ate 2005/02/02 17:26:12
Modified:
components/security/src/java/org/apache/jetspeed/security/spi/impl
DefaultCredentialHandler.java
Log:
Throw more specialized SecurityExceptions to allow easier localization and
don't allow setting updateRequired to false if the current password is invalid.
Revision Changes Path
1.13 +24 -10
jakarta-jetspeed-2/components/security/src/java/org/apache/jetspeed/security/spi/impl/DefaultCredentialHandler.java
Index: DefaultCredentialHandler.java
===================================================================
RCS file:
/home/cvs/jakarta-jetspeed-2/components/security/src/java/org/apache/jetspeed/security/spi/impl/DefaultCredentialHandler.java,v
retrieving revision 1.12
retrieving revision 1.13
diff -u -r1.12 -r1.13
--- DefaultCredentialHandler.java 4 Dec 2004 21:08:18 -0000 1.12
+++ DefaultCredentialHandler.java 3 Feb 2005 01:26:12 -0000 1.13
@@ -24,6 +24,9 @@
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
+import org.apache.jetspeed.security.InvalidNewPasswordException;
+import org.apache.jetspeed.security.InvalidPasswordException;
+import org.apache.jetspeed.security.PasswordAlreadyUsedException;
import org.apache.jetspeed.security.SecurityException;
import org.apache.jetspeed.security.om.InternalCredential;
import org.apache.jetspeed.security.om.InternalUserPrincipal;
@@ -145,29 +148,35 @@
credentials = new ArrayList();
}
+ InternalCredential credential = getPasswordCredential(internalUser,
userName );
+
if (null != oldPassword)
{
- if ( pcProvider.getValidator() != null )
- {
- pcProvider.getValidator().validate(oldPassword);
- }
- if ( pcProvider.getEncoder() != null )
+ if ( credential != null &&
+ credential.getValue() != null &&
+ credential.isEncoded() &&
+ pcProvider.getEncoder() != null )
{
oldPassword = pcProvider.getEncoder().encode(userName,
oldPassword);
}
}
- InternalCredential credential = getPasswordCredential(internalUser,
userName );
-
if (oldPassword != null && (credential == null ||
credential.getValue() == null || !credential.getValue().equals(oldPassword)))
{
// supplied PasswordCredential not defined for this user
- throw new SecurityException(SecurityException.INVALID_PASSWORD);
+ throw new InvalidPasswordException();
}
if ( pcProvider.getValidator() != null )
{
- pcProvider.getValidator().validate(newPassword);
+ try
+ {
+ pcProvider.getValidator().validate(newPassword);
+ }
+ catch (InvalidPasswordException ipe)
+ {
+ throw new InvalidNewPasswordException();
+ }
}
boolean encoded = false;
@@ -196,7 +205,7 @@
}
else if ( oldPassword.equals(newPassword) )
{
- throw new SecurityException(SecurityException.INVALID_PASSWORD);
+ throw new PasswordAlreadyUsedException();
}
if ( ipcInterceptor != null )
@@ -256,6 +265,11 @@
InternalCredential credential =
getPasswordCredential(internalUser, userName );
if ( credential != null && !credential.isExpired() &&
credential.isUpdateRequired() != updateRequired )
{
+ // only allow setting updateRequired off if (non-Encoded)
password is valid
+ if ( !updateRequired && !credential.isEncoded() &&
pcProvider.getValidator() != null )
+ {
+
pcProvider.getValidator().validate(credential.getValue());
+ }
credential.setUpdateRequired(updateRequired);
long time = new Date().getTime();
credential.setModifiedDate(new Timestamp(time));
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
