ate 2004/11/11 19:17:47
Modified: jetspeed-api/src/java/org/apache/jetspeed/security
SecurityException.java
components/security/src/test/org/apache/jetspeed/security/spi
TestInternalPasswordCredentialStateHandlingInterceptor.java
jetspeed-api/src/java/org/apache/jetspeed/security/om
InternalCredential.java
components/security/src/java/org/apache/jetspeed/security/om/impl
InternalCredentialImpl.java
components/security/src/java/org/apache/jetspeed/security/spi/impl
InternalPasswordCredentialStateHandlingInterceptor.java
DefaultInternalPasswordCredentialInterceptor.java
DefaultCredentialHandler.java
components/security/src/java/org/apache/jetspeed/security/spi
InternalPasswordCredentialInterceptor.java
components/security/src/java/META-INF
security_repository.xml
portal/src/webapp/WEB-INF/assembly jetspeed-spring.xml
Added: components/security/src/test/org/apache/jetspeed/security/spi
TestInternalPasswordCredentialHistoryHandlingInterceptor.java
components/security/src/test/META-INF sipchhi.xml
components/security/src/java/org/apache/jetspeed/security/spi/impl
InternalPasswordCredentialHistoryHandlingInterceptor.java
Log:
JS2-151 feature: password history implemented (item 3)
Revision Changes Path
1.6 +3 -0
jakarta-jetspeed-2/jetspeed-api/src/java/org/apache/jetspeed/security/SecurityException.java
Index: SecurityException.java
===================================================================
RCS file:
/home/cvs/jakarta-jetspeed-2/jetspeed-api/src/java/org/apache/jetspeed/security/SecurityException.java,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- SecurityException.java 8 Nov 2004 03:23:35 -0000 1.5
+++ SecurityException.java 12 Nov 2004 03:17:46 -0000 1.6
@@ -60,6 +60,9 @@
/** <p>Invalid authentication provider exception message.</p> */
public static final String INVALID_AUTHENTICATION_PROVIDER = "Invalid
authentication provider.";
+ /** <p>Password already used exception message.</p> */
+ public static final String PASSWORD_ALREADY_USED = "Password already
used.";
+
/**
* <p>Default Constructor.</p>
*/
1.3 +4 -4
jakarta-jetspeed-2/components/security/src/test/org/apache/jetspeed/security/spi/TestInternalPasswordCredentialStateHandlingInterceptor.java
Index: TestInternalPasswordCredentialStateHandlingInterceptor.java
===================================================================
RCS file:
/home/cvs/jakarta-jetspeed-2/components/security/src/test/org/apache/jetspeed/security/spi/TestInternalPasswordCredentialStateHandlingInterceptor.java,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- TestInternalPasswordCredentialStateHandlingInterceptor.java 8 Nov
2004 22:36:04 -0000 1.2
+++ TestInternalPasswordCredentialStateHandlingInterceptor.java 12 Nov
2004 03:17:46 -0000 1.3
@@ -22,8 +22,8 @@
import junit.framework.Test;
import junit.framework.TestSuite;
+import org.apache.jetspeed.security.om.InternalCredential;
import org.apache.jetspeed.security.om.InternalUserPrincipal;
-import org.apache.jetspeed.security.om.impl.InternalCredentialImpl;
import org.apache.jetspeed.security.util.test.AbstractSecurityTestcase;
/**
@@ -37,7 +37,7 @@
public class TestInternalPasswordCredentialStateHandlingInterceptor extends
AbstractSecurityTestcase
{
private InternalUserPrincipal internalUser;
- private InternalCredentialImpl credential;
+ private InternalCredential credential;
protected void setUp() throws Exception
{
@@ -85,7 +85,7 @@
protected void loadUser() throws Exception
{
internalUser = securityAccess.getInternalUserPrincipal("testcred");
- credential =
(InternalCredentialImpl)internalUser.getCredentials().iterator().next();
+ credential =
(InternalCredential)internalUser.getCredentials().iterator().next();
}
protected void updateCredential() throws Exception
1.1
jakarta-jetspeed-2/components/security/src/test/org/apache/jetspeed/security/spi/TestInternalPasswordCredentialHistoryHandlingInterceptor.java
Index: TestInternalPasswordCredentialHistoryHandlingInterceptor.java
===================================================================
/* Copyright 2004 Apache Software Foundation
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.jetspeed.security.spi;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import junit.framework.Test;
import junit.framework.TestSuite;
import org.apache.jetspeed.security.SecurityException;
import org.apache.jetspeed.security.om.InternalUserPrincipal;
import org.apache.jetspeed.security.om.impl.InternalCredentialImpl;
import org.apache.jetspeed.security.util.test.AbstractSecurityTestcase;
/**
* <p>
* TestInternalPasswordCredentialHistoryHandlingInterceptor
* </p>
*
* @author <a href="mailto:[EMAIL PROTECTED]">Ate Douma</a>
* @version $Id:
