taylor 02/05/30 00:04:12
Modified: build Tag: security_14 build.xml
build/torque Tag: security_14 build.properties
build/torque/schema Tag: security_14 security-schema.xml
src/java/org/apache/jetspeed/modules/actions Tag:
security_14 JLoginUser.java
src/java/org/apache/jetspeed/modules/actions/portlets/security
Tag: security_14 UserUpdateAction.java
src/java/org/apache/jetspeed/om/profile Tag: security_14
BaseProfileLocator.java
src/java/org/apache/jetspeed/om/security Tag: security_14
BaseJetspeedUser.java JetspeedUser.java
src/java/org/apache/jetspeed/services Tag: security_14
JetspeedSecurity.java
src/java/org/apache/jetspeed/services/psmlmanager Tag:
security_14 CastorPsmlManagerService.java
src/java/org/apache/jetspeed/services/security Tag:
security_14 AccountExpiredException.java
AuthorizationException.java
CredentialExpiredException.java
FailedLoginException.java
InsufficientPrivilegeException.java
JetspeedDBSecurityService.java
JetspeedSecurityException.java
JetspeedSecurityService.java LoginException.java
NotUniqueUserException.java
PortalAuthentication.java UnknownUserException.java
UserException.java UserManagement.java
src/java/org/apache/jetspeed/services/security/turbine Tag:
security_14 TurbineAuthentication.java
webapp/WEB-INF/conf Tag: security_14
JetspeedResources.properties
JetspeedSecurity.properties
TurbineResources.properties
webapp/WEB-INF/db Tag: security_14 jetspeed.properties
jetspeed.script
Added: src/java/org/apache/jetspeed/om/security Tag: security_14
JetspeedUserFactory.java UserIdPrincipal.java
UserNamePrincipal.java
src/java/org/apache/jetspeed/services Tag: security_14
JetspeedUserManagement.java
src/java/org/apache/jetspeed/services/security Tag:
security_14 TestPortalAuthentication.java
src/java/org/apache/jetspeed/services/security/turbine Tag:
security_14 TurbineUserManagement.java
Log:
This is still very much under construction and will be so for the next few days.
Just want to get it checked in and safe.
Working on TurbineUserManagement and BaseJetspeedUser, decoupling from Turbine. Will
continue here tomorrow...
Revision Changes Path
No revision
No revision
1.142.2.4 +7 -1 jakarta-jetspeed/build/build.xml
Index: build.xml
===================================================================
RCS file: /home/cvs/jakarta-jetspeed/build/build.xml,v
retrieving revision 1.142.2.3
retrieving revision 1.142.2.4
diff -u -r1.142.2.3 -r1.142.2.4
--- build.xml 26 May 2002 17:54:02 -0000 1.142.2.3
+++ build.xml 30 May 2002 07:04:09 -0000 1.142.2.4
@@ -813,16 +813,22 @@
<formatter type="plain" usefile="false"/>
<!-- JUnit unit tests -->
+
<test name="org.apache.jetspeed.services.psmlmanager.TestMarshalPsml"/>
<test name="org.apache.jetspeed.services.idgenerator.TestIdGenerator"/>
<test
name="org.apache.jetspeed.services.registry.TestMarshallRegistry"/>
<test
name="org.apache.jetspeed.services.registry.TestRegistryCategories"/>
+
<!--
<test
name="org.apache.jetspeed.services.registry.TestRegistryPersistence"/>
-->
- <test
name="org.apache.jetspeed.util.template.TestJetspeedLinkFactory"/>
+
+ <test name="org.apache.jetspeed.util.template.TestJetspeedLinkFactory"/>
<test name="org.apache.jetspeed.util.rewriter.FrameRewriterTest"/>
<test
name="org.apache.jetspeed.services.profiler.TestProfilerService"/>
+<!--
+ <test
name="org.apache.jetspeed.services.security.TestPortalAuthentication"/>
+-->
</junit>
</target>
No revision
No revision
1.4.2.2 +1 -1 jakarta-jetspeed/build/torque/build.properties
Index: build.properties
===================================================================
RCS file: /home/cvs/jakarta-jetspeed/build/torque/build.properties,v
retrieving revision 1.4.2.1
retrieving revision 1.4.2.2
diff -u -r1.4.2.1 -r1.4.2.2
--- build.properties 25 May 2002 18:18:14 -0000 1.4.2.1
+++ build.properties 30 May 2002 07:04:09 -0000 1.4.2.2
@@ -67,7 +67,7 @@
# -------------------------------------------------------------------
# targetPackage=org.apache.jetspeed.om.dbpsml
-targetPackage=org.apache.jetspeed.om.security
+targetPackage=org.apache.jetspeed.om.security.turbine
addSaveMethod=true
addGetByNameMethod=true
No revision
No revision
1.1.2.5 +2 -2 jakarta-jetspeed/build/torque/schema/Attic/security-schema.xml
Index: security-schema.xml
===================================================================
RCS file: /home/cvs/jakarta-jetspeed/build/torque/schema/Attic/security-schema.xml,v
retrieving revision 1.1.2.4
retrieving revision 1.1.2.5
diff -u -r1.1.2.4 -r1.1.2.5
--- security-schema.xml 26 May 2002 16:07:51 -0000 1.1.2.4
+++ security-schema.xml 30 May 2002 07:04:09 -0000 1.1.2.5
@@ -13,10 +13,10 @@
<!-- users, and security. -->
<!-- ==================================================================== -->
<!-- @author: <a href="mailto:[EMAIL PROTECTED]";>David Sean Taylor</a> -->
-<!-- @version $Id: security-schema.xml,v 1.1.2.4 2002/05/26 16:07:51 taylor Exp $
-->
+<!-- @version $Id: security-schema.xml,v 1.1.2.5 2002/05/30 07:04:09 taylor Exp $
-->
<!-- ==================================================================== -->
-<database name="@DATABASE_NAME@">
+<database>
<table name="TURBINE_USER" idMethod="idbroker">
<column name="USER_ID" required="true" primaryKey="true" type="INTEGER"/>
No revision
No revision
1.23.2.1 +2 -2
jakarta-jetspeed/src/java/org/apache/jetspeed/modules/actions/JLoginUser.java
Index: JLoginUser.java
===================================================================
RCS file:
/home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/modules/actions/JLoginUser.java,v
retrieving revision 1.23
retrieving revision 1.23.2.1
diff -u -r1.23 -r1.23.2.1
--- JLoginUser.java 25 Feb 2002 04:38:12 -0000 1.23
+++ JLoginUser.java 30 May 2002 07:04:09 -0000 1.23.2.1
@@ -265,7 +265,7 @@
if ( data.getUser().hasLoggedIn())
{
- if (JetspeedResources.getBoolean("logon.auto.disable", true))
+ if (JetspeedSecurity.getAutoLogonDisable())
{
// dst: this needs some refactoring. I don't believe this api is
necessary
JetspeedSecurity.resetUserCheck(data.getParameters().getString("username", ""));
@@ -354,7 +354,7 @@
else
{
// disable user after a configurable number of strikes
- if (JetspeedResources.getBoolean("logon.auto.disable", true))
+ if (JetspeedSecurity.getAutoLogonDisable())
{
boolean disabled =
JetspeedSecurity.disableUserCheck(data.getParameters().getString("username", ""));
if (disabled)
No revision
No revision
1.11.2.1 +2 -2
jakarta-jetspeed/src/java/org/apache/jetspeed/modules/actions/portlets/security/UserUpdateAction.java
Index: UserUpdateAction.java
===================================================================
RCS file:
/home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/modules/actions/portlets/security/UserUpdateAction.java,v
retrieving revision 1.11
retrieving revision 1.11.2.1
diff -u -r1.11 -r1.11.2.1
--- UserUpdateAction.java 29 Mar 2002 20:12:32 -0000 1.11
+++ UserUpdateAction.java 30 May 2002 07:04:10 -0000 1.11.2.1
@@ -104,7 +104,7 @@
* @author <a href="mailto:[EMAIL PROTECTED]";>David Sean Taylor</a>
* @author <a href="mailto:[EMAIL PROTECTED]";>Chris Kimpton</a>
* @author <a href="mailto:[EMAIL PROTECTED]";>Paul Spencer</a>
- * @version $Id: UserUpdateAction.java,v 1.11 2002/03/29 20:12:32 taylor Exp $
+ * @version $Id: UserUpdateAction.java,v 1.11.2.1 2002/05/30 07:04:10 taylor Exp $
*/
public class UserUpdateAction extends VelocityPortletAction
{
@@ -483,7 +483,7 @@
boolean disabled = (strDisabled != null);
user.setDisabled(disabled);
- if (!disabled && oldDisabled &&
JetspeedResources.getBoolean("logon.auto.disable", true))
+ if (!disabled && oldDisabled && JetspeedSecurity.getAutoLogonDisable())
{
JetspeedSecurity.resetUserCheck(name);
}
No revision
No revision
1.11.2.1 +6 -7
jakarta-jetspeed/src/java/org/apache/jetspeed/om/profile/BaseProfileLocator.java
Index: BaseProfileLocator.java
===================================================================
RCS file:
/home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/om/profile/BaseProfileLocator.java,v
retrieving revision 1.11
retrieving revision 1.11.2.1
diff -u -r1.11 -r1.11.2.1
--- BaseProfileLocator.java 22 Apr 2002 02:42:22 -0000 1.11
+++ BaseProfileLocator.java 30 May 2002 07:04:10 -0000 1.11.2.1
@@ -57,11 +57,13 @@
import java.util.StringTokenizer;
import org.apache.turbine.util.Log;
import org.apache.turbine.om.security.User;
-import org.apache.jetspeed.om.security.BaseJetspeedUser;
+import org.apache.jetspeed.om.security.JetspeedUserFactory;
import org.apache.turbine.om.security.Role;
import org.apache.turbine.om.security.Group;
import org.apache.turbine.util.security.UnknownEntityException;
+import org.apache.jetspeed.services.security.UserException;
+import org.apache.jetspeed.om.security.JetspeedUser;
import org.apache.jetspeed.services.Profiler;
import org.apache.jetspeed.services.JetspeedSecurity;
import org.apache.turbine.services.TurbineServices;
@@ -76,7 +78,7 @@
*
* @author <a href="mailto:[EMAIL PROTECTED]";>David Sean Taylor</a>
* @author <a href="mailto:[EMAIL PROTECTED]";>Atul Dambalkar</a>
- * @version $Id: BaseProfileLocator.java,v 1.11 2002/04/22 02:42:22 paulsp Exp $
+ * @version $Id: BaseProfileLocator.java,v 1.11.2.1 2002/05/30 07:04:10 taylor Exp $
*/
public class BaseProfileLocator implements ProfileLocator, Cloneable
@@ -277,15 +279,12 @@
this.setUser( JetspeedSecurity.getAnonymousUser() );
else
{
- // warning: this ties us to turbine security
- // we could load class from TRP
- // (services.SecurityService.user.class)
- User user = new BaseJetspeedUser();
+ JetspeedUser user = JetspeedUserFactory.getInstance();
user.setUserName("anon");
this.setUser(user);
}
}
- catch (UnknownEntityException e)
+ catch (Exception e)
{
Log.error("Could not get Anonymous user");
}
No revision
No revision
1.3.2.1 +621 -26
jakarta-jetspeed/src/java/org/apache/jetspeed/om/security/BaseJetspeedUser.java
Index: BaseJetspeedUser.java
===================================================================
RCS file:
/home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/om/security/BaseJetspeedUser.java,v
retrieving revision 1.3
retrieving revision 1.3.2.1
diff -u -r1.3 -r1.3.2.1
--- BaseJetspeedUser.java 19 Mar 2002 21:38:14 -0000 1.3
+++ BaseJetspeedUser.java 30 May 2002 07:04:10 -0000 1.3.2.1
@@ -1,7 +1,7 @@
/* ====================================================================
* The Apache Software License, Version 1.1
*
- * Copyright (c) 2000-2001 The Apache Software Foundation. All rights
+ * Copyright (c) 2001 The Apache Software Foundation. All rights
* reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -24,12 +24,12 @@
* if and wherever such third-party acknowledgments normally appear.
