn/AuthenticationService.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/authn/AuthenticationService.java?rev=580769&r1=580768&r2=580769&view=diff
==============================================================================
--- directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/authn/AuthenticationService.java (original)
+++ directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/authn/AuthenticationService.java Sun Sep 30 12:02:12 2007
@@ -69,22 +69,21 @@
/**
* An {@link Interceptor} that authenticates users.
*
- * @org.apache.xbean.XBean
- *
* @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
* @version $Rev$, $Date$
+ * @org.apache.xbean.XBean
*/
public class AuthenticationService extends BaseInterceptor
{
private static final Logger log = LoggerFactory.getLogger( AuthenticationService.class );
-
- /** Speedup for logs */
- private static final boolean IS_DEBUG = log.isDebugEnabled();
- /** authenticators **/
- public Map<String, Collection<Authenticator>> authenticators = new HashMap<String, Collection<Authenticator>>();
+ /**
+ * Speedup for logs
+ */
+ private static final boolean IS_DEBUG = log.isDebugEnabled();
- private DirectoryServiceConfiguration factoryCfg;
+ private Set<Authenticator> authenticators;
+ private final Map<String, Collection<Authenticator>> authenticatorsMapByType = new HashMap<String, Collection<Authenticator>>();
/**
* Creates an authentication service interceptor.
@@ -96,108 +95,97 @@
/**
* Registers and initializes all {@link Authenticator}s to this service.
*/
- public void init(DirectoryServiceConfiguration factoryCfg) throws NamingException
+ public void init( DirectoryServiceConfiguration factoryCfg ) throws NamingException
{
- this.factoryCfg = factoryCfg;
+ if ( authenticators == null )
+ {
+ setDefaultAuthenticators();
+ }
// Register all authenticators
- for ( Authenticator authenticator:factoryCfg.getStartupConfiguration().getAuthenticators() )
+ for ( Authenticator authenticator : authenticators )
{
- try
- {
- register( authenticator );
- }
- catch ( Exception e )
- {
- destroy();
- throw ( NamingException ) new NamingException( "Failed to register authenticator." ).initCause( e );
- }
+ register( authenticator, factoryCfg );
}
}
+ private void setDefaultAuthenticators()
+ {
+ Set<Authenticator> set = new HashSet<Authenticator>();
+ set.add( new AnonymousAuthenticator() );
+ set.add( new SimpleAuthenticator() );
+ set.add( new StrongAuthenticator() );
+
+ setAuthenticators( set );
+ }
+
+
+ public Set<Authenticator> getAuthenticators()
+ {
+ return authenticators;
+ }
/**
- * Deinitializes and deregisters all {@link Authenticator}s from this service.
+ * @param authenticators authenticators to be used by this AuthenticationService
+ * @org.apache.xbean.Property nestedType="org.apache.directory.server.core.authn.Authenticator"
*/
- public void destroy()
+ public void setAuthenticators( Set<Authenticator> authenticators )
{
- Set<Collection<Authenticator>> clonedAuthenticatorCollections = new HashSet<Collection<Authenticator>>();
- clonedAuthenticatorCollections.addAll( authenticators.values() );
-
- for ( Collection<Authenticator> collection:clonedAuthenticatorCollections )
- {
- Set <Authenticator> clonedAuthenticators = new HashSet<Authenticator>();
- clonedAuthenticators.addAll( collection );
-
- for ( Authenticator authenticator:clonedAuthenticators )
- {
- unregister( authenticator );
- }
- }
-
- authenticators.clear();
+ this.authenticators = authenticators;
}
/**
- * Initializes the specified {@link Authenticator} and registers it to
- * this service.
+ * Deinitializes and deregisters all {@link Authenticator}s from this service.
