You are viewing a plain text version of this content. The canonical link for it is here.
Posted to server-dev@james.apache.org by no...@apache.org on 2011/05/03 16:22:27 UTC
svn commit: r1099068 - in /james/imap/trunk:
api/src/main/java/org/apache/james/imap/api/display/
api/src/main/java/org/apache/james/imap/api/process/
message/src/test/java/org/apache/james/imap/encode/
processor/src/main/java/org/apache/james/imap/pro...
Author: norman
Date: Tue May 3 14:22:27 2011
New Revision: 1099068
URL: http://svn.apache.org/viewvc?rev=1099068&view=rev
Log:
Add support for LOGINDISABLED as stated in rfc3501. This completes IMAP-304
Modified:
james/imap/trunk/api/src/main/java/org/apache/james/imap/api/display/HumanReadableText.java
james/imap/trunk/api/src/main/java/org/apache/james/imap/api/process/ImapSession.java
james/imap/trunk/message/src/test/java/org/apache/james/imap/encode/FakeImapSession.java
james/imap/trunk/processor/src/main/java/org/apache/james/imap/processor/AuthenticateProcessor.java
james/imap/trunk/processor/src/main/java/org/apache/james/imap/processor/DefaultProcessorChain.java
james/imap/trunk/processor/src/main/java/org/apache/james/imap/processor/LoginProcessor.java
james/imap/trunk/processor/src/test/java/org/apache/james/imap/processor/base/MailboxEventAnalyserTest.java
Modified: james/imap/trunk/api/src/main/java/org/apache/james/imap/api/display/HumanReadableText.java
URL: http://svn.apache.org/viewvc/james/imap/trunk/api/src/main/java/org/apache/james/imap/api/display/HumanReadableText.java?rev=1099068&r1=1099067&r2=1099068&view=diff
==============================================================================
--- james/imap/trunk/api/src/main/java/org/apache/james/imap/api/display/HumanReadableText.java (original)
+++ james/imap/trunk/api/src/main/java/org/apache/james/imap/api/display/HumanReadableText.java Tue May 3 14:22:27 2011
@@ -115,6 +115,9 @@ public class HumanReadableText {
public static final HumanReadableText INVALID_LOGIN = new HumanReadableText("org.apache.james.imap.INVALID_LOGIN", "failed. Invalid login/password.");
+ public static final HumanReadableText DISABLED_LOGIN = new HumanReadableText("org.apache.james.imap.DISABLED_LOGIN", "failed. Plain login / authentication are disabled.");
+
+
public static final HumanReadableText UNSUPPORTED_SEARCH_CRITERIA = new HumanReadableText("org.apache.james.imap.UNSUPPORTED_CRITERIA", "failed. One or more search criteria is unsupported.");
public static final HumanReadableText UNSUPPORTED_AUTHENTICATION_MECHANISM = new HumanReadableText("org.apache.james.imap.UNSUPPORTED_AUTHENTICATION_MECHANISM", "failed. Authentication mechanism is unsupported.");
Modified: james/imap/trunk/api/src/main/java/org/apache/james/imap/api/process/ImapSession.java
URL: http://svn.apache.org/viewvc/james/imap/trunk/api/src/main/java/org/apache/james/imap/api/process/ImapSession.java?rev=1099068&r1=1099067&r2=1099068&view=diff
==============================================================================
--- james/imap/trunk/api/src/main/java/org/apache/james/imap/api/process/ImapSession.java (original)
+++ james/imap/trunk/api/src/main/java/org/apache/james/imap/api/process/ImapSession.java Tue May 3 14:22:27 2011
@@ -116,6 +116,13 @@ public interface ImapSession {
public boolean startTLS();
/**
+ * Return true if the session is bound to a TLS encrypted socket.
+ *
+ * @return tlsActive
+ */
+ public boolean isTLSActive();
+
+ /**
* Support startTLS ?