*
* 4. The names "Apache" and "Apache Software Foundation" and
- * "Apache Jetspeed" must not be used to endorse or promote products
+ * "Apache Turbine" must not be used to endorse or promote products
* derived from this software without prior written permission. For
* written permission, please contact [EMAIL PROTECTED]
*
- * 5. Products derived from this software may not be called "Apache" or
- * "Apache Jetspeed", nor may "Apache" appear in their name, without
+ * 5. Products derived from this software may not be called "Apache",
+ * "Apache Turbine", nor may "Apache" appear in their name, without
* prior written permission of the Apache Software Foundation.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
@@ -51,29 +51,51 @@
* information on the Apache Software Foundation, please see
* <http://www.apache.org/>.
*/
-
package org.apache.jetspeed.om.security;
+import org.apache.jetspeed.services.JetspeedSecurity;
+
+import org.apache.turbine.om.security.User;
+import org.apache.turbine.om.security.SecurityObject;
import java.io.ByteArrayOutputStream;
import java.io.PrintWriter;
+import java.util.Date;
+import java.util.Hashtable;
import javax.servlet.http.HttpSessionBindingEvent;
-
+import org.apache.turbine.services.security.TurbineSecurity;
import org.apache.turbine.util.Log;
-import org.apache.turbine.om.security.User;
-import org.apache.turbine.om.security.TurbineUser;
+import org.apache.turbine.util.ObjectUtils;
import org.apache.jetspeed.services.resources.JetspeedResources;
-import org.apache.jetspeed.services.JetspeedSecurity;
+
+
/**
- * A Jetspeed implemetation of the Turbine User interface.
+ * The default Jetspeed implementation of User interface.
+ *
+ * This basic implementation contains the functionality that is
+ * expected to be common among all User implementations.
+ * You are welcome to extend this class if you wish to have
+ * custom functionality in your user objects (like accessor methods
+ * for custom attributes).
*
* @author <a href="mailto:[EMAIL PROTECTED]";>David Sean Taylor</a>
- * @version $Id: BaseJetspeedUser.java,v 1.3 2002/03/19 21:38:14 kimptoc Exp $
+ * @version $Id: BaseJetspeedUser.java,v 1.3.2.1 2002/05/30 07:04:10 taylor Exp $
*/
-public class BaseJetspeedUser extends TurbineUser implements JetspeedUser
+public class BaseJetspeedUser extends SecurityObject implements JetspeedUser
{
- public static final String DISABLED = "DISABLED";
+ /** The date on which the user account was created. */
+ private Date createDate = null;
+ /** The date on which the user last accessed the application. */
+ private Date lastAccessDate = null;
+
+ /** This is data that will survive a servlet engine restart. */
+ private Hashtable permStorage = null;
+ /** This is data that will not survive a servlet engine restart. */
+ private Hashtable tempStorage = null;
+
+ public static final String DISABLED = "DISABLED";
+ public static final String USER_ID = "USER_ID";
/**
* Constructor.
@@ -81,37 +103,565 @@
*/
public BaseJetspeedUser()
{
- super();
+ createDate = new Date();
+ tempStorage = new Hashtable(10);
+ permStorage = new Hashtable(10);
+ setHasLoggedIn(Boolean.FALSE);
setDisabled(false);
}
/**
- * Returns the disabled status for the user
+ * Returns the primary principle for this User, the user id.
+ *
+ * @return the user id.
+ */
+ public String getUserId()
+ {
+ String tmp = null;
+ try
+ {
+ tmp = (String) getPerm (USER_ID);
+ if ( tmp.length() == 0 )
+ {
+ tmp = null;
+ }
+ }
+ catch (Exception e)
+ {
+ }
+ return tmp;
+ }
+
+ /**
+ * Gets the access counter for a user during a session.
*
- * @return True when the account is disabled
+ * @return The access counter for the user for the session.
*/
- public boolean getDisabled()
+ public int getAccessCounterForSession()
{
- boolean disabled = false;
try
{
- String tmp = (String) getPerm (DISABLED);
- if ( tmp != null && tmp.length() > 0 )
+ return ((Integer) getTemp(User.SESSION_ACCESS_COUNTER)).intValue();
+ }
+ catch (Exception e)
+ {
+ return 0;
+ }
+ }
+
+ /**
+ * Gets the access counter for a user from perm storage.
+ *
+ * @return The access counter for the user.
+ */
+ public int getAccessCounter()
+ {
+ try
+ {
+ return ((Integer) getPerm(User.ACCESS_COUNTER)).intValue();
+ }
+ catch (Exception e)
+ {
+ return 0;
+ }
+ }
+
+ /**
+ * Gets the create date for this User. This is the time at which
+ * the user object was created.
+ *
+ * @return A Java Date with the date of creation for the user.
+ */
+ public java.util.Date getCreateDate()
+ {
+ return createDate;
+ }
+
+ /**
+ * Gets the last access date for this User. This is the last time
+ * that the user object was referenced.
+ *
+ * @return A Java Date with the last access date for the user.
+ */
+ public java.util.Date getLastAccessDate()
+ {
+ if (lastAccessDate == null)
+ {
+ setLastAccessDate();
+ }
+ return lastAccessDate;
+ }
+
+ /**
+ * Get last login date/time for this user.
+ *
+ * @return A Java Date with the last login date for the user.
+ */
+ public java.util.Date getLastLogin()
+ {
+ return (java.util.Date) getPerm(User.LAST_LOGIN);
+ }
+
+ /**
+ * Get password for this user.
+ *
+ * @return A String with the password for the user.
+ */
+ public String getPassword()
+ {
+ return (String) getPerm(User.PASSWORD);
+ }
+
+ /**
+ * Get an object from permanent storage.
+ *
+ * @param name The object's name.
+ * @return An Object with the given name.
+ */
+ public Object getPerm(String name)
+ {
+ return permStorage.get(name);
+ }
+
+ /**
+ * Get an object from permanent storage; return default if value
+ * is null.
+ *
+ * @param name The object's name.
+ * @param def A default value to return.
+ * @return An Object with the given name.
+ */
+ public Object getPerm(String name, Object def)
+ {
+ try
+ {
+ Object val = permStorage.get (name);
+ return (val == null ? def : val);
+ }
+ catch (Exception e)
+ {
+ return def;
+ }
+ }
+
+ /**
+ * This should only be used in the case where we want to save the
+ * data to the database.
+ *
+ * @return A Hashtable.
+ */
+ public Hashtable getPermStorage()
+ {
+ if (this.permStorage == null)
+ {
+ this.permStorage = new Hashtable();
+ }
+ return this.permStorage;
+ }
+
+ /**
+ * Get an object from temporary storage.
+ *
+ * @param name The object's name.
+ * @return An Object with the given name.
+ */
+ public Object getTemp(String name)
+ {
+ return tempStorage.get(name);
+ }
+
+ /**
+ * Get an object from temporary storage; return default if value
+ * is null.
+ *
+ * @param name The object's name.
+ * @param def A default value to return.
+ * @return An Object with the given name.
+ */
+ public Object getTemp(String name, Object def)
+ {
+ Object val;
+ try
+ {
+ val = tempStorage.get(name);
+ if (val == null)
{
- if (tmp.equalsIgnoreCase("T"))
- disabled = true;
+ val = def;
}
}
catch (Exception e)
{
+ val = def;
}
- return disabled;
+ return val;
}
- public void setDisabled(boolean disabled)
+ /**
+ * Returns the username for this user. If this is defined, then
+ * the user is considered logged in.
+ *
+ * @return A String with the username.
+ */
+ public String getUserName()
{
- setPerm(DISABLED, (disabled) ? "T" : "F");
+ String tmp = null;
+ try
+ {
+ tmp = (String) getPerm (User.USERNAME);
+ if ( tmp.length() == 0 )
+ {
+ tmp = null;
+ }
+ }
+ catch (Exception e)
+ {
+ }
+ return tmp;
+ }
+
+ /**
+ * Returns the first name for this user. If this is defined, then
+ * the user is considered logged in.
+ *
+ * @return A String with the user's first name.
+ */
+ public String getFirstName()
+ {
+ String tmp = null;
+ try
+ {
+ tmp = (String) getPerm (User.FIRST_NAME);
+ if (tmp.length() == 0)
+ {
+ tmp = null;
+ }
+ }
+ catch (Exception e)
+ {
+ }
+ return tmp;
+ }
+
+ /**
+ * Returns the last name for this user. If this is defined, then
+ * the user is considered logged in.
+ *
+ * @return A String with the user's last name.
+ */
+ public String getLastName()
+ {
+ String tmp = null;
+ try
+ {
+ tmp = (String) getPerm (User.LAST_NAME);
+ if (tmp.length() == 0)
+ tmp = null;
+ }
+ catch (Exception e)
+ {
+ }
+ return tmp;
+ }
+
+ /**
+ * The user is considered logged in if they have not timed out.
+ *
+ * @return Whether the user has logged in.
+ */
+ public boolean hasLoggedIn()
+ {
+ Boolean loggedIn = getHasLoggedIn();
+ return (loggedIn != null && loggedIn.booleanValue());
+ }
+
+ /**
+ * Returns the email address for this user.
