You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-commits@jackrabbit.apache.org by tr...@apache.org on 2014/02/10 23:57:53 UTC
svn commit: r1566805 - in /jackrabbit/oak/trunk:
oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/
oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/
oak-core/src/main/java/org/...
Author: tripod
Date: Mon Feb 10 22:57:52 2014
New Revision: 1566805
URL: http://svn.apache.org/r1566805
Log:
OAK-516 Create LdapLoginModule based on ExternalLoginModule (wip)
Modified:
jackrabbit/oak/trunk/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapIdentityProvider.java
jackrabbit/oak/trunk/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapProviderConfig.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/ExternalIdentity.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/ExternalIdentityException.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/ExternalIdentityProvider.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/ExternalIdentityRef.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/SyncConfig.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/SyncManager.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/ExternalIDPManagerImpl.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/ExternalLoginModule.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/package-info.java
Modified: jackrabbit/oak/trunk/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapIdentityProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapIdentityProvider.java?rev=1566805&r1=1566804&r2=1566805&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapIdentityProvider.java (original)
+++ jackrabbit/oak/trunk/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapIdentityProvider.java Mon Feb 10 22:57:52 2014
@@ -1,20 +1,19 @@
-/*************************************************************************
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
*
- * ADOBE CONFIDENTIAL
- * ___________________
+ * http://www.apache.org/licenses/LICENSE-2.0
*
- * Copyright ${today.year} Adobe Systems Incorporated
- * All Rights Reserved.
- *
- * NOTICE: All information contained herein is, and remains
- * the property of Adobe Systems Incorporated and its suppliers,
- * if any. The intellectual and technical concepts contained
- * herein are proprietary to Adobe Systems Incorporated and its
- * suppliers and are protected by trade secret or copyright law.
- * Dissemination of this information or reproduction of this material
- * is strictly forbidden unless prior written permission is obtained
- * from Adobe Systems Incorporated.
- **************************************************************************/
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
package org.apache.jackrabbit.oak.security.authentication.ldap.impl;
import java.io.IOException;
@@ -35,6 +34,7 @@ import org.apache.directory.api.ldap.mod
import org.apache.directory.api.ldap.model.message.SearchRequestImpl;
import org.apache.directory.api.ldap.model.message.SearchResultEntry;
import org.apache.directory.api.ldap.model.message.SearchScope;
+import org.apache.directory.api.ldap.model.name.Dn;
import org.apache.directory.ldap.client.api.LdapConnection;
import org.apache.directory.ldap.client.api.LdapNetworkConnection;
import org.apache.felix.scr.annotations.Activate;
@@ -92,7 +92,6 @@ public class LdapIdentityProvider implem
private void activate(Map<String, Object> properties) {
ConfigurationParameters cfg = ConfigurationParameters.of(properties);
config = LdapProviderConfig.of(cfg);
- log.error("***** activate {}: {}", this, properties);
}
@Nonnull
@@ -177,7 +176,7 @@ public class LdapIdentityProvider implem
req.setScope(SearchScope.SUBTREE);
req.addAttributes("*");
req.setTimeLimit(config.getSearchTimeout());
- req.setBase(idConfig.getBaseDN());
+ req.setBase(new Dn(idConfig.getBaseDN()));
req.setFilter(searchFilter);
log.debug("Searching entries below {} with {}", idConfig.getBaseDN(), searchFilter);
@@ -234,7 +233,7 @@ public class LdapIdentityProvider implem
private LdapConnection connect() throws ExternalIdentityException {
try {
- LdapConnection connection = new LdapNetworkConnection(config.getHost(), config.getPort(), config.isUseSSL());
+ LdapConnection connection = new LdapNetworkConnection(config.getHostname(), config.getPort(), config.useSSL());
if (config.getBindDN().length() > 0) {
connection.bind(config.getBindDN(), config.getBindPassword());
} else {
Modified: jackrabbit/oak/trunk/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapProviderConfig.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapProviderConfig.java?rev=1566805&r1=1566804&r2=1566805&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapProviderConfig.java (original)
+++ jackrabbit/oak/trunk/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapProviderConfig.java Mon Feb 10 22:57:52 2014
@@ -16,11 +16,10 @@
*/
package org.apache.jackrabbit.oak.security.authentication.ldap.impl;
+import javax.annotation.CheckForNull;
import javax.annotation.Nonnull;
+import javax.annotation.Nullable;
-import org.apache.directory.api.ldap.model.exception.LdapInvalidDnException;
-import org.apache.directory.api.ldap.model.filter.FilterEncoder;
-import org.apache.directory.api.ldap.model.name.Dn;
import org.apache.felix.scr.annotations.Component;
import org.apache.felix.scr.annotations.Property;