*
* @return true if startTLS is supported
@@ -129,5 +136,13 @@ public interface ImapSession {
public void pushLineHandler(ImapLineHandler lineHandler);
public void popLineHandler();
+
+ /**
+ * Return true if the login / authentication via plain username / password is
+ * disallowed
+ *
+ * @return plainDisallowed
+ */
+ public boolean isPlainAuthDisallowed();
}
Modified: james/imap/trunk/message/src/test/java/org/apache/james/imap/encode/FakeImapSession.java
URL: http://svn.apache.org/viewvc/james/imap/trunk/message/src/test/java/org/apache/james/imap/encode/FakeImapSession.java?rev=1099068&r1=1099067&r2=1099068&view=diff
==============================================================================
--- james/imap/trunk/message/src/test/java/org/apache/james/imap/encode/FakeImapSession.java (original)
+++ james/imap/trunk/message/src/test/java/org/apache/james/imap/encode/FakeImapSession.java Tue May 3 14:22:27 2011
@@ -121,4 +121,12 @@ public class FakeImapSession implements
}
+ public boolean isPlainAuthDisallowed() {
+ return false;
+ }
+
+ public boolean isTLSActive() {
+ return false;
+ }
+
}
Modified: james/imap/trunk/processor/src/main/java/org/apache/james/imap/processor/AuthenticateProcessor.java
URL: http://svn.apache.org/viewvc/james/imap/trunk/processor/src/main/java/org/apache/james/imap/processor/AuthenticateProcessor.java?rev=1099068&r1=1099067&r2=1099068&view=diff
==============================================================================
--- james/imap/trunk/processor/src/main/java/org/apache/james/imap/processor/AuthenticateProcessor.java (original)
+++ james/imap/trunk/processor/src/main/java/org/apache/james/imap/processor/AuthenticateProcessor.java Tue May 3 14:22:27 2011
@@ -20,7 +20,7 @@
package org.apache.james.imap.processor;
import java.nio.charset.Charset;
-import java.util.Arrays;
+import java.util.ArrayList;
import java.util.List;
import java.util.StringTokenizer;
@@ -55,54 +55,59 @@ public class AuthenticateProcessor exten
protected void doProcess(AuthenticateRequest request, ImapSession session, final String tag, final ImapCommand command, final Responder responder) {
final String authType = request.getAuthType();
if (authType.equalsIgnoreCase(PLAIN)) {
- responder.respond(new AuthenticateResponse());
- session.pushLineHandler(new ImapLineHandler() {
+ // See if AUTH=PLAIN is allowed. See IMAP-304
+ if (session.isPlainAuthDisallowed() && session.isTLSActive() == false) {
+ no(command, tag, responder, HumanReadableText.DISABLED_LOGIN);
+ } else {
+ responder.respond(new AuthenticateResponse());
+ session.pushLineHandler(new ImapLineHandler() {
- public void onLine(ImapSession session, byte[] data) {
- String user = null, pass = null;
- try {
- // strip of the newline
- String userpass = new String(data, 0, data.length - 2, Charset.forName("US-ASCII"));
-
- userpass = new String(Base64.decodeBase64(userpass));
- StringTokenizer authTokenizer = new StringTokenizer(userpass, "\0");
- String authorize_id = authTokenizer.nextToken(); // Authorization Identity
- user = authTokenizer.nextToken(); // Authentication Identity
+ public void onLine(ImapSession session, byte[] data) {
+ String user = null, pass = null;
try {
- pass = authTokenizer.nextToken(); // Password
- } catch (java.util.NoSuchElementException _) {
- // If we got here, this is what happened. RFC 2595
- // says that "the client may leave the authorization
- // identity empty to indicate that it is the same as
- // the authentication identity." As noted above,
- // that would be represented as a decoded string of
- // the form: "\0authenticate-id\0password". The
- // first call to nextToken will skip the empty
- // authorize-id, and give us the authenticate-id,
- // which we would store as the authorize-id. The
- // second call will give us the password, which we
- // think is the authenticate-id (user). Then when
- // we ask for the password, there are no more
- // elements, leading to the exception we just
- // caught. So we need to move the user to the
- // password, and the authorize_id to the user.
