You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by ak...@apache.org on 2006/07/17 23:02:45 UTC
svn commit: r422869 - in /directory/branches/apacheds/optimization:
core-unit/src/test/java/org/apache/directory/server/core/authn/
core/src/main/java/org/apache/directory/server/core/authn/
Author: akarasulu
Date: Mon Jul 17 14:02:44 2006
New Revision: 422869
URL: http://svn.apache.org/viewvc?rev=422869&view=rev
Log:
Improving invalidation a bit by not being so exact to invalidate. If any change
happends, move, delete, or modify to an entry then I call invalidate.
Modified:
directory/branches/apacheds/optimization/core-unit/src/test/java/org/apache/directory/server/core/authn/SimpleAuthenticationITest.java
directory/branches/apacheds/optimization/core/src/main/java/org/apache/directory/server/core/authn/AbstractAuthenticator.java
directory/branches/apacheds/optimization/core/src/main/java/org/apache/directory/server/core/authn/AuthenticationService.java
directory/branches/apacheds/optimization/core/src/main/java/org/apache/directory/server/core/authn/Authenticator.java
directory/branches/apacheds/optimization/core/src/main/java/org/apache/directory/server/core/authn/SimpleAuthenticator.java
Modified: directory/branches/apacheds/optimization/core-unit/src/test/java/org/apache/directory/server/core/authn/SimpleAuthenticationITest.java
URL: http://svn.apache.org/viewvc/directory/branches/apacheds/optimization/core-unit/src/test/java/org/apache/directory/server/core/authn/SimpleAuthenticationITest.java?rev=422869&r1=422868&r2=422869&view=diff
==============================================================================
--- directory/branches/apacheds/optimization/core-unit/src/test/java/org/apache/directory/server/core/authn/SimpleAuthenticationITest.java (original)
+++ directory/branches/apacheds/optimization/core-unit/src/test/java/org/apache/directory/server/core/authn/SimpleAuthenticationITest.java Mon Jul 17 14:02:44 2006
@@ -386,81 +386,4 @@
assertTrue( attrs.get( "facsimiletelephonenumber" ).contains( "+1 408 555 9751" ) );
assertTrue( attrs.get( "roomnumber" ).contains( "4612" ) );
}
-
-
- public void test12InvalidateCredentialCacheWithOID() throws NamingException
- {
- Hashtable env = new Hashtable( configuration.toJndiEnvironment() );
- env.put( Context.PROVIDER_URL, "ou=system" );
- env.put( Context.SECURITY_PRINCIPAL, "uid=akarasulu,ou=users,ou=system" );
- env.put( Context.SECURITY_CREDENTIALS, "test" );
- env.put( Context.SECURITY_AUTHENTICATION, "simple" );
- env.put( Context.INITIAL_CONTEXT_FACTORY, "org.apache.directory.server.core.jndi.CoreContextFactory" );
- InitialDirContext ic = new InitialDirContext( env );
- Attributes attrs = ic.getAttributes( "uid=akarasulu,ou=users" );
- Attribute ou = attrs.get( "ou" );
- assertTrue( ou.contains( "Engineering" ) );
- assertTrue( ou.contains( "People" ) );
-
- Attribute objectClass = attrs.get( "objectClass" );
- assertTrue( objectClass.contains( "top" ) );
- assertTrue( objectClass.contains( "person" ) );
- assertTrue( objectClass.contains( "organizationalPerson" ) );
- assertTrue( objectClass.contains( "inetOrgPerson" ) );
-
- assertTrue( attrs.get( "telephonenumber" ).contains( "+1 408 555 4798" ) );
- assertTrue( attrs.get( "uid" ).contains( "akarasulu" ) );
- assertTrue( attrs.get( "givenname" ).contains( "Alex" ) );
- assertTrue( attrs.get( "mail" ).contains( "akarasulu@apache.org" ) );
- assertTrue( attrs.get( "l" ).contains( "Bogusville" ) );
- assertTrue( attrs.get( "sn" ).contains( "Karasulu" ) );
- assertTrue( attrs.get( "cn" ).contains( "Alex Karasulu" ) );
- assertTrue( attrs.get( "facsimiletelephonenumber" ).contains( "+1 408 555 9751" ) );
- assertTrue( attrs.get( "roomnumber" ).contains( "4612" ) );
-
- // now modify the password for akarasulu
- LockableAttributeImpl userPasswordAttribute = new LockableAttributeImpl( "2.5.4.35", "newpwd" );
- ic.modifyAttributes( "uid=akarasulu,ou=users", new ModificationItem[] {
- new ModificationItem( DirContext.REPLACE_ATTRIBUTE, userPasswordAttribute ) } );
