You are viewing a plain text version of this content. The canonical link for it is here.
Posted to jetspeed-dev@portals.apache.org by at...@apache.org on 2008/09/11 14:12:46 UTC
svn commit: r694223 - in
/portals/jetspeed-2/portal/branches/security-refactoring:
components/jetspeed-security/src/main/java/org/apache/jetspeed/security/impl/
components/jetspeed-security/src/main/java/org/apache/jetspeed/security/impl/ext/
component...
Author: ate
Date: Thu Sep 11 05:12:44 2008
New Revision: 694223
URL: http://svn.apache.org/viewvc?rev=694223&view=rev
Log:
- more PasswordCredential handling fixes: interceptors are now refactored, PolicyManager (interface) added
- cleanup of yet another batch of no longer used/obsolete interfaces and classes
Added:
portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/AbstractPasswordCredentialInterceptorImpl.java (contents, props changed)
- copied, changed from r694068, portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/AbstractInternalPasswordCredentialInterceptorImpl.java
portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/PasswordCredentialInterceptorsProxy.java (contents, props changed)
- copied, changed from r694068, portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/InternalPasswordCredentialInterceptorsProxy.java
portals/jetspeed-2/portal/branches/security-refactoring/jetspeed-api/src/main/java/org/apache/jetspeed/security/spi/PasswordCredentialInterceptor.java
- copied, changed from r694068, portals/jetspeed-2/portal/branches/security-refactoring/jetspeed-api/src/main/java/org/apache/jetspeed/security/spi/InternalPasswordCredentialInterceptor.java
portals/jetspeed-2/portal/branches/security-refactoring/jetspeed-api/src/main/java/org/apache/jetspeed/security/spi/UserPasswordCredentialAccessManager.java (contents, props changed)
- copied, changed from r694194, portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/UserPasswordCredentialAccessManager.java
portals/jetspeed-2/portal/branches/security-refactoring/jetspeed-api/src/main/java/org/apache/jetspeed/security/spi/UserPasswordCredentialPolicyManager.java (with props)
Removed:
portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/impl/AggregationHierarchyResolver.java
portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/impl/BaseHierarchyResolver.java
portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/impl/GeneralizationHierarchyResolver.java
portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/AbstractInternalPasswordCredentialInterceptorImpl.java
portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/DefaultCredentialHandler.java
portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/DefaultPasswordCredentialProvider.java
portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/DefaultSecurityMappingHandler.java
portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/InternalPasswordCredentialInterceptorsProxy.java
portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/test/java/org/apache/jetspeed/security/attributes/
portals/jetspeed-2/portal/branches/security-refactoring/jetspeed-api/src/main/java/org/apache/jetspeed/security/HierarchyResolver.java
portals/jetspeed-2/portal/branches/security-refactoring/jetspeed-api/src/main/java/org/apache/jetspeed/security/spi/InternalPasswordCredentialInterceptor.java
portals/jetspeed-2/portal/branches/security-refactoring/jetspeed-api/src/main/java/org/apache/jetspeed/security/spi/PasswordCredentialProvider.java
Modified:
portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/impl/AuthenticationProviderImpl.java
portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/impl/UserCredentialImpl.java
portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/impl/ext/JBossLoginModule.java
portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/AlgorithmUpgradePBEPasswordService.java
portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/EncodePasswordOnFirstLoadInterceptor.java
portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/MaxPasswordAuthenticationFailuresInterceptor.java
portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/PasswordCredentialImpl.java
portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/PasswordExpirationInterceptor.java
portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/PasswordHistoryInterceptor.java
portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/ValidatePasswordOnLoadInterceptor.java
portals/jetspeed-2/portal/branches/security-refactoring/jetspeed-api/src/main/java/org/apache/jetspeed/security/PasswordCredential.java
portals/jetspeed-2/portal/branches/security-refactoring/jetspeed-api/src/main/java/org/apache/jetspeed/security/UserCredential.java
portals/jetspeed-2/portal/branches/security-refactoring/jetspeed-api/src/main/java/org/apache/jetspeed/security/spi/AlgorithmUpgradeCredentialPasswordEncoder.java
Modified: portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/impl/AuthenticationProviderImpl.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/impl/AuthenticationProviderImpl.java?rev=694223&r1=694222&r2=694223&view=diff
==============================================================================
--- portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/impl/AuthenticationProviderImpl.java (original)
+++ portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/impl/AuthenticationProviderImpl.java Thu Sep 11 05:12:44 2008
@@ -23,13 +23,13 @@
import org.apache.jetspeed.components.util.system.SystemResourceUtil;
import org.apache.jetspeed.components.util.system.ClassLoaderSystemResourceUtilImpl;
+import org.apache.jetspeed.security.AuthenticatedUser;
import org.apache.jetspeed.security.AuthenticationProvider;
-import org.apache.jetspeed.security.spi.CredentialHandler;
-import org.apache.jetspeed.security.spi.UserSecurityHandler;
+import org.apache.jetspeed.security.SecurityException;
/**
* @see org.apache.jetspeed.security.AuthenticationProvider
- * @author <a href="mailto:LeStrat_David@emc.com">David Le Strat </a>
+ * @version $Id$
*/
public class AuthenticationProviderImpl implements AuthenticationProvider
{
@@ -43,12 +43,6 @@
/** The provider description. */
private String providerDescription;
- /** The {@link CredentialHandler}. */
- private CredentialHandler credHandler;
-
- /** The {@link UserSecurityHandler}. */
- private UserSecurityHandler userSecurityHandler;
-
/**
* <p>
* Constructor to configure authenticatino user security and credential
@@ -60,18 +54,12 @@
* @param credHandler The credential handler.
* @param userSecurityHandler The user security handler.
*/
- public AuthenticationProviderImpl(String providerName, String providerDescription, CredentialHandler credHandler,
- UserSecurityHandler userSecurityHandler)
+ public AuthenticationProviderImpl(String providerName, String providerDescription)
{
// The provider name.
this.providerName = providerName;
// The provider description.
this.providerDescription = providerDescription;
-
- // The credential handler.
- this.credHandler = credHandler;
- // The user security handler.
- this.userSecurityHandler = userSecurityHandler;
}
/**
@@ -83,13 +71,10 @@
* @param providerName The provider name.
* @param providerDescription The provider description.
* @param loginConfig The login module config.
- * @param credHandler The credential handler.
- * @param userSecurityHandler The user security handler.
