You are viewing a plain text version of this content. The canonical link for it is here.
Posted to jetspeed-dev@portals.apache.org by at...@apache.org on 2006/07/04 16:21:06 UTC

svn commit: r419015 - in /portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl: DefaultCredentialHandler.java EncodePasswordOnFirstLoadInterceptor.java

Author: ate
Date: Tue Jul  4 07:21:06 2006
New Revision: 419015

URL: http://svn.apache.org/viewvc?rev=419015&view=rev
Log:
Further improvement and a small fix for JS2-550: A new Two-way password encoding service allowing decoding of encoded passwords
See: http://issues.apache.org/jira/browse/JS2-550#action_12418846
- make sure old non-encoded passwords which are encoded on first load, are recognized as using the new encoding scheme

Modified:
    portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/DefaultCredentialHandler.java
    portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/EncodePasswordOnFirstLoadInterceptor.java

Modified: portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/DefaultCredentialHandler.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/DefaultCredentialHandler.java?rev=419015&r1=419014&r2=419015&view=diff
==============================================================================
--- portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/DefaultCredentialHandler.java (original)
+++ portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/DefaultCredentialHandler.java Tue Jul  4 07:21:06 2006
@@ -24,6 +24,7 @@
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+import org.apache.jetspeed.security.AlgorithmUpgradePasswordEncodingService;
 import org.apache.jetspeed.security.InvalidNewPasswordException;
 import org.apache.jetspeed.security.InvalidPasswordException;
 import org.apache.jetspeed.security.PasswordAlreadyUsedException;
@@ -241,11 +242,14 @@
         {
             // non-user (admin) modified the password
             
-            // set current time in previous auth date, and clear last authentication date
-            // !!! While this might be a bit strange logic, it is *required* for the AlgorithmUpgradePBEPasswordEncodingService
-            // to be able to distinguise password changes from other changes
-            credential.setPreviousAuthenticationDate(new Timestamp(new Date().getTime()));
-            credential.setLastAuthenticationDate(null);
+            if ( encoded && pcProvider.getEncoder() instanceof AlgorithmUpgradePasswordEncodingService )
+            {
+                // set current time in previous auth date, and clear last authentication date
+                // !!! While this might be a bit strange logic, it is *required* for the AlgorithmUpgradePBEPasswordEncodingService
+                // to be able to distinguise password changes from other changes
+                credential.setPreviousAuthenticationDate(new Timestamp(new Date().getTime()));
+                credential.setLastAuthenticationDate(null);
+            }
         }
         else
         {

Modified: portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/EncodePasswordOnFirstLoadInterceptor.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/EncodePasswordOnFirstLoadInterceptor.java?rev=419015&r1=419014&r2=419015&view=diff
==============================================================================
--- portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/EncodePasswordOnFirstLoadInterceptor.java (original)
+++ portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/EncodePasswordOnFirstLoadInterceptor.java Tue Jul  4 07:21:06 2006
@@ -14,6 +14,10 @@
 */
 package org.apache.jetspeed.security.spi.impl;
 
+import java.sql.Timestamp;
+import java.util.Date;
+
+import org.apache.jetspeed.security.AlgorithmUpgradePasswordEncodingService;
 import org.apache.jetspeed.security.SecurityException;
 import org.apache.jetspeed.security.om.InternalCredential;
 import org.apache.jetspeed.security.spi.PasswordCredentialProvider;
@@ -43,6 +47,17 @@
         {
             credential.setValue(pcProvider.getEncoder().encode(userName,credential.getValue()));
             credential.setEncoded(true);
+            
+            if ( pcProvider.getEncoder() instanceof AlgorithmUpgradePasswordEncodingService)
+            {
+                // For the AlgorithmUpgradePBEPasswordService to be able to distinguise between
+                // old and new encoded passwords, it evaluates the last and previous authentication timestamps.
+                // With an automatic encoding (using the new encoding schema) the last authentication must be
+                // set to null (as the user hasn't been authenticated yet again, which leaves the previous
+                // authentication timestamp for indicating when the (new) encoding took place.
+                credential.setPreviousAuthenticationDate(new Timestamp(new Date().getTime()));
+                credential.setLastAuthenticationDate(null);
+            }
             updated = true;
         }
         return updated;



---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org