You are viewing a plain text version of this content. The canonical link for it is here.
Posted to jetspeed-dev@portals.apache.org by ta...@apache.org on 2003/02/12 01:09:28 UTC
cvs commit: jakarta-jetspeed/src/java/org/apache/jetspeed/services/security/ldap LDAPAuthentication.java LDAPUserManagement.java
taylor 2003/02/11 16:09:28
Modified: src/java/org/apache/jetspeed/services/security/ldap
LDAPAuthentication.java LDAPUserManagement.java
Log:
LDAP patches from Sami Leino for LDAP bug 16511
Revision Changes Path
1.5 +4 -4 jakarta-jetspeed/src/java/org/apache/jetspeed/services/security/ldap/LDAPAuthentication.java
Index: LDAPAuthentication.java
===================================================================
RCS file: /home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/services/security/ldap/LDAPAuthentication.java,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- LDAPAuthentication.java 28 Jan 2003 04:49:44 -0000 1.4
+++ LDAPAuthentication.java 12 Feb 2003 00:09:28 -0000 1.5
@@ -90,11 +90,11 @@
public class LDAPAuthentication extends TurbineBaseService
implements PortalAuthentication
{
- // Constants
+ // Constants
private final static String CONFIG_ANONYMOUS_USER = "user.anonymous";
private final static String CACHING_ENABLE = "caching.enable";
- // Instance variables.
+ // Instance variables.
private JetspeedRunDataService runDataService = null;
private String anonymousUser = "anon";
private boolean cachingEnable = true;
@@ -136,7 +136,7 @@
throw new LoginException(e.toString());
}
- if(!UnixCrypt.matches(user.getPassword().substring(7), password))
+ if(!LDAPUserManagement.passwordsMatch(user, password))
{
throw new FailedLoginException("Credential authentication failure");
}
1.6 +53 -31 jakarta-jetspeed/src/java/org/apache/jetspeed/services/security/ldap/LDAPUserManagement.java
Index: LDAPUserManagement.java
===================================================================
RCS file: /home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/services/security/ldap/LDAPUserManagement.java,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- LDAPUserManagement.java 28 Jan 2003 04:49:44 -0000 1.5
+++ LDAPUserManagement.java 12 Feb 2003 00:09:28 -0000 1.6
@@ -107,27 +107,30 @@
implements UserManagement,
CredentialsManagement
{
- // Constants
+ // Constants
private final static String CONFIG_SECURE_PASSWORDS_KEY = "secure.passwords";
private final static String CONFIG_SECURE_PASSWORDS_ALGORITHM = "secure.passwords.algorithm";
private final static String CONFIG_SECURE_PASSWORDS_SUFFIX = "secure.passwords.suffix";
private final static String CONFIG_NEWUSER_ROLES = "newuser.roles";
- private final static String [] DEFAULT_CONFIG_NEWUSER_ROLES = { "user" };
+ private final static String[] DEFAULT_CONFIG_NEWUSER_ROLES = { "user" };
- private final String[] ATTRS = { "ou", "userPassword", "uid", "mail", "sn", "givenName",
- "uidNumber", "name", "objectdata", "objectClass",
- "usergrouprole", "lastlogindate", "lastmodifieddate",
- "creationdate", "confirm", "disabled" };
+ private final static String[] ATTRS = { "ou", "userPassword", "uid", "mail", "sn", "givenName",
+ "uidNumber", "name", "objectdata", "objectClass",
+ "usergrouprole", "lastlogindate", "lastmodifieddate",
+ "creationdate", "confirm", "disabled" };
- // Instance variables
+ // Class variables
+ protected static boolean securePasswords = false;
+ protected static String passwordsAlgorithm = "crypt";
+ protected static String passwordsSuffix = "{crypt}";
+
+ // Instance variables
protected JetspeedRunDataService runDataService = null;
- protected boolean securePasswords = false;