*/
- public AuthenticationProviderImpl(String providerName, String providerDescription, String loginConfig,
- CredentialHandler credHandler, UserSecurityHandler userSecurityHandler)
+ public AuthenticationProviderImpl(String providerName, String providerDescription, String loginConfig)
{
- this(providerName, providerDescription, credHandler, userSecurityHandler);
+ this(providerName, providerDescription);
ClassLoader cl = Thread.currentThread().getContextClassLoader();
SystemResourceUtil resourceUtil = new ClassLoaderSystemResourceUtilImpl(cl);
@@ -143,35 +128,9 @@
this.providerName = providerName;
}
- /**
- * @see org.apache.jetspeed.security.AuthenticationProvider#getCredentialHandler()
- */
- public CredentialHandler getCredentialHandler()
- {
- return this.credHandler;
- }
-
- /**
- * @see org.apache.jetspeed.security.AuthenticationProvider#getUserSecurityHandler()
- */
- public UserSecurityHandler getUserSecurityHandler()
- {
- return this.userSecurityHandler;
- }
-
- /**
- * @see org.apache.jetspeed.security.AuthenticationProvider#setCredentialHandler(CredentialHandler)
- */
- public void setCredentialHandler(CredentialHandler credHandler)
- {
- this.credHandler = credHandler;
- }
-
- /**
- * @see org.apache.jetspeed.security.AuthenticationProvider#setUserSecurityHandler(UserSecurityHandler)
- */
- public void setUserSecurityHandler(UserSecurityHandler userSecurityHandler)
+ public AuthenticatedUser authenticate(String userName, String password) throws SecurityException
{
- this.userSecurityHandler = userSecurityHandler;
+ // TODO Auto-generated method stub
+ return null;
}
}
\ No newline at end of file
Modified: portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/impl/UserCredentialImpl.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/impl/UserCredentialImpl.java?rev=694223&r1=694222&r2=694223&view=diff
==============================================================================
--- portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/impl/UserCredentialImpl.java (original)
+++ portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/impl/UserCredentialImpl.java Thu Sep 11 05:12:44 2008
@@ -31,12 +31,13 @@
{
private static final long serialVersionUID = 8445207990171015069L;
private int authenticationFailures;
+ private Date creationDate;
private Date expirationDate;
private Timestamp lastAuthenticationDate;
private String userName;
private Timestamp previousAuthenticationDate;
private boolean enabled;
- private boolean expired;
+ private boolean expired;
private boolean updateAllowed;
private boolean updateRequired;
@@ -48,6 +49,7 @@
public void synchronize(PasswordCredential pwc)
{
this.authenticationFailures = pwc.getAuthenticationFailures();
+ this.creationDate = pwc.getCreationDate();
this.expirationDate = pwc.getExpirationDate();
this.lastAuthenticationDate = pwc.getLastAuthenticationDate();
this.userName = pwc.getUserName();
@@ -63,6 +65,11 @@
return authenticationFailures;
}
+ public Date getCreationDate()
+ {
+ return creationDate;
+ }
+
public Date getExpirationDate()
{
return expirationDate;
Modified: portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/impl/ext/JBossLoginModule.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/impl/ext/JBossLoginModule.java?rev=694223&r1=694222&r2=694223&view=diff
==============================================================================
--- portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/impl/ext/JBossLoginModule.java (original)
+++ portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/impl/ext/JBossLoginModule.java Thu Sep 11 05:12:44 2008
@@ -25,10 +25,11 @@
import javax.security.auth.Subject;
+import org.apache.jetspeed.security.AuthenticationProvider;
import org.apache.jetspeed.security.User;
import org.apache.jetspeed.security.UserManager;
import org.apache.jetspeed.security.impl.DefaultLoginModule;
-import org.apache.jetspeed.security.impl.RolePrincipalImpl;
+import org.apache.jetspeed.security.impl.RoleImpl;
/**
* <p>Configures Subject principals for JBoss JAAS implementation
@@ -90,8 +91,8 @@
* @param userManager
* @see DefaultLoginModule#DefaultLoginModule(UserManager)
*/
- protected JBossLoginModule (UserManager userManager) {
- super (userManager);
+ protected JBossLoginModule (AuthenticationProvider authProvider, UserManager userManager) {
+ super (authProvider, userManager);
}
protected void commitPrincipals(Subject subject, User user)
@@ -99,7 +100,7 @@
// add UserPrincipal to subject
subject.getPrincipals().add((Principal) user);
JBossGroup roles = new JBossGroup("Roles", getUserRoles(subject));
- roles.addMember(new RolePrincipalImpl(portalUserRole));
+ roles.addMember(new RoleImpl(portalUserRole));
subject.getPrincipals().add(roles);
}
}
Copied: portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/AbstractPasswordCredentialInterceptorImpl.java (from r694068, portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/AbstractInternalPasswordCredentialInterceptorImpl.java)
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/AbstractPasswordCredentialInterceptorImpl.java?p2=portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/AbstractPasswordCredentialInterceptorImpl.java&p1=portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/AbstractInternalPasswordCredentialInterceptorImpl.java&r1=694068&r2=694223&rev=694223&view=diff
==============================================================================
--- portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/AbstractInternalPasswordCredentialInterceptorImpl.java (original)
+++ portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/AbstractPasswordCredentialInterceptorImpl.java Thu Sep 11 05:12:44 2008
@@ -16,58 +16,38 @@
*/
package org.apache.jetspeed.security.spi.impl;
-import java.util.Collection;
-
+import org.apache.jetspeed.security.PasswordCredential;
import org.apache.jetspeed.security.SecurityException;
-import org.apache.jetspeed.security.om.InternalCredential;
-import org.apache.jetspeed.security.om.InternalUserPrincipal;
-import org.apache.jetspeed.security.spi.InternalPasswordCredentialInterceptor;
-import org.apache.jetspeed.security.spi.PasswordCredentialProvider;
+import org.apache.jetspeed.security.spi.CredentialPasswordEncoder;
+import org.apache.jetspeed.security.spi.CredentialPasswordValidator;
+import org.apache.jetspeed.security.spi.PasswordCredentialInterceptor;
/**
* <p>
- * Base class providing default empty behavior for a {@link InternalPasswordCredentialInterceptor}
+ * Base class providing default empty behavior for a {@link PasswordCredentialInterceptor}
* implementation.
* </p>
*
* @author <a href="mailto:ate@douma.nu">Ate Douma</a>
* @version $Id$
*/
-public abstract class AbstractInternalPasswordCredentialInterceptorImpl implements InternalPasswordCredentialInterceptor
+public abstract class AbstractPasswordCredentialInterceptorImpl implements PasswordCredentialInterceptor
{
- /**
- * @return false
- * @see org.apache.jetspeed.security.spi.InternalPasswordCredentialInterceptor#afterLoad(org.apache.jetspeed.security.spi.PasswordCredentialProvider, java.lang.String, org.apache.jetspeed.security.om.InternalCredential)
- */
- public boolean afterLoad(PasswordCredentialProvider pcProvider, String userName, InternalCredential credential)
- throws SecurityException
+ public boolean afterLoad(String userName, PasswordCredential credential, CredentialPasswordEncoder encoder, CredentialPasswordValidator validator) throws SecurityException
{
return false;
}
- /**
- * @return false
- * @see org.apache.jetspeed.security.spi.InternalPasswordCredentialInterceptor#afterAuthenticated(org.apache.jetspeed.security.om.InternalUserPrincipal, java.lang.String, org.apache.jetspeed.security.om.InternalCredential, boolean)
- */
- public boolean afterAuthenticated(InternalUserPrincipal internalUser, String userName,
- InternalCredential credential, boolean authenticated) throws SecurityException
+ public boolean afterAuthenticated(PasswordCredential credential, boolean authenticated) throws SecurityException
{
return false;
}
- /**
- * @see org.apache.jetspeed.security.spi.InternalPasswordCredentialInterceptor#beforeCreate(org.apache.jetspeed.security.om.InternalUserPrincipal, java.util.Collection, java.lang.String, InternalCredential, java.lang.String)
- */
- public void beforeCreate(InternalUserPrincipal internalUser, Collection credentials, String userName,
- InternalCredential credential, String password) throws SecurityException
+ public void beforeCreate(PasswordCredential credential) throws SecurityException
{
}
- /**
