You are viewing a plain text version of this content. The canonical link for it is here.
Posted to jetspeed-dev@portals.apache.org by ta...@apache.org on 2008/05/16 23:09:53 UTC
svn commit: r657211 [1/2] - in /portals/jetspeed-2/portal:
branches/JETSPEED-2.1.2-POSTRELEASE/components/sso/src/java/org/apache/jetspeed/sso/impl/
branches/JETSPEED-2.1.3-POSTRELEASE/components/sso/src/java/org/apache/jetspeed/sso/impl/
trunk/compone...
Author: taylor
Date: Fri May 16 14:09:52 2008
New Revision: 657211
URL: http://svn.apache.org/viewvc?rev=657211&view=rev
Log:
https://issues.apache.org/jira/browse/JS2-671
Modified:
portals/jetspeed-2/portal/branches/JETSPEED-2.1.2-POSTRELEASE/components/sso/src/java/org/apache/jetspeed/sso/impl/PersistenceBrokerSSOProvider.java
portals/jetspeed-2/portal/branches/JETSPEED-2.1.3-POSTRELEASE/components/sso/src/java/org/apache/jetspeed/sso/impl/PersistenceBrokerSSOProvider.java
portals/jetspeed-2/portal/trunk/components/jetspeed-sso/src/main/java/org/apache/jetspeed/sso/impl/PersistenceBrokerSSOProvider.java
Modified: portals/jetspeed-2/portal/branches/JETSPEED-2.1.2-POSTRELEASE/components/sso/src/java/org/apache/jetspeed/sso/impl/PersistenceBrokerSSOProvider.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/branches/JETSPEED-2.1.2-POSTRELEASE/components/sso/src/java/org/apache/jetspeed/sso/impl/PersistenceBrokerSSOProvider.java?rev=657211&r1=657210&r2=657211&view=diff
==============================================================================
--- portals/jetspeed-2/portal/branches/JETSPEED-2.1.2-POSTRELEASE/components/sso/src/java/org/apache/jetspeed/sso/impl/PersistenceBrokerSSOProvider.java (original)
+++ portals/jetspeed-2/portal/branches/JETSPEED-2.1.2-POSTRELEASE/components/sso/src/java/org/apache/jetspeed/sso/impl/PersistenceBrokerSSOProvider.java Fri May 16 14:09:52 2008
@@ -69,21 +69,21 @@
* @author <a href="mailto:rogerrut@apache.org">Roger Ruttimann</a>
*/
public class PersistenceBrokerSSOProvider extends
- InitablePersistenceBrokerDaoSupport implements SSOProvider
-{
- /* Logging */
- private static final Log log = LogFactory.getLog(PersistenceBrokerSSOProvider.class);
-
- /*
- * Cache for sites and Proxy sites
- */
- private Hashtable mapSite = new Hashtable();
- private Hashtable clientProxy = new Hashtable();
-
+ InitablePersistenceBrokerDaoSupport implements SSOProvider
+{
+ /* Logging */
+ private static final Log log = LogFactory.getLog(PersistenceBrokerSSOProvider.class);
+
+ /*
+ * Cache for sites and Proxy sites
+ */
+ private Hashtable mapSite = new Hashtable();
+ private Hashtable clientProxy = new Hashtable();
+
private String USER_PATH = "/user/";
private String GROUP_PATH = "/group/";
- /**
+ /**
* PersitenceBrokerSSOProvider()
* @param repository Location of repository mapping file. Must be available within the classpath.
* @param prefsFactoryImpl <code>java.util.prefs.PreferencesFactory</code> implementation to use.
@@ -103,33 +103,33 @@
*/
public String useSSO(Subject subject, String url, String SSOSite, boolean bRefresh) throws SSOException
{
- // Get the principal from the subject
- BasePrincipal principal = (BasePrincipal)SecurityHelper.getBestPrincipal(subject, UserPrincipal.class);
- String fullPath = principal.getFullPath();
-
- /* ProxyID is used for the cache. The http client object will be cached for a
- * given user site url combination
- */
- String proxyID = fullPath + "_" + SSOSite;
-
- // Get the site
- SSOSite ssoSite = getSSOSiteObject(SSOSite);
-
- if ( ssoSite != null)
- {
- SSOSite[] sites = new SSOSite[1];
- sites[0] = ssoSite;
-
- return this.getContentFromURL(proxyID, url, sites, bRefresh);
- }
- else
- {
- // Site doesn't exist -- log an error but continue
- String msg = "SSO component -- useSSO can't retrive SSO credential because SSOSite [" + SSOSite + "] doesn't exist";
- log.error(msg);
- SSOSite[] sites = new SSOSite[0];
- return this.getContentFromURL(proxyID, url, sites, bRefresh);
- }
+ // Get the principal from the subject
+ BasePrincipal principal = (BasePrincipal)SecurityHelper.getBestPrincipal(subject, UserPrincipal.class);
+ String fullPath = principal.getFullPath();
+
+ /* ProxyID is used for the cache. The http client object will be cached for a
+ * given user site url combination
+ */
+ String proxyID = fullPath + "_" + SSOSite;
+
+ // Get the site
+ SSOSite ssoSite = getSSOSiteObject(SSOSite);
+
+ if ( ssoSite != null)
+ {
+ SSOSite[] sites = new SSOSite[1];
+ sites[0] = ssoSite;
+
+ return this.getContentFromURL(proxyID, url, sites, bRefresh);
+ }
+ else
+ {
+ // Site doesn't exist -- log an error but continue
+ String msg = "SSO component -- useSSO can't retrive SSO credential because SSOSite [" + SSOSite + "] doesn't exist";
+ log.error(msg);
+ SSOSite[] sites = new SSOSite[0];
+ return this.getContentFromURL(proxyID, url, sites, bRefresh);
+ }
}
/*
@@ -138,42 +138,42 @@
*/
public String useSSO(Subject subject, String url, boolean bRefresh) throws SSOException
{
- // Get the principal from the subject
- BasePrincipal principal = (BasePrincipal)SecurityHelper.getBestPrincipal(subject, UserPrincipal.class);
- String fullPath = principal.getFullPath();
-
-
- /* ProxyID is used for the cache. The http client object will be cached for a
- * given user
- */
- String proxyID = fullPath;
-
- Collection sites = this.getSitesForPrincipal(fullPath);
-
- if (sites == null)
- {
- String msg = "SSO Component useSSO -- Couldn't find any SSO sites for user ["+fullPath+"]";
- log.error(msg);
- throw new SSOException(msg);
- }
-
- // Load all the sites
- int siteSize = sites.size();
- int siteIndex =0;
- SSOSite[] ssoSites = new SSOSite[siteSize];
-
- Iterator itSites = sites.iterator();
- while(itSites.hasNext())
- {
- SSOSite ssoSite = (SSOSite)itSites.next();
- if (ssoSite != null)
- {
- ssoSites[siteIndex] = ssoSite;
- siteIndex++;
- }
- }
-
- return this.getContentFromURL(proxyID, url, ssoSites, bRefresh);
+ // Get the principal from the subject
+ BasePrincipal principal = (BasePrincipal)SecurityHelper.getBestPrincipal(subject, UserPrincipal.class);
+ String fullPath = principal.getFullPath();
+
+
+ /* ProxyID is used for the cache. The http client object will be cached for a
+ * given user
+ */
+ String proxyID = fullPath;
+
+ Collection sites = this.getSitesForPrincipal(fullPath);
+
+ if (sites == null)
+ {
+ String msg = "SSO Component useSSO -- Couldn't find any SSO sites for user ["+fullPath+"]";
+ log.error(msg);
+ throw new SSOException(msg);
+ }
+
+ // Load all the sites
+ int siteSize = sites.size();
+ int siteIndex =0;
+ SSOSite[] ssoSites = new SSOSite[siteSize];
+
+ Iterator itSites = sites.iterator();
+ while(itSites.hasNext())
+ {
+ SSOSite ssoSite = (SSOSite)itSites.next();
+ if (ssoSite != null)
+ {
+ ssoSites[siteIndex] = ssoSite;
+ siteIndex++;
+ }
+ }
+
+ return this.getContentFromURL(proxyID, url, ssoSites, bRefresh);
}
/**
@@ -183,35 +183,35 @@
*/
public Collection getCookiesForUser(String fullPath)
{
- // Get the SSO user identified by the fullPath
- SSOPrincipal ssoPrincipal = this.getSSOPrincipal(fullPath);
-
- // For each remote user we'll get the cookie
- Vector temp = new Vector();
-
- Iterator itRemotePrincipal = ssoPrincipal.getRemotePrincipals().iterator();
- while (itRemotePrincipal.hasNext())
- {
- InternalUserPrincipal rp = (InternalUserPrincipal)itRemotePrincipal.next();
- if (rp != null)
- {
- temp.add(rp.getFullPath());
- }
- }
-
- if (temp.size() > 0)
- {
-
- Criteria filter = new Criteria();
- filter.addIn("remotePrincipals.fullPath", temp);
-
- QueryByCriteria query = QueryFactory.newQuery(SSOCookieImpl.class, filter);
- return getPersistenceBrokerTemplate().getCollectionByQuery(query);
- }
- else
- {
- return null;
- }
+ // Get the SSO user identified by the fullPath
+ SSOPrincipal ssoPrincipal = this.getSSOPrincipal(fullPath);
+
+ // For each remote user we'll get the cookie
+ Vector temp = new Vector();
+
+ Iterator itRemotePrincipal = ssoPrincipal.getRemotePrincipals().iterator();
+ while (itRemotePrincipal.hasNext())
+ {
+ InternalUserPrincipal rp = (InternalUserPrincipal)itRemotePrincipal.next();
+ if (rp != null)
+ {
+ temp.add(rp.getFullPath());
+ }
+ }
+
+ if (temp.size() > 0)
+ {
+
