Author: taylor
Date: Thu Jul 25 22:27:34 2013
New Revision: 1507145
URL: http://svn.apache.org/r1507145
Log:
JS2-1286: example usage of configurations necessary for credential migration
use case
Added:
portals/jetspeed-2/portal/trunk/jetspeed-portal-resources/src/main/resources/assembly/alternate/credentials/
portals/jetspeed-2/portal/trunk/jetspeed-portal-resources/src/main/resources/assembly/alternate/credentials/security-spi-atn.xml
portals/jetspeed-2/portal/trunk/jetspeed-portal-resources/src/main/resources/assembly/alternate/credentials/security-spi.xml
Added:
portals/jetspeed-2/portal/trunk/jetspeed-portal-resources/src/main/resources/assembly/alternate/credentials/security-spi-atn.xml
URL:
http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/jetspeed-portal-resources/src/main/resources/assembly/alternate/credentials/security-spi-atn.xml?rev=1507145&view=auto
==============================================================================
---
portals/jetspeed-2/portal/trunk/jetspeed-portal-resources/src/main/resources/assembly/alternate/credentials/security-spi-atn.xml
(added)
+++
portals/jetspeed-2/portal/trunk/jetspeed-portal-resources/src/main/resources/assembly/alternate/credentials/security-spi-atn.xml
Thu Jul 25 22:27:34 2013
@@ -0,0 +1,166 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
+ xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-2.5.xsd";>
+
+ <!-- ************** Security SPI Handlers ************** -->
+
+ <!-- require a non-empty password -->
+ <bean id="org.apache.jetspeed.security.spi.CredentialPasswordValidator"
+
class="org.apache.jetspeed.security.spi.impl.DefaultCredentialPasswordValidator">
+ <meta key="j2:cat" value="default or security" />
+
+ <!-- UNCOMMENT TO TURN ON Regex-based password validation. The pattern
below gives:
+ * Must be at least 6 characters
+ * Must contain at least one one lower case letter, one upper case
letter, one digit and one special character
+ * Valid special characters are @#$%^&+=
+ <constructor-arg
index="1"><value><![CDATA[^.*(?=.{6,})(?=.*\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[@#$%^&+=]).*$]]></value></constructor-arg>
+ -->
+ </bean>
+
+ <!-- MessageDigest encode passwords using SHA-1 DST: the old one
+ <bean id="org.apache.jetspeed.security.spi.CredentialPasswordEncoder"
+
class="org.apache.jetspeed.security.spi.impl.MessageDigestCredentialPasswordEncoder">
+ <meta key="j2:cat" value="default or security" />
+ <constructor-arg index="0">
+ <value>SHA-1</value>
+ </constructor-arg>
+ </bean>
+-->
+
+ <!-- Alternate Password Encoder with Jetspeed-1 algorithm -->
+ <!--
+ <bean id="org.apache.jetspeed.security.spi.CredentialPasswordEncoder"
+
class="org.apache.jetspeed.security.spi.impl.Jetspeed1CredentialPasswordEncoder">
+ <constructor-arg index="0"><value>SHA</value></constructor-arg>
+ <constructor-arg index="1"><value>base64</value></constructor-arg>
+ </bean>
+ -->
+ <!--
+ <bean id="org.apache.jetspeed.security.spi.PasswordCredentialProvider"
+
class="org.apache.jetspeed.security.spi.impl.DefaultPasswordCredentialProvider">
+ <meta key="j2:cat" value="default or security" />
+ <constructor-arg index="0">
+ <ref bean="org.apache.jetspeed.security.spi.CredentialPasswordValidator" />
+ </constructor-arg>
+ <constructor-arg index="1">
+ <ref bean="org.apache.jetspeed.security.spi.CredentialPasswordEncoder" />
+ </constructor-arg>
+ </bean>-->
+
+ <!-- A Two-way encoding password service which also implements