- * @see org.apache.jetspeed.security.spi.InternalPasswordCredentialInterceptor#beforeSetPassword(org.apache.jetspeed.security.om.InternalUserPrincipal, java.util.Collection, java.lang.String, org.apache.jetspeed.security.om.InternalCredential, java.lang.String, boolean)
- */
- public void beforeSetPassword(InternalUserPrincipal internalUser, Collection credentials, String userName,
- InternalCredential credential, String password, boolean authenticated) throws SecurityException
+ public void beforeSetPassword(PasswordCredential credential, char[] password) throws SecurityException
{
}
}
Propchange: portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/AbstractPasswordCredentialInterceptorImpl.java
------------------------------------------------------------------------------
svn:eol-style = native
Modified: portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/AlgorithmUpgradePBEPasswordService.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/AlgorithmUpgradePBEPasswordService.java?rev=694223&r1=694222&r2=694223&view=diff
==============================================================================
--- portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/AlgorithmUpgradePBEPasswordService.java (original)
+++ portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/AlgorithmUpgradePBEPasswordService.java Thu Sep 11 05:12:44 2008
@@ -24,7 +24,6 @@
import org.apache.jetspeed.security.AlgorithmUpgradePasswordEncodingService;
import org.apache.jetspeed.security.PasswordCredential;
import org.apache.jetspeed.security.SecurityException;
-import org.apache.jetspeed.security.om.InternalCredential;
import org.apache.jetspeed.security.spi.AlgorithmUpgradeCredentialPasswordEncoder;
import org.apache.jetspeed.security.spi.CredentialPasswordEncoder;
@@ -59,29 +58,23 @@
return usesOldEncodingAlgorithm(credential.isEnabled(), credential.getLastAuthenticationDate(), credential.getPreviousAuthenticationDate());
}
- /* (non-Javadoc)
- * @see org.apache.jetspeed.security.spi.AlgorithmUpgradeCredentialPasswordEncoder#encode(java.lang.String, java.lang.String, org.apache.jetspeed.security.om.InternalCredential)
- */
- public String encode(String userName, String clearTextPassword, InternalCredential credential) throws SecurityException
+ public String encode(PasswordCredential credential) throws SecurityException
{
if ( usesOldEncodingAlgorithm(credential.isEnabled(), credential.getLastAuthenticationDate(), credential.getPreviousAuthenticationDate()))
{
- return oldEncoder.encode(userName, clearTextPassword);
+ return oldEncoder.encode(credential.getUserName(), credential.getNewPassword());
}
else
{
- return encode(userName, clearTextPassword);
+ return encode(credential.getUserName(), credential.getNewPassword());
}
}
- /* (non-Javadoc)
- * @see org.apache.jetspeed.security.spi.AlgorithmUpgradeCredentialPasswordEncoder#recodeIfNeeded(java.lang.String, java.lang.String, org.apache.jetspeed.security.om.InternalCredential)
- */
- public void recodeIfNeeded(String userName, String clearTextPassword, InternalCredential credential) throws SecurityException
+ public void recodeIfNeeded(PasswordCredential credential) throws SecurityException
{
if ( usesOldEncodingAlgorithm(credential.isEnabled(), credential.getLastAuthenticationDate(), credential.getPreviousAuthenticationDate()))
{
- credential.setValue(encode(userName, clearTextPassword));
+ credential.setPassword(encode(credential.getUserName(), credential.getNewPassword()).toCharArray(), true);
}
}
Modified: portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/EncodePasswordOnFirstLoadInterceptor.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/EncodePasswordOnFirstLoadInterceptor.java?rev=694223&r1=694222&r2=694223&view=diff
==============================================================================
--- portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/EncodePasswordOnFirstLoadInterceptor.java (original)
+++ portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/EncodePasswordOnFirstLoadInterceptor.java Thu Sep 11 05:12:44 2008
@@ -20,13 +20,14 @@
import java.util.Date;
import org.apache.jetspeed.security.AlgorithmUpgradePasswordEncodingService;
+import org.apache.jetspeed.security.PasswordCredential;
import org.apache.jetspeed.security.SecurityException;
-import org.apache.jetspeed.security.om.InternalCredential;
-import org.apache.jetspeed.security.spi.PasswordCredentialProvider;
+import org.apache.jetspeed.security.spi.CredentialPasswordEncoder;
+import org.apache.jetspeed.security.spi.CredentialPasswordValidator;
/**
* <p>
- * Encodes (encrypts) an {@link InternalCredential} password using the configured {@link PasswordCredentialProvider#getEncoder() encoder}
+ * Encodes (encrypts) an {@link PasswordCredential} password using the provided {@link PasswordCredentialEncoder encoder}
* if it is loaded unencoded from the persistent store.</p>
* <p>
* This interceptor is useful when credentials need to be preset in the persistent store (like through scripts) or
@@ -35,22 +36,19 @@
* @author <a href="mailto:ate@douma.nu">Ate Douma</a>
* @version $Id$
*/
-public class EncodePasswordOnFirstLoadInterceptor extends AbstractInternalPasswordCredentialInterceptorImpl
+public class EncodePasswordOnFirstLoadInterceptor extends AbstractPasswordCredentialInterceptorImpl
{
/**
* @return true if now encoded
- * @see org.apache.jetspeed.security.spi.InternalPasswordCredentialInterceptor#afterLoad(org.apache.jetspeed.security.spi.PasswordCredentialProvider, java.lang.String, org.apache.jetspeed.security.om.InternalCredential)
*/
- public boolean afterLoad(PasswordCredentialProvider pcProvider, String userName, InternalCredential credential)
- throws SecurityException
+ public boolean afterLoad(String userName, PasswordCredential credential, CredentialPasswordEncoder encoder, CredentialPasswordValidator validator) throws SecurityException
{
boolean updated = false;
- if (!credential.isEncoded() && pcProvider.getEncoder() != null )
+ if (!credential.isPasswordEncoded() && encoder != null )
{
- credential.setValue(pcProvider.getEncoder().encode(userName,credential.getValue()));
- credential.setEncoded(true);
+ credential.setPassword(encoder.encode(userName,new String(credential.getPassword())).toCharArray(), true);
- if ( pcProvider.getEncoder() instanceof AlgorithmUpgradePasswordEncodingService)
+ if ( encoder instanceof AlgorithmUpgradePasswordEncodingService)
{
// For the AlgorithmUpgradePBEPasswordService to be able to distinguise between
// old and new encoded passwords, it evaluates the last and previous authentication timestamps.
Modified: portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/MaxPasswordAuthenticationFailuresInterceptor.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/MaxPasswordAuthenticationFailuresInterceptor.java?rev=694223&r1=694222&r2=694223&view=diff
==============================================================================
--- portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/MaxPasswordAuthenticationFailuresInterceptor.java (original)
+++ portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/MaxPasswordAuthenticationFailuresInterceptor.java Thu Sep 11 05:12:44 2008
@@ -16,11 +16,8 @@
*/
package org.apache.jetspeed.security.spi.impl;
-import java.util.Collection;
-
+import org.apache.jetspeed.security.PasswordCredential;
import org.apache.jetspeed.security.SecurityException;
-import org.apache.jetspeed.security.om.InternalCredential;
-import org.apache.jetspeed.security.om.InternalUserPrincipal;
/**
* <p>
@@ -28,17 +25,13 @@
* Once the maximum number of invalid authentications is reached, the credential is disabled.</p>
* <p>
* Note: the current count is <em>not</em> reset on valid authentication by this interceptor.
- * This is done by the {@link DefaultCredentialHandler} which invokes the interceptor(s) after authentication
- * and no interceptor {@link #afterAuthenticated(InternalUserPrincipal, String, InternalCredential, boolean) afterAuthenicated}
- * method returns true.</p>
- * <p>
* But, this interceptor <em>does</em> (re)sets the count on creation and on change of the password.</p>
* <p>
*
* @author <a href="mailto:ate@douma.nu">Ate Douma</a>
* @version $Id$
*/
-public class MaxPasswordAuthenticationFailuresInterceptor extends AbstractInternalPasswordCredentialInterceptorImpl
+public class MaxPasswordAuthenticationFailuresInterceptor extends AbstractPasswordCredentialInterceptorImpl
{
private int maxNumberOfAuthenticationFailures;
@@ -56,10 +49,8 @@
/**
* Checks the current count of authentication failures when the credential is not expired and authentication failed.