*/
- private void register( Authenticator authenticator ) throws NamingException
+ public void destroy()
{
- authenticator.init( factoryCfg );
-
- Collection<Authenticator> authenticatorList = getAuthenticators( authenticator.getAuthenticatorType() );
-
- if ( authenticatorList == null )
+ authenticatorsMapByType.clear();
+ Set<Authenticator> copy = new HashSet<Authenticator>( authenticators );
+ authenticators = null;
+ for ( Authenticator authenticator : copy )
{
- authenticatorList = new ArrayList<Authenticator>();
- authenticators.put( authenticator.getAuthenticatorType(), authenticatorList );
+ authenticator.destroy();
}
-
- authenticatorList.add( authenticator );
}
-
/**
- * Deinitializes the specified {@link Authenticator} and deregisters it from
+ * Initializes the specified {@link Authenticator} and registers it to
* this service.
+ *
+ * @param authenticator Authenticator to initialize and register by type
+ * @param factoryConfig configuration info to supply to the Authenticator during initialization
+ * @throws javax.naming.NamingException if initialization fails.
*/
- private void unregister( Authenticator authenticator )
+ private void register( Authenticator authenticator, DirectoryServiceConfiguration factoryConfig ) throws NamingException
{
+ authenticator.init( factoryConfig );
+
Collection<Authenticator> authenticatorList = getAuthenticators( authenticator.getAuthenticatorType() );
if ( authenticatorList == null )
{
- return;
+ authenticatorList = new ArrayList<Authenticator>();
+ authenticatorsMapByType.put( authenticator.getAuthenticatorType(), authenticatorList );
}
- authenticatorList.remove( authenticator );
-
- try
- {
- authenticator.destroy();
- }
- catch ( Throwable t )
- {
- log.warn( "Failed to destroy an authenticator.", t );
- }
+ authenticatorList.add( authenticator );
}
/**
* Returns the list of {@link Authenticator}s with the specified type.
- *
- * @return <tt>null</tt> if no authenticator is found.
+ *
+ * @param type type of Authenticator sought
+ * @return A list of Authenticators of the requested type or <tt>null</tt> if no authenticator is found.
*/
private Collection<Authenticator> getAuthenticators( String type )
{
- Collection<Authenticator> result = authenticators.get( type );
-
+ Collection<Authenticator> result = authenticatorsMapByType.get( type );
+
if ( ( result != null ) && ( result.size() > 0 ) )
{
return result;
- }
- else
+ } else
{
return null;
}
@@ -208,9 +196,9 @@
{
if ( IS_DEBUG )
{
- log.debug( "Adding the entry " +
- AttributeUtils.toString( opContext.getEntry() ) +
- " for DN = '" + opContext.getDn().getUpName() + "'" );
+ log.debug( "Adding the entry " +
+ AttributeUtils.toString( opContext.getEntry() ) +
+ " for DN = '" + opContext.getDn().getUpName() + "'" );
}
checkAuthenticated( MessageTypeEnum.ADD_REQUEST );
@@ -231,7 +219,7 @@
}
- public LdapDN getMatchedName ( NextInterceptor next, GetMatchedNameOperationContext opContext ) throws NamingException
+ public LdapDN getMatchedName( NextInterceptor next, GetMatchedNameOperationContext opContext ) throws NamingException
{
if ( IS_DEBUG )
{
@@ -255,7 +243,7 @@
}
- public LdapDN getSuffix ( NextInterceptor next, GetSuffixOperationContext opContext ) throws NamingException
+ public LdapDN getSuffix( NextInterceptor next, GetSuffixOperationContext opContext ) throws NamingException
{
if ( IS_DEBUG )
{
@@ -291,7 +279,7 @@
}
- public Iterator<String> listSuffixes ( NextInterceptor next, ListSuffixOperationContext opContext ) throws NamingException
+ public Iterator<String> listSuffixes( NextInterceptor next, ListSuffixOperationContext opContext ) throws NamingException
{
if ( IS_DEBUG )
{
@@ -308,13 +296,12 @@
if ( IS_DEBUG )
{
List<String> attrIds = opContext.getAttrsId();
-
+
if ( ( attrIds != null ) && ( attrIds.size() != 0 ) )
