You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@jackrabbit.apache.org by an...@apache.org on 2008/05/06 16:50:33 UTC
svn commit: r653795 - in /jackrabbit/trunk:
jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/
jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/
jackrabbit-core/src/main/resources/org/apache/jackrabbit/core/node...
Author: angela
Date: Tue May 6 07:50:32 2008
New Revision: 653795
URL: http://svn.apache.org/viewvc?rev=653795&view=rev
Log:
JCR-1104 : JSR 283 support (security work in progress)
- user API: add changePw method to the User.java
- adjust impl and change password to be a protected property
Modified:
jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/User.java
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/AuthorizableImpl.java
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/UserImpl.java
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/UserManagerImpl.java
jackrabbit/trunk/jackrabbit-core/src/main/resources/org/apache/jackrabbit/core/nodetype/builtin_nodetypes.cnd
jackrabbit/trunk/jackrabbit-core/src/main/resources/org/apache/jackrabbit/core/nodetype/builtin_nodetypes.xml
jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/api/security/user/UserTest.java
jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/AuthorizableImplTest.java
jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/UserImplTest.java
Modified: jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/User.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/User.java?rev=653795&r1=653794&r2=653795&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/User.java (original)
+++ jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/User.java Tue May 6 07:50:32 2008
@@ -44,4 +44,11 @@
*/
Impersonation getImpersonation() throws RepositoryException;
+ /**
+ * Change the password of this user.
+ *
+ * @param password The new password.
+ * @throws RepositoryException
+ */
+ void changePassword(String password) throws RepositoryException;
}
Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/AuthorizableImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/AuthorizableImpl.java?rev=653795&r1=653794&r2=653795&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/AuthorizableImpl.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/AuthorizableImpl.java Tue May 6 07:50:32 2008
@@ -361,6 +361,7 @@
* <li>rep:referees</li>
* <li>rep:groups</li>
* <li>rep:impersonators</li>
+ * <li>rep:password</li>
* </ul>
* Those properties are 'protected' in their property definition. This
* method is a simple utility in order to save the extra effort to modify
@@ -374,7 +375,7 @@
Name pName = getSession().getQName(propertyName);
if (P_PRINCIPAL_NAME.equals(pName) || P_USERID.equals(pName)
|| P_REFEREES.equals(pName) || P_GROUPS.equals(pName)
- || P_IMPERSONATORS.equals(pName)) {
+ || P_IMPERSONATORS.equals(pName) || P_PASSWORD.equals(pName)) {
return true;
} else {
return false;
Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/UserImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/UserImpl.java?rev=653795&r1=653794&r2=653795&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/UserImpl.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/UserImpl.java Tue May 6 07:50:32 2008
@@ -26,6 +26,7 @@
import javax.jcr.Credentials;
import javax.jcr.RepositoryException;
+import javax.jcr.Value;
import java.io.UnsupportedEncodingException;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
@@ -63,6 +64,23 @@
return new UserImpl(node, userManager);
}
+ /**
+ *
+ * @param password
+ * @return
+ * @throws RepositoryException
+ */
+ static String buildPasswordValue(String password) throws RepositoryException {
+ try {
+ CryptedSimpleCredentials creds = new CryptedSimpleCredentials("_", password);
+ return creds.getPassword();
+ } catch (NoSuchAlgorithmException e) {
+ throw new RepositoryException(e);
+ } catch (UnsupportedEncodingException e) {
+ throw new RepositoryException(e);
+ }
+ }
+
//-------------------------------------------------------< Authorizable >---
/**
* @see Authorizable#getID()
@@ -123,4 +141,15 @@
}
return impersonation;
}
+
+ /**
+ * @see User#changePassword(String)
+ */
+ public void changePassword(String password) throws RepositoryException {
+ if (password == null) {
+ throw new IllegalArgumentException("The password may never be null.");
+ }
+ Value v = getSession().getValueFactory().createValue(buildPasswordValue(password));
+ userManager.setProtectedProperty(getNode(), P_PASSWORD, v);
+ }
}
Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/UserManagerImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/UserManagerImpl.java?rev=653795&r1=653794&r2=653795&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/UserManagerImpl.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/UserManagerImpl.java Tue May 6 07:50:32 2008