TestInternalPasswordCredentialHistoryHandlingInterceptor.java,v 1.1 2004/11/12
03:17:46 ate Exp $
*/
public class TestInternalPasswordCredentialHistoryHandlingInterceptor extends
AbstractSecurityTestcase
{
private InternalUserPrincipal internalUser;
private InternalCredentialImpl credential;
protected void setUp() throws Exception
{
super.setUp();
// cleanup for previously failed test
destroyUser();
initUser();
}
public void tearDown() throws Exception
{
destroyUser();
super.tearDown();
}
public static Test suite()
{
return new
TestSuite(TestInternalPasswordCredentialHistoryHandlingInterceptor.class);
}
public void testPasswordHistory() throws Exception
{
assertTrue("should be allowed to
authenticate",ums.authenticate("testcred","password"));
ums.setPassword("testcred","password","password1");
ums.setPassword("testcred","password1","password2");
assertTrue("should be allowed to
authenticate",ums.authenticate("testcred","password2"));
try
{
ums.setPassword("testcred","password2","password");
fail("Should not be allowed to reuse a password from password
history");
}
catch (SecurityException sex)
{
assertEquals(SecurityException.PASSWORD_ALREADY_USED,
sex.getMessage());
}
ums.setPassword("testcred","password2","password3");
ums.setPassword("testcred","password3","password4");
ums.setPassword("testcred","password4","password");
assertTrue("should be allowed to
authenticate",ums.authenticate("testcred","password"));
}
protected void initUser() throws Exception
{
ums.addUser("testcred", "password");
}
protected void destroyUser() throws Exception
{
ums.removeUser("testcred");
}
protected String[] getConfigurations()
{
String[] confs = super.getConfigurations();
List confList = new ArrayList(Arrays.asList(confs));
confList.add("META-INF/sipchhi.xml");
return (String[])confList.toArray(new String[1]);
}
}
1.1
jakarta-jetspeed-2/components/security/src/test/META-INF/sipchhi.xml
Index: sipchhi.xml
===================================================================
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN"
"http://www.springframework.org/dtd/spring-beans.dtd";>
<!--
Copyright 2004 The Apache Software Foundation
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<beans>
<!-- MessageDigestCredentialPasswordEncoder usage -->
<bean id="org.apache.jetspeed.security.spi.CredentialPasswordValidator"
class="org.apache.jetspeed.security.spi.impl.DefaultCredentialPasswordValidator"/>
<bean id="org.apache.jetspeed.security.spi.CredentialPasswordEncoder"
class="org.apache.jetspeed.security.spi.impl.MessageDigestCredentialPasswordEncoder">
<constructor-arg index="0"><value>SHA-1</value></constructor-arg>
</bean>
<bean
id="org.apache.jetspeed.security.spi.InternalPasswordCredentialInterceptor"
class="org.apache.jetspeed.security.spi.impl.InternalPasswordCredentialHistoryHandlingInterceptor">
<constructor-arg index="0"><value>3</value></constructor-arg>
<constructor-arg index="1"><value>7</value></constructor-arg>
<!-- historySize -->
<constructor-arg index="2"><value>3</value></constructor-arg>
</bean>
<bean id="org.apache.jetspeed.security.spi.PasswordCredentialProvider"
class="org.apache.jetspeed.security.spi.impl.DefaultPasswordCredentialProvider">
<constructor-arg index="0"><ref
bean="org.apache.jetspeed.security.spi.CredentialPasswordValidator"/></constructor-arg>
<constructor-arg index="1"><null/></constructor-arg>
</bean>
<!-- Security SPI: CredentialHandler -->
<bean id="org.apache.jetspeed.security.spi.CredentialHandler"
class="org.apache.jetspeed.security.spi.impl.DefaultCredentialHandler"
>
<constructor-arg index="0"><ref
bean="org.apache.jetspeed.security.spi.SecurityAccess"/></constructor-arg>
<constructor-arg index="1"><ref
bean="org.apache.jetspeed.security.spi.PasswordCredentialProvider"/></constructor-arg>
<constructor-arg index="2"><ref
bean="org.apache.jetspeed.security.spi.InternalPasswordCredentialInterceptor"/></constructor-arg>
</bean>
</beans>
1.3 +5 -0
jakarta-jetspeed-2/jetspeed-api/src/java/org/apache/jetspeed/security/om/InternalCredential.java
Index: InternalCredential.java
===================================================================
RCS file:
/home/cvs/jakarta-jetspeed-2/jetspeed-api/src/java/org/apache/jetspeed/security/om/InternalCredential.java,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- InternalCredential.java 8 Nov 2004 03:23:36 -0000 1.2
+++ InternalCredential.java 12 Nov 2004 03:17:46 -0000 1.3
@@ -37,6 +37,11 @@
*/
public interface InternalCredential extends Serializable, Cloneable
{
+ /** Private credentials type. */
+ public static final int PRIVATE = 0;
+ /** Public credentials type. */
+ public static final int PUBLIC = 1;
+
/**
* <p>Getter for the credential id.</p>
* @return The credential id.