-
- // close and try with old password (should fail)
- ic.close();
- env.put( Context.SECURITY_CREDENTIALS, "test" );
- try
- {
- ic = new InitialDirContext( env );
- fail( "Authentication with old password should fail" );
- }
- catch ( NamingException e )
- {
- // we should fail
- }
-
- // close and try again now with new password (should fail)
- ic.close();
- env.put( Context.SECURITY_CREDENTIALS, "newpwd" );
- ic = new InitialDirContext( env );
- attrs = ic.getAttributes( "uid=akarasulu,ou=users" );
- ou = attrs.get( "ou" );
- assertTrue( ou.contains( "Engineering" ) );
- assertTrue( ou.contains( "People" ) );
-
- objectClass = attrs.get( "objectClass" );
- assertTrue( objectClass.contains( "top" ) );
- assertTrue( objectClass.contains( "person" ) );
- assertTrue( objectClass.contains( "organizationalPerson" ) );
- assertTrue( objectClass.contains( "inetOrgPerson" ) );
-
- assertTrue( attrs.get( "telephonenumber" ).contains( "+1 408 555 4798" ) );
- assertTrue( attrs.get( "uid" ).contains( "akarasulu" ) );
- assertTrue( attrs.get( "givenname" ).contains( "Alex" ) );
- assertTrue( attrs.get( "mail" ).contains( "akarasulu@apache.org" ) );
- assertTrue( attrs.get( "l" ).contains( "Bogusville" ) );
- assertTrue( attrs.get( "sn" ).contains( "Karasulu" ) );
- assertTrue( attrs.get( "cn" ).contains( "Alex Karasulu" ) );
- assertTrue( attrs.get( "facsimiletelephonenumber" ).contains( "+1 408 555 9751" ) );
- assertTrue( attrs.get( "roomnumber" ).contains( "4612" ) );
- }
-
-
}
Modified: directory/branches/apacheds/optimization/core/src/main/java/org/apache/directory/server/core/authn/AbstractAuthenticator.java
URL: http://svn.apache.org/viewvc/directory/branches/apacheds/optimization/core/src/main/java/org/apache/directory/server/core/authn/AbstractAuthenticator.java?rev=422869&r1=422868&r2=422869&view=diff
==============================================================================
--- directory/branches/apacheds/optimization/core/src/main/java/org/apache/directory/server/core/authn/AbstractAuthenticator.java (original)
+++ directory/branches/apacheds/optimization/core/src/main/java/org/apache/directory/server/core/authn/AbstractAuthenticator.java Mon Jul 17 14:02:44 2006
@@ -133,7 +133,7 @@
/**
* Does nothing leaving it so subclasses can override.
*/
- public void passwordChanged( LdapDN bindDn, byte[] userPassword )
+ public void invalidateCache( LdapDN bindDn )
{
}
Modified: directory/branches/apacheds/optimization/core/src/main/java/org/apache/directory/server/core/authn/AuthenticationService.java
URL: http://svn.apache.org/viewvc/directory/branches/apacheds/optimization/core/src/main/java/org/apache/directory/server/core/authn/AuthenticationService.java?rev=422869&r1=422868&r2=422869&view=diff
==============================================================================
--- directory/branches/apacheds/optimization/core/src/main/java/org/apache/directory/server/core/authn/AuthenticationService.java (original)
+++ directory/branches/apacheds/optimization/core/src/main/java/org/apache/directory/server/core/authn/AuthenticationService.java Mon Jul 17 14:02:44 2006
@@ -27,7 +27,6 @@
import javax.naming.Context;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
-import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.ModificationItem;
import javax.naming.directory.SearchControls;
@@ -43,9 +42,7 @@
import org.apache.directory.server.core.jndi.ServerContext;
import org.apache.directory.shared.ldap.exception.LdapAuthenticationException;
import org.apache.directory.shared.ldap.filter.ExprNode;
-import org.apache.directory.shared.ldap.schema.AttributeType;
import org.apache.directory.shared.ldap.util.AttributeUtils;
-import org.apache.directory.shared.ldap.util.StringTools;
import org.apache.directory.shared.ldap.name.LdapDN;
import org.slf4j.Logger;
@@ -68,7 +65,6 @@
public Map authenticators = new HashMap();
private DirectoryServiceConfiguration factoryCfg;
- private AttributeType userPasswordAttributeType;
/**
* Creates an authentication service interceptor.