+ *
+ * @return A String with the user's email address.
+ */
+ public String getEmail()
+ {
+ return (String)getPerm(User.EMAIL);
+ }
+
+ /**
+ * Increments the permanent hit counter for the user.
+ */
+ public void incrementAccessCounter()
+ {
+ setAccessCounter(getAccessCounter() + 1);
+ }
+
+ /**
+ * Increments the session hit counter for the user.
+ */
+ public void incrementAccessCounterForSession()
+ {
+ setAccessCounterForSession(getAccessCounterForSession() + 1);
+ }
+
+ /**
+ * Remove an object from temporary storage and return the object.
+ *
+ * @param name The name of the object to remove.
+ * @return An Object.
+ */
+ public Object removeTemp(String name)
+ {
+ return tempStorage.remove(name);
+ }
+
+ /**
+ * Sets the access counter for a user, saved in perm storage.
+ *
+ * @param cnt The new count.
+ */
+ public void setAccessCounter(int cnt)
+ {
+ setPerm(User.ACCESS_COUNTER, new Integer(cnt));
+ }
+
+ /**
+ * Sets the session access counter for a user, saved in temp
+ * storage.
+ *
+ * @param cnt The new count.
+ */
+ public void setAccessCounterForSession(int cnt)
+ {
+ setTemp(User.SESSION_ACCESS_COUNTER, new Integer(cnt));
+ }
+
+ /**
+ * Sets the last access date for this User. This is the last time
+ * that the user object was referenced.
+ */
+ public void setLastAccessDate()
+ {
+ lastAccessDate = new java.util.Date();
+ }
+
+ /**
+ * Sets the create date for this User. This is the time at which
+ * the user object was created.
+ *
+ * @param date The create date.
+ */
+ public void setCreateDate(java.util.Date date)
+ {
+ createDate = date;
+ }
+
+ /**
+ * Set last login date/time.
+ *
+ * @param date The last login date.
+ */
+ public void setLastLogin(java.util.Date date)
+ {
+ setPerm(User.LAST_LOGIN, date);
+ }
+
+ /**
+ * Set password.
+ *
+ * @param password The new password.
+ */
+ public void setPassword(String password)
+ {
+ setPerm(User.PASSWORD, password);
+ }
+
+ /**
+ * Put an object into permanent storage. If the value is null,
+ * it will convert that to a "" because the underlying storage
+ * mechanism within TurbineUser is currently a Hashtable and
+ * null is not a valid value.
+ *
+ * @param name The object's name.
+ * @param value The object.
+ */
+ public void setPerm(String name, Object value)
+ {
+ ObjectUtils.safeAddToHashtable(getPermStorage(), name, value);
+ }
+
+ /**
+ * This should only be used in the case where we want to save the
+ * data to the database.
+ *
+ * @param stuff A Hashtable.
+ */
+ public void setPermStorage(Hashtable stuff)
+ {
+ this.permStorage = stuff;
+ }
+
+ /**
+ * This should only be used in the case where we want to save the
+ * data to the database.
+ *
+ * @return A Hashtable.
+ */
+ public Hashtable getTempStorage()
+ {
+ if (this.tempStorage == null)
+ {
+ this.tempStorage = new Hashtable();
+ }
+ return this.tempStorage;
+ }
+
+ /**
+ * This should only be used in the case where we want to save the
+ * data to the database.
+ *
+ * @param storage A Hashtable.
+ */
+ public void setTempStorage(Hashtable storage)
+ {
+ this.tempStorage = storage;
+ }
+
+ /**
+ * This gets whether or not someone has logged in. hasLoggedIn()
+ * returns this value as a boolean. This is private because you
+ * should use hasLoggedIn() instead.
+ *
+ * @return True if someone has logged in.
+ */
+ private Boolean getHasLoggedIn()
+ {
+ return (Boolean) getTemp (User.HAS_LOGGED_IN);
+ }
+
+ /**
+ * This sets whether or not someone has logged in. hasLoggedIn()
+ * returns this value.
+ *
+ * @param value Whether someone has logged in or not.
+ */
+ public void setHasLoggedIn (Boolean value)
+ {
+ setTemp (User.HAS_LOGGED_IN, value);
+ }
+
+ /**
+ * Put an object into temporary storage. If the value is null,
+ * it will convert that to a "" because the underlying storage
+ * mechanism within TurbineUser is currently a Hashtable and
+ * null is not a valid value.
+ *
+ * @param name The object's name.
+ * @param value The object.
+ */
+ public void setTemp(String name, Object value)
+ {
+ ObjectUtils.safeAddToHashtable(tempStorage, name, value);
+ }
+
+ /**
+ * Sets the username for this user.
+ *
+ * @param username The user's username.
+ */
+ public void setUserName(String username)
+ {
+ setPerm (User.USERNAME, username);
+ }
+
+ /**
+ * Sets the first name for this user.
+ *
+ * @param firstName User's first name.
+ */
+ public void setFirstName(String firstName)
+ {
+ setPerm(User.FIRST_NAME, firstName);
+ }
+
+ /**
+ * Sets the last name for this user.
+ *
+ * @param lastName User's last name.
+ */
+ public void setLastName(String lastName)
+ {
+ setPerm(User.LAST_NAME, lastName);
+ }
+
+
+ /**
+ * Sets the email address.
+ *
+ * @param address The email address.
+ */
+ public void setEmail(String address)
+ {
+ setPerm(User.EMAIL, address);
+ }
+
+ /**
+ * This method reports whether or not the user has been confirmed
+ * in the system by checking the User.CONFIRM_VALUE
+ * column in the users record to see if it is equal to
+ * User.CONFIRM_DATA.
+ *
+ * @return True if the user has been confirmed.
+ */
+ public boolean isConfirmed()
+ {
+ String value = getConfirmed();
+ return (value != null && value.equals(User.CONFIRM_DATA));
+ }
+
+ /**
+ * Sets the confirmation value. The value should
+ * be either a random string or User.CONFIRM_DATA
+ *
+ * @param value The confirmation key value.
+ */
+ public void setConfirmed(String value)
+ {
+ String val = "";
+ if (value != null)
+ {
+ val = value;
+ }
+ setPerm(User.CONFIRM_VALUE, val);
+ }
+
+ /**
+ * Gets the confirmation value.
+ *
+ * @return status The confirmation value for this User
+ */
+ public String getConfirmed()
+ {
+ return (String)getPerm(User.CONFIRM_VALUE);
+ }
+
+ /**
+ * Updates the last login date in the database.
+ *
+ * @exception Exception, a generic exception.
+ */
+ public void updateLastLogin()
+ throws Exception
+ {
+ setPerm( User.LAST_LOGIN, new java.util.Date() );
+ }
+
+ /**
+ * Implement this method if you wish to be notified when the User
+ * has been Bound to the session.
+ *
+ * @param hsbe The HttpSessionBindingEvent.
+ */
+ public void valueBound(HttpSessionBindingEvent hsbe)
+ {
+ // Currently we have no need for this method.
}
/**
@@ -144,4 +694,49 @@
}
}
-}
+
+ /**
+ * Saves this object to the data store.
+ */
+ public void save()
+ throws Exception
+ {
+ if (JetspeedSecurity.accountExists(this))
+ {
+ JetspeedSecurity.saveUser(this);
+ }
+ else
+ {
+ JetspeedSecurity.addUser(this, getPassword());
+ }
+ }
+
+ /**
+ * Returns the disabled status for the user
+ *
+ * @return True when the account is disabled
+ */
+ public boolean getDisabled()
+ {
+ boolean disabled = false;
+ try
+ {
+ String tmp = (String) getPerm (DISABLED);
+ if ( tmp != null && tmp.length() > 0 )
+ {
+ if (tmp.equalsIgnoreCase("T"))
+ disabled = true;
+ }
+ }
+ catch (Exception e)
+ {
+ }
+ return disabled;
+ }
+
+ public void setDisabled(boolean disabled)
+ {
+ setPerm(DISABLED, (disabled) ? "T" : "F");
+ }
+
+}
\ No newline at end of file
1.1.2.1 +9 -1
jakarta-jetspeed/src/java/org/apache/jetspeed/om/security/JetspeedUser.java
Index: JetspeedUser.java
===================================================================
RCS file:
/home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/om/security/JetspeedUser.java,v
retrieving revision 1.1
retrieving revision 1.1.2.1
diff -u -r1.1 -r1.1.2.1
--- JetspeedUser.java 25 Feb 2002 04:33:42 -0000 1.1
+++ JetspeedUser.java 30 May 2002 07:04:10 -0000 1.1.2.1
@@ -60,7 +60,7 @@
* A Jetspeed extension of the Turbine User interface.
*
* @author <a href="mailto:[EMAIL PROTECTED]";>David Sean Taylor</a>
- * @version $Id: JetspeedUser.java,v 1.1 2002/02/25 04:33:42 taylor Exp $
+ * @version $Id: JetspeedUser.java,v 1.1.2.1 2002/05/30 07:04:10 taylor Exp $
*/
public interface JetspeedUser extends User
{
@@ -72,5 +72,13 @@
public boolean getDisabled();
public void setDisabled(boolean disabled);
+
+
+ /**
+ * Returns the primary principle for this User, the user id.
+ *
+ * @return the user id.