1.3 +40 -1
jakarta-jetspeed-2/components/security/src/java/org/apache/jetspeed/security/om/impl/InternalCredentialImpl.java
Index: InternalCredentialImpl.java
===================================================================
RCS file:
/home/cvs/jakarta-jetspeed-2/components/security/src/java/org/apache/jetspeed/security/om/impl/InternalCredentialImpl.java,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- InternalCredentialImpl.java 8 Nov 2004 03:23:35 -0000 1.2
+++ InternalCredentialImpl.java 12 Nov 2004 03:17:46 -0000 1.3
@@ -18,6 +18,7 @@
import java.sql.Timestamp;
import org.apache.jetspeed.security.om.InternalCredential;
+import org.apache.jetspeed.util.HashCodeBuilder;
/**
* <p>[EMAIL PROTECTED] InternalCredential} interface implementation.</p>
@@ -34,7 +35,7 @@
}
/**
- * <p>InternalPrincipal constructor given a value, type and
classname.</p>
+ * <p>InternalCredentialImpl constructor given a value, type and
classname.</p>
* @param principalId The principal id.
* @param value The value.
* @param type The type.
@@ -49,6 +50,28 @@
this.creationDate = new Timestamp(System.currentTimeMillis());
this.modifiedDate = this.creationDate;
}
+
+ /**
+ * <p>InternalCredentialImpl copy constructor given another
InternalCredential and overriding classname</p>
+ * @param credential The credential to copy from
+ * @param classname The classname for the new credential
+ */
+ public InternalCredentialImpl(InternalCredential credential, String
classname)
+ {
+ this.authenticationFailures = credential.getAuthenticationFailures();
+ this.classname = classname;
+ this.creationDate = credential.getCreationDate();
+ this.enabled = credential.isEnabled();
+ this.encoded = credential.isEncoded();
+ this.expirationDate = credential.getExpirationDate();
+ this.expired = credential.isExpired();
+ this.lastLogonDate = credential.getLastLogonDate();
+ this.modifiedDate = credential.getModifiedDate();
+ this.principalId = credential.getPrincipalId();
+ this.type = credential.getType();
+ this.updateRequired = credential.isUpdateRequired();
+ this.value = credential.getValue();
+ }
private long credentialId;
@@ -301,6 +324,22 @@
{
this.lastLogonDate = lastLogonDate;
}
+
+ /**
+ * @see java.lang.Object#hashCode()
+ */
+ public int hashCode()
+ {
+ HashCodeBuilder hasher = new HashCodeBuilder(1, 3);
+ hasher.append(getPrincipalId());
+ hasher.append(getCreationDate().getTime());
+ if (getClassname() != null)
+ {
+ hasher.append(getClassname());
+ }
+ return hasher.toHashCode();
+ }
+
/**
* <p>Compares this [EMAIL PROTECTED] InternalCredential} to the
provided credential
1.3 +4 -4
jakarta-jetspeed-2/components/security/src/java/org/apache/jetspeed/security/spi/impl/InternalPasswordCredentialStateHandlingInterceptor.java
Index: InternalPasswordCredentialStateHandlingInterceptor.java
===================================================================
RCS file:
/home/cvs/jakarta-jetspeed-2/components/security/src/java/org/apache/jetspeed/security/spi/impl/InternalPasswordCredentialStateHandlingInterceptor.java,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- InternalPasswordCredentialStateHandlingInterceptor.java 8 Nov 2004
22:35:41 -0000 1.2
+++ InternalPasswordCredentialStateHandlingInterceptor.java 12 Nov 2004
03:17:46 -0000 1.3
@@ -103,12 +103,12 @@
}
/**
- * @see
org.apache.jetspeed.security.spi.InternalPasswordCredentialInterceptor#beforeSetPassword(org.apache.jetspeed.security.om.InternalUserPrincipal,
java.util.Collection, java.lang.String,
org.apache.jetspeed.security.om.InternalCredential, java.lang.String)
+ * @see
org.apache.jetspeed.security.spi.InternalPasswordCredentialInterceptor#beforeSetPassword(org.apache.jetspeed.security.om.InternalUserPrincipal,
java.util.Collection, java.lang.String,
org.apache.jetspeed.security.om.InternalCredential, java.lang.String, boolean)
