You are viewing a plain text version of this content. The canonical link for it is here.
Posted to server-dev@james.apache.org by ch...@apache.org on 2001/06/07 12:39:55 UTC
cvs commit: jakarta-james/proposals/v1.3/java/org/apache/james/userrepository DefaultJamesUser.java DefaultUser.java UsersFileRepository.java
charlesb 01/06/07 03:39:54
Modified: proposals/v1.3/java/org/apache/james James.java
proposals/v1.3/java/org/apache/james/services User.java
proposals/v1.3/java/org/apache/james/userrepository
DefaultJamesUser.java DefaultUser.java
UsersFileRepository.java
Log:
Adapt proposal to use security.Digest and make it db-able
Revision Changes Path
1.5 +2 -1 jakarta-james/proposals/v1.3/java/org/apache/james/James.java
Index: James.java
===================================================================
RCS file: /home/cvs/jakarta-james/proposals/v1.3/java/org/apache/james/James.java,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- James.java 2001/06/06 13:17:42 1.4
+++ James.java 2001/06/07 10:39:34 1.5
@@ -585,7 +585,8 @@
*/
public boolean addUser(String userName, String password) {
boolean success;
- DefaultJamesUser user = new DefaultJamesUser(userName, password);
+ DefaultJamesUser user = new DefaultJamesUser(userName, "SHA");
+ user.setPassword(password);
user.initialize();
success = localusers.addUser(user);
if (useIMAPstorage && success) {
1.2 +11 -2 jakarta-james/proposals/v1.3/java/org/apache/james/services/User.java
Index: User.java
===================================================================
RCS file: /home/cvs/jakarta-james/proposals/v1.3/java/org/apache/james/services/User.java,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- User.java 2001/05/16 14:00:30 1.1
+++ User.java 2001/06/07 10:39:39 1.2
@@ -12,8 +12,8 @@
*
* @author Charles Benett <ch...@benett1.demon.co.uk>
*
- * Last changed by: $Author: charlesb $ on $Date: 2001/05/16 14:00:30 $
- * $Revision: 1.1 $
+ * Last changed by: $Author: charlesb $ on $Date: 2001/06/07 10:39:39 $
+ * $Revision: 1.2 $
*/
public interface User {
@@ -27,5 +27,14 @@
* Return true if pass matches password of this user.
*/
boolean verifyPassword(String pass);
+
+ /**
+ * Sets new password from String. No checks made on guessability of
+ * password.
+ *
+ * @param newPass the String that is the new password.
+ * @returns true if newPass successfully added
+ */
+ public boolean setPassword(String newPass);
}
1.3 +9 -8 jakarta-james/proposals/v1.3/java/org/apache/james/userrepository/DefaultJamesUser.java
Index: DefaultJamesUser.java
===================================================================
RCS file: /home/cvs/jakarta-james/proposals/v1.3/java/org/apache/james/userrepository/DefaultJamesUser.java,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- DefaultJamesUser.java 2001/05/22 12:03:32 1.2
+++ DefaultJamesUser.java 2001/06/07 10:39:43 1.3
@@ -18,8 +18,8 @@
*
* @author Charles Benett <ch...@benett1.demon.co.uk>
*
- * Last changed by: $Author: charlesb $ on $Date: 2001/05/22 12:03:32 $
- * $Revision: 1.2 $
+ * Last changed by: $Author: charlesb $ on $Date: 2001/06/07 10:39:43 $
+ * $Revision: 1.3 $
*/
public class DefaultJamesUser
@@ -31,10 +31,15 @@
private boolean aliasing;
private String alias;
- public DefaultJamesUser(String name, String pass) {
- super(name, pass);
+ public DefaultJamesUser(String name, String alg) {
+ super(name, alg);
}
+ public DefaultJamesUser(String name, String passwordHash, String hashAlg) {
+ super(name, passwordHash, hashAlg);
+ }
+
+
/**
* Call initialize when creating a new instance.
*/
@@ -43,10 +48,6 @@
forwardingDestination = null;
aliasing = false;
alias = "";
- }
-
- public boolean setPassword(String pass) {
- return setPass(pass);
}
public void setForwarding(boolean forward) {
1.3 +65 -27 jakarta-james/proposals/v1.3/java/org/apache/james/userrepository/DefaultUser.java
Index: DefaultUser.java
===================================================================
RCS file: /home/cvs/jakarta-james/proposals/v1.3/java/org/apache/james/userrepository/DefaultUser.java,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- DefaultUser.java 2001/05/23 09:21:32 1.2
+++ DefaultUser.java 2001/06/07 10:39:46 1.3
@@ -11,62 +11,100 @@
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
+import org.apache.james.security.DigestUtil;
import org.apache.james.services.User;
/**
* Implementation of User Interface. Instances of this class do not allow
- * the password to be reset.
+ * the the user name to be reset.