+ */
+ public String getUserId();
}
No revision
No revision
1.1.2.1 +123 -0
jakarta-jetspeed/src/java/org/apache/jetspeed/om/security/Attic/JetspeedUserFactory.java
1.1.2.1 +115 -0
jakarta-jetspeed/src/java/org/apache/jetspeed/om/security/Attic/UserIdPrincipal.java
1.1.2.1 +114 -0
jakarta-jetspeed/src/java/org/apache/jetspeed/om/security/Attic/UserNamePrincipal.java
No revision
No revision
1.10.2.2 +5 -1
jakarta-jetspeed/src/java/org/apache/jetspeed/services/JetspeedSecurity.java
Index: JetspeedSecurity.java
===================================================================
RCS file:
/home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/services/JetspeedSecurity.java,v
retrieving revision 1.10.2.1
retrieving revision 1.10.2.2
diff -u -r1.10.2.1 -r1.10.2.2
--- JetspeedSecurity.java 29 May 2002 04:19:31 -0000 1.10.2.1
+++ JetspeedSecurity.java 30 May 2002 07:04:10 -0000 1.10.2.2
@@ -80,7 +80,7 @@
*
* @see org.apache.jetspeed.services.security.JetspeedSecurityService
* @author <a href="mailto:[EMAIL PROTECTED]";>David Sean Taylor</a>
- * @version $Id: JetspeedSecurity.java,v 1.10.2.1 2002/05/29 04:19:31 paulsp Exp $
+ * @version $Id: JetspeedSecurity.java,v 1.10.2.2 2002/05/30 07:04:10 taylor Exp $
*/
abstract public class JetspeedSecurity extends TurbineSecurity
@@ -246,5 +246,9 @@
((JetspeedSecurityService)getService()).resetUserCheck(username);
}
+ public static boolean getAutoLogonDisable()
+ {
+ return ((JetspeedSecurityService)getService()).getAutoLogonDisable();
+ }
}
No revision
No revision
1.1.2.1 +147 -0
jakarta-jetspeed/src/java/org/apache/jetspeed/services/Attic/JetspeedUserManagement.java
No revision
No revision
1.23.2.1 +9 -7
jakarta-jetspeed/src/java/org/apache/jetspeed/services/psmlmanager/CastorPsmlManagerService.java
Index: CastorPsmlManagerService.java
===================================================================
RCS file:
/home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/services/psmlmanager/CastorPsmlManagerService.java,v
retrieving revision 1.23
retrieving revision 1.23.2.1
diff -u -r1.23 -r1.23.2.1
--- CastorPsmlManagerService.java 16 May 2002 23:32:28 -0000 1.23
+++ CastorPsmlManagerService.java 30 May 2002 07:04:10 -0000 1.23.2.1
@@ -61,6 +61,7 @@
import org.apache.jetspeed.util.FileCopy;
import org.apache.jetspeed.util.DirectoryUtils;
import org.apache.jetspeed.services.JetspeedSecurity;
+import org.apache.jetspeed.services.security.UserException;
//Castor defined API
import org.apache.jetspeed.om.profile.Portlets;
@@ -73,10 +74,14 @@
import org.apache.turbine.services.TurbineServices;
import org.apache.turbine.services.servlet.TurbineServlet;
import org.apache.turbine.services.resources.ResourceService;
+
import org.apache.turbine.om.security.User;
import org.apache.turbine.om.security.Role;
import org.apache.turbine.om.security.Group;
-import org.apache.jetspeed.om.security.BaseJetspeedUser;
+
+import org.apache.jetspeed.om.security.JetspeedUser;
+import org.apache.jetspeed.om.security.JetspeedUserFactory;
+
import org.apache.turbine.om.security.TurbineRole;
import org.apache.turbine.om.security.TurbineGroup;
import org.apache.turbine.services.TurbineServices;
@@ -118,7 +123,7 @@
* @author <a href="mailto:[EMAIL PROTECTED]";>Raphaël Luta</a>
* @author <a href="mailto:[EMAIL PROTECTED]";>David Sean Taylor</a>
* @author <a href="mailto:[EMAIL PROTECTED]";>Santiago Gala</a>
- * @version $Id: CastorPsmlManagerService.java,v 1.23 2002/05/16 23:32:28 taylor
Exp $
+ * @version $Id: CastorPsmlManagerService.java,v 1.23.2.1 2002/05/30 07:04:10
taylor Exp $
*/
public class CastorPsmlManagerService extends TurbineBaseService
implements PsmlManagerService
@@ -1300,13 +1305,10 @@
{
if (QUERY_BY_USER == qs.queryBy)
{
- User user = qs.profile.getUser();
+ JetspeedUser user = (JetspeedUser)qs.profile.getUser();
if (null == user)
{
- // warning: this ties us to turbine security
- // we could load class from TRP
- // (services.SecurityService.user.class)
- user = new BaseJetspeedUser();
+ user = JetspeedUserFactory.getInstance();
user.setUserName(file.getName());
qs.profile.setUser(user);
qs.clearName = true;
No revision
No revision
1.1.2.2 +14 -1
jakarta-jetspeed/src/java/org/apache/jetspeed/services/security/Attic/AccountExpiredException.java
Index: AccountExpiredException.java
===================================================================
RCS file:
/home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/services/security/Attic/AccountExpiredException.java,v
retrieving revision 1.1.2.1
retrieving revision 1.1.2.2
diff -u -r1.1.2.1 -r1.1.2.2
--- AccountExpiredException.java 24 May 2002 18:31:02 -0000 1.1.2.1
+++ AccountExpiredException.java 30 May 2002 07:04:10 -0000 1.1.2.2
@@ -59,7 +59,7 @@
* Signals that a user account has expired.
*
* @author <a href="mailto:[EMAIL PROTECTED]";>David Sean Taylor</a>
- * @version $Id: AccountExpiredException.java,v 1.1.2.1 2002/05/24 18:31:02 taylor
Exp $
+ * @version $Id: AccountExpiredException.java,v 1.1.2.2 2002/05/30 07:04:10 taylor
Exp $
*/
public class AccountExpiredException extends LoginException {
@@ -83,4 +83,17 @@
public AccountExpiredException(String msg) {
super(msg);
}
+
+ /**
+ * Construct a nested exception.
+ *
+ * @param msg The detail message.
+ * @param nested the exception or error that caused this exception
+ * to be thrown.
+ */
+ public AccountExpiredException( String msg, Throwable nested )
+ {
+ super(msg, nested);
+ }
+
}
1.1.2.2 +14 -1
jakarta-jetspeed/src/java/org/apache/jetspeed/services/security/Attic/AuthorizationException.java
Index: AuthorizationException.java
===================================================================
RCS file:
/home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/services/security/Attic/AuthorizationException.java,v
retrieving revision 1.1.2.1
retrieving revision 1.1.2.2
diff -u -r1.1.2.1 -r1.1.2.2
--- AuthorizationException.java 25 May 2002 03:02:22 -0000 1.1.2.1
+++ AuthorizationException.java 30 May 2002 07:04:10 -0000 1.1.2.2
@@ -58,7 +58,7 @@
* This is the basic authorization exception.
*
* @author <a href="mailto:[EMAIL PROTECTED]";>David Sean Taylor</a>
- * @version $Id: AuthorizationException.java,v 1.1.2.1 2002/05/25 03:02:22 taylor
Exp $
+ * @version $Id: AuthorizationException.java,v 1.1.2.2 2002/05/30 07:04:10 taylor
Exp $
*/
public class AuthorizationException extends JetspeedSecurityException {
@@ -83,4 +83,17 @@
public AuthorizationException(String msg) {
super(msg);
}
+
+ /**
+ * Construct a nested exception.
+ *
+ * @param msg The detail message.
+ * @param nested the exception or error that caused this exception
+ * to be thrown.
+ */
+ public AuthorizationException( String msg, Throwable nested )
+ {
+ super(msg, nested);
+ }
+
}
1.1.2.2 +15 -2
jakarta-jetspeed/src/java/org/apache/jetspeed/services/security/Attic/CredentialExpiredException.java
Index: CredentialExpiredException.java
===================================================================
RCS file:
/home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/services/security/Attic/CredentialExpiredException.java,v
retrieving revision 1.1.2.1
retrieving revision 1.1.2.2
diff -u -r1.1.2.1 -r1.1.2.2
--- CredentialExpiredException.java 25 May 2002 03:02:22 -0000 1.1.2.1
+++ CredentialExpiredException.java 30 May 2002 07:04:10 -0000 1.1.2.2
@@ -59,7 +59,7 @@
* Signals that a <code>Credential</code> has expired.
*
* @author <a href="mailto:[EMAIL PROTECTED]";>David Sean Taylor</a>
- * @version $Id: CredentialExpiredException.java,v 1.1.2.1 2002/05/25 03:02:22
taylor Exp $
+ * @version $Id: CredentialExpiredException.java,v 1.1.2.2 2002/05/30 07:04:10
taylor Exp $
*/
public class CredentialExpiredException extends LoginException {
@@ -81,6 +81,19 @@
* @param msg the detail message.
*/
public CredentialExpiredException(String msg) {
- super(msg);
+ super(msg);
}
+
+ /**
+ * Construct a nested exception.
+ *
+ * @param msg The detail message.
+ * @param nested the exception or error that caused this exception
+ * to be thrown.
+ */
+ public CredentialExpiredException( String msg, Throwable nested )
+ {
+ super(msg, nested);
+ }
+
}
1.1.2.2 +14 -1
jakarta-jetspeed/src/java/org/apache/jetspeed/services/security/Attic/FailedLoginException.java
Index: FailedLoginException.java
===================================================================
RCS file:
/home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/services/security/Attic/FailedLoginException.java,v
retrieving revision 1.1.2.1
retrieving revision 1.1.2.2
diff -u -r1.1.2.1 -r1.1.2.2
--- FailedLoginException.java 24 May 2002 18:31:02 -0000 1.1.2.1
+++ FailedLoginException.java 30 May 2002 07:04:10 -0000 1.1.2.2
@@ -61,7 +61,7 @@
* For example, the provider throws this exception if the user entered an incorrect
password.
*
* @author <a href="mailto:[EMAIL PROTECTED]";>David Sean Taylor</a>
- * @version $Id: FailedLoginException.java,v 1.1.2.1 2002/05/24 18:31:02 taylor Exp
$
+ * @version $Id: FailedLoginException.java,v 1.1.2.2 2002/05/30 07:04:10 taylor Exp
$
*/
public class FailedLoginException extends LoginException {
@@ -85,4 +85,17 @@
public FailedLoginException(String msg) {
super(msg);
}
+
+ /**
+ * Construct a nested exception.
+ *
+ * @param msg The detail message.
+ * @param nested the exception or error that caused this exception
+ * to be thrown.
+ */
+ public FailedLoginException( String msg, Throwable nested )
+ {
+ super(msg, nested);
+ }
+
}
1.1.2.2 +14 -1
jakarta-jetspeed/src/java/org/apache/jetspeed/services/security/Attic/InsufficientPrivilegeException.java
Index: InsufficientPrivilegeException.java
===================================================================
RCS file:
/home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/services/security/Attic/InsufficientPrivilegeException.java,v
retrieving revision 1.1.2.1
retrieving revision 1.1.2.2
diff -u -r1.1.2.1 -r1.1.2.2
--- InsufficientPrivilegeException.java 25 May 2002 03:02:22 -0000 1.1.2.1
+++ InsufficientPrivilegeException.java 30 May 2002 07:04:10 -0000 1.1.2.2
@@ -58,7 +58,7 @@
* This exception is thrown when the requestor has insufficient privilege.
*
* @author <a href="mailto:[EMAIL PROTECTED]";>David Sean Taylor</a>
- * @version $Id: InsufficientPrivilegeException.java,v 1.1.2.1 2002/05/25 03:02:22
taylor Exp $
+ * @version $Id: InsufficientPrivilegeException.java,v 1.1.2.2 2002/05/30 07:04:10
taylor Exp $
*/
public class InsufficientPrivilegeException extends AuthorizationException {
@@ -83,4 +83,17 @@
public InsufficientPrivilegeException(String msg) {
super(msg);
}
+
+ /**
+ * Construct a nested exception.