* @return true if the maximum number of invalid authentications is reached and the credential is disabled.
- * @see org.apache.jetspeed.security.spi.InternalPasswordCredentialInterceptor#afterAuthenticated(org.apache.jetspeed.security.om.InternalUserPrincipal, java.lang.String, org.apache.jetspeed.security.om.InternalCredential, boolean)
*/
- public boolean afterAuthenticated(InternalUserPrincipal internalUser, String userName,
- InternalCredential credential, boolean authenticated) throws SecurityException
+ public boolean afterAuthenticated(PasswordCredential credential, boolean authenticated) throws SecurityException
{
boolean update = false;
if ( !credential.isExpired() && !authenticated && maxNumberOfAuthenticationFailures > 0 )
@@ -77,20 +68,16 @@
/**
* Sets the count of invalid authentications to zero (0).
- * @see org.apache.jetspeed.security.spi.InternalPasswordCredentialInterceptor#beforeCreate(org.apache.jetspeed.security.om.InternalUserPrincipal, java.util.Collection, java.lang.String, InternalCredential, java.lang.String)
*/
- public void beforeCreate(InternalUserPrincipal internalUser, Collection credentials, String userName,
- InternalCredential credential, String password) throws SecurityException
+ public void beforeCreate(PasswordCredential credential) throws SecurityException
{
credential.setAuthenticationFailures(0);
}
/**
* Resets the count of invalid authentications to zero (0).
- * @see org.apache.jetspeed.security.spi.InternalPasswordCredentialInterceptor#beforeSetPassword(org.apache.jetspeed.security.om.InternalUserPrincipal, java.util.Collection, java.lang.String, org.apache.jetspeed.security.om.InternalCredential, java.lang.String, boolean)
*/
- public void beforeSetPassword(InternalUserPrincipal internalUser, Collection credentials, String userName,
- InternalCredential credential, String password, boolean authenticated) throws SecurityException
+ public void beforeSetPassword(PasswordCredential credential, String password) throws SecurityException
{
credential.setAuthenticationFailures(0);
}
Modified: portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/PasswordCredentialImpl.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/PasswordCredentialImpl.java?rev=694223&r1=694222&r2=694223&view=diff
==============================================================================
--- portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/PasswordCredentialImpl.java (original)
+++ portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/PasswordCredentialImpl.java Thu Sep 11 05:12:44 2008
@@ -72,6 +72,9 @@
/** The expired state. */
private boolean expired;
+ /** The creation date. */
+ private Date creationDate;
+
/** The expiration date. */
private Date expirationDate;
@@ -265,6 +268,16 @@
this.expired = expired;
}
+ public Date getCreationDate()
+ {
+ return creationDate;
+ }
+
+ public void setCreationDate(Date creationDate)
+ {
+ this.creationDate = creationDate;
+ }
+
public Date getExpirationDate()
{
return expirationDate;
@@ -303,12 +316,6 @@
return authenticationFailures;
}
- public void resetAuthenticationFailures()
- {
- checkUpdateState();
- authenticationFailures = 0;
- }
-
public void setAuthenticationFailures(int authenticationFailures)
{
checkUpdateState();
Copied: portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/PasswordCredentialInterceptorsProxy.java (from r694068, portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/InternalPasswordCredentialInterceptorsProxy.java)
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/PasswordCredentialInterceptorsProxy.java?p2=portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/PasswordCredentialInterceptorsProxy.java&p1=portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/InternalPasswordCredentialInterceptorsProxy.java&r1=694068&r2=694223&rev=694223&view=diff
==============================================================================
--- portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/InternalPasswordCredentialInterceptorsProxy.java (original)
+++ portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/PasswordCredentialInterceptorsProxy.java Thu Sep 11 05:12:44 2008
@@ -16,14 +16,13 @@
*/
package org.apache.jetspeed.security.spi.impl;
-import java.util.Collection;
import java.util.List;
+import org.apache.jetspeed.security.PasswordCredential;
import org.apache.jetspeed.security.SecurityException;
-import org.apache.jetspeed.security.om.InternalCredential;
-import org.apache.jetspeed.security.om.InternalUserPrincipal;
-import org.apache.jetspeed.security.spi.InternalPasswordCredentialInterceptor;
-import org.apache.jetspeed.security.spi.PasswordCredentialProvider;
+import org.apache.jetspeed.security.spi.CredentialPasswordEncoder;
+import org.apache.jetspeed.security.spi.CredentialPasswordValidator;
+import org.apache.jetspeed.security.spi.PasswordCredentialInterceptor;
/**
* <p>
@@ -35,26 +34,22 @@
* @author <a href="mailto:ate@douma.nu">Ate Douma</a>
* @version $Id$
*/
-public class InternalPasswordCredentialInterceptorsProxy implements InternalPasswordCredentialInterceptor
+public class PasswordCredentialInterceptorsProxy implements PasswordCredentialInterceptor
{
- private InternalPasswordCredentialInterceptor[] interceptors;
+ private PasswordCredentialInterceptor[] interceptors;
- public InternalPasswordCredentialInterceptorsProxy(List interceptors)
+ public PasswordCredentialInterceptorsProxy(List<?> interceptors)
{
- this.interceptors = (InternalPasswordCredentialInterceptor[]) interceptors
- .toArray(new InternalPasswordCredentialInterceptor[interceptors.size()]);
+ this.interceptors = (PasswordCredentialInterceptor[]) interceptors
+ .toArray(new PasswordCredentialInterceptor[interceptors.size()]);
}
- /**
- * @see org.apache.jetspeed.security.spi.InternalPasswordCredentialInterceptor#afterLoad(org.apache.jetspeed.security.spi.PasswordCredentialProvider, java.lang.String, org.apache.jetspeed.security.om.InternalCredential)
- */
- public boolean afterLoad(PasswordCredentialProvider pcProvider, String userName, InternalCredential credential)
- throws SecurityException
+ public boolean afterLoad(String userName, PasswordCredential credential, CredentialPasswordEncoder encoder, CredentialPasswordValidator validator) throws SecurityException
{
boolean updated = false;
for (int i = 0; i < interceptors.length; i++)
{
- if (interceptors[i] != null && interceptors[i].afterLoad(pcProvider, userName, credential))
+ if (interceptors[i] != null && interceptors[i].afterLoad(userName, credential, encoder, validator))
{
updated = true;
}
@@ -62,17 +57,13 @@
return updated;
}
- /**
- * @see org.apache.jetspeed.security.spi.InternalPasswordCredentialInterceptor#afterAuthenticated(org.apache.jetspeed.security.om.InternalUserPrincipal, java.lang.String, org.apache.jetspeed.security.om.InternalCredential, boolean)
- */
- public boolean afterAuthenticated(InternalUserPrincipal internalUser, String userName,
- InternalCredential credential, boolean authenticated) throws SecurityException
+ public boolean afterAuthenticated(PasswordCredential credential, boolean authenticated) throws SecurityException
{
boolean updated = false;
for (int i = 0; i < interceptors.length; i++)
{
if (interceptors[i] != null
- && interceptors[i].afterAuthenticated(internalUser, userName, credential, authenticated))
+ && interceptors[i].afterAuthenticated(credential, authenticated))
{
updated = true;
}
@@ -80,33 +71,24 @@
return updated;
}
- /**
- * @see org.apache.jetspeed.security.spi.InternalPasswordCredentialInterceptor#beforeCreate(org.apache.jetspeed.security.om.InternalUserPrincipal, java.util.Collection, java.lang.String, InternalCredential, java.lang.String)
- */
- public void beforeCreate(InternalUserPrincipal internalUser, Collection credentials, String userName,
- InternalCredential credential, String password) throws SecurityException
+ public void beforeCreate(PasswordCredential credential) throws SecurityException
{
for (int i = 0; i < interceptors.length; i++)
{
if (interceptors[i] != null)
{
- interceptors[i].beforeCreate(internalUser, credentials, userName, credential, password);
+ interceptors[i].beforeCreate(credential);
}
}
}
- /**
