Author: ate
Date: Wed Mar 24 15:57:09 2010
New Revision: 927095
URL: http://svn.apache.org/viewvc?rev=927095&view=rev
Log:
JS2-548: Extending password policy to require alternate characters (eg 2
numbers along with 4 letters) will fail on auto-password generation for new
user registration
See: http://issues.apache.org/jira/browse/JS2-548
Solved by providing a pluggable solution with a new
o.a.j.administration.PasswordGenerator interface and default implementation
which can be customized, extended or even replaced.
The default implementation also provides support for an optional
CredentialPasswordValidator to ensure a new password complies with the existing
password policy configuration.
Added:
portals/jetspeed-2/portal/trunk/components/jetspeed-portal/src/main/java/org/apache/jetspeed/administration/SimplePasswordGeneratorImpl.java
(with props)
portals/jetspeed-2/portal/trunk/jetspeed-api/src/main/java/org/apache/jetspeed/administration/PasswordGenerator.java
(with props)
Modified:
portals/jetspeed-2/portal/trunk/components/jetspeed-portal/src/main/java/org/apache/jetspeed/administration/AdminUtil.java
portals/jetspeed-2/portal/trunk/components/jetspeed-portal/src/main/java/org/apache/jetspeed/administration/PortalAdministrationImpl.java
portals/jetspeed-2/portal/trunk/jetspeed-portal-resources/src/main/resources/assembly/administration.xml
Modified:
portals/jetspeed-2/portal/trunk/components/jetspeed-portal/src/main/java/org/apache/jetspeed/administration/AdminUtil.java
URL:
http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/components/jetspeed-portal/src/main/java/org/apache/jetspeed/administration/AdminUtil.java?rev=927095&r1=927094&r2=927095&view=diff
==============================================================================
---
portals/jetspeed-2/portal/trunk/components/jetspeed-portal/src/main/java/org/apache/jetspeed/administration/AdminUtil.java
(original)
+++
portals/jetspeed-2/portal/trunk/components/jetspeed-portal/src/main/java/org/apache/jetspeed/administration/AdminUtil.java
Wed Mar 24 15:57:09 2010
@@ -16,12 +16,7 @@
*/
package org.apache.jetspeed.administration;
-import java.util.ArrayList;
-
-import javax.servlet.jsp.JspException;
-
import org.apache.jetspeed.om.folder.Folder;
-import org.apache.taglibs.random.RandomStrg;
/**
* Helper for admininstration
@@ -32,45 +27,6 @@ import org.apache.taglibs.random.RandomS
*/
public class AdminUtil
{
- /** the list of characters from which a password can be generatored. */
- protected static final char[] PASS_CHARS = {'a', 'b', 'c', 'd', 'e', 'f',
'g', 'h', 'i', 'j', 'k', 'l', 'm',
- 'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z',
- 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M',
- 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z',
- '1', '2', '3', '4', '5', '6', '7', '8', '9', '0'};
- // removed these for aesthetic purposes
- //'!', '&', '-', '_', '=',
- // '*','@', '#', '$', '%', '^',
- //'+',
-
- public String generatePassword()
- {
- RandomStrg rs = new RandomStrg();
-
- //TODO put in a more secure random number provider
- //rs.setAlgorithm(); -- ideally call this for super security. need
rnd provider
-
- try
- {
- rs.generateRandomObject();
- } catch (JspException e)
- {
- // this would only get thrown if we tried a secure random and the
provider
- // was not available.