+ Criteria filter = new Criteria();
+ filter.addIn("remotePrincipals.fullPath", temp);
+
+ QueryByCriteria query = QueryFactory.newQuery(SSOCookieImpl.class, filter);
+ return getPersistenceBrokerTemplate().getCollectionByQuery(query);
+ }
+ else
+ {
+ return null;
+ }
}
@@ -222,43 +222,43 @@
*/
public Collection getCookiesForUser(Subject user)
{
- // Get the principal from the subject
- BasePrincipal principal = (BasePrincipal)SecurityHelper.getBestPrincipal(user, UserPrincipal.class);
- String fullPath = principal.getFullPath();
-
- // Call into API
- return this.getCookiesForUser(fullPath);
+ // Get the principal from the subject
+ BasePrincipal principal = (BasePrincipal)SecurityHelper.getBestPrincipal(user, UserPrincipal.class);
+ String fullPath = principal.getFullPath();
+
+ // Call into API
+ return this.getCookiesForUser(fullPath);
}
public void setRealmForSite(String site, String realm) throws SSOException
{
- SSOSite ssoSite = getSSOSiteObject(site);
-
- if ( ssoSite != null)
- {
- try
- {
- ssoSite.setRealm(realm);
- getPersistenceBrokerTemplate().store(ssoSite);
- }
- catch (Exception e)
- {
- throw new SSOException("Failed to set the realm for site [" + site + "] Error" +e );
- }
- }
+ SSOSite ssoSite = getSSOSiteObject(site);
+
+ if ( ssoSite != null)
+ {
+ try
+ {
+ ssoSite.setRealm(realm);
+ getPersistenceBrokerTemplate().store(ssoSite);
+ }
+ catch (Exception e)
+ {
+ throw new SSOException("Failed to set the realm for site [" + site + "] Error" +e );
+ }
+ }
}
public String getRealmForSite(String site) throws SSOException
{
- SSOSite ssoSite = getSSOSiteObject(site);
-
- if ( ssoSite != null)
- {
- return ssoSite.getRealm();
- }
-
- return null;
+ SSOSite ssoSite = getSSOSiteObject(site);
+
+ if ( ssoSite != null)
+ {
+ return ssoSite.getRealm();
+ }
+
+ return null;
}
/**
@@ -268,23 +268,23 @@
*/
public Collection getSitesForPrincipal(String fullPath)
{
-
- Criteria filter = new Criteria();
+
+ Criteria filter = new Criteria();
filter.addEqualTo("principals.fullPath", fullPath);
QueryByCriteria query = QueryFactory.newQuery(SSOSiteImpl.class, filter);
return getPersistenceBrokerTemplate().getCollectionByQuery(query);
}
- public Iterator getSites(String filter)
+ public Iterator getSites(String filter)
{
Criteria queryCriteria = new Criteria();
Query query = QueryFactory.newQuery(SSOSiteImpl.class, queryCriteria);
Collection c = getPersistenceBrokerTemplate().getCollectionByQuery(query);
return c.iterator();
}
-
- /**
+
+ /**
* addCredentialsForSite()
* @param fullPath
* @param remoteUser
@@ -313,7 +313,7 @@
// Create Subject
Set principals = new HashSet();
principals.add(principal);
- Subject subject = new Subject(true, principals, new HashSet(), new HashSet());
+ Subject subject = new Subject(true, principals, new HashSet(), new HashSet());
// Call into the API
addCredentialsForSite(subject, remoteUser, site, pwd);
@@ -346,7 +346,7 @@
// Create Subject
Set principals = new HashSet();
principals.add(principal);
- Subject subject = new Subject(true, principals, new HashSet(), new HashSet());
+ Subject subject = new Subject(true, principals, new HashSet(), new HashSet());
// Call into the API
this.removeCredentialsForSite(subject,site);
@@ -370,443 +370,450 @@
public String getSiteName(String site)
{
SSOSite ssoSite = getSSOSiteObject(site);
-
- if ( ssoSite != null)
- {
- return ssoSite.getName();
- }
- else
- {
- return null;
- }
- }
-
- /* (non-Javadoc)
- * @see org.apache.jetspeed.sso.SSOProvider#hasSSOCredentials(javax.security.auth.Subject, java.lang.String)
- */
- public boolean hasSSOCredentials(Subject subject, String site) {
- // Initialization
- SSOSite ssoSite = getSSOSiteObject(site);
-
- if ( ssoSite == null)
- {
- return false; // no entry for site
- }
-
- // Get the principal from the subject
- BasePrincipal principal = (BasePrincipal)SecurityHelper.getBestPrincipal(subject, UserPrincipal.class);
- String fullPath = principal.getFullPath();
-
-
- // Get remotePrincipals for Site and match them with the Remote Principal for the Principal attached to site
- Collection remoteForSite = ssoSite.getRemotePrincipals();
- Collection principalsForSite = ssoSite.getPrincipals(); // Users
-
- // If any of them don't exist just return
- if (principalsForSite == null || remoteForSite== null )
- return false; // no entry
-
- Collection remoteForPrincipals = getRemotePrincipalsForPrincipal(principalsForSite, fullPath);
-
- if ( remoteForPrincipals == null)
- return false; // no entry
-
- // Get remote Principal that matches the site and the principal
- if (findRemoteMatch(remoteForPrincipals, remoteForSite) == null )
- {
- return false; // No entry
- }
- else
- {
- return true; // Has an entry
- }
- }
-
- /* (non-Javadoc)
- * @see org.apache.jetspeed.sso.SSOProvider#getCredentials(javax.security.auth.Subject, java.lang.String)
- */
- public SSOContext getCredentials(Subject subject, String site)
- throws SSOException {
-
- // Initialization
- SSOSite ssoSite = getSSOSiteObject(site);
-
- if ( ssoSite == null)
- throw new SSOException(SSOException.NO_CREDENTIALS_FOR_SITE); // no entry for site
-
- // Get the principal from the subject
- BasePrincipal principal = (BasePrincipal)SecurityHelper.getBestPrincipal(subject, UserPrincipal.class);
- String fullPath = principal.getFullPath();
-
- // Filter the credentials for the given principals
- SSOContext context = getCredential(ssoSite, fullPath);
-
- if ( context == null)
- throw new SSOException(SSOException.NO_CREDENTIALS_FOR_SITE); // no entry for site
-
- return context;
- }
-
- /* addCredential()
- * Adds credentials for a user to the site. If the site doesn't exist it will be created
- * @see org.apache.jetspeed.sso.SSOProvider#addCredentialsForSite(javax.security.auth.Subject, java.lang.String, java.lang.String)
- */
- public void addCredentialsForSite(Subject subject, String remoteUser, String site, String pwd)
- throws SSOException {
-
- // Check if an entry for the site already exists otherwise create a new one
- SSOSite ssoSite = getSSOSiteObject(site);
- if (ssoSite == null)
- {
- // Create a new site
- ssoSite = new SSOSiteImpl();
- ssoSite.setSiteURL(site);
- ssoSite.setName(site);
- ssoSite.setCertificateRequired(false);
- ssoSite.setAllowUserSet(true);
- // By default we use ChallengeResponse Authentication
- ssoSite.setChallengeResponseAuthentication(true);
- ssoSite.setFormAuthentication(false);
-
- // Store the site so that we get a valid SSOSiteID
- try
- {
- getPersistenceBrokerTemplate().store(ssoSite);
- }
- catch (Exception e)
- {
- e.printStackTrace();
- throw new SSOException(SSOException.FAILED_STORING_SITE_INFO_IN_DB + e.toString() );
- }
- }
-
- // Get the Principal information (logged in user)
- String fullPath = ((BasePrincipal)SecurityHelper.getBestPrincipal(subject, UserPrincipal.class)).getFullPath();
- String principalName = ((BasePrincipal)SecurityHelper.getBestPrincipal(subject, UserPrincipal.class)).getName();
-
- // Add an entry for the principal to the site if it doesn't exist
- SSOPrincipal principal = this.getPrincipalForSite(ssoSite, fullPath);
-
- if (principal == null )
- {
- principal = getSSOPrincipal(fullPath);
- ssoSite.addPrincipal(principal);
- }
- else
- {
- // Check if the entry the user likes to update exists already
- Collection remoteForSite = ssoSite.getRemotePrincipals();
- Collection principalsForSite = ssoSite.getPrincipals();
-
- if ( remoteForSite != null && principalsForSite != null)
- {
- Collection remoteForPrincipals = this.getRemotePrincipalsForPrincipal(principalsForSite, fullPath);
- if ( remoteForPrincipals != null)
- {
- if (findRemoteMatch(remoteForPrincipals, remoteForSite) != null )
- {
- // Entry exists can't to an add has to call update
- throw new SSOException(SSOException.REMOTE_PRINCIPAL_EXISTS_CALL_UPDATE);
- }
- }
- }
- }
-
- if (principal == null)
- throw new SSOException(SSOException.FAILED_ADDING_PRINCIPAL_TO_MAPPING_TABLE_FOR_SITE);
-
- // Create a remote principal and credentials
- InternalUserPrincipalImpl remotePrincipal = new InternalUserPrincipalImpl(remoteUser);
-
- /*
- * The RemotePrincipal (class InternalUserPrincipal) will have a fullPath that identifies the entry as an SSO credential.