@@ -25,7 +25,6 @@
import org.apache.jackrabbit.core.NodeImpl;
import org.apache.jackrabbit.core.SecurityItemModifier;
import org.apache.jackrabbit.core.SessionImpl;
-import org.apache.jackrabbit.core.security.authentication.CryptedSimpleCredentials;
import org.apache.jackrabbit.core.security.principal.ItemBasedPrincipal;
import org.apache.jackrabbit.core.security.principal.PrincipalImpl;
import org.apache.jackrabbit.spi.Name;
@@ -44,8 +43,6 @@
import javax.jcr.lock.LockException;
import javax.jcr.nodetype.ConstraintViolationException;
import javax.jcr.version.VersionException;
-import java.io.UnsupportedEncodingException;
-import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.util.HashSet;
import java.util.Iterator;
@@ -192,9 +189,8 @@
Name nodeName = session.getQName(Text.escapeIllegalJcrChars(userID));
NodeImpl userNode = addSecurityNode(parent, nodeName, NT_REP_USER);
- CryptedSimpleCredentials creds = new CryptedSimpleCredentials(userID, password);
- setSecurityProperty(userNode, P_USERID, getValue(creds.getUserID()));
- setSecurityProperty(userNode, P_PASSWORD, getValue(creds.getPassword()));
+ setSecurityProperty(userNode, P_USERID, getValue(userID));
+ setSecurityProperty(userNode, P_PASSWORD, getValue(UserImpl.buildPasswordValue(password)));
setSecurityProperty(userNode, P_PRINCIPAL_NAME, getValue(principal.getName()));
parent.save();
@@ -207,10 +203,6 @@
log.debug("Failed to create new User, reverting changes.");
}
throw e;
- } catch (NoSuchAlgorithmException e) {
- throw new RepositoryException(e);
- } catch (UnsupportedEncodingException e) {
- throw new RepositoryException(e);
}
}
@@ -313,6 +305,11 @@
return res.hasNext();
}
+ void setProtectedProperty(NodeImpl node, Name propName, Value value) throws RepositoryException, LockException, ConstraintViolationException, ItemExistsException, VersionException {
+ setSecurityProperty(node, propName, value);
+ node.save();
+ }
+
void setProtectedProperty(NodeImpl node, Name propName, Value[] values) throws RepositoryException, LockException, ConstraintViolationException, ItemExistsException, VersionException {
setSecurityProperty(node, propName, values);
node.save();
Modified: jackrabbit/trunk/jackrabbit-core/src/main/resources/org/apache/jackrabbit/core/nodetype/builtin_nodetypes.cnd
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/resources/org/apache/jackrabbit/core/nodetype/builtin_nodetypes.cnd?rev=653795&r1=653794&r2=653795&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/resources/org/apache/jackrabbit/core/nodetype/builtin_nodetypes.cnd (original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/resources/org/apache/jackrabbit/core/nodetype/builtin_nodetypes.cnd Tue May 6 07:50:32 2008
@@ -215,7 +215,7 @@
[rep:User] > rep:Authorizable, rep:Impersonatable
- rep:userId (string) protected mandatory
- - rep:password (string) mandatory
+ - rep:password (string) protected mandatory
[rep:Group] > rep:Authorizable
Modified: jackrabbit/trunk/jackrabbit-core/src/main/resources/org/apache/jackrabbit/core/nodetype/builtin_nodetypes.xml
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/resources/org/apache/jackrabbit/core/nodetype/builtin_nodetypes.xml?rev=653795&r1=653794&r2=653795&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/resources/org/apache/jackrabbit/core/nodetype/builtin_nodetypes.xml (original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/resources/org/apache/jackrabbit/core/nodetype/builtin_nodetypes.xml Tue May 6 07:50:32 2008
@@ -495,7 +495,7 @@
<supertype>rep:Impersonatable</supertype>
</supertypes>
<propertyDefinition name="rep:userId" requiredType="String" autoCreated="false" mandatory="true" onParentVersion="COPY" protected="true" multiple="false" />
- <propertyDefinition name="rep:password" requiredType="String" autoCreated="false" mandatory="true" onParentVersion="COPY" protected="false" multiple="false" />
+ <propertyDefinition name="rep:password" requiredType="String" autoCreated="false" mandatory="true" onParentVersion="COPY" protected="true" multiple="false" />
</nodeType>
<nodeType name="rep:Group" isMixin="false" hasOrderableChildNodes="false" primaryItemName="">
Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/api/security/user/UserTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/api/security/user/UserTest.java?rev=653795&r1=653794&r2=653795&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/api/security/user/UserTest.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/api/security/user/UserTest.java Tue May 6 07:50:32 2008
@@ -22,6 +22,9 @@
import javax.jcr.RepositoryException;
import javax.jcr.Credentials;
+import javax.jcr.SimpleCredentials;
+import javax.jcr.Session;
+import javax.jcr.LoginException;
/**
* <code>UserTest</code>...