*/
public void beforeSetPassword(InternalUserPrincipal internalUser,
Collection credentials, String userName,
- InternalCredential credential, String password) throws
SecurityException
+ InternalCredential credential, String password, boolean
authenticated) throws SecurityException
{
- super.beforeSetPassword(internalUser, credentials, userName,
credential, password);
+ super.beforeSetPassword(internalUser, credentials, userName,
credential, password, authenticated);
credential.setExpirationDate(new
Date(System.currentTimeMillis()+maxLifeSpanInMillis));
credential.setExpired(false);
credential.setAuthenticationFailures(0);
1.3 +3 -3
jakarta-jetspeed-2/components/security/src/java/org/apache/jetspeed/security/spi/impl/DefaultInternalPasswordCredentialInterceptor.java
Index: DefaultInternalPasswordCredentialInterceptor.java
===================================================================
RCS file:
/home/cvs/jakarta-jetspeed-2/components/security/src/java/org/apache/jetspeed/security/spi/impl/DefaultInternalPasswordCredentialInterceptor.java,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- DefaultInternalPasswordCredentialInterceptor.java 8 Nov 2004 22:35:41
-0000 1.2
+++ DefaultInternalPasswordCredentialInterceptor.java 12 Nov 2004 03:17:46
-0000 1.3
@@ -74,10 +74,10 @@
}
/**
- * @see
org.apache.jetspeed.security.spi.InternalPasswordCredentialInterceptor#beforeSetPassword(org.apache.jetspeed.security.om.InternalUserPrincipal,
java.util.Collection, java.lang.String,
org.apache.jetspeed.security.om.InternalCredential, java.lang.String)
+ * @see
org.apache.jetspeed.security.spi.InternalPasswordCredentialInterceptor#beforeSetPassword(org.apache.jetspeed.security.om.InternalUserPrincipal,
java.util.Collection, java.lang.String,
org.apache.jetspeed.security.om.InternalCredential, java.lang.String, boolean)
*/
public void beforeSetPassword(InternalUserPrincipal internalUser,
Collection credentials, String userName,
- InternalCredential credential, String password) throws
SecurityException
+ InternalCredential credential, String password, boolean
authenticated) throws SecurityException
{
}
}
1.10 +4 -10
jakarta-jetspeed-2/components/security/src/java/org/apache/jetspeed/security/spi/impl/DefaultCredentialHandler.java
Index: DefaultCredentialHandler.java
===================================================================
RCS file:
/home/cvs/jakarta-jetspeed-2/components/security/src/java/org/apache/jetspeed/security/spi/impl/DefaultCredentialHandler.java,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -r1.9 -r1.10
--- DefaultCredentialHandler.java 8 Nov 2004 03:23:35 -0000 1.9
+++ DefaultCredentialHandler.java 12 Nov 2004 03:17:46 -0000 1.10
@@ -40,12 +40,6 @@
{
private static final Log log =
LogFactory.getLog(DefaultCredentialHandler.class);
- /** Private credentials type. */
- private static final int PRIVATE = 0;
-
- /** Public credentials type. */
- private static final int PUBLIC = 1;
-
private SecurityAccess securityAccess;
private PasswordCredentialProvider pcProvider;
@@ -106,7 +100,7 @@
while (iter.hasNext())
{
credential = (InternalCredential) iter.next();
- if (credential.getType() == PRIVATE )
+ if (credential.getType() == InternalCredential.PRIVATE )
{
if ((null != credential.getClassname())
&&
(credential.getClassname().equals(pcProvider.getPasswordCredentialClass().getName())))
@@ -184,9 +178,9 @@
boolean create = credential == null;
- if ( credential == null )
+ if ( create )
{
- credential = new
InternalCredentialImpl(internalUser.getPrincipalId(), newPassword, PRIVATE,
+ credential = new
InternalCredentialImpl(internalUser.getPrincipalId(), newPassword,
InternalCredential.PRIVATE,
pcProvider.getPasswordCredentialClass().getName());
credential.setEncoded(encoded);
credentials.add(credential);