import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
@@ -37,7 +36,14 @@ import org.apache.jackrabbit.oak.spi.sec
)
public class LdapProviderConfig {
+ /**
+ * @see #getName()
+ */
public static final String PARAM_NAME_DEFAULT = "ldap";
+
+ /**
+ * @see #getName()
+ */
@Property(
label = "LDAP Provider Name",
description = "Name of this LDAP provider configuration. This is used to reference this provider by the login modules.",
@@ -45,7 +51,14 @@ public class LdapProviderConfig {
)
public static final String PARAM_NAME = "provider.name";
+ /**
+ * @see #getHostname()
+ */
public static final String PARAM_LDAP_HOST_DEFAULT = "localhost";
+
+ /**
+ * @see #getHostname()
+ */
@Property(
label = "LDAP Server Hostname",
description = "Hostname of the LDAP server",
@@ -53,7 +66,14 @@ public class LdapProviderConfig {
)
public static final String PARAM_LDAP_HOST = "host.name";
+ /**
+ * @see #getPort()
+ */
public static final int PARAM_LDAP_PORT_DEFAULT = 389;
+
+ /**
+ * @see #getPort()
+ */
@Property(
label = "LDAP Server Port",
description = "Port of the LDAP server",
@@ -61,7 +81,14 @@ public class LdapProviderConfig {
)
public static final String PARAM_LDAP_PORT = "host.port";
+ /**
+ * @see #useSSL()
+ */
public static final boolean PARAM_USE_SSL_DEFAULT = false;
+
+ /**
+ * @see #useSSL()
+ */
@Property(
label = "Use SSL",
description = "Indicates if an SSL connection should be used.",
@@ -69,7 +96,14 @@ public class LdapProviderConfig {
)
public static final String PARAM_USE_SSL = "host.ssl";
+ /**
+ * @see #getBindDN()
+ */
public static final String PARAM_BIND_DN_DEFAULT = "";
+
+ /**
+ * @see #getBindDN()
+ */
@Property(
label = "Bind DN",
description = "DN of the user for authentication. Leave empty for anonymous bind.",
@@ -77,7 +111,14 @@ public class LdapProviderConfig {
)
public static final String PARAM_BIND_DN = "bind.dn";
+ /**
+ * @see #getBindPassword()
+ */
public static final String PARAM_BIND_PASSWORD_DEFAULT = "";
+
+ /**
+ * @see #getBindPassword()
+ */
@Property(
label = "Bind Password",
description = "Password of the user for authentication.",
@@ -85,20 +126,166 @@ public class LdapProviderConfig {
)
public static final String PARAM_BIND_PASSWORD = "bind.password";
+ /**
+ * @see #getSearchTimeout()
+ */
public static final int PARAM_SEARCH_TIMEOUT_DEFAULT = 60000;
+
+ /**
+ * @see #getSearchTimeout()
+ */
@Property(
label = "Search Timeout",
description = "Time in milliseconds until a search times out.",
intValue = PARAM_SEARCH_TIMEOUT_DEFAULT
)
- public static final String PARAM_SEARCH_TIMEOUT = "search.timeout";
+ public static final String PARAM_SEARCH_TIMEOUT = "searchTimeout";
+
+ /**
+ * @see Identity#getBaseDN()
+ */
+ public static final String PARAM_USER_BASE_DN_DEFAULT = "ou=people,o=example,dc=com";
+
+ /**
+ * @see Identity#getBaseDN()
+ */
+ @Property(
+ label = "User base DN",
+ description = "The base DN for user searches.",
+ value = PARAM_USER_BASE_DN_DEFAULT
+ )
+ public static final String PARAM_USER_BASE_DN = "user.baseDN";
+
+ /**
+ * @see Identity#getObjectClasses()
+ */
+ public static final String[] PARAM_USER_OBJECTCLASS_DEFAULT = {"person"};
+
+ /**
+ * @see Identity#getObjectClasses()
+ */
+ @Property(
+ label = "User object classes",
+ description = "The list of object classes an user entry must contain.",
+ value = {"person"},
+ cardinality = Integer.MAX_VALUE
+ )
+ public static final String PARAM_USER_OBJECTCLASS = "user.objectclass";
+
+ /**
+ * @see Identity#getIdAttribute()
+ */
+ public static final String PARAM_USER_ID_ATTRIBUTE_DEFAULT = "uid";
+
+ /**
+ * @see Identity#getIdAttribute()
+ */
+ @Property(
+ label = "User id attribute",
+ description = "Name of the attribute that contains the user id.",
+ value = PARAM_USER_ID_ATTRIBUTE_DEFAULT
+ )
+ public static final String PARAM_USER_ID_ATTRIBUTE = "user.idAttribute";
+
+ /**
+ * @see Identity#getExtraFilter()
+ */
+ public static final String PARAM_USER_EXTRA_FILTER_DEFAULT = "";
+
+ /**
+ * @see Identity#getExtraFilter()
+ */
+ @Property(
+ label = "User extra filter",
+ description = "Extra LDAP filter to use when searching for users. The final filter is" +
+ "formatted like: '(&(<idAttr>=<userId>)(objectclass=<objectclass>)<extraFilter>)'",
+ value = PARAM_USER_EXTRA_FILTER_DEFAULT
+ )
+ public static final String PARAM_USER_EXTRA_FILTER = "user.extraFilter";
+
+ /**
+ * @see Identity#getBaseDN()
+ */
+ public static final String PARAM_GROUP_BASE_DN_DEFAULT = "ou=groups,o=example,dc=com";
+
+ /**
+ * @see Identity#getBaseDN()
+ */
+ @Property(
+ label = "Group base DN",
+ description = "The base DN for group searches.",
+ value = PARAM_GROUP_BASE_DN_DEFAULT
+ )
+ public static final String PARAM_GROUP_BASE_DN = "group.baseDN";
+
+ /**
+ * @see Identity#getObjectClasses()
+ */
+ public static final String[] PARAM_GROUP_OBJECTCLASS_DEFAULT = {"groupOfUniqueNames"};
+
+ /**
+ * @see Identity#getObjectClasses()
+ */
+ @Property(
+ label = "Group object classes",
+ description = "The list of object classes a group entry must contain.",
+ value = {"groupOfUniqueNames"},
+ cardinality = Integer.MAX_VALUE
+ )
+ public static final String PARAM_GROUP_OBJECTCLASS = "group.objectclass";
+
+ /**
+ * @see Identity#getIdAttribute()
+ */
+ public static final String PARAM_GROUP_NAME_ATTRIBUTE_DEFAULT = "cn";
/**
- * Defines the configuration of an identity.