- * @see org.apache.jetspeed.security.spi.InternalPasswordCredentialInterceptor#beforeSetPassword(org.apache.jetspeed.security.om.InternalUserPrincipal, java.util.Collection, java.lang.String, org.apache.jetspeed.security.om.InternalCredential, java.lang.String, boolean)
- */
- public void beforeSetPassword(InternalUserPrincipal internalUser, Collection credentials, String userName,
- InternalCredential credential, String password, boolean authenticated) throws SecurityException
+ public void beforeSetPassword(PasswordCredential credential, char[] password) throws SecurityException
{
for (int i = 0; i < interceptors.length; i++)
{
if (interceptors[i] != null)
{
- interceptors[i].beforeSetPassword(internalUser, credentials, userName, credential, password,
- authenticated);
+ interceptors[i].beforeSetPassword(credential, password);
}
}
}
Propchange: portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/PasswordCredentialInterceptorsProxy.java
------------------------------------------------------------------------------
svn:eol-style = native
Modified: portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/PasswordExpirationInterceptor.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/PasswordExpirationInterceptor.java?rev=694223&r1=694222&r2=694223&view=diff
==============================================================================
--- portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/PasswordExpirationInterceptor.java (original)
+++ portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/PasswordExpirationInterceptor.java Thu Sep 11 05:12:44 2008
@@ -17,37 +17,33 @@
package org.apache.jetspeed.security.spi.impl;
import java.sql.Date;
-import java.util.Collection;
+import org.apache.jetspeed.security.PasswordCredential;
import org.apache.jetspeed.security.SecurityException;
-import org.apache.jetspeed.security.om.InternalCredential;
-import org.apache.jetspeed.security.om.InternalUserPrincipal;
-import org.apache.jetspeed.security.spi.PasswordCredentialProvider;
+import org.apache.jetspeed.security.spi.CredentialPasswordEncoder;
+import org.apache.jetspeed.security.spi.CredentialPasswordValidator;
/**
* <p>
* Enforces a maximum lifespan for a password credential.</p>
- * When {@link #afterAuthenticated(InternalUserPrincipal, String, InternalCredential, boolean) on authentication}
+ * When {@link #afterAuthenticated(PasswordCredential, boolean) on authentication}
* a password its expiration date is reached, its expired flag is set.
- * The {@link DefaultCredentialHandler} then will fail the authentication and subsequent authentications
- * will fail immediately.</p>
* <p>
* To ensure proper expiration handling, an empty (null) expiration date will be automatically
* filled in when the credential is loaded from the persistent store using the {@link #PasswordExpirationInterceptor(int) configured}
* max lifespan in days.</p>
* <p>
- * When a password credential is {@link #beforeCreate(InternalUserPrincipal, Collection, String, InternalCredential, String) created}
- * or a password is {@link #beforeSetPassword(InternalUserPrincipal, Collection, String, InternalCredential, String, boolean) updated}
+ * When a password credential is {@link #beforeCreate(PasswordCredential) created}
+ * or a password is {@link #beforeSetPassword(PasswordCredential, String) updated}
* a new future expiration date is calculated.</p>
* <p>
* An existing or already provided higher expiration date will be preserved though.
- * This allows to (pre)set a (very) high expiration date, like with {@link InternalCredential#MAX_DATE},
- * for credentials which shouldn't expire.</p>
+ * This allows to (pre)set a (very) high expiration date for credentials which shouldn't expire.</p>
*
* @author <a href="mailto:ate@douma.nu">Ate Douma</a>
* @version $Id$
*/
-public class PasswordExpirationInterceptor extends AbstractInternalPasswordCredentialInterceptorImpl
+public class PasswordExpirationInterceptor extends AbstractPasswordCredentialInterceptorImpl
{
private long maxLifeSpanInMillis;
@@ -61,10 +57,8 @@
/**
* @return true when the password credential is now expired
- * @see org.apache.jetspeed.security.spi.InternalPasswordCredentialInterceptor#afterAuthenticated(org.apache.jetspeed.security.om.InternalUserPrincipal, java.lang.String, org.apache.jetspeed.security.om.InternalCredential, boolean)
*/
- public boolean afterAuthenticated(InternalUserPrincipal internalUser, String userName,
- InternalCredential credential, boolean authenticated) throws SecurityException
+ public boolean afterAuthenticated(PasswordCredential credential, boolean authenticated) throws SecurityException
{
boolean update = false;
if ( !credential.isExpired() )
@@ -82,10 +76,8 @@
/**
* @return true when a new default expiration date is set
- * @see org.apache.jetspeed.security.spi.InternalPasswordCredentialInterceptor#afterLoad(org.apache.jetspeed.security.spi.PasswordCredentialProvider, java.lang.String, org.apache.jetspeed.security.om.InternalCredential)
*/
- public boolean afterLoad(PasswordCredentialProvider pcProvider, String userName, InternalCredential credential)
- throws SecurityException
+ public boolean afterLoad(String userName, PasswordCredential credential, CredentialPasswordEncoder encoder, CredentialPasswordValidator validator) throws SecurityException
{
boolean update = false;
if ( credential.getExpirationDate() == null )
@@ -98,25 +90,21 @@
/**
* Calculates and sets the default expiration date and the expired flag to false
- * @see org.apache.jetspeed.security.spi.InternalPasswordCredentialInterceptor#beforeCreate(org.apache.jetspeed.security.om.InternalUserPrincipal, java.util.Collection, java.lang.String, InternalCredential, java.lang.String)
*/
- public void beforeCreate(InternalUserPrincipal internalUser, Collection credentials, String userName,
- InternalCredential credential, String password) throws SecurityException
+ public void beforeCreate(PasswordCredential credential) throws SecurityException
{
setExpiration(credential);
}
/**
* Sets a new expiration date if a higher expiration date isn't set already and resets the expired flag
- * @see org.apache.jetspeed.security.spi.InternalPasswordCredentialInterceptor#beforeSetPassword(org.apache.jetspeed.security.om.InternalUserPrincipal, java.util.Collection, java.lang.String, org.apache.jetspeed.security.om.InternalCredential, java.lang.String, boolean)
*/
- public void beforeSetPassword(InternalUserPrincipal internalUser, Collection credentials, String userName,
- InternalCredential credential, String password, boolean authenticated) throws SecurityException
+ public void beforeSetPassword(PasswordCredential credential, String password) throws SecurityException
{
setExpiration(credential);
}
- protected void setExpiration(InternalCredential credential)
+ protected void setExpiration(PasswordCredential credential)
{
Date nextExpirationDate = new Date(new java.util.Date().getTime()+maxLifeSpanInMillis);
if ( credential.getExpirationDate() == null || credential.getExpirationDate().before(nextExpirationDate))
Modified: portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/PasswordHistoryInterceptor.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/PasswordHistoryInterceptor.java?rev=694223&r1=694222&r2=694223&view=diff
==============================================================================
--- portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/PasswordHistoryInterceptor.java (original)
+++ portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/PasswordHistoryInterceptor.java Thu Sep 11 05:12:44 2008
@@ -16,19 +16,10 @@
*/
package org.apache.jetspeed.security.spi.impl;
-import java.sql.Timestamp;
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.Collections;
import java.util.Comparator;
-import java.util.Date;
-import java.util.Iterator;
-import org.apache.jetspeed.security.PasswordAlreadyUsedException;
+import org.apache.jetspeed.security.PasswordCredential;
import org.apache.jetspeed.security.SecurityException;
-import org.apache.jetspeed.security.om.InternalCredential;
-import org.apache.jetspeed.security.om.InternalUserPrincipal;
-import org.apache.jetspeed.security.om.impl.InternalCredentialImpl;
/**
* <p>
@@ -36,33 +27,27 @@
* It also requires a unique password (with regards to the values currently in the stack) when