- pass = user;
- user = authorize_id;
- }
-
- authTokenizer = null;
- } catch (Exception e) {
- // Ignored - this exception in parsing will be dealt
- // with in the if clause below
- }
- // Authenticate user
- doAuth(user, pass, session, tag, command, responder, HumanReadableText.AUTHENTICATION_FAILED);
+ // strip of the newline
+ String userpass = new String(data, 0, data.length - 2, Charset.forName("US-ASCII"));
+
+ userpass = new String(Base64.decodeBase64(userpass));
+ StringTokenizer authTokenizer = new StringTokenizer(userpass, "\0");
+ String authorize_id = authTokenizer.nextToken(); // Authorization Identity
+ user = authTokenizer.nextToken(); // Authentication Identity
+ try {
+ pass = authTokenizer.nextToken(); // Password
+ } catch (java.util.NoSuchElementException _) {
+ // If we got here, this is what happened. RFC 2595
+ // says that "the client may leave the authorization
+ // identity empty to indicate that it is the same as
+ // the authentication identity." As noted above,
+ // that would be represented as a decoded string of
+ // the form: "\0authenticate-id\0password". The
+ // first call to nextToken will skip the empty
+ // authorize-id, and give us the authenticate-id,
+ // which we would store as the authorize-id. The
+ // second call will give us the password, which we
+ // think is the authenticate-id (user). Then when
+ // we ask for the password, there are no more
+ // elements, leading to the exception we just
+ // caught. So we need to move the user to the
+ // password, and the authorize_id to the user.
+ pass = user;
+ user = authorize_id;
+ }
+
+ authTokenizer = null;
+ } catch (Exception e) {
+ // Ignored - this exception in parsing will be dealt
+ // with in the if clause below
+ }
+ // Authenticate user
+ doAuth(user, pass, session, tag, command, responder, HumanReadableText.AUTHENTICATION_FAILED);
- // remove the handler now
- session.popLineHandler();
+ // remove the handler now
+ session.popLineHandler();
- }
- });
+ }
+ });
+ }
} else {
session.getLog().info("Unsupported authentication mechanism '" + authType + "'");
no(command, tag, responder, HumanReadableText.UNSUPPORTED_AUTHENTICATION_MECHANISM);
@@ -114,7 +119,13 @@ public class AuthenticateProcessor exten
* @see org.apache.james.imap.processor.CapabilityImplementingProcessor#getImplementedCapabilities(org.apache.james.imap.api.process.ImapSession)
*/
public List<String> getImplementedCapabilities(ImapSession session) {
- return Arrays.asList("AUTH=PLAIN");
+ List<String> caps = new ArrayList<String>();
+ // Only ounce AUTH=PLAIN if the session does allow plain auth or TLS is active.
+ // See IMAP-304
+ if (session.isPlainAuthDisallowed() == false || session.isTLSActive()) {
+ caps.add("AUTH=PLAIN");
+ }
+ return caps;
}
}
Modified: james/imap/trunk/processor/src/main/java/org/apache/james/imap/processor/DefaultProcessorChain.java
URL: http://svn.apache.org/viewvc/james/imap/trunk/processor/src/main/java/org/apache/james/imap/processor/DefaultProcessorChain.java?rev=1099068&r1=1099067&r2=1099068&view=diff
==============================================================================
--- james/imap/trunk/processor/src/main/java/org/apache/james/imap/processor/DefaultProcessorChain.java (original)
+++ james/imap/trunk/processor/src/main/java/org/apache/james/imap/processor/DefaultProcessorChain.java Tue May 3 14:22:27 2011
@@ -38,6 +38,9 @@ public class DefaultProcessorChain {
final CapabilityProcessor capabilityProcessor = new CapabilityProcessor(logoutProcessor, mailboxManager, statusResponseFactory);
final CheckProcessor checkProcessor = new CheckProcessor(capabilityProcessor, mailboxManager, statusResponseFactory);
final LoginProcessor loginProcessor = new LoginProcessor(checkProcessor, mailboxManager, statusResponseFactory);
+ // so it can announce the LOGINDISABLED if needed
+ capabilityProcessor.addProcessor(loginProcessor);
+