- * The entry has to be unique for a site and principal (GROUP -or- USER ) an therefore it needs to be encoded as following:
- * The convention for the path is the following: /sso/SiteID/{user|group}/{user name | group name}/remote user name
- */
- if ( fullPath.indexOf("/group/") > -1)
- remotePrincipal.setFullPath("/sso/" + ssoSite.getSiteId() + "/group/"+ principalName + "/" + remoteUser);
- else
- remotePrincipal.setFullPath("/sso/" + ssoSite.getSiteId() + "/user/"+ principalName + "/" + remoteUser);
-
- // New credential object for remote principal
- InternalCredentialImpl credential =
+
+ if ( ssoSite != null)
+ {
+ return ssoSite.getName();
+ }
+ else
+ {
+ return null;
+ }
+ }
+
+ /* (non-Javadoc)
+ * @see org.apache.jetspeed.sso.SSOProvider#hasSSOCredentials(javax.security.auth.Subject, java.lang.String)
+ */
+ public boolean hasSSOCredentials(Subject subject, String site) {
+ // Initialization
+ SSOSite ssoSite = getSSOSiteObject(site);
+
+ if ( ssoSite == null)
+ {
+ return false; // no entry for site
+ }
+
+ // Get the principal from the subject
+ BasePrincipal principal = (BasePrincipal)SecurityHelper.getBestPrincipal(subject, UserPrincipal.class);
+ String fullPath = principal.getFullPath();
+
+
+ // Get remotePrincipals for Site and match them with the Remote Principal for the Principal attached to site
+ Collection remoteForSite = ssoSite.getRemotePrincipals();
+ Collection principalsForSite = ssoSite.getPrincipals(); // Users
+
+ // If any of them don't exist just return
+ if (principalsForSite == null || remoteForSite== null )
+ return false; // no entry
+
+ Collection remoteForPrincipals = getRemotePrincipalsForPrincipal(principalsForSite, fullPath);
+
+ if ( remoteForPrincipals == null)
+ return false; // no entry
+
+ // Get remote Principal that matches the site and the principal
+ if (findRemoteMatch(remoteForPrincipals, remoteForSite) == null )
+ {
+ return false; // No entry
+ }
+ else
+ {
+ return true; // Has an entry
+ }
+ }
+
+ /* (non-Javadoc)
+ * @see org.apache.jetspeed.sso.SSOProvider#getCredentials(javax.security.auth.Subject, java.lang.String)
+ */
+ public SSOContext getCredentials(Subject subject, String site)
+ throws SSOException {
+
+ // Initialization
+ SSOSite ssoSite = getSSOSiteObject(site);
+
+ if ( ssoSite == null)
+ throw new SSOException(SSOException.NO_CREDENTIALS_FOR_SITE); // no entry for site
+
+ // Get the principal from the subject
+ BasePrincipal principal = (BasePrincipal)SecurityHelper.getBestPrincipal(subject, UserPrincipal.class);
+ String fullPath = principal.getFullPath();
+
+ // Filter the credentials for the given principals
+ SSOContext context = getCredential(ssoSite, fullPath);
+
+ if ( context == null)
+ throw new SSOException(SSOException.NO_CREDENTIALS_FOR_SITE); // no entry for site
+
+ return context;
+ }
+
+ /* addCredential()
+ * Adds credentials for a user to the site. If the site doesn't exist it will be created
+ * @see org.apache.jetspeed.sso.SSOProvider#addCredentialsForSite(javax.security.auth.Subject, java.lang.String, java.lang.String)
+ */
+ public void addCredentialsForSite(Subject subject, String remoteUser, String site, String pwd)
+ throws SSOException {
+
+ // Check if an entry for the site already exists otherwise create a new one
+ SSOSite ssoSite = getSSOSiteObject(site);
+ if (ssoSite == null)
+ {
+ // Create a new site
+ ssoSite = new SSOSiteImpl();
+ ssoSite.setSiteURL(site);
+ ssoSite.setName(site);
+ ssoSite.setCertificateRequired(false);
+ ssoSite.setAllowUserSet(true);
+ // By default we use ChallengeResponse Authentication
+ ssoSite.setChallengeResponseAuthentication(true);
+ ssoSite.setFormAuthentication(false);
+
+ // Store the site so that we get a valid SSOSiteID
+ try
+ {
+ getPersistenceBrokerTemplate().store(ssoSite);
+ }
+ catch (Exception e)
+ {
+ e.printStackTrace();
+ throw new SSOException(SSOException.FAILED_STORING_SITE_INFO_IN_DB + e.toString() );
+ }
+ }
+
+ // Get the Principal information (logged in user)
+ String fullPath = ((BasePrincipal)SecurityHelper.getBestPrincipal(subject, UserPrincipal.class)).getFullPath();
+ String principalName = ((BasePrincipal)SecurityHelper.getBestPrincipal(subject, UserPrincipal.class)).getName();
+
+ // Add an entry for the principal to the site if it doesn't exist
+ SSOPrincipal principal = this.getPrincipalForSite(ssoSite, fullPath);
+
+ if (principal == null )
+ {
+ principal = getSSOPrincipal(fullPath);
+ ssoSite.addPrincipal(principal);
+ }
+ else
+ {
+ // Check if the entry the user likes to update exists already
+ Collection remoteForSite = ssoSite.getRemotePrincipals();
+ Collection principalsForSite = ssoSite.getPrincipals();
+
+ if ( remoteForSite != null && principalsForSite != null)
+ {
+ Collection remoteForPrincipals = this.getRemotePrincipalsForPrincipal(principalsForSite, fullPath);
+ if ( remoteForPrincipals != null)
+ {
+ if (findRemoteMatch(remoteForPrincipals, remoteForSite) != null )
+ {
+ // Entry exists can't to an add has to call update
+ throw new SSOException(SSOException.REMOTE_PRINCIPAL_EXISTS_CALL_UPDATE);
+ }
+ }
+ }
+ }
+
+ if (principal == null)
+ throw new SSOException(SSOException.FAILED_ADDING_PRINCIPAL_TO_MAPPING_TABLE_FOR_SITE);
+
+ // Create a remote principal and credentials
+ InternalUserPrincipalImpl remotePrincipal = new InternalUserPrincipalImpl(remoteUser);
+
+ /*
+ * The RemotePrincipal (class InternalUserPrincipal) will have a fullPath that identifies the entry as an SSO credential.
+ * The entry has to be unique for a site and principal (GROUP -or- USER ) an therefore it needs to be encoded as following:
+ * The convention for the path is the following: /sso/SiteID/{user|group}/{user name | group name}/remote user name
+ */
+ if ( fullPath.indexOf("/group/") > -1)
+ remotePrincipal.setFullPath("/sso/" + ssoSite.getSiteId() + "/group/"+ principalName + "/" + remoteUser);
+ else
+ remotePrincipal.setFullPath("/sso/" + ssoSite.getSiteId() + "/user/"+ principalName + "/" + remoteUser);
+
+ // New credential object for remote principal
+ InternalCredentialImpl credential =
new InternalCredentialImpl(remotePrincipal.getPrincipalId(),
- this.scramble(pwd), 0, DefaultPasswordCredentialImpl.class.getName());
-
- if ( remotePrincipal.getCredentials() == null)
- remotePrincipal.setCredentials(new ArrayList(0));
-
- remotePrincipal.getCredentials().add( credential);
-
- // Add it to Principals remotePrincipals list
- principal.addRemotePrincipal(remotePrincipal);
-
- // Update the site remotePrincipals list
- ssoSite.getRemotePrincipals().add(remotePrincipal);
-
-
- // Update database and reset cache
- try
+ this.scramble(pwd), 0, DefaultPasswordCredentialImpl.class.getName());
+
+ if ( remotePrincipal.getCredentials() == null)
+ remotePrincipal.setCredentials(new ArrayList(0));
+
+ remotePrincipal.getCredentials().add( credential);
+
+ // Add it to Principals remotePrincipals list
+ principal.addRemotePrincipal(remotePrincipal);
+
+ // Update the site remotePrincipals list
+ ssoSite.getRemotePrincipals().add(remotePrincipal);
+
+
+ // Update database and reset cache
+ try
{
getPersistenceBrokerTemplate().store(ssoSite);
// Persist Principal/Remote
- getPersistenceBrokerTemplate().store(principal);
+ getPersistenceBrokerTemplate().store(principal);
}
catch (Exception e)
{
- e.printStackTrace();
+ e.printStackTrace();
throw new SSOException(SSOException.FAILED_STORING_SITE_INFO_IN_DB + e.toString() );
}
// Add to site
this.mapSite.put(site, ssoSite);
- }
-
+ }
+
+ /* (non-Javadoc)
+ * @see org.apache.jetspeed.sso.SSOProvider#removeCredentialsForSite(javax.security.auth.Subject, java.lang.String)
+ */
+ public void removeCredentialsForSite(Subject subject, String site)
+ throws SSOException {
+
+ // Initailization
+ InternalUserPrincipal remotePrincipal = null;
+ //Get the site
+ SSOSite ssoSite = getSSOSiteObject(site);
+ if (ssoSite == null)
+ {
+ throw new SSOException(SSOException.NO_CREDENTIALS_FOR_SITE);
+ }
+
+ // Get the Principal information
+ String fullPath = ((BasePrincipal)SecurityHelper.getBestPrincipal(subject, UserPrincipal.class)).getFullPath();
+
+ try
+ {
+ // Get remotePrincipals for Site and match them with the Remote Principal for the Principal attached to site
+ Collection principalsForSite = ssoSite.getPrincipals();
+ Collection remoteForSite = ssoSite.getRemotePrincipals();
+
+ // If any of them don't exist just return
+ if (principalsForSite == null || remoteForSite== null )
+ throw new SSOException(SSOException.NO_CREDENTIALS_FOR_SITE);
+
+ Collection remoteForPrincipals = getRemotePrincipalsForPrincipal(principalsForSite, fullPath);
+
+ if ( remoteForPrincipals == null)
+ throw new SSOException(SSOException.NO_CREDENTIALS_FOR_SITE);
+
+ // Get remote Principal that matches the site and the principal
+ if ((remotePrincipal = findRemoteMatch(remoteForPrincipals, remoteForSite)) == null )
+ {
+ throw new SSOException(SSOException.NO_CREDENTIALS_FOR_SITE);
+ }
+
+ // Update assocation tables
+ ssoSite.getRemotePrincipals().remove(remotePrincipal);
+
+ if (remoteForPrincipals.remove(remotePrincipal) == true)
+
+ // Update the site
+ getPersistenceBrokerTemplate().store(ssoSite);
- /* (non-Javadoc)
- * @see org.apache.jetspeed.sso.SSOProvider#removeCredentialsForSite(javax.security.auth.Subject, java.lang.String)
- */
- public void removeCredentialsForSite(Subject subject, String site)
- throws SSOException {
-
- // Initailization
- InternalUserPrincipal remotePrincipal = null;
- //Get the site
- SSOSite ssoSite = getSSOSiteObject(site);
- if (ssoSite == null)
- {
- throw new SSOException(SSOException.NO_CREDENTIALS_FOR_SITE);
- }
-
- // Get the Principal information
- String fullPath = ((BasePrincipal)SecurityHelper.getBestPrincipal(subject, UserPrincipal.class)).getFullPath();