{
String attrs = StringTools.listToString( attrIds );
log.debug( "Lookup name = '" + opContext.getDn().getUpName() + "', attributes = " + attrs );
- }
- else
+ } else
{
log.debug( "Lookup name = '" + opContext.getDn().getUpName() + "', no attributes " );
}
@@ -326,19 +313,19 @@
private void invalidateAuthenticatorCaches( LdapDN principalDn )
{
- for ( String authMech:authenticators.keySet() )
+ for ( String authMech : authenticatorsMapByType.keySet() )
{
Collection<Authenticator> authenticators = getAuthenticators( authMech );
-
+
// try each authenticator
- for ( Authenticator authenticator:authenticators )
+ for ( Authenticator authenticator : authenticators )
{
authenticator.invalidateCache( principalDn );
}
}
}
-
-
+
+
public void modify( NextInterceptor next, ModifyOperationContext opContext ) throws NamingException
{
if ( IS_DEBUG )
@@ -351,14 +338,14 @@
invalidateAuthenticatorCaches( opContext.getDn() );
}
-
+
public void rename( NextInterceptor next, RenameOperationContext opContext ) throws NamingException
{
if ( IS_DEBUG )
{
- log.debug( "Modifying name = '" + opContext.getDn().getUpName() + "', new RDN = '" +
- opContext.getNewRdn() + "', " +
- "oldRDN = '" + opContext.getDelOldDn() + "'" );
+ log.debug( "Modifying name = '" + opContext.getDn().getUpName() + "', new RDN = '" +
+ opContext.getNewRdn() + "', " +
+ "oldRDN = '" + opContext.getDelOldDn() + "'" );
}
checkAuthenticated( MessageTypeEnum.MOD_DN_REQUEST );
@@ -368,14 +355,14 @@
public void moveAndRename( NextInterceptor next, MoveAndRenameOperationContext opContext )
- throws NamingException
+ throws NamingException
{
if ( IS_DEBUG )
{
- log.debug( "Moving name = '" + opContext.getDn().getUpName() + "' to name = '" +
- opContext.getParent() + "', new RDN = '" +
- opContext.getNewRdn() + "', oldRDN = '" +
- opContext.getDelOldDn() + "'" );
+ log.debug( "Moving name = '" + opContext.getDn().getUpName() + "' to name = '" +
+ opContext.getParent() + "', new RDN = '" +
+ opContext.getNewRdn() + "', oldRDN = '" +
+ opContext.getDelOldDn() + "'" );
}
checkAuthenticated( MessageTypeEnum.MOD_DN_REQUEST );
@@ -388,8 +375,8 @@
{
if ( IS_DEBUG )
{
- log.debug( "Moving name = '" + opContext.getDn().getUpName() + " to name = '" +
- opContext.getParent().getUpName() + "'" );
+ log.debug( "Moving name = '" + opContext.getDn().getUpName() + " to name = '" +
+ opContext.getParent().getUpName() + "'" );
}
checkAuthenticated( MessageTypeEnum.MOD_DN_REQUEST );
@@ -416,7 +403,7 @@
{
checkAuthenticated();
}
- catch( IllegalStateException ise )
+ catch ( IllegalStateException ise )
{
log.error( "Attempted operation {} by unauthenticated caller.", operation.name() );
@@ -434,7 +421,7 @@
{
ctx.removeFromEnvironment( Context.SECURITY_CREDENTIALS );
}
-
+
return;
}
@@ -443,82 +430,82 @@
public void bind( NextInterceptor next, BindOperationContext opContext )
- throws NamingException
- {
+ throws NamingException
+ {
// The DN is always normalized here
LdapDN normBindDn = opContext.getDn();
String bindUpDn = normBindDn.getUpName();
-
+
if ( IS_DEBUG )
{
log.debug( "Bind operation. bindDn: " + bindUpDn );
}
-
+
// check if we are already authenticated and if so we return making
// sure first that the credentials are not exposed within context
ServerContext ctx = ( ServerContext ) InvocationStack.getInstance().peek().getCaller();
-
+
if ( IS_DEBUG )
{
log.debug( "bind: principal: " + ctx.getPrincipal() );
}
-
+
if ( ctx.getPrincipal() != null )
{
if ( ctx.getEnvironment().containsKey( Context.SECURITY_CREDENTIALS ) )
{
ctx.removeFromEnvironment( Context.SECURITY_CREDENTIALS );
}
-
+
return;
}
-
+
// pick the first matching authenticator type
Collection<Authenticator> authenticators = null;
-
- for ( String mechanism:opContext.getMechanisms() )
+