CredentialPasswordEncoder
+ this Service can be used instead of for example the default provided
MessageDigestCredentialPasswordEncoder
+ <bean id="org.apache.jetspeed.security.PasswordEncodingService"
+ name="org.apache.jetspeed.security.spi.CredentialPasswordEncoder"
+ class="org.apache.jetspeed.security.spi.impl.PBEPasswordService">
+ <constructor-arg index="0">
+ <!- secret PBE key password ->
+ <value>********</value>
+ </constructor-arg>
+ </bean>
+ -->
+
+ <!-- A Two-way encoding password service which also implements
CredentialPasswordEncoder
+ Furthermore, this extension of the PBEPasswordService supports lazy
upgrading from an old CredentialPasswordEncoder
+ like the default provided MessageDigestCredentialPasswordEncoder
+ -->
+ <bean id="org.apache.jetspeed.security.PasswordEncodingService"
+
name="org.apache.jetspeed.security.CredentialPasswordEncoder,org.apache.jetspeed.security.spi.CredentialPasswordEncoder"
+
class="org.apache.jetspeed.security.spi.impl.AlgorithmUpgradePBEPasswordService">
+ <constructor-arg index="0">
+ <!-- secret PBE key password -->
+ <value>secret</value>
+ </constructor-arg>
+ <constructor-arg index="1">
+ <!-- old MessageDigestCredentialPasswordEncoder to be upgrading from,
using SHA-1 -->
+ <bean
class="org.apache.jetspeed.security.spi.impl.MessageDigestCredentialPasswordEncoder">
+ <constructor-arg index="0"><value>SHA-1</value></constructor-arg>
+ </bean>
+ </constructor-arg>
+ <constructor-arg index="2">
+ <!-- startPBEPasswordEncodingService: date before which old encoded
passwords need to be recoded (on authentication)
+ (SimpleDateFormat) format: yyyy-MM-dd HH:mm:ss
+ -->
+ <value>2013-07-13 12:50:00</value>
+ </constructor-arg>
+ </bean>
+
+
+ <!-- allow multiple InternalPasswordCredentialInterceptors to be used for
DefaultCredentialHandler -->
+ <!--
+ <bean
id="org.apache.jetspeed.security.spi.InternalPasswordCredentialInterceptor"
+
class="org.apache.jetspeed.security.spi.impl.InternalPasswordCredentialInterceptorsProxy">
+ <meta key="j2:cat" value="default or security" />
+ <constructor-arg index="0">
+ <list>
+
+ <bean
class="org.apache.jetspeed.security.spi.impl.ValidatePasswordOnLoadInterceptor"
/>
+
+
+ <bean
class="org.apache.jetspeed.security.spi.impl.EncodePasswordOnFirstLoadInterceptor"
/>
+ </list>
+ </constructor-arg>
+ </bean>-->
+
+ <!-- Security SPI: CredentialHandler -->
+ <!--
+ <bean id="org.apache.jetspeed.security.spi.CredentialHandler"
+ class="org.apache.jetspeed.security.spi.impl.DefaultCredentialHandler">
+ <meta key="j2:cat" value="default or security" />
+ <constructor-arg index="0">
+ <ref bean="org.apache.jetspeed.security.spi.SecurityAccess" />
+ </constructor-arg>
+ <constructor-arg index="1">
+ <ref bean="org.apache.jetspeed.security.spi.PasswordCredentialProvider" />
+ </constructor-arg>
+ <constructor-arg index="2">
+ <ref
bean="org.apache.jetspeed.security.spi.InternalPasswordCredentialInterceptor" />
+ </constructor-arg>
+ </bean>
+
+ -->
+ <!-- Security SPI: UserSecurityHandler -->
+ <!-- The DefaultUSerSecurityHandler uses the raw SecurityAccessImpl so that
it
+ may demarcate its own transactions -->
+ <!--<bean id="org.apache.jetspeed.security.spi.UserSecurityHandlerImpl"
+ class="org.apache.jetspeed.security.spi.impl.DefaultUserSecurityHandler">
+ <meta key="j2:cat" value="default or security" />
+ <constructor-arg>
+ <ref bean="org.apache.jetspeed.security.spi.SecurityAccess" />
+ </constructor-arg>
+ </bean>
+