-
- try
- {
- // Get remotePrincipals for Site and match them with the Remote Principal for the Principal attached to site
- Collection principalsForSite = ssoSite.getPrincipals();
- Collection remoteForSite = ssoSite.getRemotePrincipals();
-
- // If any of them don't exist just return
- if (principalsForSite == null || remoteForSite== null )
- throw new SSOException(SSOException.NO_CREDENTIALS_FOR_SITE);
-
- Collection remoteForPrincipals = getRemotePrincipalsForPrincipal(principalsForSite, fullPath);
-
- if ( remoteForPrincipals == null)
- throw new SSOException(SSOException.NO_CREDENTIALS_FOR_SITE);
-
- // Get remote Principal that matches the site and the principal
- if ((remotePrincipal = findRemoteMatch(remoteForPrincipals, remoteForSite)) == null )
- {
- throw new SSOException(SSOException.NO_CREDENTIALS_FOR_SITE);
- }
-
- // Update assocation tables
- ssoSite.getRemotePrincipals().remove(remotePrincipal);
-
- if (remoteForPrincipals.remove(remotePrincipal) == true)
-
- // Update the site
- getPersistenceBrokerTemplate().store(ssoSite);
-
- // delete the remote Principal from the SECURITY_PRINCIPAL table
- getPersistenceBrokerTemplate().delete(remotePrincipal);
-
-
- }
- catch(SSOException ssoex)
- {
- throw new SSOException(ssoex);
- }
- catch (Exception e)
+ // delete the remote Principal from the SECURITY_PRINCIPAL table
+ getPersistenceBrokerTemplate().delete(remotePrincipal);
+
+
+ }
+ catch(SSOException ssoex)
+ {
+ throw new SSOException(ssoex);
+ }
+ catch (Exception e)
{
- e.printStackTrace();
+ e.printStackTrace();
+ // current OJB model implementation isn't 100% correct, make sure no stale/broken state is left behind
+ mapSite.remove(site);
throw new SSOException(SSOException.FAILED_STORING_SITE_INFO_IN_DB + e.toString() );
}
-
- // Update database
- try
+
+ // Update database
+ try
{
getPersistenceBrokerTemplate().store(ssoSite);
}
catch (Exception e)
{
- e.printStackTrace();
+ e.printStackTrace();
throw new SSOException(SSOException.FAILED_STORING_SITE_INFO_IN_DB + e.toString() );
}
+ finally
+ {
+ // current OJB model implementation isn't 100% correct, make sure no stale/broken state is left behind
+ mapSite.remove(site);
+ }
- }
-
- /**
- * updateCredentialsForSite
- * @param subject Current subject
- * @param remoteUser remote user login
- * @param site URL or description of site
- * @param pwd Password for credentail
- */
- public void updateCredentialsForSite(Subject subject, String remoteUser, String site, String pwd)
- throws SSOException
- {
- // Check if the the current user has a credential for the site
-
- // Update the credential
- // Initailization
- InternalUserPrincipal remotePrincipal = null;
-
- //Get the site
- SSOSite ssoSite = getSSOSiteObject(site);
- if (ssoSite == null)
- {
- throw new SSOException(SSOException.NO_CREDENTIALS_FOR_SITE);
- }
-
- // Get the Principal information
- String fullPath = ((BasePrincipal)SecurityHelper.getBestPrincipal(subject, UserPrincipal.class)).getFullPath();
-
- // Get remotePrincipals for Site and match them with the Remote Principal for the Principal attached to site
- Collection principalsForSite = ssoSite.getPrincipals();
- Collection remoteForSite = ssoSite.getRemotePrincipals();
-
- // If any of them don't exist just return
- if (principalsForSite == null || remoteForSite== null )
- throw new SSOException(SSOException.NO_CREDENTIALS_FOR_SITE);
-
- Collection remoteForPrincipals = getRemotePrincipalsForPrincipal(principalsForSite, fullPath);
-
- if ( remoteForPrincipals == null)
- throw new SSOException(SSOException.NO_CREDENTIALS_FOR_SITE);
-
- // Get remote Principal that matches the site and the principal
- if ((remotePrincipal = findRemoteMatch(remoteForPrincipals, remoteForSite)) == null )
- {
- throw new SSOException(SSOException.NO_CREDENTIALS_FOR_SITE);
- }
-
- // Update principal information
- //remotePrincipal.setFullPath("/sso/" + ssoSite.getSiteId() + "/user/"+ principalName + "/" + remoteUser);
-
- InternalCredential credential = (InternalCredential)remotePrincipal.getCredentials().iterator().next();
-
- // New credential object
- if ( credential != null)
- // Remove credential and principal from mapping
- credential.setValue(this.scramble(pwd));
-
- // Update database and reset cache
- try
- {
- getPersistenceBrokerTemplate().store(credential);
- }
- catch (Exception e)
- {
- e.printStackTrace();
- throw new SSOException(SSOException.FAILED_STORING_SITE_INFO_IN_DB + e.toString() );
- }
- }
-
- /*
- * Helper utilities
- *
- */
-
- /*
- * getSSOSiteObject
- * Obtains the Site information including the credentials for a site (url).
- */
-
- private SSOSite getSSOSiteObject(String site)
- {
- //Initialization
- SSOSite ssoSite = null;
-
- //Check if the site is in the map
- if (mapSite.containsKey(site) == false )
- {
- // Go to the database and fetch the information for this site
- // Find the MediaType by matching the Mimetype
-
- Criteria filter = new Criteria();
- filter.addEqualTo("siteURL", site);
-
- QueryByCriteria query = QueryFactory.newQuery(SSOSiteImpl.class, filter);
- Collection ssoSiteCollection = getPersistenceBrokerTemplate().getCollectionByQuery(query);
-
- if ( ssoSiteCollection != null && ssoSiteCollection.isEmpty() != true)
- {
- Iterator itSite = ssoSiteCollection.iterator();
- // Get the site from the collection. There should be only one entry (uniqueness)
- if (itSite.hasNext())
- {
- ssoSite = (SSOSite) itSite.next();
- }
-
- // Add it to the map
- mapSite.put(site, ssoSite);
- }
- else
- {
- // No entry for this site
- return null;
- }
- }
- else
- {
- ssoSite = (SSOSite)mapSite.get(site);
- }
-
- return ssoSite;
- }
-
- /*
- * getCredential
- * returns the credentials for a given user
- */
- private SSOContext getCredential(SSOSite ssoSite, String fullPath)
- {
- InternalCredential credential = null;
- InternalUserPrincipal remotePrincipal = null;
- // Get remotePrincipals for Site and match them with the Remote Principal for the Principal attached to site
- Collection principalsForSite = ssoSite.getPrincipals();
- Collection remoteForSite = ssoSite.getRemotePrincipals();
-
- // If any of them don't exist just return
- if ( principalsForSite == null || remoteForSite== null )
- return null; // no entry
-
- Collection remoteForPrincipals = getRemotePrincipalsForPrincipal(principalsForSite, fullPath);
-
- if ( remoteForPrincipals == null)
- return null; // no entry
-
- // Get remote Principal that matches the site and the principal
- if ((remotePrincipal = findRemoteMatch(remoteForPrincipals, remoteForSite)) == null )
- {
- return null; // No entry
- }
- else
- {
- // Has an entry
- if ( remotePrincipal.getCredentials() != null)
- credential = (InternalCredential)remotePrincipal.getCredentials().iterator().next();
-
- // Error checking -- should have a credential at this point
- if ( credential == null)
- {
-// System.out.println("Warning: Remote User " + remotePrincipal.getFullPath() + " doesn't have a credential");
- return null;
- }
- }
-
- // Create new context
- String name = stripPrincipalName(remotePrincipal.getFullPath());
-
- SSOContext context = new SSOContextImpl(credential.getPrincipalId(), name, this.unscramble(credential.getValue()));
-
- return context;
- }
-
+ }
+
+ /**
+ * updateCredentialsForSite
+ * @param subject Current subject
+ * @param remoteUser remote user login
+ * @param site URL or description of site
+ * @param pwd Password for credentail
+ */
+ public void updateCredentialsForSite(Subject subject, String remoteUser, String site, String pwd)
+ throws SSOException
+ {
+ // Check if the the current user has a credential for the site
+
+ // Update the credential
+ // Initailization
+ InternalUserPrincipal remotePrincipal = null;
+
+ //Get the site
+ SSOSite ssoSite = getSSOSiteObject(site);
+ if (ssoSite == null)
+ {
+ throw new SSOException(SSOException.NO_CREDENTIALS_FOR_SITE);
+ }
+
+ // Get the Principal information
+ String fullPath = ((BasePrincipal)SecurityHelper.getBestPrincipal(subject, UserPrincipal.class)).getFullPath();
+
+ // Get remotePrincipals for Site and match them with the Remote Principal for the Principal attached to site
+ Collection principalsForSite = ssoSite.getPrincipals();
+ Collection remoteForSite = ssoSite.getRemotePrincipals();
+
+ // If any of them don't exist just return
+ if (principalsForSite == null || remoteForSite== null )
+ throw new SSOException(SSOException.NO_CREDENTIALS_FOR_SITE);
+
+ Collection remoteForPrincipals = getRemotePrincipalsForPrincipal(principalsForSite, fullPath);
+
+ if ( remoteForPrincipals == null)
+ throw new SSOException(SSOException.NO_CREDENTIALS_FOR_SITE);
+
+ // Get remote Principal that matches the site and the principal
+ if ((remotePrincipal = findRemoteMatch(remoteForPrincipals, remoteForSite)) == null )
+ {
+ throw new SSOException(SSOException.NO_CREDENTIALS_FOR_SITE);
+ }
+
+ // Update principal information
+ //remotePrincipal.setFullPath("/sso/" + ssoSite.getSiteId() + "/user/"+ principalName + "/" + remoteUser);
+
+ InternalCredential credential = (InternalCredential)remotePrincipal.getCredentials().iterator().next();
+
+ // New credential object
+ if ( credential != null)
+ // Remove credential and principal from mapping
+ credential.setValue(this.scramble(pwd));
+
+ // Update database and reset cache
+ try
+ {
+ getPersistenceBrokerTemplate().store(credential);
+ //this.updateSite(ssoSite);
+ }
+ catch (Exception e)
+ {
+ e.printStackTrace();
+ throw new SSOException(SSOException.FAILED_STORING_SITE_INFO_IN_DB + e.toString() );
+ }
+ }
+
+ /*
+ * Helper utilities
+ *
+ */
+
+ /*
+ * getSSOSiteObject
+ * Obtains the Site information including the credentials for a site (url).