@@ -50,4 +53,43 @@
Credentials creds = user.getCredentials();
assertTrue(creds != null);
}
+
+ public void testChangePassword() throws RepositoryException, NotExecutableException {
+ String oldPw = helper.getProperty("javax.jcr.tck.superuser.pwd");
+ if (oldPw == null) {
+ // missing property
+ throw new NotExecutableException();
+ }
+
+ User user = getTestUser(superuser);
+ try {
+ user.changePassword("pw");
+ // make sure the user can login with the new pw
+ Session s = helper.getRepository().login(new SimpleCredentials(user.getID(), "pw".toCharArray()));
+ s.logout();
+ } finally {
+ user.changePassword(oldPw);
+ }
+ }
+
+ public void testChangePassword2() throws RepositoryException, NotExecutableException {
+ String oldPw = helper.getProperty("javax.jcr.tck.superuser.pwd");
+ if (oldPw == null) {
+ // missing property
+ throw new NotExecutableException();
+ }
+
+ User user = getTestUser(superuser);
+ try {
+ user.changePassword("pw");
+
+ Session s = helper.getRepository().login(new SimpleCredentials(user.getID(), oldPw.toCharArray()));
+ s.logout();
+ fail("superuser pw has changed. login must fail.");
+ } catch (LoginException e) {
+ // success
+ } finally {
+ user.changePassword(oldPw);
+ }
+ }
}
Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/AuthorizableImplTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/AuthorizableImplTest.java?rev=653795&r1=653794&r2=653795&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/AuthorizableImplTest.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/AuthorizableImplTest.java Tue May 6 07:50:32 2008
@@ -52,6 +52,7 @@
if (superuser instanceof SessionImpl) {
NameResolver resolver = ((SessionImpl) superuser).getNamePathResolver();
protectedUserProps.add(resolver.getJCRName(UserConstants.P_USERID));
+ protectedUserProps.add(resolver.getJCRName(UserConstants.P_PASSWORD));
protectedUserProps.add(resolver.getJCRName(UserConstants.P_GROUPS));
protectedUserProps.add(resolver.getJCRName(UserConstants.P_IMPERSONATORS));
protectedUserProps.add(resolver.getJCRName(UserConstants.P_PRINCIPAL_NAME));
Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/UserImplTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/UserImplTest.java?rev=653795&r1=653794&r2=653795&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/UserImplTest.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/UserImplTest.java Tue May 6 07:50:32 2008
@@ -31,6 +31,8 @@
import javax.jcr.Session;
import javax.jcr.SimpleCredentials;
import java.security.Principal;
+import java.security.NoSuchAlgorithmException;
+import java.io.UnsupportedEncodingException;
/**
* <code>UserImplTest</code>...
@@ -81,7 +83,6 @@
public void testUserCanModifyItsOwnProperties() throws RepositoryException {
User u = (User) uMgr.getAuthorizable(uID);
-
if (u == null) {
fail("User " +uID+ "hast not been removed and must be visible to the Session created with its credentials.");
}
@@ -92,4 +93,22 @@
u.removeProperty("Email");
assertNull(u.getProperty("Email"));
}
+
+ public void testChangePassword() throws RepositoryException, NotExecutableException, NoSuchAlgorithmException, UnsupportedEncodingException {
+ String oldPw = helper.getProperty("javax.jcr.tck.superuser.pwd");
+ if (oldPw == null) {
+ // missing property
+ throw new NotExecutableException();
+ }
+
+ User user = getTestUser(superuser);
+ try {
+ user.changePassword("pw");
+
+ SimpleCredentials creds = new SimpleCredentials(user.getID(), "pw".toCharArray());
+ assertTrue(((CryptedSimpleCredentials) user.getCredentials()).matches(creds));
+ } finally {
+ user.changePassword(oldPw);
+ }
+ }
}