+ *
+ * @param msg The detail message.
+ * @param nested the exception or error that caused this exception
+ * to be thrown.
+ */
+ public InsufficientPrivilegeException( String msg, Throwable nested )
+ {
+ super(msg, nested);
+ }
+
}
1.18.2.1 +13 -1
jakarta-jetspeed/src/java/org/apache/jetspeed/services/security/JetspeedDBSecurityService.java
Index: JetspeedDBSecurityService.java
===================================================================
RCS file:
/home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/services/security/JetspeedDBSecurityService.java,v
retrieving revision 1.18
retrieving revision 1.18.2.1
diff -u -r1.18 -r1.18.2.1
--- JetspeedDBSecurityService.java 17 Apr 2002 02:04:56 -0000 1.18
+++ JetspeedDBSecurityService.java 30 May 2002 07:04:10 -0000 1.18.2.1
@@ -101,7 +101,7 @@
*
* @author <a href="mailto:[EMAIL PROTECTED]";>David Sean Taylor</a>
* @author <a href="mailto:[EMAIL PROTECTED]";>Santiago Gala</a>
- * @version $Id: JetspeedDBSecurityService.java,v 1.18 2002/04/17 02:04:56 taylor
Exp $
+ * @version $Id: JetspeedDBSecurityService.java,v 1.18.2.1 2002/05/30 07:04:10
taylor Exp $
*/
@@ -115,6 +115,8 @@
private final static String CONFIG_LOGON_STRIKE_COUNT = "logon.strike.count";
private final static String CONFIG_LOGON_STRIKE_MAX = "logon.strike.max";
private final static String CONFIG_LOGON_STRIKE_INTERVAL =
"logon.strike.interval";
+ private final static String CONFIG_LOGON_AUTO_DISABLE = "logon.auto.disable";
+
private final static String CONFIG_NEWUSER_ROLES = "newuser.roles";
private final static String CONFIG_DEFAULT_PERMISSION_LOGGEDIN =
"permission.default.loggedin";
@@ -131,6 +133,8 @@
int strikeMax = 20; // 20 total failures
long strikeInterval = 300; // five minutes
+ boolean autoLogonDisable = false;
+
private static HashMap users = new HashMap();
/**
@@ -171,6 +175,8 @@
strikeInterval = serviceConf.getLong(CONFIG_LOGON_STRIKE_INTERVAL,
strikeInterval);
strikeMax = serviceConf.getInt(CONFIG_LOGON_STRIKE_MAX, strikeMax);
+ autoLogonDisable = serviceConf.getBoolean(CONFIG_LOGON_AUTO_DISABLE,
autoLogonDisable);
+
// initialization done
setInit(true);
}
@@ -624,4 +630,10 @@
{
super.forcePassword(user, convertPassword(password));
}
+
+ public boolean getAutoLogonDisable()
+ {
+ return autoLogonDisable;
+ }
+
}
1.1.2.2 +15 -2
jakarta-jetspeed/src/java/org/apache/jetspeed/services/security/Attic/JetspeedSecurityException.java
Index: JetspeedSecurityException.java
===================================================================
RCS file:
/home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/services/security/Attic/JetspeedSecurityException.java,v
retrieving revision 1.1.2.1
retrieving revision 1.1.2.2
diff -u -r1.1.2.1 -r1.1.2.2
--- JetspeedSecurityException.java 25 May 2002 03:02:22 -0000 1.1.2.1
+++ JetspeedSecurityException.java 30 May 2002 07:04:10 -0000 1.1.2.2
@@ -58,10 +58,11 @@
* This is the basic abstract Jetspeed Security Exception
*
* @author <a href="mailto:[EMAIL PROTECTED]";>David Sean Taylor</a>
- * @version $Id: JetspeedSecurityException.java,v 1.1.2.1 2002/05/25 03:02:22
taylor Exp $
+ * @version $Id: JetspeedSecurityException.java,v 1.1.2.2 2002/05/30 07:04:10
taylor Exp $
*/
-abstract public class JetspeedSecurityException extends
java.security.GeneralSecurityException {
+abstract public class JetspeedSecurityException extends
org.apache.turbine.util.TurbineException {
+ //extends
java.security.GeneralSecurityException {
/**
* Constructs a JetspeedSecurityException with no detail message. A detail
@@ -69,6 +70,18 @@
*/
public JetspeedSecurityException() {
super();
+ }
+
+ /**
+ * Construct a nested exception.
+ *
+ * @param msg The detail message.
+ * @param nested the exception or error that caused this exception
+ * to be thrown.
+ */
+ public JetspeedSecurityException( String msg, Throwable nested )
+ {
+ super(msg, nested);
}
/**
1.7.2.1 +3 -1
jakarta-jetspeed/src/java/org/apache/jetspeed/services/security/JetspeedSecurityService.java
Index: JetspeedSecurityService.java
===================================================================
RCS file:
/home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/services/security/JetspeedSecurityService.java,v
retrieving revision 1.7
retrieving revision 1.7.2.1
diff -u -r1.7 -r1.7.2.1
--- JetspeedSecurityService.java 25 Feb 2002 04:38:13 -0000 1.7
+++ JetspeedSecurityService.java 30 May 2002 07:04:10 -0000 1.7.2.1
@@ -75,7 +75,7 @@
* for controlling access to portal resources (portlets, panes).
*
* @author <a href="mailto:[EMAIL PROTECTED]";>David Sean Taylor</a>
- * @version $Id: JetspeedSecurityService.java,v 1.7 2002/02/25 04:38:13 taylor Exp $
+ * @version $Id: JetspeedSecurityService.java,v 1.7.2.1 2002/05/30 07:04:10 taylor
Exp $
*/
@@ -112,5 +112,7 @@
public boolean disableUserCheck(String username);
public void resetUserCheck(String username);
+
+ public boolean getAutoLogonDisable();
}
1.1.2.3 +14 -1
jakarta-jetspeed/src/java/org/apache/jetspeed/services/security/Attic/LoginException.java
Index: LoginException.java
===================================================================
RCS file:
/home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/services/security/Attic/LoginException.java,v
retrieving revision 1.1.2.2
retrieving revision 1.1.2.3
diff -u -r1.1.2.2 -r1.1.2.3
--- LoginException.java 25 May 2002 03:02:22 -0000 1.1.2.2
+++ LoginException.java 30 May 2002 07:04:10 -0000 1.1.2.3
@@ -58,7 +58,7 @@
* This is the basic login exception. It is the same as LoginException in JAAS
*
* @author <a href="mailto:[EMAIL PROTECTED]";>David Sean Taylor</a>
- * @version $Id: LoginException.java,v 1.1.2.2 2002/05/25 03:02:22 taylor Exp $
+ * @version $Id: LoginException.java,v 1.1.2.3 2002/05/30 07:04:10 taylor Exp $
*/
public class LoginException extends JetspeedSecurityException {
@@ -83,4 +83,17 @@
public LoginException(String msg) {
super(msg);
}
+
+ /**
+ * Construct a nested exception.
+ *
+ * @param msg The detail message.
+ * @param nested the exception or error that caused this exception
+ * to be thrown.
+ */
+ public LoginException( String msg, Throwable nested )
+ {
+ super(msg, nested);
+ }
+
}
1.1.2.2 +14 -1
jakarta-jetspeed/src/java/org/apache/jetspeed/services/security/Attic/NotUniqueUserException.java
Index: NotUniqueUserException.java
===================================================================
RCS file:
/home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/services/security/Attic/NotUniqueUserException.java,v
retrieving revision 1.1.2.1
retrieving revision 1.1.2.2
diff -u -r1.1.2.1 -r1.1.2.2
--- NotUniqueUserException.java 25 May 2002 03:02:22 -0000 1.1.2.1
+++ NotUniqueUserException.java 30 May 2002 07:04:10 -0000 1.1.2.2
@@ -59,7 +59,7 @@
* security provider-specific unique constraints.
*
* @author <a href="mailto:[EMAIL PROTECTED]";>David Sean Taylor</a>
- * @version $Id: NotUniqueUserException.java,v 1.1.2.1 2002/05/25 03:02:22 taylor
Exp $
+ * @version $Id: NotUniqueUserException.java,v 1.1.2.2 2002/05/30 07:04:10 taylor
Exp $
*/
public class NotUniqueUserException extends UserException {
@@ -84,4 +84,17 @@
public NotUniqueUserException(String msg) {
super(msg);
}
+
+ /**
+ * Construct a nested exception.
+ *
+ * @param msg The detail message.
+ * @param nested the exception or error that caused this exception
+ * to be thrown.
+ */
+ public NotUniqueUserException( String msg, Throwable nested )
+ {
+ super(msg, nested);
+ }
+
}
1.1.2.4 +3 -1
jakarta-jetspeed/src/java/org/apache/jetspeed/services/security/Attic/PortalAuthentication.java
Index: PortalAuthentication.java
===================================================================
RCS file:
/home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/services/security/Attic/PortalAuthentication.java,v
retrieving revision 1.1.2.3
retrieving revision 1.1.2.4
diff -u -r1.1.2.3 -r1.1.2.4
--- PortalAuthentication.java 25 May 2002 03:02:22 -0000 1.1.2.3
+++ PortalAuthentication.java 30 May 2002 07:04:11 -0000 1.1.2.4
@@ -68,11 +68,13 @@
* <p> To logout the caller simply needs to invoke the <code>logout</code> method.
*
* @author <a href="mailto:[EMAIL PROTECTED]";>David Sean Taylor</a>
- * @version $Id: PortalAuthentication.java,v 1.1.2.3 2002/05/25 03:02:22 taylor Exp
$
+ * @version $Id: PortalAuthentication.java,v 1.1.2.4 2002/05/30 07:04:11 taylor Exp
$
*/
public interface PortalAuthentication
{
+ public String SERVICE_NAME = "PortalAuthentication";
+
/**
* Given a public credential(username) and private credential(password),
* perform authentication. If authentication succeeds, a
<code>JetspeedUser</code>
1.1.2.2 +14 -1
jakarta-jetspeed/src/java/org/apache/jetspeed/services/security/Attic/UnknownUserException.java
Index: UnknownUserException.java
===================================================================
RCS file:
/home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/services/security/Attic/UnknownUserException.java,v
retrieving revision 1.1.2.1
retrieving revision 1.1.2.2
diff -u -r1.1.2.1 -r1.1.2.2
--- UnknownUserException.java 25 May 2002 03:02:22 -0000 1.1.2.1
+++ UnknownUserException.java 30 May 2002 07:04:11 -0000 1.1.2.2
@@ -58,7 +58,7 @@
* This exception is thrown when the requested user principal was not found.