+ <bean id="org.apache.jetspeed.security.spi.UserSecurityHandler"
parent="baseTransactionProxy"
+ name="userSecurityHandler">
+ <meta key="j2:cat" value="default or security" />
+ <property name="proxyInterfaces">
+ <value>org.apache.jetspeed.security.spi.UserSecurityHandler</value>
+ </property>
+ <property name="target">
+ <ref bean="org.apache.jetspeed.security.spi.UserSecurityHandlerImpl" />
+ </property>
+ <property name="transactionAttributes">
+ <props>
+ <prop key="add*">PROPAGATION_REQUIRED</prop>
+ <prop key="update*">PROPAGATION_REQUIRED</prop>
+ <prop key="remove*">PROPAGATION_REQUIRED</prop>
+ <prop key="*">PROPAGATION_SUPPORTS</prop>
+ </props>
+ </property>
+ </bean>-->
+</beans>
Added:
portals/jetspeed-2/portal/trunk/jetspeed-portal-resources/src/main/resources/assembly/alternate/credentials/security-spi.xml
URL:
http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/jetspeed-portal-resources/src/main/resources/assembly/alternate/credentials/security-spi.xml?rev=1507145&view=auto
==============================================================================
---
portals/jetspeed-2/portal/trunk/jetspeed-portal-resources/src/main/resources/assembly/alternate/credentials/security-spi.xml
(added)
+++
portals/jetspeed-2/portal/trunk/jetspeed-portal-resources/src/main/resources/assembly/alternate/credentials/security-spi.xml
Thu Jul 25 22:27:34 2013
@@ -0,0 +1,197 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
+ xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-2.5.xsd";>
+
+ <!-- ************** Security SPI Handlers ************** -->
+ <!-- Security SPI: CommonQueries -->
+
+ <bean
id="org.apache.jetspeed.security.spi.impl.JetspeedPrincipalLookupManagerFactory"
class="org.apache.jetspeed.security.spi.impl.JetspeedPrincipalLookupManagerFactory">
+ <meta key="j2:cat" value="default or security" />
+ <property name="mappings">
+ <map>
+ <entry key="default"><ref
bean="org.apache.jetspeed.security.spi.impl.JetspeedPrincipalLookupManagerDefault"/></entry>
+ <entry key="mysql"><ref
bean="org.apache.jetspeed.security.spi.impl.JetspeedPrincipalLookupManagerMySql"/></entry>
+ </map>
+ </property>
+ </bean>
+
+ <bean
id="org.apache.jetspeed.security.spi.impl.JetspeedPrincipalLookupManagerDefault"
class="org.apache.jetspeed.security.spi.impl.JetspeedPrincipalLookupManagerDefault"
/>
+ <bean
id="org.apache.jetspeed.security.spi.impl.JetspeedPrincipalLookupManagerMySql"
class="org.apache.jetspeed.security.spi.impl.JetspeedPrincipalLookupManagerMySql"
/>
+
+ <bean
id="org.apache.jetspeed.security.spi.impl.JetspeedSecurityPersistenceManager"
+
class="org.apache.jetspeed.security.spi.impl.JetspeedSecurityPersistenceManager"
init-method="init">
+ <meta key="j2:cat" value="default or security" />
+ <constructor-arg index="0">
+ <value>JETSPEED-INF/ojb/security_repository.xml</value>
+ </constructor-arg>
+ <constructor-arg index="1">
+ <ref
bean="org.apache.jetspeed.security.spi.impl.JetspeedPrincipalLookupManagerFactory"/>
+ </constructor-arg>
+ </bean>
+
+ <bean
id="org.apache.jetspeed.security.spi.JetspeedSecurityPersistenceManager"
parent="baseTransactionProxy">
+ <meta key="j2:cat" value="default or security" />
+ <property name="proxyInterfaces">
+ <value>
+ org.apache.jetspeed.security.spi.JetspeedPermissionAccessManager,
+ org.apache.jetspeed.security.spi.JetspeedPermissionStorageManager,
+ org.apache.jetspeed.security.spi.JetspeedPrincipalAccessManager,
+
org.apache.jetspeed.security.spi.JetspeedPrincipalAssociationStorageManager,