+ * @see Identity#getIdAttribute()
+ */
+ @Property(
+ label = "Group name attribute",
+ description = "Name of the attribute that contains the group name.",
+ value = PARAM_GROUP_NAME_ATTRIBUTE_DEFAULT
+ )
+ public static final String PARAM_GROUP_NAME_ATTRIBUTE = "group.nameAttribute";
+
+ /**
+ * @see Identity#getExtraFilter()
+ */
+ public static final String PARAM_GROUP_EXTRA_FILTER_DEFAULT = "";
+
+ /**
+ * @see Identity#getExtraFilter()
+ */
+ @Property(
+ label = "Group extra filter",
+ description = "Extra LDAP filter to use when searching for groups. The final filter is" +
+ "formatted like: '(&(<nameAttr>=<groupName>)(objectclass=<objectclass>)<extraFilter>)'",
+ value = PARAM_GROUP_EXTRA_FILTER_DEFAULT
+ )
+ public static final String PARAM_GROUP_EXTRA_FILTER = "group.extraFilter";
+
+ /**
+ * @see #getGroupMemberAttribute()
+ */
+ public static final String PARAM_GROUP_MEMBER_ATTRIBUTE_DEFAULT = "uniquemember";
+
+ /**
+ * @see #getGroupMemberAttribute()
+ */
+ @Property(
+ label = "Group member attribute",
+ description = "Group attribute that contains the member(s) of a group.",
+ value = PARAM_GROUP_MEMBER_ATTRIBUTE_DEFAULT
+ )
+ public static final String PARAM_GROUP_MEMBER_ATTRIBUTE = "group.memberAttribute";
+
+ /**
+ * Defines the configuration of an identity (user or group).
*/
public static class Identity {
- private Dn baseDN;
+ private String baseDN;
private String[] objectClasses;
@@ -108,49 +295,121 @@ public class LdapProviderConfig {
private String filterTemplate;
- public Dn getBaseDN() {
+ /**
+ * Configures the base DN for searches of this kind of identity
+ * @return the base DN
+ */
+ @Nonnull
+ public String getBaseDN() {
return baseDN;
}
- public void setBaseDN(String baseDN) throws LdapInvalidDnException {
- this.baseDN = new Dn(baseDN);
+ /**
+ * Sets the base DN for search of this kind of identity.
+ * @param baseDN the DN as string.
+ * @return {@code this}
+ * @see #getBaseDN()
+ */
+ @Nonnull
+ public Identity setBaseDN(@Nonnull String baseDN) {
+ this.baseDN = baseDN;
+ return this;
}
+ /**
+ * Configures the object classes of this kind of identity.
+ * @return an array of object classes
+ * @see #getSearchFilter(String) for more detail about searching and filtering
+ */
+ @Nonnull
public String[] getObjectClasses() {
return objectClasses;
}
- public void setObjectClasses(String[] objectClasses) {
+ /**
+ * Sets the object classes.
+ * @param objectClasses the object classes
+ * @return {@code this}
+ * @see #getObjectClasses()
+ */
+ @Nonnull
+ public Identity setObjectClasses(@Nonnull String ... objectClasses) {
this.objectClasses = objectClasses;
filterTemplate = null;
+ return this;
}
+ /**
+ * Configures the attribute that is used to identify this identity by id. For users this is the attribute that
+ * holds the user id, for groups this is the attribute that holds the group name.