+ */
+
+ private SSOSite getSSOSiteObject(String site)
+ {
+ //Initialization
+ SSOSite ssoSite = null;
+
+ //Check if the site is in the map
+ if (mapSite.containsKey(site) == false )
+ {
+ // Go to the database and fetch the information for this site
+ // Find the MediaType by matching the Mimetype
+
+ Criteria filter = new Criteria();
+ filter.addEqualTo("siteURL", site);
+
+ QueryByCriteria query = QueryFactory.newQuery(SSOSiteImpl.class, filter);
+ Collection ssoSiteCollection = getPersistenceBrokerTemplate().getCollectionByQuery(query);
+
+ if ( ssoSiteCollection != null && ssoSiteCollection.isEmpty() != true)
+ {
+ Iterator itSite = ssoSiteCollection.iterator();
+ // Get the site from the collection. There should be only one entry (uniqueness)
+ if (itSite.hasNext())
+ {
+ ssoSite = (SSOSite) itSite.next();
+ }
+
+ // Add it to the map
+ mapSite.put(site, ssoSite);
+ }
+ else
+ {
+ // No entry for this site
+ return null;
+ }
+ }
+ else
+ {
+ ssoSite = (SSOSite)mapSite.get(site);
+ }
+
+ return ssoSite;
+ }
+
+ /*
+ * getCredential
+ * returns the credentials for a given user
+ */
+ private SSOContext getCredential(SSOSite ssoSite, String fullPath)
+ {
+ InternalCredential credential = null;
+ InternalUserPrincipal remotePrincipal = null;
+ // Get remotePrincipals for Site and match them with the Remote Principal for the Principal attached to site
+ Collection principalsForSite = ssoSite.getPrincipals();
+ Collection remoteForSite = ssoSite.getRemotePrincipals();
+
+ // If any of them don't exist just return
+ if ( principalsForSite == null || remoteForSite== null )
+ return null; // no entry
+
+ Collection remoteForPrincipals = getRemotePrincipalsForPrincipal(principalsForSite, fullPath);
+
+ if ( remoteForPrincipals == null)
+ return null; // no entry
+
+ // Get remote Principal that matches the site and the principal
+ if ((remotePrincipal = findRemoteMatch(remoteForPrincipals, remoteForSite)) == null )
+ {
+ return null; // No entry
+ }
+ else
+ {
+ // Has an entry
+ if ( remotePrincipal.getCredentials() != null)
+ credential = (InternalCredential)remotePrincipal.getCredentials().iterator().next();
+
+ // Error checking -- should have a credential at this point
+ if ( credential == null)
+ {
+// System.out.println("Warning: Remote User " + remotePrincipal.getFullPath() + " doesn't have a credential");
+ return null;
+ }
+ }
+
+ // Create new context
+ String name = stripPrincipalName(remotePrincipal.getFullPath());
+
+ SSOContext context = new SSOContextImpl(credential.getPrincipalId(), name, this.unscramble(credential.getValue()));
+
+ return context;
+ }
+
private String stripPrincipalName(String fullPath)
{
String name;
@@ -819,227 +826,228 @@
return name;
}
- /*
- * Get a Collection of remote Principals for the logged in principal identified by the full path
- *
- private Collection getRemotePrincipalsForPrincipal(SSOSite ssoSite, String fullPath)
- {
- // The site orincipals list contains a list of remote principals for the user
- Collection principals = ssoSite.getPrincipals();
-
- if ( principals == null )
- return null; // No principals for this site
-
- Iterator ixPrincipals = principals.iterator();
- while (ixPrincipals.hasNext())
- {
- SSOPrincipal principal = (SSOPrincipal)ixPrincipals.next();
- if ( principal != null
- && principal.getFullPath().compareToIgnoreCase(fullPath) == 0 )
- {
- // Found Principal -- extract remote principals
- return principal.getRemotePrincipals();
- }
- }
-
- // Principal is not in list
- return null;
- }
+ /*
+ * Get a Collection of remote Principals for the logged in principal identified by the full path
+ *
+ private Collection getRemotePrincipalsForPrincipal(SSOSite ssoSite, String fullPath)
+ {
+ // The site orincipals list contains a list of remote principals for the user
+ Collection principals = ssoSite.getPrincipals();
+
+ if ( principals == null )
+ return null; // No principals for this site
+
+ Iterator ixPrincipals = principals.iterator();
+ while (ixPrincipals.hasNext())
+ {
+ SSOPrincipal principal = (SSOPrincipal)ixPrincipals.next();
+ if ( principal != null
+ && principal.getFullPath().compareToIgnoreCase(fullPath) == 0 )
+ {
+ // Found Principal -- extract remote principals
+ return principal.getRemotePrincipals();
+ }
+ }
+
+ // Principal is not in list
+ return null;
+ }
*/
-
- /*
- * getPrincipalForSite()
- * returns a principal that matches the full path for the site or creates a new entry if it doesn't exist
- */
- private SSOPrincipal getPrincipalForSite(SSOSite ssoSite, String fullPath)
- {
- SSOPrincipal principal = null;
- Collection principalsForSite = ssoSite.getPrincipals();
-
- if ( principalsForSite != null)
- {
- Iterator itPrincipals = principalsForSite.iterator();
- while (itPrincipals.hasNext() && principal == null)
- {
- SSOPrincipal tmp = (SSOPrincipal)itPrincipals.next();
- if ( tmp != null
- && tmp.getFullPath().compareToIgnoreCase(fullPath) == 0 )
- principal = tmp; // Found existing entry
- }
- }
-
- return principal;
- }
-
- private SSOPrincipal getSSOPrincipal(String fullPath)
- {
- // FInd if the principal exists in the SECURITY_PRINCIPAL table
- SSOPrincipal principal = null;
-
- Criteria filter = new Criteria();
- filter.addEqualTo("fullPath", fullPath);
-
- QueryByCriteria query = QueryFactory.newQuery(SSOPrincipalImpl.class, filter);
- Collection principals = getPersistenceBrokerTemplate().getCollectionByQuery(query);
-
- if ( principals != null && principals.isEmpty() != true)
- {
- Iterator itPrincipals = principals.iterator();
- // Get the site from the collection. There should be only one entry (uniqueness)
- if (itPrincipals.hasNext())
- {
- principal = (SSOPrincipal) itPrincipals.next();
- }
- }
-
- return principal;
- }
-
-
-
- /**
- * removeRemotePrincipalForPrincipal
- * @param site
- * @param fullPath
- * @return
- *
- * removes remotePrincipal for a site & principal
- *
- private InternalUserPrincipal removeRemotePrincipalForPrincipal(SSOSite site, String fullPath) throws SSOException
- {
- if (site.getPrincipals() != null)
- {
- Iterator itPrincipals = site.getPrincipals().iterator();
- while (itPrincipals.hasNext())
- {
- SSOPrincipal tmp = (SSOPrincipal)itPrincipals.next();
- if (tmp.getFullPath().compareToIgnoreCase(fullPath) == 0)
- {
- // Found -- get the remotePrincipal
- Collection collRemotePrincipals = tmp.getRemotePrincipals() ;
- if (collRemotePrincipals != null)
- {
-
- Iterator itRemotePrincipals = collRemotePrincipals.iterator();
- if (itRemotePrincipals.hasNext())
- {
- InternalUserPrincipal remotePrincipal = (InternalUserPrincipal)itRemotePrincipals.next();
- // Found remove the object
- collRemotePrincipals.remove(remotePrincipal);
- return remotePrincipal;
- }
- }
- }
- }
- }
-
- throw new SSOException(SSOException.REQUESTED_PRINCIPAL_DOES_NOT_EXIST);
- }
- */
-
- /*
- *
- *
- */
- private InternalUserPrincipal findRemoteMatch(Collection remoteForPrincipals, Collection remoteForSite)
- {
- // Iterate over the lists and find match
- Iterator itRemoteForPrincipals = remoteForPrincipals.iterator();
- while ( itRemoteForPrincipals.hasNext())
- {
- InternalUserPrincipal remoteForPrincipal = (InternalUserPrincipal)itRemoteForPrincipals.next();
-
- // Find a match in the site list
- Iterator itRemoteForSite = remoteForSite.iterator();
- while ( itRemoteForSite.hasNext())
- {
- InternalUserPrincipal tmp = (InternalUserPrincipal)itRemoteForSite.next();
-
- if ( tmp.getPrincipalId() == remoteForPrincipal.getPrincipalId() )
- return remoteForPrincipal;
- }
- }
- // No match found
- return null;
- }
-
- /*
- * getRemotePrincipalsForPrincipals
- * Checks if the user has any remote principals. If the principal is a group expand the group and
- * check if the requesting user is a part of the group.