+ org.apache.jetspeed.security.spi.JetspeedPrincipalStorageManager,
+ org.apache.jetspeed.security.spi.UserPasswordCredentialAccessManager,
+ org.apache.jetspeed.security.spi.UserPasswordCredentialStorageManager,
+ org.apache.jetspeed.security.spi.SecurityDomainStorageManager,
+ org.apache.jetspeed.security.spi.SecurityDomainAccessManager,
+ org.apache.jetspeed.security.spi.JetspeedDomainPrincipalAccessManager
+ </value>
+ </property>
+ <property name="target">
+ <ref
bean="org.apache.jetspeed.security.spi.impl.JetspeedSecurityPersistenceManager"
/>
+ </property>
+ <property name="transactionAttributes">
+ <props>
+ <prop key="add*">PROPAGATION_REQUIRED</prop>
+ <prop key="update*">PROPAGATION_REQUIRED</prop>
+ <prop key="grant*">PROPAGATION_REQUIRED</prop>
+ <prop key="remove*">PROPAGATION_REQUIRED</prop>
+ <prop key="revoke*">PROPAGATION_REQUIRED</prop>
+ <prop key="store*">PROPAGATION_REQUIRED</prop>
+ <prop key="getPasswordCredential*">PROPAGATION_REQUIRED</prop>
+ <prop key="*">PROPAGATION_SUPPORTS</prop>
+ </props>
+ </property>
+ </bean>
+
+ <bean
class="org.springframework.beans.factory.config.BeanReferenceFactoryBean">
+ <meta key="j2:cat" value="dbSecurity" />
+ <meta key="j2:alias"
value="org.apache.jetspeed.security.spi.JetspeedPrincipalStorageManager" />
+ <property name="targetBeanName"
value="org.apache.jetspeed.security.spi.JetspeedSecurityPersistenceManager" />
+ </bean>
+
+ <bean
class="org.springframework.beans.factory.config.BeanReferenceFactoryBean">
+ <meta key="j2:cat" value="dbSecurity" />
+ <meta key="j2:alias"
value="org.apache.jetspeed.security.spi.JetspeedPrincipalAssociationStorageManager"
/>
+ <property name="targetBeanName"
value="org.apache.jetspeed.security.spi.JetspeedSecurityPersistenceManager" />
+ </bean>
+
+ <bean
class="org.springframework.beans.factory.config.BeanReferenceFactoryBean">
+ <meta key="j2:cat" value="dbSecurity" />
+ <meta key="j2:alias"
value="org.apache.jetspeed.security.spi.JetspeedPermissionStorageManager" />
+ <property name="targetBeanName"
value="org.apache.jetspeed.security.spi.JetspeedSecurityPersistenceManager" />
+ </bean>
+
+ <bean
class="org.springframework.beans.factory.config.BeanReferenceFactoryBean">
+ <meta key="j2:cat" value="dbSecurity" />
+ <meta key="j2:alias"
value="org.apache.jetspeed.security.spi.UserPasswordCredentialStorageManager" />
+ <property name="targetBeanName"
value="org.apache.jetspeed.security.spi.JetspeedSecurityPersistenceManager" />
+ </bean>
+
+ <bean
class="org.springframework.beans.factory.config.BeanReferenceFactoryBean">
+ <meta key="j2:cat" value="dbSecurity or ldapSecurity" />
+ <meta key="j2:alias"
value="org.apache.jetspeed.security.spi.SecurityDomainStorageManager" />
+ <property name="targetBeanName"
value="org.apache.jetspeed.security.spi.JetspeedSecurityPersistenceManager" />
+ </bean>
+
+ <bean
class="org.springframework.beans.factory.config.BeanReferenceFactoryBean">
+ <meta key="j2:cat" value="dbSecurity or ldapSecurity" />
+ <meta key="j2:alias"
value="org.apache.jetspeed.security.spi.SecurityDomainAccessManager" />
+ <property name="targetBeanName"
value="org.apache.jetspeed.security.spi.JetspeedSecurityPersistenceManager" />
+ </bean>
+
+ <bean
id="org.apache.jetspeed.security.spi.impl.UserPasswordCredentialManagerImpl"
+
class="org.apache.jetspeed.security.spi.impl.UserPasswordCredentialManagerImpl">
+ <meta key="j2:cat" value="dbSecurity" />
+ <constructor-arg index="0"