* a password is changed directly by the user itself.</p>
* <p>
- * The historical passwords are maintained as {@link InternalCredential} instances with as {@link InternalCredential#getClassname() classname}
- * value {@link #HISTORICAL_PASSWORD_CREDENTIAL} to distinguish them from the current password credential.</p>
+ * The historical passwords are maintained as {@link PasswordCredential} instances with a {@link PasswordCredential#getType() type}
+ * value {@link PasswordCredential#TYPE_HISTORICAL} to distinguish them from the current password credential.</p>
* <p>
* <em>Implementation Note:</em><br>
* When a new password is about to be saved, a new <em>copy</em> of the current credential is saved as
- * a historic password credential. This means that the current password credential <em>instance</em>,
- * and thus also its {@link InternalCredential#getCredentialId() key}, remains the same.</p>
+ * a historic password credential. This means that the current password credential <em>instance</em> remains the same.</p>
* <p>
*
* @author <a href="mailto:ate@douma.nu">Ate Douma</a>
* @version $Id$
*/
-public class PasswordHistoryInterceptor extends AbstractInternalPasswordCredentialInterceptorImpl
+public class PasswordHistoryInterceptor extends AbstractPasswordCredentialInterceptorImpl
{
private int historySize;
- /**
- * Value used for {@link InternalCredential#getClassname()} to distinguish from current password credentials
- */
- public static final String HISTORICAL_PASSWORD_CREDENTIAL = "org.apache.jetspeed.security.spi.impl.HistoricalPasswordCredentialImpl";
-
- private static final Comparator internalCredentialCreationDateComparator =
- new Comparator()
+ private static final Comparator<PasswordCredential> internalCredentialCreationDateComparator =
+ new Comparator<PasswordCredential>()
{
- public int compare(Object obj1, Object obj2)
+ public int compare(PasswordCredential o1, PasswordCredential o2)
{
- return ((InternalCredential)obj2).getCreationDate().compareTo(((InternalCredential)obj1).getCreationDate());
+ return o1.getCreationDate().compareTo(o2.getCreationDate());
}
};
@@ -74,12 +59,9 @@
this.historySize = historySize;
}
- /**
- * @see org.apache.jetspeed.security.spi.InternalPasswordCredentialInterceptor#beforeSetPassword(org.apache.jetspeed.security.om.InternalUserPrincipal, java.util.Collection, java.lang.String, org.apache.jetspeed.security.om.InternalCredential, java.lang.String, boolean)
- */
- public void beforeSetPassword(InternalUserPrincipal internalUser, Collection credentials, String userName,
- InternalCredential credential, String password, boolean authenticated) throws SecurityException
+ public void beforeSetPassword(PasswordCredential credential, String password) throws SecurityException
{
+/* TODO
Collection internalCredentials = internalUser.getCredentials();
ArrayList historicalPasswordCredentials = new ArrayList();
if ( internalCredentials != null )
@@ -130,5 +112,6 @@
// fake update to current InternalCredential as being an insert of a new one
credential.setCreationDate(new Timestamp(new Date().getTime()));
+*/
}
}
Modified: portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/ValidatePasswordOnLoadInterceptor.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/ValidatePasswordOnLoadInterceptor.java?rev=694223&r1=694222&r2=694223&view=diff
==============================================================================
--- portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/ValidatePasswordOnLoadInterceptor.java (original)
+++ portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/ValidatePasswordOnLoadInterceptor.java Thu Sep 11 05:12:44 2008
@@ -18,39 +18,38 @@
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
+import org.apache.jetspeed.security.PasswordCredential;
import org.apache.jetspeed.security.SecurityException;
-import org.apache.jetspeed.security.om.InternalCredential;
-import org.apache.jetspeed.security.spi.InternalPasswordCredentialInterceptor;
-import org.apache.jetspeed.security.spi.PasswordCredentialProvider;
+import org.apache.jetspeed.security.spi.CredentialPasswordEncoder;
+import org.apache.jetspeed.security.spi.CredentialPasswordValidator;
+import org.apache.jetspeed.security.spi.PasswordCredentialInterceptor;
/**
* <p>
- * Checks if a (pre)set password in the persitent store is valid according to the configured
- * {@link PasswordCredentialProvider#getValidator() validator} when loaded from the persistent store.</p>
+ * Checks if a (pre)set password in the persitent store is valid according to the provided
+ * {@link PasswordCredentialValidator validator} when loaded from the persistent store.</p>
* <p>
* If the password checks out to be invalid, an error is logged and the credential is flagged to be
- * {@link InternalCredential#isUpdateRequired() updateRequired}.</p>
+ * {@link PasswordCredential#isUpdateRequired() updateRequired}.</p>
*
* @author <a href="mailto:ate@douma.nu">Ate Douma</a>
* @version $Id$
*/
-public class ValidatePasswordOnLoadInterceptor extends AbstractInternalPasswordCredentialInterceptorImpl
+public class ValidatePasswordOnLoadInterceptor extends AbstractPasswordCredentialInterceptorImpl
{
- private static final Log log = LogFactory.getLog(InternalPasswordCredentialInterceptor.class);
+ private static final Log log = LogFactory.getLog(PasswordCredentialInterceptor.class);
/**
* @return true is the password was invalid and update is required
- * @see org.apache.jetspeed.security.spi.InternalPasswordCredentialInterceptor#afterLoad(org.apache.jetspeed.security.spi.PasswordCredentialProvider, java.lang.String, org.apache.jetspeed.security.om.InternalCredential)
*/
- public boolean afterLoad(PasswordCredentialProvider pcProvider, String userName, InternalCredential credential)
- throws SecurityException
+ public boolean afterLoad(String userName, PasswordCredential credential, CredentialPasswordEncoder encoder, CredentialPasswordValidator validator) throws SecurityException
{
boolean updated = false;
- if (!credential.isEncoded() && pcProvider.getValidator() != null )
+ if (!credential.isPasswordEncoded() && validator != null )
{
try
{
- pcProvider.getValidator().validate(credential.getValue());
+ validator.validate(new String(credential.getPassword()));
}
catch (SecurityException e)
{
Modified: portals/jetspeed-2/portal/branches/security-refactoring/jetspeed-api/src/main/java/org/apache/jetspeed/security/PasswordCredential.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/branches/security-refactoring/jetspeed-api/src/main/java/org/apache/jetspeed/security/PasswordCredential.java?rev=694223&r1=694222&r2=694223&view=diff
==============================================================================
--- portals/jetspeed-2/portal/branches/security-refactoring/jetspeed-api/src/main/java/org/apache/jetspeed/security/PasswordCredential.java (original)
+++ portals/jetspeed-2/portal/branches/security-refactoring/jetspeed-api/src/main/java/org/apache/jetspeed/security/PasswordCredential.java Thu Sep 11 05:12:44 2008
@@ -17,6 +17,7 @@
package org.apache.jetspeed.security;
import java.sql.Date;
+import java.sql.Timestamp;
/**
* <p>
@@ -94,5 +95,9 @@
void setExpirationDate(Date expirationDate);
- void resetAuthenticationFailures();
+ void setPreviousAuthenticationDate(Timestamp date);
+
+ void setLastAuthenticationDate(Timestamp date);
+
+ void setAuthenticationFailures(int authenticationFailures);
}
Modified: portals/jetspeed-2/portal/branches/security-refactoring/jetspeed-api/src/main/java/org/apache/jetspeed/security/UserCredential.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/branches/security-refactoring/jetspeed-api/src/main/java/org/apache/jetspeed/security/UserCredential.java?rev=694223&r1=694222&r2=694223&view=diff
==============================================================================
--- portals/jetspeed-2/portal/branches/security-refactoring/jetspeed-api/src/main/java/org/apache/jetspeed/security/UserCredential.java (original)
+++ portals/jetspeed-2/portal/branches/security-refactoring/jetspeed-api/src/main/java/org/apache/jetspeed/security/UserCredential.java Thu Sep 11 05:12:44 2008
@@ -50,6 +50,11 @@
boolean isExpired();
/**
+ * @return when the credential is created.