- */
- private Collection getRemotePrincipalsForPrincipal(Collection principalsForSite, String fullPath)
- {
- if (principalsForSite != null )
- {
- Iterator itPrincipalsForSite = principalsForSite.iterator();
- while (itPrincipalsForSite.hasNext())
- {
- String principalFullPath = null;
- SSOPrincipal principal = (SSOPrincipal)itPrincipalsForSite.next();
- principalFullPath = principal.getFullPath();
-
- /* If the Principal is for a Group expand the Group and check if the user identified
- * by the fullPath is a member of the Group. If the user is a member of the Group
- * return the remote Credentials for the current Principal.
- */
- if ( principalFullPath.indexOf("/group/") == -1)
- {
- // USER
- if ( principalFullPath.compareToIgnoreCase(fullPath) == 0)
- return principal.getRemotePrincipals();
- }
- else
- {
- /* GROUP
- * If the full path is for a group (delete/add) just return the the list of remotePrincipals
- * For a lookup (hasCredentials) the user needs to be mapped against each member of the group
- */
- if ( principalFullPath.compareToIgnoreCase(fullPath) == 0)
- return principal.getRemotePrincipals();
-
- /* Expand the Group and find a match */
- InternalGroupPrincipal groupPrincipal = getGroupPrincipals(principalFullPath);
-
- // Found Group that matches the name
- if (groupPrincipal != null)
- {
- Collection usersInGroup = groupPrincipal.getUserPrincipals();
- Iterator itUsers = usersInGroup.iterator();
- while (itUsers.hasNext())
- {
- InternalUserPrincipal user = (InternalUserPrincipal)itUsers.next();
- if (user.getFullPath().compareToIgnoreCase(fullPath) == 0)
- {
- // User is member of the group
- return principal.getRemotePrincipals();
- }
- }
- }
- }
- }
- }
-
- // No match found
- return null;
- }
+
+ /*
+ * getPrincipalForSite()
+ * returns a principal that matches the full path for the site or creates a new entry if it doesn't exist
+ */
+ private SSOPrincipal getPrincipalForSite(SSOSite ssoSite, String fullPath)
+ {
+ SSOPrincipal principal = null;
+ Collection principalsForSite = ssoSite.getPrincipals();
+
+ if ( principalsForSite != null)
+ {
+ Iterator itPrincipals = principalsForSite.iterator();
+ while (itPrincipals.hasNext() && principal == null)
+ {
+ SSOPrincipal tmp = (SSOPrincipal)itPrincipals.next();
+ if ( tmp != null
+ && tmp.getFullPath().compareToIgnoreCase(fullPath) == 0 )
+ principal = tmp; // Found existing entry
+ }
+ }
+
+ return principal;
+ }
+
+ private SSOPrincipal getSSOPrincipal(String fullPath)
+ {
+ // FInd if the principal exists in the SECURITY_PRINCIPAL table
+ SSOPrincipal principal = null;
+
+ Criteria filter = new Criteria();
+ filter.addEqualTo("fullPath", fullPath);
+
+ QueryByCriteria query = QueryFactory.newQuery(SSOPrincipalImpl.class, filter);
+ Collection principals = getPersistenceBrokerTemplate().getCollectionByQuery(query);
+
+ if ( principals != null && principals.isEmpty() != true)
+ {
+ Iterator itPrincipals = principals.iterator();
+ // Get the site from the collection. There should be only one entry (uniqueness)
+ if (itPrincipals.hasNext())
+ {
+ principal = (SSOPrincipal) itPrincipals.next();
+ }
+ }
+
+ return principal;
+ }
+
+
+
+ /**
+ * removeRemotePrincipalForPrincipal
+ * @param site
+ * @param fullPath
+ * @return
+ *
+ * removes remotePrincipal for a site & principal
+ *
+ private InternalUserPrincipal removeRemotePrincipalForPrincipal(SSOSite site, String fullPath) throws SSOException
+ {
+ if (site.getPrincipals() != null)
+ {
+ Iterator itPrincipals = site.getPrincipals().iterator();
+ while (itPrincipals.hasNext())
+ {
+ SSOPrincipal tmp = (SSOPrincipal)itPrincipals.next();
+ if (tmp.getFullPath().compareToIgnoreCase(fullPath) == 0)
+ {
+ // Found -- get the remotePrincipal
+ Collection collRemotePrincipals = tmp.getRemotePrincipals() ;
+ if (collRemotePrincipals != null)
+ {
+
+ Iterator itRemotePrincipals = collRemotePrincipals.iterator();
+ if (itRemotePrincipals.hasNext())
+ {
+ InternalUserPrincipal remotePrincipal = (InternalUserPrincipal)itRemotePrincipals.next();
+ // Found remove the object
+ collRemotePrincipals.remove(remotePrincipal);
+ return remotePrincipal;
+ }
+ }
+ }
+ }
+ }
+
+ throw new SSOException(SSOException.REQUESTED_PRINCIPAL_DOES_NOT_EXIST);
+ }
+ */
+
+ /*
+ *
+ *
+ */
+ private InternalUserPrincipal findRemoteMatch(Collection remoteForPrincipals, Collection remoteForSite)
+ {
+ // Iterate over the lists and find match
+ Iterator itRemoteForPrincipals = remoteForPrincipals.iterator();
+ while ( itRemoteForPrincipals.hasNext())
+ {
+ InternalUserPrincipal remoteForPrincipal = (InternalUserPrincipal)itRemoteForPrincipals.next();
+
+ // Find a match in the site list
+ Iterator itRemoteForSite = remoteForSite.iterator();
+ while ( itRemoteForSite.hasNext())
+ {
+ InternalUserPrincipal tmp = (InternalUserPrincipal)itRemoteForSite.next();
+
+ if ( tmp.getPrincipalId() == remoteForPrincipal.getPrincipalId() )
+ return remoteForPrincipal;
+ }
+ }
+ // No match found
+ return null;
+ }
+
+ /*
+ * getRemotePrincipalsForPrincipals
+ * Checks if the user has any remote principals. If the principal is a group expand the group and
+ * check if the requesting user is a part of the group.
+ */
+ private Collection getRemotePrincipalsForPrincipal(Collection principalsForSite, String fullPath)
+ {
+ if (principalsForSite != null )
+ {
+ Iterator itPrincipalsForSite = principalsForSite.iterator();
+ while (itPrincipalsForSite.hasNext())
+ {
+ String principalFullPath = null;
+ SSOPrincipal principal = (SSOPrincipal)itPrincipalsForSite.next();
+ principalFullPath = principal.getFullPath();
+
+ /* If the Principal is for a Group expand the Group and check if the user identified
+ * by the fullPath is a member of the Group. If the user is a member of the Group
+ * return the remote Credentials for the current Principal.