ref="org.apache.jetspeed.security.spi.JetspeedSecurityPersistenceManager" />
+ <constructor-arg index="1"
ref="org.apache.jetspeed.security.spi.JetspeedSecurityPersistenceManager" />
+ <constructor-arg index="2"
ref="org.apache.jetspeed.security.spi.UserPasswordCredentialPolicyManager" />
+ </bean>
+
+ <bean id="org.apache.jetspeed.security.spi.UserPasswordCredentialManager"
parent="baseTransactionProxy">
+ <meta key="j2:cat" value="dbSecurity" />
+ <property name="proxyInterfaces">
+
<value>org.apache.jetspeed.security.spi.UserPasswordCredentialManager</value>
+ </property>
+ <property name="target">
+ <ref
bean="org.apache.jetspeed.security.spi.impl.UserPasswordCredentialManagerImpl"
/>
+ </property>
+ <property name="transactionAttributes">
+ <props>
+ <prop key="*">PROPAGATION_REQUIRED</prop>
+ </props>
+ </property>
+ </bean>
+
+ <bean
id="org.apache.jetspeed.security.spi.impl.UserPasswordCredentialPolicyManagerImpl"
+
class="org.apache.jetspeed.security.spi.impl.UserPasswordCredentialPolicyManagerImpl">
+ <meta key="j2:cat" value="default or security" />
+ <constructor-arg index="0"
ref="org.apache.jetspeed.security.CredentialPasswordEncoder" />
+ <constructor-arg index="1"
ref="org.apache.jetspeed.security.CredentialPasswordValidator" />
+ <constructor-arg index="2">
+ <list>
+ <!-- enforce an invalid preset password value in the persisent store
is required to be changed -->
+ <bean
class="org.apache.jetspeed.security.spi.impl.ValidatePasswordOnLoadInterceptor"
/>
+ <!-- ensure preset cleartext passwords in the persistent store will
be encoded on first use -->
+ <bean
class="org.apache.jetspeed.security.spi.impl.EncodePasswordOnFirstLoadInterceptor"
/>
+ </list>
+ </constructor-arg>
+ </bean>
+
+ <bean
id="org.apache.jetspeed.security.spi.UserPasswordCredentialPolicyManager"
parent="baseTransactionProxy">
+ <meta key="j2:cat" value="default or security" />
+ <property name="proxyInterfaces">
+
<value>org.apache.jetspeed.security.spi.UserPasswordCredentialPolicyManager</value>
+ </property>
+ <property name="target">
+ <ref
bean="org.apache.jetspeed.security.spi.impl.UserPasswordCredentialPolicyManagerImpl"
/>
+ </property>
+ <property name="transactionAttributes">
+ <props>
+ <prop key="authenticate*">PROPAGATION_REQUIRED</prop>
+ <prop key="on*">PROPAGATION_REQUIRED</prop>
+ </props>
+ </property>
+ </bean>
+
+ <!--
+ <bean id="org.apache.jetspeed.security.CredentialPasswordEncoder"
+
class="org.apache.jetspeed.security.spi.impl.MessageDigestCredentialPasswordEncoder">
+ <meta key="j2:cat" value="default or security" />
+ <constructor-arg index="0">
+ <value>SHA-1</value>
+ </constructor-arg>
+ </bean>
+-->
+
+ <bean id="org.apache.jetspeed.security.CredentialPasswordValidator"
+
class="org.apache.jetspeed.security.spi.impl.DefaultCredentialPasswordValidator">
+ <meta key="j2:cat" value="default or security" />
+ </bean>
+
+ <bean id="org.apache.jetspeed.security.spi.AuthorizationProvider"
+ class="org.apache.jetspeed.security.impl.AuthorizationProviderImpl">
+ <meta key="j2:cat" value="default or security or AuthorizationProvider" />
+ <constructor-arg index="0">
+ <ref bean="org.apache.jetspeed.security.impl.RdbmsPolicy" />
+ </constructor-arg>
+ <constructor-arg index="1">
+ <value>true</value>
+ </constructor-arg>
+ </bean>
+
+</beans>
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscr...@portals.apache.org
For additional commands, e-mail: jetspeed-dev-h...@portals.apache.org