+ */
+ Date getCreationDate();
+
+ /**
* @return when the credential is (going to be) expired.
*/
Date getExpirationDate();
Modified: portals/jetspeed-2/portal/branches/security-refactoring/jetspeed-api/src/main/java/org/apache/jetspeed/security/spi/AlgorithmUpgradeCredentialPasswordEncoder.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/branches/security-refactoring/jetspeed-api/src/main/java/org/apache/jetspeed/security/spi/AlgorithmUpgradeCredentialPasswordEncoder.java?rev=694223&r1=694222&r2=694223&view=diff
==============================================================================
--- portals/jetspeed-2/portal/branches/security-refactoring/jetspeed-api/src/main/java/org/apache/jetspeed/security/spi/AlgorithmUpgradeCredentialPasswordEncoder.java (original)
+++ portals/jetspeed-2/portal/branches/security-refactoring/jetspeed-api/src/main/java/org/apache/jetspeed/security/spi/AlgorithmUpgradeCredentialPasswordEncoder.java Thu Sep 11 05:12:44 2008
@@ -18,11 +18,10 @@
import org.apache.jetspeed.security.PasswordCredential;
import org.apache.jetspeed.security.SecurityException;
-import org.apache.jetspeed.security.om.InternalCredential;
/**
* <p>
- * AlgorithmUpgradeCredentialPasswordEncoder which is provided with the InternalCredential as well
+ * AlgorithmUpgradeCredentialPasswordEncoder which is provided with the PasswordCredential as well
* to allow for migrating between two different encoding schemes.
* </p>
* <p>
@@ -38,7 +37,7 @@
*/
public interface AlgorithmUpgradeCredentialPasswordEncoder extends CredentialPasswordEncoder
{
- String encode(String userName, String clearTextPassword, InternalCredential credential) throws SecurityException;
- void recodeIfNeeded(String userName, String clearTextPassword, InternalCredential credential) throws SecurityException;
+ String encode(PasswordCredential credential) throws SecurityException;
+ void recodeIfNeeded(PasswordCredential credential) throws SecurityException;
boolean usesOldEncodingAlgorithm(PasswordCredential credential);
}
Copied: portals/jetspeed-2/portal/branches/security-refactoring/jetspeed-api/src/main/java/org/apache/jetspeed/security/spi/PasswordCredentialInterceptor.java (from r694068, portals/jetspeed-2/portal/branches/security-refactoring/jetspeed-api/src/main/java/org/apache/jetspeed/security/spi/InternalPasswordCredentialInterceptor.java)
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/branches/security-refactoring/jetspeed-api/src/main/java/org/apache/jetspeed/security/spi/PasswordCredentialInterceptor.java?p2=portals/jetspeed-2/portal/branches/security-refactoring/jetspeed-api/src/main/java/org/apache/jetspeed/security/spi/PasswordCredentialInterceptor.java&p1=portals/jetspeed-2/portal/branches/security-refactoring/jetspeed-api/src/main/java/org/apache/jetspeed/security/spi/InternalPasswordCredentialInterceptor.java&r1=694068&r2=694223&rev=694223&view=diff
==============================================================================
--- portals/jetspeed-2/portal/branches/security-refactoring/jetspeed-api/src/main/java/org/apache/jetspeed/security/spi/InternalPasswordCredentialInterceptor.java (original)
+++ portals/jetspeed-2/portal/branches/security-refactoring/jetspeed-api/src/main/java/org/apache/jetspeed/security/spi/PasswordCredentialInterceptor.java Thu Sep 11 05:12:44 2008
@@ -16,22 +16,19 @@
*/
package org.apache.jetspeed.security.spi;
-import java.util.Collection;
-
+import org.apache.jetspeed.security.PasswordCredential;
import org.apache.jetspeed.security.SecurityException;
-import org.apache.jetspeed.security.om.InternalCredential;
-import org.apache.jetspeed.security.om.InternalUserPrincipal;
/**
* <p>
- * Callback component interface used by {@link org.apache.jetspeed.security.spi.impl.DefaultCredentialHandler DefaultCredentialHandler}
- * allowing injecting custom logic on certain events of the {@link InternalCredential}.
+ * Callback component interface to be used by the {@link UserPasswordCredentialPasswordPolicyManager}
+ * allowing injecting custom logic on certain events of the {@link PasswordCredential}.