+ */
+ if ( principalFullPath.indexOf("/group/") == -1)
+ {
+ // USER
+ if ( principalFullPath.compareToIgnoreCase(fullPath) == 0)
+ return principal.getRemotePrincipals();
+ }
+ else
+ {
+ /* GROUP
+ * If the full path is for a group (delete/add) just return the the list of remotePrincipals
+ * For a lookup (hasCredentials) the user needs to be mapped against each member of the group
+ */
+ if ( principalFullPath.compareToIgnoreCase(fullPath) == 0)
+ return principal.getRemotePrincipals();
+
+ /* Expand the Group and find a match */
+ InternalGroupPrincipal groupPrincipal = getGroupPrincipals(principalFullPath);
+
+ // Found Group that matches the name
+ if (groupPrincipal != null)
+ {
+ Collection usersInGroup = groupPrincipal.getUserPrincipals();
+ Iterator itUsers = usersInGroup.iterator();
+ while (itUsers.hasNext())
+ {
+ InternalUserPrincipal user = (InternalUserPrincipal)itUsers.next();
+ if (user.getFullPath().compareToIgnoreCase(fullPath) == 0)
+ {
+ // User is member of the group
+ return principal.getRemotePrincipals();
+ }
+ }
+ }
+ }
+ }
+ }
+
+ // No match found
+ return null;
+ }
public SSOSite getSite(String siteUrl)
{
Criteria filter = new Criteria();
- filter.addEqualTo("url", siteUrl);
+ filter.addEqualTo("siteURL", siteUrl);
Query query = QueryFactory.newQuery(SSOSiteImpl.class, filter);
SSOSite site = (SSOSite) getPersistenceBrokerTemplate().getObjectByQuery(query);
+ this.mapSite.put(siteUrl, site);
return site;
}
-
+
public void updateSite(SSOSite site)
throws SSOException
{
try
{
getPersistenceBrokerTemplate().store(site);
- this.mapSite.put(site.getName(), site);
+ this.mapSite.put(site.getSiteURL(), site);
}
catch (Exception e)
{
@@ -1061,7 +1069,7 @@
public void addSiteFormAuthenticated(String siteName, String siteUrl, String realm, String userField, String pwdField)
throws SSOException
{
- try
+ try
{
SSOSite ssoSite = new SSOSiteImpl();
ssoSite.setSiteURL(siteUrl);
@@ -1073,7 +1081,7 @@
ssoSite.setFormUserField(userField);
ssoSite.setFormPwdField(pwdField);
getPersistenceBrokerTemplate().store(ssoSite);
- this.mapSite.put(siteName, ssoSite);
+ this.mapSite.put(siteUrl, ssoSite);
}
catch (Exception e)
{
@@ -1093,7 +1101,7 @@
public void addSiteChallengeResponse(String siteName, String siteUrl, String realm)
throws SSOException
{
- try
+ try
{
SSOSite ssoSite = new SSOSiteImpl();
ssoSite.setSiteURL(siteUrl);
@@ -1103,7 +1111,7 @@
ssoSite.setRealm(realm);
ssoSite.setChallengeResponseAuthentication(true);
getPersistenceBrokerTemplate().store(ssoSite);
- this.mapSite.put(siteName, ssoSite);
+ this.mapSite.put(siteUrl, ssoSite);
}
catch (Exception e)
{
@@ -1124,7 +1132,7 @@
ssoSite.setCertificateRequired(false);
ssoSite.setAllowUserSet(true);
getPersistenceBrokerTemplate().store(ssoSite);
- this.mapSite.put(siteName, ssoSite);
+ this.mapSite.put(siteUrl, ssoSite);
}
catch (Exception e)
{
@@ -1203,7 +1211,7 @@
/*
private SSOSite getSiteForRemoteUser(String fullPath)
{
- // Get Site for remote user
+ // Get Site for remote user
Criteria filter = new Criteria();
filter.addEqualTo("remotePrincipals.fullPath", fullPath);
Query query = QueryFactory.newQuery(SSOSiteImpl.class, filter);
@@ -1213,180 +1221,180 @@
private String getContentFromURL(String proxyID, String destUrl, SSOSite[] sites, boolean bRefresh ) throws SSOException
{
- URL urlObj = null;
-
- // Result Buffer
- //BufferedInputStream bis = null;
- String resultPage;
-
- String strErrorMessage = "SSO Component Error. Failed to get content for URL " + destUrl;
-
- try
- {
- urlObj = new URL(destUrl);
- }
- catch (MalformedURLException e)
- {
- String msg = ("Error -- Malformed URL [" + destUrl +"] for SSO authenticated destination");
- log.error(msg);
- throw new SSOException(msg, e);
- }
-
- /*
- * Setup HTTPClient
- * Check if an HTTP Client already exists for the given /user/site
- */
- HttpClient client = (HttpClient)this.clientProxy.get(proxyID);
- GetMethod get = null;
-
- if (bRefresh == true || client == null)
- {
- if (log.isInfoEnabled())
- log.info("SSO Component -- Create new HTTP Client object for Principal/URL [" + proxyID+ "]");
-
- client = new HttpClient();
- client.getState().setCookiePolicy(CookiePolicy.COMPATIBILITY);
-
- int numberOfSites = sites.length;
-
- // Do all the logins for the site
- for (int i=0; i<numberOfSites; i++)
- {
- SSOSite site = sites[i];
-
- if (site != null)
- {
- Iterator itRemotePrincipals = site.getRemotePrincipals().iterator();
- while (itRemotePrincipals.hasNext() )
- {
- InternalUserPrincipal remotePrincipal = (InternalUserPrincipal)itRemotePrincipals.next();
- if (remotePrincipal != null)
- {
- InternalCredential credential = null;
- if ( remotePrincipal.getCredentials() != null)
- credential = (InternalCredential)remotePrincipal.getCredentials().iterator().next();
-
- if (credential != null)
- {
- if (log.isInfoEnabled())
- log.info("SSOComponent -- Remote Principal ["+stripPrincipalName(remotePrincipal.getFullPath())+"] has credential ["+this.unscramble(credential.getValue())+ "]");
-
- client.getState().setCredentials(
- site.getRealm(),
- urlObj.getHost(),
- new UsernamePasswordCredentials(stripPrincipalName(remotePrincipal.getFullPath()), this.unscramble(credential.getValue()))
- );
-
- // Build URL if it's Form authentication
- StringBuffer siteURL = new StringBuffer(site.getSiteURL());
-
- // Check if it's form based or ChallengeResponse
- if (site.isFormAuthentication())
- {
- siteURL.append("?").append(site.getFormUserField()).append("=").append(stripPrincipalName(remotePrincipal.getFullPath())).append("&").append(site.getFormPwdField()).append("=").append(this.unscramble(credential.getValue()));
- }
-
- get = new GetMethod(siteURL.toString());
-
- // Tell the GET method to automatically handle authentication. The
- // method will use any appropriate credentials to handle basic
- // authentication requests. Setting this value to false will cause
- // any request for authentication to return with a status of 401.
- // It will then be up to the client to handle the authentication.
- get.setDoAuthentication( true );
- try {
- // execute the GET
- int status = client.executeMethod( get );
-
- if (log.isInfoEnabled() )
- log.info("Accessing site [" + site.getSiteURL() + "]. HTTP Status [" +status+ "]" );
-
- /*
- * If the destination URL and the SSO url match
- * use the authentication process but return immediately
- * the result page.
- */
- if( destUrl.compareTo(site.getSiteURL()) == 0 && numberOfSites == 1)
- {
- if (log.isInfoEnabled() )
- log.info("SSO Component --SSO Site and destination URL match. Go and get the content." );
-
- //try
- //{
- //bis = new BufferedInputStream(get.getResponseBodyAsStream());
- resultPage = get.getResponseBodyAsString();
- //}
- //catch(IOException ioe)
- //{
- // log.error(strErrorMessage, ioe);
- // throw new SSOException (strErrorMessage, ioe);
- //}
-
- get.releaseConnection();
-
- // Add the client object to the cache
- this.clientProxy.put(proxyID, client);
-
- //return bis;
- return resultPage;
- }
-
- } catch (Exception e) {
- log.error("Exception while authentication. Error: " +e);
- }
-
- get.releaseConnection();
- }
- }
- }
- }
- }
-
- // Add the client object to the cache
- this.clientProxy.put(proxyID, client);
- }
- else
- {
- if (log.isInfoEnabled())
- log.info("SSO Component -- Use cached HTTP Client object for Principal/URL [" + proxyID+ "]");
- }
-
- // All the SSO authentication done go to the destination url
- get = new GetMethod(destUrl);
- try {
+ URL urlObj = null;
+
+ // Result Buffer
+ //BufferedInputStream bis = null;
+ String resultPage;
+
+ String strErrorMessage = "SSO Component Error. Failed to get content for URL " + destUrl;
+
+ try
+ {
+ urlObj = new URL(destUrl);
+ }
+ catch (MalformedURLException e)
+ {
+ String msg = ("Error -- Malformed URL [" + destUrl +"] for SSO authenticated destination");
+ log.error(msg);
+ throw new SSOException(msg, e);
+ }
+
+ /*
+ * Setup HTTPClient
+ * Check if an HTTP Client already exists for the given /user/site
+ */
+ HttpClient client = (HttpClient)this.clientProxy.get(proxyID);
+ GetMethod get = null;
+
+ if (bRefresh == true || client == null)
+ {
+ if (log.isInfoEnabled())
+ log.info("SSO Component -- Create new HTTP Client object for Principal/URL [" + proxyID+ "]");
+
+ client = new HttpClient();
+ client.getState().setCookiePolicy(CookiePolicy.COMPATIBILITY);
+
+ int numberOfSites = sites.length;
+
+ // Do all the logins for the site
+ for (int i=0; i<numberOfSites; i++)
+ {
+ SSOSite site = sites[i];
+
+ if (site != null)
+ {
+ Iterator itRemotePrincipals = site.getRemotePrincipals().iterator();
+ while (itRemotePrincipals.hasNext() )
+ {
+ InternalUserPrincipal remotePrincipal = (InternalUserPrincipal)itRemotePrincipals.next();
+ if (remotePrincipal != null)
+ {
+ InternalCredential credential = null;
+ if ( remotePrincipal.getCredentials() != null)
+ credential = (InternalCredential)remotePrincipal.getCredentials().iterator().next();
+
+ if (credential != null)
+ {
+ if (log.isInfoEnabled())
+ log.info("SSOComponent -- Remote Principal ["+stripPrincipalName(remotePrincipal.getFullPath())+"] has credential ["+this.unscramble(credential.getValue())+ "]");
+
+ client.getState().setCredentials(
+ site.getRealm(),
+ urlObj.getHost(),
+ new UsernamePasswordCredentials(stripPrincipalName(remotePrincipal.getFullPath()), this.unscramble(credential.getValue()))
+ );
+
+ // Build URL if it's Form authentication
+ StringBuffer siteURL = new StringBuffer(site.getSiteURL());
+
+ // Check if it's form based or ChallengeResponse
+ if (site.isFormAuthentication())
+ {
+ siteURL.append("?").append(site.getFormUserField()).append("=").append(stripPrincipalName(remotePrincipal.getFullPath())).append("&").append(site.getFormPwdField()).append("=").append(this.unscramble(credential.getValue()));
+ }
+
+ get = new GetMethod(siteURL.toString());
+
+ // Tell the GET method to automatically handle authentication. The
+ // method will use any appropriate credentials to handle basic
+ // authentication requests. Setting this value to false will cause
+ // any request for authentication to return with a status of 401.