- e.printStackTrace();
- }
- rs.setLength(new Integer(12));
- rs.setSingle(PASS_CHARS,PASS_CHARS.length);
- ArrayList upper = new ArrayList();
- ArrayList lower = new ArrayList();
- //upper.add(new Character('A'));
- //lower.add(new Character('B'));
- rs.setRanges(upper,lower);
- String retval = rs.getRandom();
-
- return retval;
- }
-
static public String concatenatePaths(String base, String path)
{
String result = "";
Modified:
portals/jetspeed-2/portal/trunk/components/jetspeed-portal/src/main/java/org/apache/jetspeed/administration/PortalAdministrationImpl.java
URL:
http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/components/jetspeed-portal/src/main/java/org/apache/jetspeed/administration/PortalAdministrationImpl.java?rev=927095&r1=927094&r2=927095&view=diff
==============================================================================
---
portals/jetspeed-2/portal/trunk/components/jetspeed-portal/src/main/java/org/apache/jetspeed/administration/PortalAdministrationImpl.java
(original)
+++
portals/jetspeed-2/portal/trunk/components/jetspeed-portal/src/main/java/org/apache/jetspeed/administration/PortalAdministrationImpl.java
Wed Mar 24 15:57:09 2010
@@ -91,7 +91,7 @@ public class PortalAdministrationImpl im
protected PortalSite portalSite;
protected JavaMailSender mailSender;
protected VelocityEngine velocityEngine;
- protected AdminUtil adminUtil;
+ protected PasswordGenerator passwordGenerator;
/** list of default roles for a registered user */
protected List defaultRoles;
@@ -123,7 +123,15 @@ public class PortalAdministrationImpl im
this.portalSite = portalSite;
this.mailSender = mailSender;
this.velocityEngine = velocityEngine;
- this.adminUtil = new AdminUtil();
+ this.passwordGenerator = new SimplePasswordGeneratorImpl();
+ }
+
+ public void setPasswordGenerator(PasswordGenerator passwordGenerator)
+ {
+ if (passwordGenerator != null)
+ {
+ this.passwordGenerator = passwordGenerator;
+ }
}
public void start()
@@ -384,7 +392,7 @@ public class PortalAdministrationImpl im
*/
public String generatePassword()
{
- return adminUtil.generatePassword();
+ return passwordGenerator.generatePassword();
}
/* (non-Javadoc)
@@ -499,10 +507,10 @@ public class PortalAdministrationImpl im
{
basePath = basePath.replace("/action", "/desktop");
}
- String jetspeedPath = adminUtil.concatenatePaths(baseUrl, basePath);
+ String jetspeedPath = AdminUtil.concatenatePaths(baseUrl, basePath);
if (path == null)
return jetspeedPath;
- return adminUtil.concatenatePaths(jetspeedPath,
response.encodeURL(path));
+ return AdminUtil.concatenatePaths(jetspeedPath,
response.encodeURL(path));
}
Added:
portals/jetspeed-2/portal/trunk/components/jetspeed-portal/src/main/java/org/apache/jetspeed/administration/SimplePasswordGeneratorImpl.java
URL:
http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/components/jetspeed-portal/src/main/java/org/apache/jetspeed/administration/SimplePasswordGeneratorImpl.java?rev=927095&view=auto
==============================================================================
---
portals/jetspeed-2/portal/trunk/components/jetspeed-portal/src/main/java/org/apache/jetspeed/administration/SimplePasswordGeneratorImpl.java
(added)
+++
portals/jetspeed-2/portal/trunk/components/jetspeed-portal/src/main/java/org/apache/jetspeed/administration/SimplePasswordGeneratorImpl.java
Wed Mar 24 15:57:09 2010
@@ -0,0 +1,146 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jetspeed.administration;
+
+import java.util.ArrayList;
+
+import org.apache.jetspeed.security.CredentialPasswordValidator;
+import org.apache.jetspeed.security.SecurityException;
+import org.apache.taglibs.random.RandomStrg;
+
+/**
+ * @version $Id$
+ *
+ */
+public class SimplePasswordGeneratorImpl implements PasswordGenerator
+{
+ /** the list of characters from which a password can be generatored. */
+ protected static final char[] DEFAULT_PASS_CHARS = {'a', 'b', 'c', 'd',
'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm',
+ 'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z',
+ 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M',
+ 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z',
+ '1', '2', '3', '4', '5', '6', '7', '8', '9', '0'};
+ // removed these for aesthetic purposes
+ //'!', '&', '-', '_', '=',
+ // '*','@', '#', '$', '%', '^',
+ //'+',
+
+ protected char[] passwordChars = DEFAULT_PASS_CHARS;
+ protected ArrayList<Character> upper = new ArrayList<Character>();
+ protected ArrayList<Character> lower = new ArrayList<Character>();
+ protected Integer length = new Integer(12);
+ protected CredentialPasswordValidator validator;
+
+ protected RandomStrg newRandomStrg()
+ {
+ RandomStrg rs = new RandomStrg();
+
+ try
+ {
+ rs.generateRandomObject();
+ }
+ catch (Exception e)
+ {
+ // this would only get thrown if we tried a secure random and the
provider
+ // was not available.