*
* @author Charles Benett <ch...@benett1.demon.co.uk>
*
- * Last changed by: $Author: charlesb $ on $Date: 2001/05/23 09:21:32 $
- * $Revision: 1.2 $
+ * Last changed by: $Author: charlesb $ on $Date: 2001/06/07 10:39:46 $
+ * $Revision: 1.3 $
*/
public class DefaultUser implements User, Serializable {
private String userName;
- private byte[] hashedPassword;
+ private String hashedPassword;
+ private String algorithm ;
- public DefaultUser(String name, String pass) {
+ /**
+ * Standard constructor.
+ *
+ * @param name the String name of this user
+ */
+ public DefaultUser(String name, String hashAlg) {
+ userName = name;
+ algorithm = hashAlg;
+ }
+
+ /**
+ * Constructor for repositories that are construcing user objects from
+ * separate fields, e.g. databases.
+ *
+ * @param name the String name of this user
+ * @param passwordHash the String hash of this users current password
+ * @param hashAlg the String algorithm used to generate the hash of the
+ * password
+ */
+ public DefaultUser(String name, String passwordHash, String hashAlg) {
userName = name;
- hashedPassword = hashString(pass);
+ hashedPassword = passwordHash;
+ algorithm = hashAlg;
}
+ /**
+ * Accessor for immutable name
+ *
+ * @returns the String of this users name
+ */
public String getUserName() {
return userName;
}
+ /**
+ * Method to verify passwords.
+ *
+ * @param pass the String that is claimed to be the password for this user
+ * @returns true if the hash of pass with the current algorithm matches
+ * the stored hash.
+ */
public boolean verifyPassword(String pass) {
- byte[] hashGuess = hashString(pass);
- return Arrays.equals(hashedPassword, hashGuess);
+ try {
+ String hashGuess = DigestUtil.digestString(pass, algorithm);
+ return hashedPassword.equals(hashGuess);
+ } catch (NoSuchAlgorithmException nsae) {
+ throw new RuntimeException("Security error: " + nsae);
+ }
}
- protected boolean setPass(String newPass) {
- // Check that this is being called by a subclass not from package
- String rtClass = getClass().getName();
- if (rtClass.equals("org.apache.james.userrepository.DefaultUser")) {
- throw new RuntimeException("Attempt to call setPassword in DefaultUSer");
- } else {
- hashedPassword = hashString(newPass);
- return true;
+ /**
+ * Sets new password from String. No checks made on guessability of
+ * password.
+ *
+ * @param newPass the String that is the new password.
+ * @returns true if newPass successfuly hashed
+ */
+ public boolean setPassword(String newPass) {
+ try {
+ hashedPassword = DigestUtil.digestString(newPass, algorithm);
+ return true;
+ } catch (NoSuchAlgorithmException nsae) {
+ throw new RuntimeException("Security error: " + nsae);
}
}
- protected byte[] getHashedPassword() {
+ /**
+ * Method to access hash of password
+ *
+ * @returns the String of the hashed Password
+ */
+ protected String getHashedPassword() {
return hashedPassword;
}
- private static byte[] hashString(String pass) {
- MessageDigest sha;
- try {
- sha = MessageDigest.getInstance("SHA");
- } catch (NoSuchAlgorithmException e) {
- throw new RuntimeException("Can't hash passwords!" + e);
- }
- sha.update(pass.getBytes());
- return sha.digest();
- }
}
1.5 +4 -3 jakarta-james/proposals/v1.3/java/org/apache/james/userrepository/UsersFileRepository.java
Index: UsersFileRepository.java
===================================================================
RCS file: /home/cvs/jakarta-james/proposals/v1.3/java/org/apache/james/userrepository/UsersFileRepository.java,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- UsersFileRepository.java 2001/06/06 13:17:48 1.4
+++ UsersFileRepository.java 2001/06/07 10:39:48 1.5
@@ -38,8 +38,8 @@
* @author Federico Barbieri <sc...@pop.systemy.it>
* @author <a href="mailto:charles@benett1.demon.co.uk">Charles Benett</a>
*
- * Last changed by: $Author: charlesb $ on $Date: 2001/06/06 13:17:48 $
- * $Revision: 1.4 $
+ * Last changed by: $Author: charlesb $ on $Date: 2001/06/07 10:39:48 $
+ * $Revision: 1.5 $
*/
public class UsersFileRepository
extends AbstractLoggable
@@ -121,7 +121,8 @@
public synchronized void addUser(String name, Object attributes) {
if (attributes instanceof String)
{
- User newbie = new DefaultUser(name, (String) attributes);
+ User newbie = new DefaultUser(name, "SHA");
+ newbie.setPassword( (String) attributes);
addUser(newbie);
}
else
---------------------------------------------------------------------
To unsubscribe, e-mail: james-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: james-dev-help@jakarta.apache.org