- protected String passwordsAlgorithm = "crypt";
- protected String passwordsSuffix = "{crypt}";
protected String roles[] = null;
///////////////////////////////////////////////////////////////////////////
- // User Management Interfaces
+ // User Management Interfaces
+
///////////////////////////////////////////////////////////////////////////
/**
@@ -159,10 +162,6 @@
{
userurls = JetspeedLDAP.search(JetspeedLDAP.buildURL("ou=users"),
"(&(uid="+principal.getName()+")(objectclass=jetspeeduser))", ATTRS, true);
- /*
- userurls = JetspeedLDAP.search(JetspeedLDAP.buildURL("ou=users"),
- "(&(uid="+principal.getName()+")(objectclass=jetspeeduser))", null, true);
- */
}
catch (Exception e)
{
@@ -233,21 +232,21 @@
{
String baseDN = "ou=users";
NamingEnumeration userEnum = null;
- List resultList = new Vector(1024);
+ List resultList = new Vector(1024);
try
{
LDAPURL url = JetspeedLDAP.buildURL( baseDN );
- DirContext ctx = JetspeedLDAP.getService().connect(url);
+ DirContext ctx = JetspeedLDAP.getService().connect(url);
userEnum = JetspeedLDAP.search(ctx, url.getDN(), filter, attributesToFetch, JetspeedLDAP.getService().SUB);
- while (userEnum.hasMoreElements())
- {
- LDAPUser user = buildUser(((SearchResult)userEnum.nextElement()).getAttributes());
- resultList.add( user );
- }
+ while (userEnum.hasMoreElements())
+ {
+ LDAPUser user = buildUser(((SearchResult)userEnum.nextElement()).getAttributes());
+ resultList.add( user );
+ }
- JetspeedLDAP.getService().checkAndCloseContext(ctx);
+ JetspeedLDAP.getService().checkAndCloseContext(ctx);
}
catch ( Exception e )
{
@@ -257,11 +256,11 @@
return ( resultList.iterator() );
}
- protected LDAPUser buildUser(Attributes attributes)
- {
- return new LDAPUser(attributes);
- }
-
+ protected LDAPUser buildUser(Attributes attributes)
+ {
+ return new LDAPUser(attributes);
+ }
+
/**
* Saves a <code>JetspeedUser</code>'s attributes into permanent storage.
* The user's account is required to exist in the storage.
@@ -389,9 +388,9 @@
}
}
+
///////////////////////////////////////////////////////////////////////////
// Credentials Management
-
///////////////////////////////////////////////////////////////////////////
/**
@@ -418,7 +417,7 @@
throw new UnknownUserException("The account '" +
user.getUserName() + "' does not exist");
}
- if(!UnixCrypt.matches( user.getPassword().substring(passwordsSuffix.length()) , oldPassword))
+ else if (!passwordsMatch(user, oldPassword))
{
throw new UserException(
"The supplied old password for '" + user.getUserName() +
@@ -464,6 +463,7 @@
String encrypted = JetspeedSecurity.encryptPassword( password );
user.setPassword(encrypted);
+
// save the changes in the database immediately, to prevent the
// password being 'reverted' to the old value if the user data
// is lost somehow before it is saved at session's expiry.
@@ -503,6 +503,28 @@
}
return passwordsSuffix + UnixCrypt.crypt(password);
+ }
+
+ /**
+ * <p>Check's if user's current password matches with the
+ * supplied password.</p>
+ *
+ * @param user User whose password will be checked
+ * @param suppliedPassword Password to match
+ *
+ * @return True if passwords match.
+ *
+ */
+ public static boolean passwordsMatch(JetspeedUser user, String suppliedPassword)
+ {
+ if (securePasswords == false)
+ {
+ return user.getPassword().equals(suppliedPassword);
+ }
+ else
+ {
+ return UnixCrypt.matches(user.getPassword().substring(passwordsSuffix.length()), suppliedPassword);
+ }
}
///////////////////////////////////////////////////////////////////////////
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jetspeed-dev-help@jakarta.apache.org