+ *
+ * @return the id attribute name
+ * @see #getSearchFilter(String) for more detail about searching and filtering
+ */
+ @Nonnull
public String getIdAttribute() {
return idAttribute;
}
- public void setIdAttribute(String idAttribute) {
+ /**
+ * Sets the id attribute.
+ * @param idAttribute the id attribute name
+ * @return {@code this}
+ * @see #getIdAttribute()
+ */
+ @Nonnull
+ public Identity setIdAttribute(@Nonnull String idAttribute) {
this.idAttribute = idAttribute;
filterTemplate = null;
+ return this;
}
+ /**
+ * Configures the extra LDAP filter that is appended to the internally computed filter when searching for
+ * identities.
+ *
+ * @return the extra filter
+ */
+ @CheckForNull
public String getExtraFilter() {
return extraFilter;
}
- public void setExtraFilter(String extraFilter) {
+ /**
+ * Sets the extra search filter.
+ * @param extraFilter the filter
+ * @return {@code this}
+ * @see #getExtraFilter()
+ */
+ @Nonnull
+ public Identity setExtraFilter(@Nullable String extraFilter) {
this.extraFilter = extraFilter;
filterTemplate = null;
+ return this;
}
- public String getSearchFilter(String id) {
+ /**
+ * Returns the LDAP filter that is used when searching this type of identity. The filter is based on the
+ * configuration and has the following format:
+ *
+ * <pre>
+ * (&(${idAttr}=${id})(objectclass=${objectclass})${extraFilter})
+ * </pre>
+ *
+ * Note that the objectclass part is repeated according to the specified objectclasses in {@link #getObjectClasses()}.
+ *
+ * @param id the id value
+ * @return the search filter
+ */
+ @Nonnull
+ public String getSearchFilter(@Nonnull String id) {
if (filterTemplate == null) {
StringBuilder filter = new StringBuilder("(&(")
.append(idAttribute)
.append("=%s)");
for (String objectClass: objectClasses) {
filter.append("(objectclass=")
- .append(FilterEncoder.encodeFilterValue(objectClass))
+ .append(encodeFilterValue(objectClass))
.append(')');
}
if (extraFilter != null && extraFilter.length() > 0) {
@@ -159,105 +418,302 @@ public class LdapProviderConfig {
filter.append(')');
filterTemplate = filter.toString();
}
- return String.format(filterTemplate, FilterEncoder.encodeFilterValue(id));
+ return String.format(filterTemplate, encodeFilterValue(id));
+ }
+
+ /**
+ * Copied from org.apache.directory.api.ldap.model.filter.FilterEncoder#encodeFilterValue(java.lang.String)
+ * in order to keep this configuration LDAP client independent.
+ *
+ * Handles encoding of special characters in LDAP search filter assertion values using the
+ * <valueencoding> rule as described in <a href="http://www.ietf.org/rfc/rfc4515.txt">RFC 4515</a>.
+ *
+ * @param value Right hand side of "attrId=value" assertion occurring in an LDAP search filter.
+ * @return Escaped version of <code>value</code>
+ */
+ private static String encodeFilterValue(String value) {
+ StringBuilder sb = null;
+ for (int i = 0; i < value.length(); i++) {
+ char ch = value.charAt(i);
+ String replace = null;
+ switch (ch) {
+ case '*':
+ replace = "\\2A";
+ break;
+
+ case '(':
+ replace = "\\28";
+ break;
+
+ case ')':
+ replace = "\\29";
+ break;
+
+ case '\\':
+ replace = "\\5C";
+ break;
+
+ case '\0':
+ replace = "\\00";
+ break;
+ }
+ if (replace != null) {
+ if (sb == null) {
+ sb = new StringBuilder(value.length() * 2);
+ sb.append(value.substring(0, i));
+ }
+ sb.append(replace);
+ } else if (sb != null) {
+ sb.append(ch);
+ }
+ }
+ return (sb == null ? value : sb.toString());
}
}
+ /**
+ * Creates a new LDAP provider configuration based on the properties store in the given parameters.
+ * @param params the configuration parameters.
