Author: ate
Date: Sat Apr 3 18:10:56 2010
New Revision: 930553
URL: http://svn.apache.org/viewvc?rev=930553&view=rev
Log:
JS2-1143: New LDAP UserPasswordCredentialManager providing LDAP authentication,
maintenance of LDAP credentials and UserPasswordCredentialPolicyManager support
- fix creation of new PasswordCredential for first time users synchronized from
LDAP
Modified:
portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/LdapUserPasswordCredentialManagerImpl.java
portals/jetspeed-2/portal/trunk/jetspeed-portal-resources/src/main/resources/assembly/security-ldap.xml
Modified:
portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/LdapUserPasswordCredentialManagerImpl.java
URL:
http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/LdapUserPasswordCredentialManagerImpl.java?rev=930553&r1=930552&r2=930553&view=diff
==============================================================================
---
portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/LdapUserPasswordCredentialManagerImpl.java
(original)
+++
portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/LdapUserPasswordCredentialManagerImpl.java
Sat Apr 3 18:10:56 2010
@@ -33,6 +33,7 @@ import org.apache.jetspeed.security.Jets
import org.apache.jetspeed.security.PasswordCredential;
import org.apache.jetspeed.security.SecurityException;
import org.apache.jetspeed.security.User;
+import org.apache.jetspeed.security.UserManager;
import
org.apache.jetspeed.security.spi.AlgorithmUpgradeCredentialPasswordEncoder;
import org.apache.jetspeed.security.spi.JetspeedSecuritySynchronizer;
import org.apache.jetspeed.security.spi.UserPasswordCredentialAccessManager;
@@ -40,6 +41,8 @@ import org.apache.jetspeed.security.spi.
import org.apache.jetspeed.security.spi.UserPasswordCredentialPolicyManager;
import org.apache.jetspeed.security.spi.UserPasswordCredentialStorageManager;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
import org.springframework.ldap.core.DistinguishedName;
import org.springframework.ldap.filter.AndFilter;
import org.springframework.ldap.filter.EqualsFilter;
@@ -55,9 +58,12 @@ public class LdapUserPasswordCredentialM
{
private static final long serialVersionUID = 1131764631931510796L;
+ static final Logger log =
LoggerFactory.getLogger(UserPasswordCredentialManager.class);
+
private UserPasswordCredentialStorageManager upcsm;
private UserPasswordCredentialAccessManager upcam;
private UserPasswordCredentialPolicyManager upcpm;
+ private UserManager um;
private JetspeedSecuritySynchronizer synchronizer;
private PoolingContextSource poolingContextsource;
private String userEntryPrefix;
@@ -187,6 +193,11 @@ public class LdapUserPasswordCredentialM
}
}
+ public void setUserManager(UserManager um)
+ {
+ this.um = um;
+ }
+
public void setJetspeedSecuritySynchronizer(JetspeedSecuritySynchronizer
synchronizer)
{
this.synchronizer = synchronizer;
@@ -245,7 +256,11 @@ public class LdapUserPasswordCredentialM
String password = credential.getPassword();
boolean encoded = credential.isEncoded();
- if (isNewPasswordSet && !SynchronizationStateAccess.isSynchronizing())
+ if (SynchronizationStateAccess.isSynchronizing())
+ {
+ authenticated = true;
+ }
+ else if (isNewPasswordSet)
{
userDn = getUserDn(credential.getUserName());
if (oldPassword != null)
@@ -287,8 +302,22 @@ public class LdapUserPasswordCredentialM
}
}
PasswordCredential credential = isPersistCredentials() ?
upcam.getPasswordCredential(userName) : new PasswordCredentialImpl();
+ if (credential == null)
+ {
+ credential = new PasswordCredentialImpl();
+ // persistCredentials but user credentials not yet
synchronized/stored
+ if (um == null)
+ {
+ log.error("New User PasswordCredential cannot be persisted:
requires UserManager to be set!!!");
+ }
+ else
+ {
+ // to be able to store the new password credential it needs
the User to be set
+
((PasswordCredentialImpl)credential).setUser(um.getUser(userName));
+ }
+ }
boolean setPassword = false;
- if (isPersistCredentials())
+ if (isPersistCredentials() && (!credential.isNew() ||
credential.getUser() != null))
{
if (credential.isNew())
{
@@ -326,8 +355,7 @@ public class LdapUserPasswordCredentialM
finally
{
SynchronizationStateAccess.setSynchronizing(synchronizing
? Boolean.TRUE : Boolean.FALSE);
- }
- credential = upcam.getPasswordCredential(userName);
+ }
}
if (upcpm != null)
@@ -353,22 +381,24 @@ public class LdapUserPasswordCredentialM
}
}
}
- if (!credential.isNew())
- {
- try
- {
- upcam.loadPasswordCredentialUser(credential);
+ if (credential.getUser() == null)
+ {
+ if (!credential.isNew())
+ {
+ try
+ {
+ upcam.loadPasswordCredentialUser(credential);
+ }
+ catch (Exception e)
+ {
+ throw new
SecurityException(SecurityException.PRINCIPAL_DOES_NOT_EXIST.createScoped(JetspeedPrincipalType.USER,