@@ -84,8 +80,6 @@
public void init( DirectoryServiceConfiguration factoryCfg, InterceptorConfiguration cfg ) throws NamingException
{
this.factoryCfg = factoryCfg;
- this.userPasswordAttributeType = factoryCfg.getGlobalRegistries()
- .getAttributeTypeRegistry().lookup( "userPassword" );
// Register all authenticators
Iterator i = factoryCfg.getStartupConfiguration().getAuthenticatorConfigurations().iterator();
@@ -209,6 +203,7 @@
checkAuthenticated();
next.delete( name );
+ invalidateAuthenticatorCaches( name );
}
@@ -320,6 +315,24 @@
}
+ private void invalidateAuthenticatorCaches( LdapDN principalDn )
+ {
+ for ( Iterator jj = this.authenticators.keySet().iterator(); jj.hasNext(); /**/ )
+ {
+ String authMech = ( String ) jj.next();
+
+ Collection authenticators = getAuthenticators( authMech );
+
+ // try each authenticator
+ for ( Iterator ii = authenticators.iterator(); ii.hasNext(); /**/ )
+ {
+ Authenticator authenticator = ( Authenticator ) ii.next();
+ authenticator.invalidateCache( getPrincipal().getJndiName() );
+ }
+ }
+ }
+
+
public void modify( NextInterceptor next, LdapDN name, int modOp, Attributes mods ) throws NamingException
{
if ( log.isDebugEnabled() )
@@ -329,40 +342,10 @@
checkAuthenticated();
next.modify( name, modOp, mods );
-
- Attribute userPasswordAttribute = AttributeUtils.getAttribute( mods, userPasswordAttributeType );
- if ( userPasswordAttribute != null )
- {
- notifyUserPasswordChanged( userPasswordAttribute );
- }
+ invalidateAuthenticatorCaches( name );
}
- private byte[] notifyUserPasswordChanged( Attribute userPasswordAttribute ) throws NamingException
- {
- byte[] passwordBytes = null;
- Object password = userPasswordAttribute.get();
- if ( password instanceof byte[] )
- {
- passwordBytes = ( byte[] ) password;
- }
- else
- {
- passwordBytes = StringTools.getBytesUtf8( ( String ) password );
- }
-
- Collection authenticators = getAuthenticators( "simple" );
- // try each authenticators
- for ( Iterator i = authenticators.iterator(); i.hasNext(); )
- {
- Authenticator authenticator = ( Authenticator ) i.next();
- authenticator.passwordChanged( getPrincipal().getJndiName(), passwordBytes );
- }
-
- return passwordBytes;
- }
-
-
public void modify( NextInterceptor next, LdapDN name, ModificationItem[] mods ) throws NamingException
{
if ( log.isDebugEnabled() )
@@ -372,12 +355,7 @@
checkAuthenticated();
next.modify( name, mods );
-
- Attribute userPasswordAttribute = AttributeUtils.getAttribute( mods, userPasswordAttributeType );
- if ( userPasswordAttribute != null )
- {
- notifyUserPasswordChanged( userPasswordAttribute );
- }
+ invalidateAuthenticatorCaches( name );
}
@@ -391,6 +369,7 @@
checkAuthenticated();
next.modifyRn( name, newRn, deleteOldRn );
+ invalidateAuthenticatorCaches( name );
}
@@ -405,6 +384,7 @@
checkAuthenticated();
next.move( oriChildName, newParentName, newRn, deleteOldRn );
+ invalidateAuthenticatorCaches( oriChildName );
}
@@ -417,6 +397,7 @@
checkAuthenticated();
next.move( oriChildName, newParentName );
+ invalidateAuthenticatorCaches( oriChildName );
}
Modified: directory/branches/apacheds/optimization/core/src/main/java/org/apache/directory/server/core/authn/Authenticator.java
URL: http://svn.apache.org/viewvc/directory/branches/apacheds/optimization/core/src/main/java/org/apache/directory/server/core/authn/Authenticator.java?rev=422869&r1=422868&r2=422869&view=diff
==============================================================================
--- directory/branches/apacheds/optimization/core/src/main/java/org/apache/directory/server/core/authn/Authenticator.java (original)
+++ directory/branches/apacheds/optimization/core/src/main/java/org/apache/directory/server/core/authn/Authenticator.java Mon Jul 17 14:02:44 2006
@@ -68,12 +68,12 @@
/**
* Callback used to respond to password changes by invalidating a password
* cache if implemented. This is an additional feature of an authenticator
- * which need not be implemented: empty implementation is sufficient.
+ * which need not be implemented: empty implementation is sufficient. This
+ * is called on every del, modify, and modifyRdn operation.
*
* @param bindDn the already normalized distinguished name of the bind principal
- * @param userPassword the new password for the bind principal
*/
- public void passwordChanged( LdapDN bindDn, byte[] userPassword );
+ public void invalidateCache( LdapDN bindDn );
/**
* Performs authentication and returns the principal if succeeded.
Modified: directory/branches/apacheds/optimization/core/src/main/java/org/apache/directory/server/core/authn/SimpleAuthenticator.java
URL: http://svn.apache.org/viewvc/directory/branches/apacheds/optimization/core/src/main/java/org/apache/directory/server/core/authn/SimpleAuthenticator.java?rev=422869&r1=422868&r2=422869&view=diff
==============================================================================
--- directory/branches/apacheds/optimization/core/src/main/java/org/apache/directory/server/core/authn/SimpleAuthenticator.java (original)
+++ directory/branches/apacheds/optimization/core/src/main/java/org/apache/directory/server/core/authn/SimpleAuthenticator.java Mon Jul 17 14:02:44 2006
@@ -345,8 +345,8 @@
}
- public void passwordChanged( LdapDN bindDn, byte[] userPassword )
+ public void invalidateCache( LdapDN bindDn )
{
- credentialCache.put( bindDn.getNormName(), userPassword );
+ credentialCache.remove( bindDn.getNormName() );
}
}