+ * @return the config
+ */
public static LdapProviderConfig of(ConfigurationParameters params) {
- LdapProviderConfig cfg = new LdapProviderConfig();
- cfg.name = params.getConfigValue(PARAM_NAME, cfg.name);
- cfg.host = params.getConfigValue(PARAM_LDAP_HOST, PARAM_LDAP_HOST_DEFAULT);
- cfg.port = params.getConfigValue(PARAM_LDAP_PORT, PARAM_LDAP_PORT_DEFAULT);
- cfg.useSSL = params.getConfigValue(PARAM_USE_SSL, PARAM_USE_SSL_DEFAULT);
- cfg.bindDN = params.getConfigValue(PARAM_BIND_DN, PARAM_BIND_DN_DEFAULT);
- cfg.bindPassword = params.getConfigValue(PARAM_BIND_PASSWORD, PARAM_BIND_PASSWORD_DEFAULT);
- cfg.searchTimeout = params.getConfigValue(PARAM_SEARCH_TIMEOUT, PARAM_SEARCH_TIMEOUT_DEFAULT);
+ LdapProviderConfig cfg = new LdapProviderConfig()
+ .setName(params.getConfigValue(PARAM_NAME, PARAM_NAME_DEFAULT))
+ .setHostname(params.getConfigValue(PARAM_LDAP_HOST, PARAM_LDAP_HOST_DEFAULT))
+ .setPort(params.getConfigValue(PARAM_LDAP_PORT, PARAM_LDAP_PORT_DEFAULT))
+ .setUseSSL(params.getConfigValue(PARAM_USE_SSL, PARAM_USE_SSL_DEFAULT))
+ .setBindDN(params.getConfigValue(PARAM_BIND_DN, PARAM_BIND_DN_DEFAULT))
+ .setBindPassword(params.getConfigValue(PARAM_BIND_PASSWORD, PARAM_BIND_PASSWORD_DEFAULT))
+ .setSearchTimeout(params.getConfigValue(PARAM_SEARCH_TIMEOUT, PARAM_SEARCH_TIMEOUT_DEFAULT))
+ .setGroupMemberAttribute(params.getConfigValue(PARAM_GROUP_MEMBER_ATTRIBUTE, PARAM_GROUP_MEMBER_ATTRIBUTE_DEFAULT));
+
+ cfg.getUserConfig()
+ .setBaseDN(params.getConfigValue(PARAM_USER_BASE_DN, PARAM_USER_BASE_DN))
+ .setIdAttribute(params.getConfigValue(PARAM_USER_ID_ATTRIBUTE, PARAM_USER_ID_ATTRIBUTE_DEFAULT))
+ .setExtraFilter(params.getConfigValue(PARAM_USER_EXTRA_FILTER, PARAM_USER_EXTRA_FILTER_DEFAULT))
+ .setObjectClasses(params.getConfigValue(PARAM_USER_OBJECTCLASS, PARAM_USER_OBJECTCLASS_DEFAULT));
+
+ cfg.getGroupConfig()
+ .setBaseDN(params.getConfigValue(PARAM_GROUP_BASE_DN, PARAM_GROUP_BASE_DN))
+ .setIdAttribute(params.getConfigValue(PARAM_GROUP_NAME_ATTRIBUTE, PARAM_GROUP_NAME_ATTRIBUTE_DEFAULT))
+ .setExtraFilter(params.getConfigValue(PARAM_GROUP_EXTRA_FILTER, PARAM_GROUP_EXTRA_FILTER_DEFAULT))
+ .setObjectClasses(params.getConfigValue(PARAM_GROUP_OBJECTCLASS, PARAM_GROUP_OBJECTCLASS_DEFAULT));
+
return cfg;
}
+ private String name = PARAM_NAME_DEFAULT;
+
+ private String hostname = PARAM_LDAP_HOST_DEFAULT;
- private String name = "ldap";
- private String host = PARAM_LDAP_HOST_DEFAULT;
private int port = PARAM_LDAP_PORT_DEFAULT;
+
private boolean useSSL = PARAM_USE_SSL_DEFAULT;
+
private String bindDN = PARAM_BIND_DN_DEFAULT;
+
private String bindPassword = PARAM_BIND_PASSWORD_DEFAULT;
+
private int searchTimeout = PARAM_SEARCH_TIMEOUT_DEFAULT;
+ private String groupMemberAttribute = PARAM_GROUP_MEMBER_ATTRIBUTE;
+
private final Identity userConfig = new Identity();
- private final Identity groupConfig = new Identity();
- private String groupMembershipAttribute = "uniquemember";
+ private final Identity groupConfig = new Identity();
+ /**
+ * Returns the name of this provider configuration.
+ * The default is {@value #PARAM_NAME_DEFAULT}
+ *
+ * @return the name.
+ */
@Nonnull
public String getName() {
return name;
}
- public void setName(@Nonnull String name) {
+ /**
+ * Sets the name of this provider.
+ * @param name the name
+ * @return {@code this}
+ * @see #getName()
+ */
+ @Nonnull
+ public LdapProviderConfig setName(@Nonnull String name) {
this.name = name;
+ return this;
}
- public String getHost() {
- return host;
+ /**
+ * Configures the hostname of the LDAP server.
+ * The default is {@value #PARAM_LDAP_HOST_DEFAULT}
+ *
+ * @return the hostname
+ */
+ @Nonnull
+ public String getHostname() {
+ return hostname;
}
- public void setHost(String host) {
- this.host = host;
+ /**
+ * Sets the hostname.
+ * @param hostname the hostname
+ * @return {@code this}
+ * @see #getHostname()
+ */
+ @Nonnull
+ public LdapProviderConfig setHostname(@Nonnull String hostname) {
+ this.hostname = hostname;
+ return this;
}
+ /**
+ * Configures the port of the LDAP server.