+ e.printStackTrace();
+ }
+ return rs;
+ }
+
+ protected void initRandomStrg(RandomStrg rs)
+ {
+ rs.setLength(new Integer(12));
+ rs.setSingle(passwordChars,passwordChars.length);
+ rs.setRanges(upper,lower);
+ }
+
+ /**
+ * @param length the length to set
+ */
+ public void setLength(Integer length)
+ {
+ this.length = length;
+ }
+
+ /**
+ * @param validator the validator to set
+ */
+ public void setValidator(CredentialPasswordValidator validator)
+ {
+ this.validator = validator;
+ }
+
+ public void setPasswordChars(String passwordChars)
+ {
+ if (passwordChars != null && passwordChars.length() > 1)
+ {
+ this.passwordChars = passwordChars.toCharArray();
+ }
+ }
+
+ public void setLowerRange(String lowerChars)
+ {
+ if (lowerChars != null)
+ {
+ lower.clear();
+ for (char c : lowerChars.toCharArray())
+ {
+ lower.add(new Character(c));
+ }
+ }
+ }
+
+ public void setUpperRange(String upperChars)
+ {
+ if (upperChars != null)
+ {
+ upper.clear();
+ for (char c : upperChars.toCharArray())
+ {
+ upper.add(new Character(c));
+ }
+ }
+ }
+
+ /* (non-Javadoc)
+ * @see
org.apache.jetspeed.administration.PasswordGenerator#generatePassword()
+ */
+ public String generatePassword()
+ {
+ String retval = null;
+
+ RandomStrg rs = newRandomStrg();
+ initRandomStrg(rs);
+ while (retval == null)
+ {
+ retval = rs.getRandom();
+ if (validator != null)
+ {
+ try
+ {
+ validator.validate(retval);
+ }
+ catch (SecurityException sex)
+ {
+ retval = null;
+ }
+ }
+ }
+ return retval;
+ }
+}
Propchange:
portals/jetspeed-2/portal/trunk/components/jetspeed-portal/src/main/java/org/apache/jetspeed/administration/SimplePasswordGeneratorImpl.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange:
portals/jetspeed-2/portal/trunk/components/jetspeed-portal/src/main/java/org/apache/jetspeed/administration/SimplePasswordGeneratorImpl.java
------------------------------------------------------------------------------
svn:keywords = Id
Propchange:
portals/jetspeed-2/portal/trunk/components/jetspeed-portal/src/main/java/org/apache/jetspeed/administration/SimplePasswordGeneratorImpl.java
------------------------------------------------------------------------------
svn:mime-type = text/plain
Added:
portals/jetspeed-2/portal/trunk/jetspeed-api/src/main/java/org/apache/jetspeed/administration/PasswordGenerator.java
URL:
http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/jetspeed-api/src/main/java/org/apache/jetspeed/administration/PasswordGenerator.java?rev=927095&view=auto
==============================================================================
---
portals/jetspeed-2/portal/trunk/jetspeed-api/src/main/java/org/apache/jetspeed/administration/PasswordGenerator.java
(added)
+++
portals/jetspeed-2/portal/trunk/jetspeed-api/src/main/java/org/apache/jetspeed/administration/PasswordGenerator.java
Wed Mar 24 15:57:09 2010
@@ -0,0 +1,6 @@
+package org.apache.jetspeed.administration;
+
+public interface PasswordGenerator
+{
+ public abstract String generatePassword();
+}
\ No newline at end of file
Propchange:
portals/jetspeed-2/portal/trunk/jetspeed-api/src/main/java/org/apache/jetspeed/administration/PasswordGenerator.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange:
portals/jetspeed-2/portal/trunk/jetspeed-api/src/main/java/org/apache/jetspeed/administration/PasswordGenerator.java
------------------------------------------------------------------------------
svn:keywords = Id
Propchange:
portals/jetspeed-2/portal/trunk/jetspeed-api/src/main/java/org/apache/jetspeed/administration/PasswordGenerator.java
------------------------------------------------------------------------------
svn:mime-type = text/plain
Modified:
portals/jetspeed-2/portal/trunk/jetspeed-portal-resources/src/main/resources/assembly/administration.xml
URL:
http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/jetspeed-portal-resources/src/main/resources/assembly/administration.xml?rev=927095&r1=927094&r2=927095&view=diff
==============================================================================
---
portals/jetspeed-2/portal/trunk/jetspeed-portal-resources/src/main/resources/assembly/administration.xml
(original)
+++
portals/jetspeed-2/portal/trunk/jetspeed-portal-resources/src/main/resources/assembly/administration.xml
Wed Mar 24 15:57:09 2010
@@ -56,6 +56,16 @@
<value>false</value>
</property>
</bean>
+
+ <bean id="org.apache.jetspeed.administration.PasswordGenerator"
class="org.apache.jetspeed.administration.SimplePasswordGeneratorImpl">
+ <meta key="j2:cat" value="default" />
+ <property name="validator">
+ <!-- The default CredentialPasswordValidator configuration only checks
against empty/null passwords.
+ If a more complex validation is enforced, make sure the
PasswordGenerator matches the rules.
+ If a generated password fails validation, the
SimplePasswordGeneratorImpl will simply regenerate a new one to test. -->
+ <ref
bean="org.apache.jetspeed.security.spi.CredentialPasswordValidator"/>
+ </property>
+ </bean>
<bean id='PortalAdministrationImpl' init-method="start"
class='org.apache.jetspeed.administration.PortalAdministrationImpl'>
@@ -84,6 +94,9 @@
<constructor-arg index='7'>
<ref bean="adminVelocityEngine" />
</constructor-arg>
+ <property name="passwordGenerator">
+ <ref bean="org.apache.jetspeed.administration.PasswordGenerator"/>
+ </property>
</bean>
<bean id="PortalAdministration" parent="baseTransactionProxy">
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