+ // It will then be up to the client to handle the authentication.
+ get.setDoAuthentication( true );
+ try {
+ // execute the GET
+ int status = client.executeMethod( get );
+
+ if (log.isInfoEnabled() )
+ log.info("Accessing site [" + site.getSiteURL() + "]. HTTP Status [" +status+ "]" );
+
+ /*
+ * If the destination URL and the SSO url match
+ * use the authentication process but return immediately
+ * the result page.
+ */
+ if( destUrl.compareTo(site.getSiteURL()) == 0 && numberOfSites == 1)
+ {
+ if (log.isInfoEnabled() )
+ log.info("SSO Component --SSO Site and destination URL match. Go and get the content." );
+
+ //try
+ //{
+ //bis = new BufferedInputStream(get.getResponseBodyAsStream());
+ resultPage = get.getResponseBodyAsString();
+ //}
+ //catch(IOException ioe)
+ //{
+ // log.error(strErrorMessage, ioe);
+ // throw new SSOException (strErrorMessage, ioe);
+ //}
+
+ get.releaseConnection();
+
+ // Add the client object to the cache
+ this.clientProxy.put(proxyID, client);
+
+ //return bis;
+ return resultPage;
+ }
+
+ } catch (Exception e) {
+ log.error("Exception while authentication. Error: " +e);
+ }
+
+ get.releaseConnection();
+ }
+ }
+ }
+ }
+ }
+
+ // Add the client object to the cache
+ this.clientProxy.put(proxyID, client);
+ }
+ else
+ {
+ if (log.isInfoEnabled())
+ log.info("SSO Component -- Use cached HTTP Client object for Principal/URL [" + proxyID+ "]");
+ }
+
+ // All the SSO authentication done go to the destination url
+ get = new GetMethod(destUrl);
+ try {
// execute the GET
int status = client.executeMethod( get );
log.info("Accessing site [" + destUrl + "]. HTTP Status [" +status+ "]" );
- } catch (Exception e) {
- log.error("Exception while authentication. Error: " +e);
+ } catch (Exception e) {
+ log.error("Exception while authentication. Error: " +e);
+ }
+
+
+ try
+ {
+ //bis = new BufferedInputStream(get.getResponseBodyAsStream());
+ resultPage = get.getResponseBodyAsString();
+ }
+ catch(IOException ioe)
+ {
+ log.error(strErrorMessage, ioe);
+ throw new SSOException (strErrorMessage, ioe);
+ }
+ catch (Exception e)
+ {
+ log.error(strErrorMessage, e);
+ throw new SSOException (strErrorMessage, e);
+
}
-
-
- try
- {
- //bis = new BufferedInputStream(get.getResponseBodyAsStream());
- resultPage = get.getResponseBodyAsString();
- }
- catch(IOException ioe)
- {
- log.error(strErrorMessage, ioe);
- throw new SSOException (strErrorMessage, ioe);
- }
- catch (Exception e)
- {
- log.error(strErrorMessage, e);
- throw new SSOException (strErrorMessage, e);
-
- }
finally
{
get.releaseConnection();
}
-
- //return bis;
- return resultPage;
+
+ //return bis;
+ return resultPage;
}
/*
@@ -1403,7 +1411,7 @@
// On some database platforms, like PostgreSQL this can lead to something like:
// org.postgresql.util.PSQLException: ERROR: invalid byte sequence for encoding "UTF8": 0x00
// To prevent this, the resulting xored password is encoded in Base64
- String xored = new String(xor(pwd.toCharArray(), scrambler));
+ String xored = new String(xor(pwd.toCharArray(), scrambler));
byte[] bytes = Base64.encodeBase64(xored.getBytes());
String scrambled = new String(bytes);
return scrambled;
@@ -1411,7 +1419,7 @@
private String unscramble(String pwd)
{
- byte[] bytes = pwd.getBytes();
+ byte[] bytes = pwd.getBytes();
bytes = Base64.decodeBase64(bytes);
String chars = new String(bytes);
String unscrambled = new String(xor(chars.toCharArray(), scrambler));
@@ -1420,15 +1428,15 @@
private char[] xor(char[] a, char[]b)
{
- int len = Math.min(a.length, b.length);
- char[] result = new char[len];
- for(int i=0; i<len;i++)
- {
- result[i] = (char) (a[i] ^ b[i]);
- }
- return result;
+ int len = Math.min(a.length, b.length);
+ char[] result = new char[len];
+ for(int i=0; i<len;i++)
+ {
+ result[i] = (char) (a[i] ^ b[i]);
+ }
+ return result;
}
-
+
public void addCredentialsForSite(SSOSite ssoSite, Subject subject, String remoteUser, String pwd)
throws SSOException
{
@@ -1509,16 +1517,24 @@
// Update database and reset cache
try
{
- getPersistenceBrokerTemplate().store(ssoSite);
-
- // Persist Principal/Remote
getPersistenceBrokerTemplate().store(principal);
- } catch (Exception e)
+ }
+ catch (Exception e)
{
e.printStackTrace();
throw new SSOException(SSOException.FAILED_STORING_SITE_INFO_IN_DB
+ e.toString());
}
}
+
+ void debugSite(SSOSite site)
+ {
+ Iterator i = site.getRemotePrincipals().iterator();
+ while (i.hasNext())
+ {
+ InternalUserPrincipal p = (InternalUserPrincipal)i.next();
+ Object o = p.getCredentials().iterator();
+ }
+ }
}
Modified: portals/jetspeed-2/portal/branches/JETSPEED-2.1.3-POSTRELEASE/components/sso/src/java/org/apache/jetspeed/sso/impl/PersistenceBrokerSSOProvider.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/branches/JETSPEED-2.1.3-POSTRELEASE/components/sso/src/java/org/apache/jetspeed/sso/impl/PersistenceBrokerSSOProvider.java?rev=657211&r1=657210&r2=657211&view=diff
==============================================================================
--- portals/jetspeed-2/portal/branches/JETSPEED-2.1.3-POSTRELEASE/components/sso/src/java/org/apache/jetspeed/sso/impl/PersistenceBrokerSSOProvider.java (original)
+++ portals/jetspeed-2/portal/branches/JETSPEED-2.1.3-POSTRELEASE/components/sso/src/java/org/apache/jetspeed/sso/impl/PersistenceBrokerSSOProvider.java Fri May 16 14:09:52 2008
@@ -704,6 +704,7 @@
try
{
getPersistenceBrokerTemplate().store(credential);
+ //this.updateSite(ssoSite);
}
catch (Exception e)
{
@@ -1033,9 +1034,10 @@
public SSOSite getSite(String siteUrl)
{
Criteria filter = new Criteria();
- filter.addEqualTo("url", siteUrl);
+ filter.addEqualTo("siteURL", siteUrl);
Query query = QueryFactory.newQuery(SSOSiteImpl.class, filter);
SSOSite site = (SSOSite) getPersistenceBrokerTemplate().getObjectByQuery(query);
+ this.mapSite.put(siteUrl, site);
return site;
}
@@ -1045,7 +1047,7 @@
try
{
getPersistenceBrokerTemplate().store(site);
- this.mapSite.put(site.getName(), site);
+ this.mapSite.put(site.getSiteURL(), site);
}
catch (Exception e)
{
@@ -1079,7 +1081,7 @@
ssoSite.setFormUserField(userField);
ssoSite.setFormPwdField(pwdField);
getPersistenceBrokerTemplate().store(ssoSite);
- this.mapSite.put(siteName, ssoSite);
+ this.mapSite.put(siteUrl, ssoSite);
}
catch (Exception e)
{
@@ -1109,7 +1111,7 @@
ssoSite.setRealm(realm);
ssoSite.setChallengeResponseAuthentication(true);
getPersistenceBrokerTemplate().store(ssoSite);
- this.mapSite.put(siteName, ssoSite);
+ this.mapSite.put(siteUrl, ssoSite);
}
catch (Exception e)
{
@@ -1130,7 +1132,7 @@
ssoSite.setCertificateRequired(false);
ssoSite.setAllowUserSet(true);
getPersistenceBrokerTemplate().store(ssoSite);
- this.mapSite.put(siteName, ssoSite);
+ this.mapSite.put(siteUrl, ssoSite);
}
catch (Exception e)
{
@@ -1515,16 +1517,24 @@
// Update database and reset cache
try
{
- getPersistenceBrokerTemplate().store(ssoSite);
-
- // Persist Principal/Remote
getPersistenceBrokerTemplate().store(principal);
- } catch (Exception e)
+ }
+ catch (Exception e)
{
e.printStackTrace();
throw new SSOException(SSOException.FAILED_STORING_SITE_INFO_IN_DB
+ e.toString());
}
}
+
+ void debugSite(SSOSite site)
+ {
+ Iterator i = site.getRemotePrincipals().iterator();
+ while (i.hasNext())
+ {
+ InternalUserPrincipal p = (InternalUserPrincipal)i.next();
+ Object o = p.getCredentials().iterator();
+ }
+ }
}
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org