+ * The default is {@value #PARAM_LDAP_PORT_DEFAULT}
+ *
+ * @return the port
+ */
public int getPort() {
return port;
}
- public void setPort(int port) {
+ /**
+ * Sets the port.
+ * @param port the port
+ * @return {@code this}
+ * @see #getPort()
+ */
+ @Nonnull
+ public LdapProviderConfig setPort(int port) {
this.port = port;
+ return this;
}
- public boolean isUseSSL() {
+ /**
+ * Configures whether SSL connections should be used.
+ * The default is {@value #PARAM_USE_SSL_DEFAULT}.
+ *
+ * @return {@code true} if SSL should be used.
+ */
+ public boolean useSSL() {
return useSSL;
}
- public void setUseSSL(boolean useSSL) {
+ /**
+ * Enables SSL connections.
+ * @param useSSL {@code true} to enable SSL
+ * @return {@code this}
+ * @see #useSSL()
+ */
+ @Nonnull
+ public LdapProviderConfig setUseSSL(boolean useSSL) {
this.useSSL = useSSL;
+ return this;
}
+ /**
+ * Configures the DN that is used to bind to the LDAP server. If this value is {@code null} or an empty string,
+ * anonymous connections are used.
+ * @return the bind DN or {@code null}.
+ */
+ @CheckForNull
public String getBindDN() {
return bindDN;
}
- public void setBindDN(String bindDN) {
+ /**
+ * Sets the bind DN.
+ * @param bindDN the DN
+ * @return {@code this}
+ * @see #getBindDN()
+ */
+ @Nonnull
+ public LdapProviderConfig setBindDN(@Nullable String bindDN) {
this.bindDN = bindDN;
+ return this;
}
+ /**
+ * Configures the password that is used to bind to the LDAP server. This value is not used for anonymous binds.
+ * @return the password.
+ */
+ @CheckForNull
public String getBindPassword() {
return bindPassword;
}
- public void setBindPassword(String bindPassword) {
+ /**
+ * Sets the bind password
+ * @param bindPassword the password
+ * @return {@code this}
+ * @see #getBindPassword()
+ */
+ @Nonnull
+ public LdapProviderConfig setBindPassword(@Nullable String bindPassword) {
this.bindPassword = bindPassword;
+ return this;
}
+ /**
+ * Configures the timeout in milliseconds that is used for all LDAP searches.
+ * The default is {@value #PARAM_SEARCH_TIMEOUT_DEFAULT}.
+ *
+ * @return the timeout in milliseconds.
+ */
public int getSearchTimeout() {
return searchTimeout;
}
- public void setSearchTimeout(int searchTimeout) {
+ /**
+ * Sets the search timeout.
+ * @param searchTimeout the timeout in milliseconds
+ * @return {@code this}
+ * @see #setSearchTimeout(int)
+ */
+ @Nonnull
+ public LdapProviderConfig setSearchTimeout(int searchTimeout) {
this.searchTimeout = searchTimeout;
+ return this;
}
- public String getGroupMembershipAttribute() {
- return groupMembershipAttribute;
+ /**
+ * Configures the attribute that stores the members of a group.
+ * Default is {@value #PARAM_GROUP_MEMBER_ATTRIBUTE_DEFAULT}
+ *
+ * @return the group member attribute
+ */
+ @Nonnull
+ public String getGroupMemberAttribute() {
+ return groupMemberAttribute;
}
- public void setGroupMembershipAttribute(String groupMembershipAttribute) {
- this.groupMembershipAttribute = groupMembershipAttribute;
+ /**
+ * Sets the group member attribute.
+ * @param groupMemberAttribute the attribute name
+ * @return {@code this}
+ * @see #getGroupMemberAttribute()
+ */
+ @Nonnull
+ public LdapProviderConfig setGroupMemberAttribute(@Nonnull String groupMemberAttribute) {
+ this.groupMemberAttribute = groupMemberAttribute;
+ return this;
}
+ /**
+ * Returns the user specific configuration.
+ * @return the user config.
+ */
+ @Nonnull
public Identity getUserConfig() {
return userConfig;
}
+ /**
+ * Returns the group specific configuration.
+ * @return the groups config.
+ */
+ @Nonnull
public Identity getGroupConfig() {
return groupConfig;
}
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/ExternalIdentity.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/ExternalIdentity.java?rev=1566805&r1=1566804&r2=1566805&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/ExternalIdentity.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/ExternalIdentity.java Mon Feb 10 22:57:52 2014
@@ -1,20 +1,19 @@
-/*************************************************************************
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
*
- * ADOBE CONFIDENTIAL
- * ___________________
+ * http://www.apache.org/licenses/LICENSE-2.0
*
- * Copyright ${today.year} Adobe Systems Incorporated
- * All Rights Reserved.
- *
- * NOTICE: All information contained herein is, and remains
- * the property of Adobe Systems Incorporated and its suppliers,
- * if any. The intellectual and technical concepts contained
- * herein are proprietary to Adobe Systems Incorporated and its
- * suppliers and are protected by trade secret or copyright law.