*
* @author <a href="mailto:[EMAIL PROTECTED]";>David Sean Taylor</a>
- * @version $Id: UnknownUserException.java,v 1.1.2.1 2002/05/25 03:02:22 taylor Exp
$
+ * @version $Id: UnknownUserException.java,v 1.1.2.2 2002/05/30 07:04:11 taylor Exp
$
*/
public class UnknownUserException extends UserException {
@@ -83,4 +83,17 @@
public UnknownUserException(String msg) {
super(msg);
}
+
+ /**
+ * Construct a nested exception.
+ *
+ * @param msg The detail message.
+ * @param nested the exception or error that caused this exception
+ * to be thrown.
+ */
+ public UnknownUserException( String msg, Throwable nested )
+ {
+ super(msg, nested);
+ }
+
}
1.1.2.2 +14 -1
jakarta-jetspeed/src/java/org/apache/jetspeed/services/security/Attic/UserException.java
Index: UserException.java
===================================================================
RCS file:
/home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/services/security/Attic/UserException.java,v
retrieving revision 1.1.2.1
retrieving revision 1.1.2.2
diff -u -r1.1.2.1 -r1.1.2.2
--- UserException.java 25 May 2002 15:08:10 -0000 1.1.2.1
+++ UserException.java 30 May 2002 07:04:11 -0000 1.1.2.2
@@ -58,7 +58,7 @@
* This is the basic user exception.
*
* @author <a href="mailto:[EMAIL PROTECTED]";>David Sean Taylor</a>
- * @version $Id: UserException.java,v 1.1.2.1 2002/05/25 15:08:10 taylor Exp $
+ * @version $Id: UserException.java,v 1.1.2.2 2002/05/30 07:04:11 taylor Exp $
*/
public class UserException extends JetspeedSecurityException {
@@ -83,4 +83,17 @@
public UserException(String msg) {
super(msg);
}
+
+ /**
+ * Construct a nested exception.
+ *
+ * @param msg The detail message.
+ * @param nested the exception or error that caused this exception
+ * to be thrown.
+ */
+ public UserException( String msg, Throwable nested )
+ {
+ super(msg, nested);
+ }
+
}
1.1.2.3 +10 -5
jakarta-jetspeed/src/java/org/apache/jetspeed/services/security/Attic/UserManagement.java
Index: UserManagement.java
===================================================================
RCS file:
/home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/services/security/Attic/UserManagement.java,v
retrieving revision 1.1.2.2
retrieving revision 1.1.2.3
diff -u -r1.1.2.2 -r1.1.2.3
--- UserManagement.java 25 May 2002 15:08:10 -0000 1.1.2.2
+++ UserManagement.java 30 May 2002 07:04:11 -0000 1.1.2.3
@@ -55,6 +55,7 @@
package org.apache.jetspeed.services.security;
import java.util.Iterator;
+import java.security.Principal;
import org.apache.turbine.services.Service;
import org.apache.jetspeed.om.security.JetspeedUser;
@@ -66,7 +67,7 @@
* user management technology.
*
* @author <a href="mailto:[EMAIL PROTECTED]";>David Sean Taylor</a>
- * @version $Id: UserManagement.java,v 1.1.2.2 2002/05/25 15:08:10 taylor Exp $
+ * @version $Id: UserManagement.java,v 1.1.2.3 2002/05/30 07:04:11 taylor Exp $
*/
public interface UserManagement extends Service
@@ -74,18 +75,22 @@
public String SERVICE_NAME = "UserManagement";
/**
- * Retrieves a <code>JetspeedUser</code> given the primary principle id.
+ * Retrieves a <code>JetspeedUser</code> given the primary principle.
+ * The principal can be any valid Jetspeed Security Principal:
+ * <code>org.apache.jetspeed.om.security.UserNamePrincipal</code>
+ * <code>org.apache.jetspeed.om.security.UserIdPrincipal</code>
+ *
* The security service may optionally check the current user context
* to determine if the requestor has permission to perform this action.
*
- * @param principal the principal identity to be retrieved.
+ * @param principal a principal identity to be retrieved.
* @return a <code>JetspeedUser</code> associated to the principal identity.
* @exception UserException when the security provider has a general failure
retrieving a user.
* @exception UnknownUserException when the security provider cannot match
* the principal identity to a user.
* @exception InsufficientPrivilegeException when the requestor is denied due
to insufficient privilege
*/
- JetspeedUser getUser(String principal)
+ JetspeedUser getUser(Principal principal)
throws JetspeedSecurityException;
/**
@@ -151,7 +156,7 @@
* the principal identity to a user.
* @exception InsufficientPrivilegeException when the requestor is denied due
to insufficient privilege
*/
- void removeUser(String principal)
+ void removeUser(Principal principal)
throws JetspeedSecurityException;
}
No revision
No revision
1.1.2.1 +212 -0
jakarta-jetspeed/src/java/org/apache/jetspeed/services/security/Attic/TestPortalAuthentication.java
No revision
No revision
1.1.2.2 +159 -4
jakarta-jetspeed/src/java/org/apache/jetspeed/services/security/turbine/Attic/TurbineAuthentication.java
Index: TurbineAuthentication.java
===================================================================
RCS file:
/home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/services/security/turbine/Attic/TurbineAuthentication.java,v
retrieving revision 1.1.2.1
retrieving revision 1.1.2.2
diff -u -r1.1.2.1 -r1.1.2.2
--- TurbineAuthentication.java 25 May 2002 03:39:04 -0000 1.1.2.1
+++ TurbineAuthentication.java 30 May 2002 07:04:11 -0000 1.1.2.2
@@ -56,13 +56,33 @@
import javax.servlet.ServletConfig;
+import org.apache.turbine.util.Log;
import org.apache.turbine.services.TurbineBaseService;
+import org.apache.turbine.services.TurbineServices;
import org.apache.turbine.services.InitializationException;
+import org.apache.turbine.services.resources.ResourceService;
import org.apache.jetspeed.services.security.PortalAuthentication;
import org.apache.jetspeed.services.security.LoginException;
import org.apache.jetspeed.om.security.JetspeedUser;
+import org.apache.jetspeed.om.security.JetspeedUserFactory;
+import org.apache.jetspeed.om.security.UserNamePrincipal;
+
+import org.apache.jetspeed.services.JetspeedUserManagement;
+import org.apache.jetspeed.services.security.JetspeedSecurityService;
+import org.apache.jetspeed.services.security.LoginException;
+import org.apache.jetspeed.services.security.FailedLoginException;
+import org.apache.jetspeed.services.security.UnknownUserException;
+import org.apache.jetspeed.services.security.UserException;
+import org.apache.jetspeed.services.security.JetspeedSecurityException;
+
+// Password encryption
+import javax.mail.internet.MimeUtility;
+import java.security.MessageDigest;
+import java.io.OutputStream;
+import java.io.ByteArrayOutputStream;
+
/**
* <p> The <code>TurbineAuthentication</code> class is a default Jetspeed
@@ -73,12 +93,32 @@
* This service does not use any of the Turbine security or user management classes.
*
* @author <a href="mailto:[EMAIL PROTECTED]";>David Sean Taylor</a>
- * @version $Id: TurbineAuthentication.java,v 1.1.2.1 2002/05/25 03:39:04 taylor
Exp $
+ * @version $Id: TurbineAuthentication.java,v 1.1.2.2 2002/05/30 07:04:11 taylor
Exp $
*/
-
+
public class TurbineAuthentication extends TurbineBaseService
- implements PortalAuthentication
+ implements PortalAuthentication
{
+ private final static String CONFIG_CASEINSENSITIVE_USERNAME =
"caseinsensitive.username";
+ private final static String CONFIG_CASEINSENSITIVE_PASSWORD =
"caseinsensitive.password";
+ private final static String CONFIG_CASEINSENSITIVE_UPPER =
"caseinsensitive.upper";
+ private final static String CONFIG_LOGON_STRIKE_COUNT = "logon.strike.count";
+ private final static String CONFIG_LOGON_STRIKE_MAX = "logon.strike.max";
+ private final static String CONFIG_LOGON_STRIKE_INTERVAL =
"logon.strike.interval";
+ private final static String CONFIG_SECURE_PASSWORDS_KEY = "secure.passwords";
+ private final static String CONFIG_SECURE_PASSWORDS_ALGORITHM =
"secure.passwords.algorithm";
+
+ boolean caseInsensitiveUsername = false;
+ boolean caseInsensitivePassword = false;
+ boolean caseInsensitiveUpper = true;
+ int strikeCount = 3; // 3 within the interval
+ int strikeMax = 20; // 20 total failures
+ long strikeInterval = 300; // five minutes
+
+ boolean securePasswords = false;
+ String passwordsAlgorithm = "SHA";
+
+
/**
* Given a public credential(username) and private credential(password),
* perform authentication. If authentication succeeds, a
<code>JetspeedUser</code>
@@ -95,7 +135,33 @@
public JetspeedUser login(String username, String password)
throws LoginException
{
- return null;
+ JetspeedUser user = null;
+
+ username = convertUserName(username);
+ password = convertPassword(password);
+
+ try
+ {
+ user = JetspeedUserManagement.getUser(new UserNamePrincipal(username));
+
+ }
+ catch (UnknownUserException e)
+ {
+ throw new FailedLoginException(e.toString());
+ }
+ catch (JetspeedSecurityException e)
+ {
+ throw new LoginException(e.toString());
+ }
+ // validated ok, encrypt if necessary
+ String encrypted = encryptPassword(password, this.passwordsAlgorithm);
+ if(!user.getPassword().equals(encrypted))
+ {
+ throw new FailedLoginException("Credential authentication failure");
+ }
+
+ return user;
+
}
/**
@@ -138,7 +204,96 @@
super.init(conf);
+ // get configuration parameters from Jetspeed Resources
+ ResourceService serviceConf =
((TurbineServices)TurbineServices.getInstance())
+
.getResources(JetspeedSecurityService.SERVICE_NAME);
+
+ caseInsensitiveUsername =
serviceConf.getBoolean(CONFIG_CASEINSENSITIVE_USERNAME,
+ caseInsensitiveUsername);
+ caseInsensitivePassword =
serviceConf.getBoolean(CONFIG_CASEINSENSITIVE_PASSWORD,
+ caseInsensitivePassword);
+ caseInsensitiveUpper = serviceConf.getBoolean(CONFIG_CASEINSENSITIVE_UPPER,
+ caseInsensitiveUpper);
+
+ strikeCount = serviceConf.getInt(CONFIG_LOGON_STRIKE_COUNT, strikeCount);
+ strikeInterval = serviceConf.getLong(CONFIG_LOGON_STRIKE_INTERVAL,
strikeInterval);
+ strikeMax = serviceConf.getInt(CONFIG_LOGON_STRIKE_MAX, strikeMax);
+
+
+ securePasswords = serviceConf.getBoolean(CONFIG_SECURE_PASSWORDS_KEY,
+ securePasswords);
+ passwordsAlgorithm =
serviceConf.getString(CONFIG_SECURE_PASSWORDS_ALGORITHM,
+ passwordsAlgorithm);
+
setInit(true);
}
+
+ /**
+ * Given a username, converts to upper or lower case depending on the
+ * Jetspeed configuration settings.