userName), e);
+ }
}
- catch (Exception e)
+ else
{
- throw new
SecurityException(SecurityException.PRINCIPAL_DOES_NOT_EXIST.createScoped(JetspeedPrincipalType.USER,
userName), e);
- }
- }
- else
- {
- ((PasswordCredentialImpl)credential).setUserName(userName);
+ ((PasswordCredentialImpl)credential).setUserName(userName);
+ }
}
-
return credential;
}
}
Modified:
portals/jetspeed-2/portal/trunk/jetspeed-portal-resources/src/main/resources/assembly/security-ldap.xml
URL:
http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/jetspeed-portal-resources/src/main/resources/assembly/security-ldap.xml?rev=930553&r1=930552&r2=930553&view=diff
==============================================================================
---
portals/jetspeed-2/portal/trunk/jetspeed-portal-resources/src/main/resources/assembly/security-ldap.xml
(original)
+++
portals/jetspeed-2/portal/trunk/jetspeed-portal-resources/src/main/resources/assembly/security-ldap.xml
Sat Apr 3 18:10:56 2010
@@ -19,9 +19,9 @@
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-2.5.xsd";>
<bean
id="org.apache.jetspeed.security.spi.impl.JetspeedPrincipalLdapStorageManager"
class="org.apache.jetspeed.security.spi.impl.JetspeedPrincipalLdapStorageManager">
- <meta key="j2:cat" value="ldapSecurity" />
- <constructor-arg index="0"
ref="org.apache.jetspeed.security.spi.JetspeedSecurityPersistenceManager" />
- <constructor-arg index="1"
ref="org.apache.jetspeed.security.mapping.SecurityEntityManager" />
+ <meta key="j2:cat" value="ldapSecurity" />
+ <constructor-arg index="0"
ref="org.apache.jetspeed.security.spi.JetspeedSecurityPersistenceManager" />
+ <constructor-arg index="1"
ref="org.apache.jetspeed.security.mapping.SecurityEntityManager" />
</bean>
<bean id="org.apache.jetspeed.security.spi.JetspeedPrincipalStorageManager"
parent="baseTransactionProxy">
@@ -40,15 +40,15 @@
</bean>
<bean
id="org.apache.jetspeed.security.spi.JetspeedPrincipalAssociationStorageManager"
-
class="org.apache.jetspeed.security.spi.impl.JetspeedPrincipalLdapAssociationStorageManager">
- <meta key="j2:cat" value="ldapSecurity" />
- <constructor-arg index="0"
ref="org.apache.jetspeed.security.spi.JetspeedSecurityPersistenceManager" />
- <constructor-arg index="1"
ref="org.apache.jetspeed.security.mapping.SecurityEntityManager" />
- </bean>
+
class="org.apache.jetspeed.security.spi.impl.JetspeedPrincipalLdapAssociationStorageManager">
+ <meta key="j2:cat" value="ldapSecurity" />
+ <constructor-arg index="0"
ref="org.apache.jetspeed.security.spi.JetspeedSecurityPersistenceManager" />
+ <constructor-arg index="1"
ref="org.apache.jetspeed.security.mapping.SecurityEntityManager" />
+ </bean>
<!--
- OnStartupSecuritySynchronizationBean will load the guest user from
LDAP, in-case its not in portal database
- It would be required for loading default page.
+ OnStartupSecuritySynchronizationBean will load the guest user from LDAP,
in-case its not in portal database
+ It would be required for loading default page.
This bean is wrapped in a ContextRefreshableBeanInitializer to kickstart
it once the complete Spring context is initialized.
-->
<bean id="_ldapOnStartupSecuritySynchronizer"
class="org.apache.jetspeed.components.ContextRefreshableBeanInitializer">
@@ -104,7 +104,20 @@
<property name="changePasswordByUser" value="false"/>
</bean>
- <bean id="_LdapUserPasswordCredentialManagerImplInitializer"
class="org.springframework.beans.factory.config.MethodInvokingFactoryBean">
+ <!-- required when LdapUserPasswordCredentialManagerImpl.persistCredentials
is set to true (see above) -->
+ <bean id="_LdapUserPasswordCredentialManagerImplInitializer1"
class="org.springframework.beans.factory.config.MethodInvokingFactoryBean">
+ <meta key="j2:cat" value="ldapSecurity" />
+ <property name="targetObject"><ref
bean="org.apache.jetspeed.security.spi.impl.LdapUserPasswordCredentialManagerImpl"/></property>
+ <property name="targetMethod"><value>setUserManager</value></property>
+ <property name="arguments">
+ <list>
+ <ref bean="org.apache.jetspeed.security.UserManager"/>
+ </list>
+ </property>
+ </bean>
+
+ <!-- required when LdapUserPasswordCredentialManagerImpl should synchronize
users on authentication -->
+ <bean id="_LdapUserPasswordCredentialManagerImplInitializer2"
class="org.springframework.beans.factory.config.MethodInvokingFactoryBean">
<meta key="j2:cat" value="ldapSecurity" />
<property name="targetObject"><ref
bean="org.apache.jetspeed.security.spi.impl.LdapUserPasswordCredentialManagerImpl"/></property>
<property
name="targetMethod"><value>setJetspeedSecuritySynchronizer</value></property>
@@ -387,4 +400,4 @@
<property name="testOnBorrow" value="true" />
</bean>
-</beans>
+</beans>
\ No newline at end of file
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