- * Dissemination of this information or reproduction of this material
- * is strictly forbidden unless prior written permission is obtained
- * from Adobe Systems Incorporated.
- **************************************************************************/
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
package org.apache.jackrabbit.oak.spi.security.authentication.external;
import java.security.Principal;
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/ExternalIdentityException.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/ExternalIdentityException.java?rev=1566805&r1=1566804&r2=1566805&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/ExternalIdentityException.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/ExternalIdentityException.java Mon Feb 10 22:57:52 2014
@@ -1,20 +1,19 @@
-/*************************************************************************
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
*
- * ADOBE CONFIDENTIAL
- * ___________________
+ * http://www.apache.org/licenses/LICENSE-2.0
*
- * Copyright ${today.year} Adobe Systems Incorporated
- * All Rights Reserved.
- *
- * NOTICE: All information contained herein is, and remains
- * the property of Adobe Systems Incorporated and its suppliers,
- * if any. The intellectual and technical concepts contained
- * herein are proprietary to Adobe Systems Incorporated and its
- * suppliers and are protected by trade secret or copyright law.
- * Dissemination of this information or reproduction of this material
- * is strictly forbidden unless prior written permission is obtained
- * from Adobe Systems Incorporated.
- **************************************************************************/
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
package org.apache.jackrabbit.oak.spi.security.authentication.external;
/**
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/ExternalIdentityProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/ExternalIdentityProvider.java?rev=1566805&r1=1566804&r2=1566805&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/ExternalIdentityProvider.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/ExternalIdentityProvider.java Mon Feb 10 22:57:52 2014
@@ -1,20 +1,19 @@
-/*************************************************************************
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
*
- * ADOBE CONFIDENTIAL
- * ___________________
+ * http://www.apache.org/licenses/LICENSE-2.0
*
- * Copyright ${today.year} Adobe Systems Incorporated
- * All Rights Reserved.
- *
- * NOTICE: All information contained herein is, and remains
- * the property of Adobe Systems Incorporated and its suppliers,
- * if any. The intellectual and technical concepts contained
- * herein are proprietary to Adobe Systems Incorporated and its
- * suppliers and are protected by trade secret or copyright law.
- * Dissemination of this information or reproduction of this material
- * is strictly forbidden unless prior written permission is obtained
- * from Adobe Systems Incorporated.
- **************************************************************************/
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
package org.apache.jackrabbit.oak.spi.security.authentication.external;
import javax.annotation.CheckForNull;
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/ExternalIdentityRef.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/ExternalIdentityRef.java?rev=1566805&r1=1566804&r2=1566805&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/ExternalIdentityRef.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/ExternalIdentityRef.java Mon Feb 10 22:57:52 2014
@@ -1,20 +1,19 @@
-/*************************************************************************
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
*
- * ADOBE CONFIDENTIAL
- * ___________________
+ * http://www.apache.org/licenses/LICENSE-2.0
*
- * Copyright ${today.year} Adobe Systems Incorporated
- * All Rights Reserved.
- *
- * NOTICE: All information contained herein is, and remains
- * the property of Adobe Systems Incorporated and its suppliers,
- * if any. The intellectual and technical concepts contained
- * herein are proprietary to Adobe Systems Incorporated and its
- * suppliers and are protected by trade secret or copyright law.
- * Dissemination of this information or reproduction of this material
- * is strictly forbidden unless prior written permission is obtained
- * from Adobe Systems Incorporated.
- **************************************************************************/
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
package org.apache.jackrabbit.oak.spi.security.authentication.external;
import javax.annotation.CheckForNull;
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/SyncConfig.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/SyncConfig.java?rev=1566805&r1=1566804&r2=1566805&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/SyncConfig.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/SyncConfig.java Mon Feb 10 22:57:52 2014
@@ -1,20 +1,20 @@
-/*************************************************************************
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
*
- * ADOBE CONFIDENTIAL
- * ___________________
+ * http://www.apache.org/licenses/LICENSE-2.0
*
- * Copyright ${today.year} Adobe Systems Incorporated
- * All Rights Reserved.
- *
- * NOTICE: All information contained herein is, and remains
- * the property of Adobe Systems Incorporated and its suppliers,
- * if any. The intellectual and technical concepts contained
- * herein are proprietary to Adobe Systems Incorporated and its
- * suppliers and are protected by trade secret or copyright law.
- * Dissemination of this information or reproduction of this material
- * is strictly forbidden unless prior written permission is obtained
- * from Adobe Systems Incorporated.