+ *
+ * @return the username converted to either lower or upper case.
+ */
+ protected String convertUserName(String username)
+ {
+ if (caseInsensitiveUsername)
+ {
+ username = (caseInsensitiveUpper) ? username.toUpperCase() :
username.toLowerCase();
+ }
+ return username;
+ }
+
+ /**
+ * Given a password, converts to upper or lower case depending on the
+ * Jetspeed configuration settings.
+ *
+ * @return the password converted to either lower or upper case.
+ */
+ protected String convertPassword(String password)
+ {
+ if (caseInsensitivePassword)
+ {
+ password = (caseInsensitiveUpper) ? password.toUpperCase() :
password.toLowerCase();
+ }
+ return password;
+ }
+
+ /**
+ * This method provides client-side encryption of passwords.
+ *
+ * If <code>secure.passwords</code> are enabled in TurbineResources,
+ * the password will be encrypted, if not, it will be returned unchanged.
+ * The <code>secure.passwords.algorithm</code> property can be used
+ * to chose which digest algorithm should be used for performing the
+ * encryption. <code>SHA</code> is used by default.
+ *
+ * @param password the password to process
+ * @param algorithm the encryption algorithm to use.
+ * @return processed password
+ */
+ static String encryptPassword(String password, String algorithm)
+ {
+ if(password == null)
+ return null;
+
+ try
+ {
+ MessageDigest md = MessageDigest.getInstance(algorithm);
+ // We need to use unicode here, to be independent of platform's
+ // default encoding. Thanks to SGawin for spotting this.
+ byte[] digest = md.digest(password.getBytes("UTF-8"));
+ ByteArrayOutputStream bas = new ByteArrayOutputStream(digest.length +
digest.length / 3 + 1);
+ OutputStream encodedStream = MimeUtility.encode(bas, "base64");
+ encodedStream.write(digest);
+ return bas.toString();
+ }
+ catch (Exception e)
+ {
+ Log.error("Unable to encrypt password."+e.getMessage());
+ Log.error(e);
+
+ return null;
+ }
+ }
}
No revision
No revision
1.1.2.1 +267 -0
jakarta-jetspeed/src/java/org/apache/jetspeed/services/security/turbine/Attic/TurbineUserManagement.java
No revision
No revision
1.77.2.1 +1 -31
jakarta-jetspeed/webapp/WEB-INF/conf/JetspeedResources.properties
Index: JetspeedResources.properties
===================================================================
RCS file:
/home/cvs/jakarta-jetspeed/webapp/WEB-INF/conf/JetspeedResources.properties,v
retrieving revision 1.77
retrieving revision 1.77.2.1
diff -u -r1.77 -r1.77.2.1
--- JetspeedResources.properties 10 May 2002 18:43:01 -0000 1.77
+++ JetspeedResources.properties 30 May 2002 07:04:11 -0000 1.77.2.1
@@ -1,7 +1,7 @@
################################################################################
# Jetspeed Configuration
# Author: Kevin A. Burton ([EMAIL PROTECTED])
-# $Id: JetspeedResources.properties,v 1.77 2002/05/10 18:43:01 kimptoc Exp $
+# $Id: JetspeedResources.properties,v 1.77.2.1 2002/05/30 07:04:11 taylor Exp $
################################################################################
# This is the main file you will need to configuration Jetspeed. If there are
# any secondary files they will be pointed to from this file.
@@ -401,36 +401,6 @@
# Media types template to create for user. (comma separated)
services.Profiler.newuser.media_types=html,wml
-
-#########################################
-# Jetspeed Security Service #
-#########################################
-# Role(s) to assign to new user. Multiple Role must be comma separated.
-services.JetspeedSecurity.newuser.roles=user
-
-# Default permission(s) when object have no permissions defined
-# The follow permissions are define in the default Jetspeed installation:
-# view, customize, minimize, maximize, close
-# * = All permissions
-services.JetspeedSecurity.permission.default.anonymous=view
-services.JetspeedSecurity.permission.default.loggedin=*
-
-# During logon, username and password can be case sensitive or case insensitive
-# This option configures the logon username and password to be case sensitive or
insensitive
-# if its case insensitive, then "logon.casesensitive.upper" controls whether the
username and
-# password or converted to upper or lower case before passing on to the database
-services.JetspeedSecurity.caseinsensitive.username=false
-services.JetspeedSecurity.caseinsensitive.password=false
-services.JetspeedSecurity.caseinsensitive.upper=true
-
-# Auto-Account-Disable Feature
-services.JetspeedSecurity.logon.auto.disable=true
-
-# 3 logon strikes per 300 seconds and your out
-services.JetspeedSecurity.logon.strike.count=3
-services.JetspeedSecurity.logon.strike.interval=300
-# dont allow more than 10 over any time period
-services.JetspeedSecurity.logon.strike.max=10
#########################################
1.1.2.3 +128 -11
jakarta-jetspeed/webapp/WEB-INF/conf/Attic/JetspeedSecurity.properties
Index: JetspeedSecurity.properties
===================================================================
RCS file:
/home/cvs/jakarta-jetspeed/webapp/WEB-INF/conf/Attic/JetspeedSecurity.properties,v
retrieving revision 1.1.2.2
retrieving revision 1.1.2.3
diff -u -r1.1.2.2 -r1.1.2.3
--- JetspeedSecurity.properties 26 May 2002 17:54:02 -0000 1.1.2.2
+++ JetspeedSecurity.properties 30 May 2002 07:04:11 -0000 1.1.2.3
@@ -1,5 +1,5 @@
# -------------------------------------------------------------------
-# $Id: JetspeedSecurity.properties,v 1.1.2.2 2002/05/26 17:54:02 paulsp Exp $
+# $Id: JetspeedSecurity.properties,v 1.1.2.3 2002/05/30 07:04:11 taylor Exp $
#
# This is the configuration file for JetspeedSecurity
#
@@ -8,20 +8,137 @@
#
# -------------------------------------------------------------------
-#########################################
-# Authentication Service #
-#########################################
+#
services.SecurityService.classname=org.apache.jetspeed.services.security.JetspeedDBSecurityService
+
+# -------------------------------------------------------------------
+#
+# Authentication Service
+#
+# -------------------------------------------------------------------
services.PortalAuthentication.classname=org.apache.jetspeed.services.security.turbine.TurbineAuthentication
-#########################################
-# Authorization Service #
-#########################################
+# -------------------------------------------------------------------
+#
+# Authorization, UserManagement Services
+#
+# -------------------------------------------------------------------
services.PortalAccessController.classname=org.apache.jetspeed.services.security.turbine.TurbineAccessController
-#########################################
-# User Management Service #
-#########################################
+# -------------------------------------------------------------------
+#
+# UserManagement Services
+#
+# -------------------------------------------------------------------
+
+services.UserManagement.classname=org.apache.jetspeed.services.security.turbine.TurbineUserManagement
+
+#
+# User Class
+#
+services.JetspeedSecurity.user.class=org.apache.jetspeed.om.security.BaseJetspeedUser
+services.JetspeedSecurity.user.persisted.class=org.apache.jetspeed.om.security.turbine.TurbineUser
+
+#
+# This is used by the SecurityService to make the password checking
+# secure. When enabled, passwords are transformed by a one-way
+# function into a sequence of bytes that is base64 encoded.
+# It is impossible to guess the plain-text form of the password
+# from the representation. When user logs in, the entered password
+# is transformed the same way and then compared with stored value.
+#
+# Default: false
+#
+
+services.JetspeedSecurity.secure.passwords=false
+
+#
+# This property lets you choose what digest algorithm will be used
+# for encrypting passwords. Check documentation of your JRE for
+# available algorithms.
+#
+# Default: SHA
+#
+
+services.JetspeedSecurity.secure.passwords.algorithm=SHA
+
+# Role(s) to assign to new user. Multiple Role must be comma separated.
+services.JetspeedSecurity.newuser.roles=user
+
+# Default permission(s) when object have no permissions defined
+# The follow permissions are define in the default Jetspeed installation:
+# view, customize, minimize, maximize, close
+# * = All permissions
+services.JetspeedSecurity.permission.default.anonymous=view
+services.JetspeedSecurity.permission.default.loggedin=*
+
+# During logon, username and password can be case sensitive or case insensitive
+# This option configures the logon username and password to be case sensitive or
insensitive
+# if its case insensitive, then "logon.casesensitive.upper" controls whether the
username and
+# password or converted to upper or lower case before passing on to the database
+services.JetspeedSecurity.caseinsensitive.username=false
+services.JetspeedSecurity.caseinsensitive.password=false
+services.JetspeedSecurity.caseinsensitive.upper=true
+
+# Auto-Account-Disable Feature
+services.JetspeedSecurity.logon.auto.disable=false
+
+# 3 logon strikes per 300 seconds and your out
+services.JetspeedSecurity.logon.strike.count=3
+services.JetspeedSecurity.logon.strike.interval=300
+# dont allow more than 10 over any time period
+services.JetspeedSecurity.logon.strike.max=10
+
+# -------------------------------------------------------------------
+#
+# To Be Deleted soon...
+#
+# -------------------------------------------------------------------
+#
+# This is the class that implements the User interface.
+# You want to override this setting only if you want your User
+# implementation to provide application specific addtional
+# functionality.
+#
+# Default: org.apache.turbine.om.security.TurbineUser
+#
+
+# services.SecurityService.user.class=org.apache.turbine.om.security.TurbineUser
+#
services.SecurityService.user.class=org.apache.jetspeed.om.security.BaseTurbineUser
+
+#
+# This setting is DBSecurityService specific - this class is consulted for the names
+# of the columns in the users' tables for the purpose of creating join queries.
+# If you use your own User implementation in conjunction with DBSecurityService,
+# it's peer class must implement org.apache.turbine.om.security.peer.UserPeer
interface,
+# and you need to specify the name of the peer class here.
+#
+# Defalut: org.apache.turbine.om.security.peer.TurbineUserPeer
+#
+#
services.SecurityService.userPeer.class=org.apache.turbine.om.security.peer.TurbineUserPeer
+#
services.SecurityService.userPeer.class=org.apache.jetspeed.om.security.peer.TurbineUserPeerAdapter
+
+#
+# This is the class that implements UserManager interface.