@@ -212,7 +206,7 @@
}
else
{
- ipcInterceptor.beforeSetPassword(internalUser, credentials,
userName, credential, newPassword );
+ ipcInterceptor.beforeSetPassword(internalUser, credentials,
userName, credential, newPassword, oldPassword != null );
}
}
if (!create)
1.1
jakarta-jetspeed-2/components/security/src/java/org/apache/jetspeed/security/spi/impl/InternalPasswordCredentialHistoryHandlingInterceptor.java
Index: InternalPasswordCredentialHistoryHandlingInterceptor.java
===================================================================
/* Copyright 2004 Apache Software Foundation
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.jetspeed.security.spi.impl;
import java.sql.Timestamp;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Comparator;
import java.util.Iterator;
import org.apache.jetspeed.security.SecurityException;
import org.apache.jetspeed.security.om.InternalCredential;
import org.apache.jetspeed.security.om.InternalUserPrincipal;
import org.apache.jetspeed.security.om.impl.InternalCredentialImpl;
/**
* <p>
* InternalPasswordCredentialHistoryHandlingInterceptor
* </p>
*
* @author <a href="mailto:[EMAIL PROTECTED]">Ate Douma</a>
* @version $Id: InternalPasswordCredentialHistoryHandlingInterceptor.java,v
1.1 2004/11/12 03:17:46 ate Exp $
*/
public class InternalPasswordCredentialHistoryHandlingInterceptor extends
InternalPasswordCredentialStateHandlingInterceptor
{
private int historySize;
private static String HISTORICAL_PASSWORD_CREDENTIAL =
"org.apache.jetspeed.security.spi.impl.HistoricalPasswordCredentialImpl";
private static final Comparator internalCredentialCreationDateComparator =
new Comparator()
{
public int compare(Object obj1, Object obj2)
{
return
((InternalCredential)obj2).getCreationDate().compareTo(((InternalCredential)obj1).getCreationDate());
}
};
public InternalPasswordCredentialHistoryHandlingInterceptor(int
maxNumberOfAuthenticationFailures,
int maxLifeSpanInDays, int historySize)
{
super(maxNumberOfAuthenticationFailures, maxLifeSpanInDays);
this.historySize = historySize;
}
/**
* @see
org.apache.jetspeed.security.spi.InternalPasswordCredentialStateHandlingInterceptor#beforeSetPassword(org.apache.jetspeed.security.om.InternalUserPrincipal,
java.util.Collection, java.lang.String,
org.apache.jetspeed.security.om.InternalCredential, java.lang.String, boolean)
*/
public void beforeSetPassword(InternalUserPrincipal internalUser,
Collection credentials, String userName,
InternalCredential credential, String password, boolean
authenticated) throws SecurityException
{
Collection internalCredentials = internalUser.getCredentials();
ArrayList historicalPasswordCredentials = new ArrayList();
if ( internalCredentials != null )
{
InternalCredential currCredential;
Iterator iter = internalCredentials.iterator();
while (iter.hasNext())
{
currCredential = (InternalCredential) iter.next();
if (currCredential.getType() == InternalCredential.PRIVATE )
{
if ((null != currCredential.getClassname())
&&
(currCredential.getClassname().equals(HISTORICAL_PASSWORD_CREDENTIAL)))
{
historicalPasswordCredentials.add(currCredential);
}
}
}
}
if (historicalPasswordCredentials.size() > 1)
{
Collections.sort(historicalPasswordCredentials,internalCredentialCreationDateComparator);
}
int historyCount = historyCount =
historicalPasswordCredentials.size();
InternalCredential historicalPasswordCredential;
if ( authenticated )
{
// check password already used
for ( int i = 0; i < historyCount && i < historySize; i++ )
{
historicalPasswordCredential =
(InternalCredential)historicalPasswordCredentials.get(i);
if ( historicalPasswordCredential.getValue() != null &&
historicalPasswordCredential.getValue().equals(password) )
{
throw new
SecurityException(SecurityException.PASSWORD_ALREADY_USED);
}
}
}