- **************************************************************************/
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
package org.apache.jackrabbit.oak.spi.security.authentication.external;
import java.util.Map;
@@ -47,8 +47,9 @@ public class SyncConfig {
return expirationTime;
}
- public void setExpirationTime(long expirationTime) {
+ public Authorizable setExpirationTime(long expirationTime) {
this.expirationTime = expirationTime;
+ return this;
}
/**
@@ -59,8 +60,9 @@ public class SyncConfig {
return autoMembership;
}
- public void setAutoMembership(Set<String> autoMembership) {
+ public Authorizable setAutoMembership(Set<String> autoMembership) {
this.autoMembership = autoMembership;
+ return this;
}
/**
@@ -83,8 +85,9 @@ public class SyncConfig {
return propertyMapping;
}
- public void setPropertyMapping(Map<String, String> propertyMapping) {
+ public Authorizable setPropertyMapping(Map<String, String> propertyMapping) {
this.propertyMapping = propertyMapping;
+ return this;
}
/**
@@ -96,8 +99,9 @@ public class SyncConfig {
return pathPrefix;
}
- public void setPathPrefix(String pathPrefix) {
+ public Authorizable setPathPrefix(String pathPrefix) {
this.pathPrefix = pathPrefix;
+ return this;
}
}
@@ -123,8 +127,9 @@ public class SyncConfig {
return membershipExpirationTime;
}
- public void setMembershipExpirationTime(long membershipExpirationTime) {
+ public User setMembershipExpirationTime(long membershipExpirationTime) {
this.membershipExpirationTime = membershipExpirationTime;
+ return this;
}
/**
@@ -137,8 +142,9 @@ public class SyncConfig {
return groupNestingDepth;
}
- public void setGroupNestingDepth(long groupNestingDepth) {
+ public User setGroupNestingDepth(long groupNestingDepth) {
this.groupNestingDepth = groupNestingDepth;
+ return this;
}
}
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/SyncManager.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/SyncManager.java?rev=1566805&r1=1566804&r2=1566805&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/SyncManager.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/SyncManager.java Mon Feb 10 22:57:52 2014
@@ -1,20 +1,19 @@
-/*************************************************************************
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
*
- * ADOBE CONFIDENTIAL
- * ___________________
+ * http://www.apache.org/licenses/LICENSE-2.0
*
- * Copyright ${today.year} Adobe Systems Incorporated
- * All Rights Reserved.
- *
- * NOTICE: All information contained herein is, and remains
- * the property of Adobe Systems Incorporated and its suppliers,
- * if any. The intellectual and technical concepts contained
- * herein are proprietary to Adobe Systems Incorporated and its
- * suppliers and are protected by trade secret or copyright law.
- * Dissemination of this information or reproduction of this material
- * is strictly forbidden unless prior written permission is obtained
- * from Adobe Systems Incorporated.
- **************************************************************************/
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
package org.apache.jackrabbit.oak.spi.security.authentication.external;
import javax.annotation.CheckForNull;
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/ExternalIDPManagerImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/ExternalIDPManagerImpl.java?rev=1566805&r1=1566804&r2=1566805&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/ExternalIDPManagerImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/ExternalIDPManagerImpl.java Mon Feb 10 22:57:52 2014
@@ -1,20 +1,19 @@
-/*************************************************************************
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
*
- * ADOBE CONFIDENTIAL
- * ___________________
+ * http://www.apache.org/licenses/LICENSE-2.0
*
- * Copyright ${today.year} Adobe Systems Incorporated
- * All Rights Reserved.
- *
- * NOTICE: All information contained herein is, and remains
- * the property of Adobe Systems Incorporated and its suppliers,
- * if any. The intellectual and technical concepts contained
- * herein are proprietary to Adobe Systems Incorporated and its
- * suppliers and are protected by trade secret or copyright law.
- * Dissemination of this information or reproduction of this material
- * is strictly forbidden unless prior written permission is obtained
- * from Adobe Systems Incorporated.
- **************************************************************************/
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
package org.apache.jackrabbit.oak.spi.security.authentication.external.impl;
import java.util.Map;
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/ExternalLoginModule.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/ExternalLoginModule.java?rev=1566805&r1=1566804&r2=1566805&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/ExternalLoginModule.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/ExternalLoginModule.java Mon Feb 10 22:57:52 2014
@@ -133,13 +133,11 @@ public class ExternalLoginModule extends
}
try {
- ExternalUser externalUser = idp.authenticate(credentials);
+ externalUser = idp.authenticate(credentials);
if (externalUser != null) {
- log.debug("Adding Credentials to shared state.");
//noinspection unchecked
sharedState.put(SHARED_KEY_CREDENTIALS, credentials);
- log.debug("Adding login name to shared state.");
//noinspection unchecked
sharedState.put(SHARED_KEY_LOGIN_NAME, externalUser.getId());
@@ -224,7 +222,6 @@ public class ExternalLoginModule extends
@Override
protected void clearState() {
super.clearState();
- idp = null;
externalUser = null;
}
}
\ No newline at end of file
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/package-info.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/package-info.java?rev=1566805&r1=1566804&r2=1566805&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/package-info.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/package-info.java Mon Feb 10 22:57:52 2014
@@ -6,7 +6,7 @@
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
- * http://www.apache.org/licenses/LICENSE-2.0
+ * http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,