+# Override this setting if you want your User information stored
+# on a different medium (LADP directory is a good example).
+# Default implementation uses Peers and a relational database .
+#
+#
services.SecurityService.user.manager=org.apache.turbine.services.security.db.DBUserManager
+
+# -------------------------------------------------------------------
+#
+# P E E R S
+#
+# -------------------------------------------------------------------
+# Supplies Turbine with information about the database schema, which
+# can simplify any required Peer classes.
+#
+# Default: org.apache.turbine.util.db.map.TurbineMapBuilder
+# -------------------------------------------------------------------
+
+# database.maps.builder=org.apache.turbine.util.db.map.TurbineMapBuilder
+#
database.maps.builder=org.apache.jetspeed.om.security.db.map.JetspeedMapBuilderAdapter
+#
database.maps.builder=org.apache.jetspeed.om.security.map.TurbineUserMapBuilderAdapter
-#
services.UserManagement.classname=org.apache.jetspeed.services.security.turbine.UserManagement
1.52.2.2 +1 -162 jakarta-jetspeed/webapp/WEB-INF/conf/TurbineResources.properties
Index: TurbineResources.properties
===================================================================
RCS file:
/home/cvs/jakarta-jetspeed/webapp/WEB-INF/conf/TurbineResources.properties,v
retrieving revision 1.52.2.1
retrieving revision 1.52.2.2
diff -u -r1.52.2.1 -r1.52.2.2
--- TurbineResources.properties 25 May 2002 03:37:25 -0000 1.52.2.1
+++ TurbineResources.properties 30 May 2002 07:04:11 -0000 1.52.2.2
@@ -1,5 +1,5 @@
# -------------------------------------------------------------------
-# $Id: TurbineResources.properties,v 1.52.2.1 2002/05/25 03:37:25 taylor Exp $
+# $Id: TurbineResources.properties,v 1.52.2.2 2002/05/30 07:04:11 taylor Exp $
#
# This is the configuration file for Turbine.
#
@@ -160,77 +160,6 @@
# -------------------------------------------------------------------
#
-# D A T A B A S E S E T T I N G S
-#
-# -------------------------------------------------------------------
-
-
-# -------------------------------------------------------------------
-# -------------------------------------------------------------------
-#This is not used in the brave new world of Torque - see Torque.properties
-# -------------------------------------------------------------------
-# -------------------------------------------------------------------
-
-
-
-
-# These are your database settings. Look in the
-# org.apache.turbine.util.db.pool.* packages for more information.
-# The default driver for Turbine is for MySQL.
-#
-# The parameters to connect to the default database. You MUST
-# configure these properly.
-# -------------------------------------------------------------------
-
-#This is not used in the brave new world of Torque - see Torque.properties
-
-#database.default.driver=org.hsql.jdbcDriver
-#database.default.url=jdbc:HypersonicSQL:${webappRoot}/WEB-INF/db/jetspeed
-#database.default.username=sa
-#database.default.password=
-
-# The number of database connections to cache per ConnectionPool
-# instance (specified per database).
-
-database.default.maxConnections=3
-
-# The amount of time (in milliseconds) that database connections will be
-# cached (specified per database).
-#
-# Default: one hour = 60 * 60 * 1000
-
-database.default.expiryTime=3600000
-
-# The amount of time (in milliseconds) a connection request will have to wait
-# before a time out occurs and an error is thrown.
-#
-# Default: ten seconds = 10 * 1000
-
-database.connectionWaitTimeout=10000
-
-# The interval (in milliseconds) between which the PoolBrokerService logs
-# the status of it's ConnectionPools.
-#
-# Default: No logging = 0 = 0 * 1000
-
-database.logInterval=0
-
-# These are the supported JDBC drivers and their associated Turbine
-# adaptor. These properties are used by the DBFactory. You can add
-# all the drivers you want here.
-
-
-database.adaptor=DBHypersonicSQL
-database.adaptor.DBHypersonicSQL=org.hsql.jdbcDriver
-
-# Determines if the quantity column of the IDBroker's id_table should
-# be increased automatically if requests for ids reaches a high
-# volume.
-
-database.idbroker.cleverquantity=true
-
-# -------------------------------------------------------------------
-#
# F R A M E W O R K S E T T I N G S
#
# -------------------------------------------------------------------
@@ -363,20 +292,6 @@
# -------------------------------------------------------------------
#
-# P E E R S
-#
-# -------------------------------------------------------------------
-# Supplies Turbine with information about the database schema, which
-# can simplify any required Peer classes.
-#
-# Default: org.apache.turbine.util.db.map.TurbineMapBuilder
-# -------------------------------------------------------------------
-
-# database.maps.builder=org.apache.turbine.util.db.map.TurbineMapBuilder
-database.maps.builder=org.apache.jetspeed.om.security.db.map.JetspeedMapBuilderAdapter
-
-# -------------------------------------------------------------------
-#
# M E S S A G E S
#
# -------------------------------------------------------------------
@@ -443,7 +358,6 @@
#services.XmlRpcService.classname=org.apache.turbine.services.xmlrpc.TurbineXmlRpcService
services.UniqueIdService.classname=org.apache.turbine.services.uniqueid.TurbineUniqueIdService
services.UploadService.classname=org.apache.turbine.services.upload.TurbineUploadService
-services.SecurityService.classname=org.apache.jetspeed.services.security.JetspeedDBSecurityService
#services.PoolBrokerService.classname=org.apache.turbine.services.db.TurbinePoolBrokerService
services.PoolBrokerService.classname=org.apache.jetspeed.services.torquewrapper.TorquePoolServiceAdaptor
services.MapBrokerService.classname=org.apache.turbine.services.db.TurbineMapBrokerService
@@ -812,81 +726,6 @@
# Default = false
#
scheduler.enabled=false
-
-
-# -------------------------------------------------------------------
-#
-# S E C U R I T Y S E R V I C E
-#
-# -------------------------------------------------------------------
-
-#
-# This is the class that implements the User interface.
-# You want to override this setting only if you want your User
-# implementation to provide application specific addtional
-# functionality.
-#
-# Default: org.apache.turbine.om.security.TurbineUser
-#
-
-# services.SecurityService.user.class=org.apache.turbine.om.security.TurbineUser
-services.SecurityService.user.class=org.apache.jetspeed.om.security.BaseJetspeedUser
-
-#
-# This setting is DBSecurityService specific - this class is consulted for the names
-# of the columns in the users' tables for the purpose of creating join queries.
-# If you use your own User implementation in conjunction with DBSecurityService,
-# it's peer class must implement org.apache.turbine.om.security.peer.UserPeer
interface,
-# and you need to specify the name of the peer class here.
-#
-# Defalut: org.apache.turbine.om.security.peer.TurbineUserPeer
-#
-#
services.SecurityService.userPeer.class=org.apache.turbine.om.security.peer.TurbineUserPeer
-services.SecurityService.userPeer.class=org.apache.jetspeed.om.security.peer.TurbineUserPeerAdapter
-
-#
-# This is the class that implements UserManager interface.
-# Override this setting if you want your User information stored
-# on a different medium (LADP directory is a good example).
-# Default implementation uses Peers and a relational database .
-#
-
-services.SecurityService.user.manager=org.apache.turbine.services.security.db.DBUserManager
-
-#
-# This is used by the SecurityService to make the password checking
-# secure. When enabled, passwords are transformed by a one-way
-# function into a sequence of bytes that is base64 encoded.
-# It is impossible to guess the plain-text form of the password
-# from the representation. When user logs in, the entered password
-# is transformed the same way and then compared with stored value.
-#
-# Default: false
-#
-
-services.SecurityService.secure.passwords=false
-
-#
-# This property lets you choose what digest algorithm will be used
-# for encrypting passwords. Check documentation of your JRE for
-# available algorithms.
-#
-# Default: SHA
-#
-
-services.SecurityService.secure.passwords.algorithm=SHA
-
-# Configuration for the LDAP Security Service implementation
-
-#services.SecurityService.ldap.security.athentication=simple
-#services.SecurityService.ldap.port=<LDAP PORT>
-#services.SecurityService.ldap.host=<LDAP HOST>
-#services.SecurityService.ldap.admin.username=<ADMIN USERNAME>
-#services.SecurityService.ldap.admin.password=<ADMIN PASSWORD>
-#services.SecurityService.ldap.user.basesearch=<SEARCH PATTERN>
-#services.SecurityService.ldap.user.search.filter=<SEARCH FILTER>
-#services.SecurityService.ldap.dn.attribute=userPrincipalName
-#services.SecurityService.ldap.provider=com.sun.jndi.ldap.LdapCtxFactory
# -------------------------------------------------------------------
#
No revision
No revision
1.11.2.3 +2 -2 jakarta-jetspeed/webapp/WEB-INF/db/jetspeed.properties
Index: jetspeed.properties
===================================================================
RCS file: /home/cvs/jakarta-jetspeed/webapp/WEB-INF/db/jetspeed.properties,v
retrieving revision 1.11.2.2
retrieving revision 1.11.2.3
diff -u -r1.11.2.2 -r1.11.2.3
--- jetspeed.properties 26 May 2002 16:07:51 -0000 1.11.2.2
+++ jetspeed.properties 30 May 2002 07:04:12 -0000 1.11.2.3
@@ -1,4 +1,4 @@
#Hypersonic SQL database
-#Sun May 26 09:01:04 PDT 2002
+#Wed May 29 22:49:31 PDT 2002
version=1.4
-modified=no
+modified=yes
1.13.2.3 +2 -0 jakarta-jetspeed/webapp/WEB-INF/db/jetspeed.script
Index: jetspeed.script
===================================================================
RCS file: /home/cvs/jakarta-jetspeed/webapp/WEB-INF/db/jetspeed.script,v
retrieving revision 1.13.2.2
retrieving revision 1.13.2.3
diff -u -r1.13.2.2 -r1.13.2.3
--- jetspeed.script 26 May 2002 16:07:51 -0000 1.13.2.2
+++ jetspeed.script 30 May 2002 07:04:12 -0000 1.13.2.3
@@ -139,3 +139,5 @@
INSERT INTO COFFEES VALUES('KenyanGrade',2,7.99,1,2)
INSERT INTO COFFEES VALUES('JoeGrade',3,7.99,1,2)
INSERT INTO COFFEES VALUES('CantThinkOfAnymoreGrade',4,7.99,1,2)
+/*C2*/CONNECT USER sa PASSWORD ""
+/*C3*/CONNECT USER sa PASSWORD ""
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