+ for ( String mechanism : opContext.getMechanisms() )
{
authenticators = getAuthenticators( mechanism );
-
+
if ( authenticators != null )
{
break;
}
}
-
+
if ( authenticators == null )
{
log.debug( "No authenticators found, delegating bind to the nexus." );
-
+
// as a last resort try binding via the nexus
next.bind( opContext );
-
+
log.debug( "Nexus succeeded on bind operation." );
-
+
// bind succeeded if we got this far
ctx.setPrincipal( new TrustedPrincipalWrapper( new LdapPrincipal( normBindDn, LdapJndiProperties
- .getAuthenticationLevel( ctx.getEnvironment() ) ) ) );
-
+ .getAuthenticationLevel( ctx.getEnvironment() ) ) ) );
+
// remove creds so there is no security risk
ctx.removeFromEnvironment( Context.SECURITY_CREDENTIALS );
return;
}
-
+
// TODO : we should refactor that.
- // try each authenticators
- for ( Authenticator authenticator:authenticators )
+ // try each authenticator
+ for ( Authenticator authenticator : authenticators )
{
try
{
// perform the authentication
LdapPrincipal authorizationId = authenticator.authenticate( normBindDn, ctx );
-
+
// authentication was successful
ctx.setPrincipal( new TrustedPrincipalWrapper( authorizationId ) );
-
+
// remove creds so there is no security risk
ctx.removeFromEnvironment( Context.SECURITY_CREDENTIALS );
-
+
return;
}
catch ( LdapAuthenticationException e )
@@ -538,18 +525,18 @@
}
}
}
-
+
if ( log.isInfoEnabled() )
{
log.info( "Cannot bind to the server " );
}
-
+
throw new LdapAuthenticationException();
}
/**
* FIXME This doesn't secure anything actually.
- *
+ * <p/>
* Created this wrapper to pass to ctx.setPrincipal() which is public for added
* security. This adds more security because an instance of this class is not
* easily accessible whereas LdapPrincipals can be accessed easily from a context
@@ -562,7 +549,9 @@
*/
public final class TrustedPrincipalWrapper
{
- /** the wrapped ldap principal */
+ /**
+ * the wrapped ldap principal
+ */
private final LdapPrincipal principal;
@@ -571,7 +560,7 @@
*
* @param principal the LdapPrincipal to wrap
*/
- private TrustedPrincipalWrapper(LdapPrincipal principal)
+ private TrustedPrincipalWrapper( LdapPrincipal principal )
{
this.principal = principal;
}
Modified: directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/configuration/MutableStartupConfiguration.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/configuration/MutableStartupConfiguration.java?rev=580769&r1=580768&r2=580769&view=diff
==============================================================================
--- directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/configuration/MutableStartupConfiguration.java (original)
+++ directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/configuration/MutableStartupConfiguration.java Sun Sep 30 12:02:12 2007
@@ -76,16 +76,6 @@
}
/**
- * @org.apache.xbean.Property nestedType="org.apache.directory.server.core.configuration.AuthenticatorConfiguration"
- *
- * @param authenticators
- */
- public void setAuthenticators( Set<Authenticator> authenticators )
- {
- super.setAuthenticators( authenticators );
- }
-
- /**
* @org.apache.xbean.Property nestedType="org.apache.directory.server.core.configuration.PartitionConfiguration"
*
* @param paritionConfigurations partitions to start
Modified: directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/configuration/StartupConfiguration.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/configuration/StartupConfiguration.java?rev=580769&r1=580768&r2=580769&view=diff
==============================================================================
--- directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/configuration/StartupConfiguration.java (original)
+++ directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/configuration/StartupConfiguration.java Sun Sep 30 12:02:12 2007