* </p>
*
* @author <a href="mailto:ate@apache.org">Ate Douma</a>
* @version $Id: InternalPasswordCredentialInterceptor.java 291016 2005-09-22 21:19:36Z ate $
*/
-public interface InternalPasswordCredentialInterceptor
+public interface PasswordCredentialInterceptor
{
/**
* <p>
@@ -42,80 +39,61 @@
* A thrown SecurityException will be logged as an error and result in the credential to be ignored
* as if not existing (like for authentication).</p>
*
- * @param pcProvider provides callback access to for instance the configured {@link CredentialPasswordEncoder} and
- * {@link CredentialPasswordValidator}
* @param userName the name of the principal to which the credential belongs
* @param credential the credential just loaded from the persistent store
+ * @param encoder
+ * @param validator
* @return true if the credential is updated
* @throws SecurityException
- * @see org.apache.jetspeed.security.spi.impl.DefaultCredentialHandler#getPasswordCredential(InternalUserPrincipal, String)
- * @see org.apache.jetspeed.security.spi.impl.DefaultCredentialHandler#setPasswordExpiration(String, java.sql.Date)
*/
- boolean afterLoad(PasswordCredentialProvider pcProvider, String userName, InternalCredential credential) throws SecurityException;
+ boolean afterLoad(String userName, PasswordCredential credential, CredentialPasswordEncoder encoder, CredentialPasswordValidator validator) throws SecurityException;
/**
* <p>
* Invoked during authentication after the provided password is compared against the one retrieved from
- * the InternalCredential.</p>
+ * the PasswordCredential.</p>
* <p>
- * If true is returned, the credential is expected to be updated and its {@link InternalCredential#isEnabled() enabled}
- * and {@link InternalCredential#isExpired() expired} flags will checked if the credential is (still) valid.</p>
+ * If true is returned, the credential is expected to be updated and its {@link PasswordCredential#isEnabled() enabled}
+ * and {@link PasswordCredential#isExpired() expired} flags will checked if the credential is (still) valid.</p>
* <p>
* Note: the enabled and expired flags are <em>only</em> checked if this method returns true.</p>
* <p>
* A thrown SecurityException will be passed on to the authentication requestor.</p>
*
- * @param internalUser the user to which the credential belongs
- * @param userName the name of the principal to which the credential belongs
* @param credential the credential of the user
* @param authenticated true if the provided password matches the value of the credential
* @return true if the credential is updated
* @throws SecurityException
- * @see org.apache.jetspeed.security.spi.impl.DefaultCredentialHandler#authenticate(String, String)
*/
- boolean afterAuthenticated(InternalUserPrincipal internalUser, String userName, InternalCredential credential, boolean authenticated) throws SecurityException;
+ boolean afterAuthenticated(PasswordCredential credential, boolean authenticated) throws SecurityException;
/**
* <p>
* Invoked when the first password credential is to be saved for a user.</p>
* <p>
- * This callback method can be used to set default values like the {@link InternalCredential#getExpirationDate() expiration date}.</p>
+ * This callback method can be used to set default values like the {@link PasswordCredential#getExpirationDate() expiration date}.</p>
* <p>
* A thrown SecurityException is passed on to the new password requestor.</p>
*
- * @param internalUser the user to which the credential belongs
- * @param credentials the collection of credentials which will set on the user after (already contains the new credential)
- * @param userName the name of the principal to which the credential belongs
* @param credential the credential of the user
- * @param password the new password value (already set on the new credential)
* @throws SecurityException
- * @see org.apache.jetspeed.security.spi.impl.DefaultCredentialHandler#setPassword(String, String, String)
*/
- void beforeCreate(InternalUserPrincipal internalUser, Collection credentials, String userName, InternalCredential credential, String password) throws SecurityException;
+ void beforeCreate(PasswordCredential credential) throws SecurityException;
/**
* <p>
- * Invoked when a new password value is to be saved for a user.</p>
- * <p>
- * The new password value is <em>not</em> yet set on the provided credential when this callback is invoked. This allows
- * custom history maintenance and/or auditing to be performed.</p>
+ * Invoked when a new unencoded password value is to be set for a user by the user itself.</p>
* <p>
- * The provided authenticated flag can be used to differentiate between a new password value set directly by a user
- * itself or through an administrative interface.</p>
- * <p>
- * After this callback is invoked, the specified password value will be set, as well as a reset of the
- * {@link InternalCredential#isUpdateRequired() updateRequired} flag, before the credential is saved.</p>
+ * The new raw, possibly encoded, password value is <em>not</em> yet set on the provided credential when this callback is invoked but provided as parameter.
+ * This allows custom history maintenance and/or auditing to be performed.</p>
+ * After this callback is invoked, the password raw value will be set, as well as a reset of the
+ * {@link PasswordCredential#isUpdateRequired() updateRequired} flag, before the credential is saved.</p>
* <p>
* A thrown SecurityException is passed on to the set password requestor.</p>
*
- * @param internalUser the user to which the credential belongs
- * @param credentials the collection of credentials which will set on the user after (already contains the new credential)
- * @param userName the name of the principal to which the credential belongs
- * @param credential the credential of the user
- * @param password the new password value (already set on the new credential)
- * @param authenticated true if the new password value is provided by the user directly
+ * @param credential the credential of the user
+ * @param password
* @throws SecurityException
- * @see org.apache.jetspeed.security.spi.impl.DefaultCredentialHandler#setPassword(String, String, String)
*/
- void beforeSetPassword(InternalUserPrincipal internalUser, Collection credentials, String userName, InternalCredential credential, String password, boolean authenticated) throws SecurityException;
+ void beforeSetPassword(PasswordCredential credential, char[] password) throws SecurityException;
}
Copied: portals/jetspeed-2/portal/branches/security-refactoring/jetspeed-api/src/main/java/org/apache/jetspeed/security/spi/UserPasswordCredentialAccessManager.java (from r694194, portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/UserPasswordCredentialAccessManager.java)
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/branches/security-refactoring/jetspeed-api/src/main/java/org/apache/jetspeed/security/spi/UserPasswordCredentialAccessManager.java?p2=portals/jetspeed-2/portal/branches/security-refactoring/jetspeed-api/src/main/java/org/apache/jetspeed/security/spi/UserPasswordCredentialAccessManager.java&p1=portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/UserPasswordCredentialAccessManager.java&r1=694194&r2=694223&rev=694223&view=diff
==============================================================================
(empty)
Propchange: portals/jetspeed-2/portal/branches/security-refactoring/jetspeed-api/src/main/java/org/apache/jetspeed/security/spi/UserPasswordCredentialAccessManager.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: portals/jetspeed-2/portal/branches/security-refactoring/jetspeed-api/src/main/java/org/apache/jetspeed/security/spi/UserPasswordCredentialAccessManager.java
------------------------------------------------------------------------------
svn:keywords = Id
Propchange: portals/jetspeed-2/portal/branches/security-refactoring/jetspeed-api/src/main/java/org/apache/jetspeed/security/spi/UserPasswordCredentialAccessManager.java
------------------------------------------------------------------------------
svn:mime-type = text/plain
Added: portals/jetspeed-2/portal/branches/security-refactoring/jetspeed-api/src/main/java/org/apache/jetspeed/security/spi/UserPasswordCredentialPolicyManager.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/branches/security-refactoring/jetspeed-api/src/main/java/org/apache/jetspeed/security/spi/UserPasswordCredentialPolicyManager.java?rev=694223&view=auto
==============================================================================
--- portals/jetspeed-2/portal/branches/security-refactoring/jetspeed-api/src/main/java/org/apache/jetspeed/security/spi/UserPasswordCredentialPolicyManager.java (added)
+++ portals/jetspeed-2/portal/branches/security-refactoring/jetspeed-api/src/main/java/org/apache/jetspeed/security/spi/UserPasswordCredentialPolicyManager.java Thu Sep 11 05:12:44 2008
@@ -0,0 +1,33 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.jetspeed.security.spi;
+
+import org.apache.jetspeed.security.PasswordCredential;
+
+/**
+ * @version $Id$
+ *
+ */
+public interface UserPasswordCredentialPolicyManager
+{
+ CredentialPasswordEncoder getCredentialPasswordEncoder();
+ CredentialPasswordValidator getCredentialPasswordValidator();
+ void onLoad(PasswordCredential credential, String userName) throws SecurityException;
+ boolean authenticate(PasswordCredential credential, String userName, String password) throws SecurityException;
+ void onStore(PasswordCredential credential) throws SecurityException;
+}
Propchange: portals/jetspeed-2/portal/branches/security-refactoring/jetspeed-api/src/main/java/org/apache/jetspeed/security/spi/UserPasswordCredentialPolicyManager.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: portals/jetspeed-2/portal/branches/security-refactoring/jetspeed-api/src/main/java/org/apache/jetspeed/security/spi/UserPasswordCredentialPolicyManager.java
------------------------------------------------------------------------------
svn:keywords = Id
Propchange: portals/jetspeed-2/portal/branches/security-refactoring/jetspeed-api/src/main/java/org/apache/jetspeed/security/spi/UserPasswordCredentialPolicyManager.java
------------------------------------------------------------------------------
svn:mime-type = text/plain
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org