for ( int i = historySize-1; i < historyCount; i++ )
{
credentials.remove(historicalPasswordCredentials.get(i));
}
historicalPasswordCredential = new
InternalCredentialImpl(credential,HISTORICAL_PASSWORD_CREDENTIAL);
credentials.add(historicalPasswordCredential);
// fake update to current InternalCredential as being an insert of a
new one
credential.setCreationDate(new Timestamp(System.currentTimeMillis()));
super.beforeSetPassword(internalUser, credentials, userName,
credential, password, authenticated);
}
}
1.3 +2 -2
jakarta-jetspeed-2/components/security/src/java/org/apache/jetspeed/security/spi/InternalPasswordCredentialInterceptor.java
Index: InternalPasswordCredentialInterceptor.java
===================================================================
RCS file:
/home/cvs/jakarta-jetspeed-2/components/security/src/java/org/apache/jetspeed/security/spi/InternalPasswordCredentialInterceptor.java,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- InternalPasswordCredentialInterceptor.java 8 Nov 2004 22:35:41
-0000 1.2
+++ InternalPasswordCredentialInterceptor.java 12 Nov 2004 03:17:46
-0000 1.3
@@ -33,5 +33,5 @@
boolean afterLoad(PasswordCredentialProvider pcProvider, String
userName, InternalCredential credential) throws SecurityException;
boolean afterAuthenticated(InternalUserPrincipal internalUser, String
userName, InternalCredential credential, boolean authenticated) throws
SecurityException;
void beforeCreate(InternalUserPrincipal internalUser, Collection
credentials, String userName, InternalCredential credential, String password)
throws SecurityException;
- void beforeSetPassword(InternalUserPrincipal internalUser, Collection
credentials, String userName, InternalCredential credential, String password)
throws SecurityException;
+ void beforeSetPassword(InternalUserPrincipal internalUser, Collection
credentials, String userName, InternalCredential credential, String password,
boolean authenticated) throws SecurityException;
}
1.3 +2 -0
jakarta-jetspeed-2/components/security/src/java/META-INF/security_repository.xml
Index: security_repository.xml
===================================================================
RCS file:
/home/cvs/jakarta-jetspeed-2/components/security/src/java/META-INF/security_repository.xml,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- security_repository.xml 8 Nov 2004 03:23:36 -0000 1.2
+++ security_repository.xml 12 Nov 2004 03:17:46 -0000 1.3
@@ -81,6 +81,8 @@
<collection-descriptor
name="credentials"
element-class-ref="org.apache.jetspeed.security.om.impl.InternalCredentialImpl"
+ proxy="true"
+ refresh="true"
auto-retrieve="true"
auto-update="object"
auto-delete="object"
1.32 +3 -1
jakarta-jetspeed-2/portal/src/webapp/WEB-INF/assembly/jetspeed-spring.xml
Index: jetspeed-spring.xml
===================================================================
RCS file:
/home/cvs/jakarta-jetspeed-2/portal/src/webapp/WEB-INF/assembly/jetspeed-spring.xml,v
retrieving revision 1.31
retrieving revision 1.32
diff -u -r1.31 -r1.32
--- jetspeed-spring.xml 8 Nov 2004 03:23:37 -0000 1.31
+++ jetspeed-spring.xml 12 Nov 2004 03:17:47 -0000 1.32
@@ -385,11 +385,13 @@
</bean>
<bean
id="org.apache.jetspeed.security.spi.InternalPasswordCredentialInterceptor"
-
class="org.apache.jetspeed.security.spi.impl.InternalPasswordCredentialStateHandlingInterceptor">
+
class="org.apache.jetspeed.security.spi.impl.InternalPasswordCredentialHistoryHandlingInterceptor">
<!-- maxNumberOfAuthenticationFailures -->
<constructor-arg index="0"><value>3</value></constructor-arg>
<!-- maxLifeSpanInDays -->
<constructor-arg index="1"><value>60</value></constructor-arg>
+ <!-- historySize -->
+ <constructor-arg index="2"><value>3</value></constructor-arg>
</bean>
<!-- Security SPI: CredentialHandler -->
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