@@ -29,11 +29,7 @@
import javax.naming.directory.Attributes;
-import org.apache.directory.server.core.authn.AnonymousAuthenticator;
import org.apache.directory.server.core.authn.AuthenticationService;
-import org.apache.directory.server.core.authn.Authenticator;
-import org.apache.directory.server.core.authn.SimpleAuthenticator;
-import org.apache.directory.server.core.authn.StrongAuthenticator;
import org.apache.directory.server.core.authz.AuthorizationService;
import org.apache.directory.server.core.authz.DefaultAuthorizationService;
import org.apache.directory.server.core.collective.CollectiveAttributeService;
@@ -80,7 +76,6 @@
private int maxThreads = MAX_THREADS_DEFAULT; // set to default value
private int maxSizeLimit = MAX_SIZE_LIMIT_DEFAULT; // set to default value
private int maxTimeLimit = MAX_TIME_LIMIT_DEFAULT; // set to default value (milliseconds)
- private Set<Authenticator> authenticators;
private List<Interceptor> interceptors;
private PartitionConfiguration systemPartitionConfiguration;
private Set<? extends PartitionConfiguration> partitionConfigurations =
@@ -93,7 +88,6 @@
*/
public StartupConfiguration()
{
- setDefaultAuthenticators();
setDefaultInterceptorConfigurations();
}
@@ -104,29 +98,10 @@
*/
public StartupConfiguration(String instanceId)
{
- setDefaultAuthenticators();
setDefaultInterceptorConfigurations();
setInstanceId( instanceId );
}
-
- private void setDefaultAuthenticators()
- {
- Set<Authenticator> set = new HashSet<Authenticator>();
-
- // Anonymous
- set.add( new AnonymousAuthenticator() );
-
- // Simple
- set.add( new SimpleAuthenticator() );
-
- // Strong
- set.add( new StrongAuthenticator() );
-
- setAuthenticators( set );
- }
-
-
private void setDefaultInterceptorConfigurations()
{
// Set default interceptor chains
@@ -158,28 +133,6 @@
list.add( new TriggerService() );
setInterceptors( list );
- }
-
-
- /**
- * Returns {@link Authenticator}s to use for authenticating clients.
- */
- @SuppressWarnings("unchecked")
- public Set<Authenticator> getAuthenticators()
- {
- return new HashSet<Authenticator>( authenticators );
- }
-
-
- /**
- * Sets {@link Authenticator}s to use for authenticating clients.
- */
- protected void setAuthenticators( Set<Authenticator> authenticators )
- {
- //At one time there was a check for duplicate names. I think it is more appropriate to
- // implement equals correctly on Authenticator instances and the fact we have a Set will do
- // the work for us.
- this.authenticators = authenticators;
}
Modified: directory/apacheds/branches/bigbang/server-jndi/src/main/java/org/apache/directory/server/configuration/MutableServerStartupConfiguration.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/bigbang/server-jndi/src/main/java/org/apache/directory/server/configuration/MutableServerStartupConfiguration.java?rev=580769&r1=580768&r2=580769&view=diff
==============================================================================
--- directory/apacheds/branches/bigbang/server-jndi/src/main/java/org/apache/directory/server/configuration/MutableServerStartupConfiguration.java (original)
+++ directory/apacheds/branches/bigbang/server-jndi/src/main/java/org/apache/directory/server/configuration/MutableServerStartupConfiguration.java Sun Sep 30 12:02:12 2007
@@ -118,16 +118,6 @@
}
/**
- * @org.apache.xbean.Property nestedType="org.apache.directory.server.core.configuration.AuthenticatorConfiguration"
- *
- * @param authenticators
- */
- public void setAuthenticators( Set<Authenticator> authenticators )
- {
- super.setAuthenticators( authenticators );
- }
-
- /**
* @org.apache.xbean.Property nestedType="org.apache.directory.server.core.configuration.PartitionConfiguration"
*
* @param partitionConfigurations