final RenameProcessor renameProcessor = new RenameProcessor(loginProcessor, mailboxManager, statusResponseFactory);
final DeleteProcessor deleteProcessor = new DeleteProcessor(renameProcessor, mailboxManager, statusResponseFactory);
final CreateProcessor createProcessor = new CreateProcessor(deleteProcessor, mailboxManager, statusResponseFactory);
Modified: james/imap/trunk/processor/src/main/java/org/apache/james/imap/processor/LoginProcessor.java
URL: http://svn.apache.org/viewvc/james/imap/trunk/processor/src/main/java/org/apache/james/imap/processor/LoginProcessor.java?rev=1099068&r1=1099067&r2=1099068&view=diff
==============================================================================
--- james/imap/trunk/processor/src/main/java/org/apache/james/imap/processor/LoginProcessor.java (original)
+++ james/imap/trunk/processor/src/main/java/org/apache/james/imap/processor/LoginProcessor.java Tue May 3 14:22:27 2011
@@ -19,6 +19,9 @@
package org.apache.james.imap.processor;
+import java.util.ArrayList;
+import java.util.List;
+
import org.apache.james.imap.api.ImapCommand;
import org.apache.james.imap.api.display.HumanReadableText;
import org.apache.james.imap.api.message.response.StatusResponseFactory;
@@ -30,7 +33,7 @@ import org.apache.james.mailbox.MailboxM
/**
* Processes a <code>LOGIN</code> command.
*/
-public class LoginProcessor extends AbstractAuthProcessor<LoginRequest> {
+public class LoginProcessor extends AbstractAuthProcessor<LoginRequest> implements CapabilityImplementingProcessor{
public LoginProcessor(final ImapProcessor next, final MailboxManager mailboxManager, final StatusResponseFactory factory) {
super(LoginRequest.class, next, mailboxManager, factory);
@@ -43,7 +46,25 @@ public class LoginProcessor extends Abst
protected void doProcess(LoginRequest request, ImapSession session, String tag, ImapCommand command, Responder responder) {
final String userid = request.getUserid();
final String passwd = request.getPassword();
-
- doAuth(userid, passwd, session, tag, command, responder, HumanReadableText.INVALID_LOGIN);
+ // check if the login is allowed with LOGIN command. See IMAP-304
+ if (session.isPlainAuthDisallowed() && session.isTLSActive() == false) {
+ no(command, tag, responder, HumanReadableText.DISABLED_LOGIN);
+ } else {
+ doAuth(userid, passwd, session, tag, command, responder, HumanReadableText.INVALID_LOGIN);
+ }
+ }
+
+ /*
+ * (non-Javadoc)
+ * @see org.apache.james.imap.processor.CapabilityImplementingProcessor#getImplementedCapabilities(org.apache.james.imap.api.process.ImapSession)
+ */
+ public List<String> getImplementedCapabilities(ImapSession session) {
+ List<String> caps = new ArrayList<String>();
+ // Announce LOGINDISABLED if plain auth / login is deactivated and the session is not using
+ // TLS. See IMAP-304
+ if (session.isPlainAuthDisallowed() && session.isTLSActive() == false) {
+ caps.add("LOGINDISABLED");
+ }
+ return caps;
}
}
Modified: james/imap/trunk/processor/src/test/java/org/apache/james/imap/processor/base/MailboxEventAnalyserTest.java
URL: http://svn.apache.org/viewvc/james/imap/trunk/processor/src/test/java/org/apache/james/imap/processor/base/MailboxEventAnalyserTest.java?rev=1099068&r1=1099067&r2=1099068&view=diff
==============================================================================
--- james/imap/trunk/processor/src/test/java/org/apache/james/imap/processor/base/MailboxEventAnalyserTest.java (original)
+++ james/imap/trunk/processor/src/test/java/org/apache/james/imap/processor/base/MailboxEventAnalyserTest.java Tue May 3 14:22:27 2011
@@ -175,6 +175,15 @@ public class MailboxEventAnalyserTest {
public void authenticated() {
}
+
+ public boolean isPlainAuthDisallowed() {
+ return false;
+ }
+
+ public boolean isTLSActive() {
+ // TODO Auto-generated method stub
+ return false;
+ }
};
---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscribe@james.apache.org
For additional commands, e-mail: server-dev-help@james.apache.org