portals-jetspeed-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From a..@apache.org
Subject svn commit: r930553 - in /portals/jetspeed-2/portal/trunk: components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/LdapUserPasswordCredentialManagerImpl.java jetspeed-portal-resources/src/main/resources/assembly/security-ldap.xml
Date Sat, 03 Apr 2010 18:10:56 GMT
Author: ate
Date: Sat Apr  3 18:10:56 2010
New Revision: 930553

URL: http://svn.apache.org/viewvc?rev=930553&view=rev
Log:
JS2-1143: New LDAP UserPasswordCredentialManager providing LDAP authentication, maintenance
of LDAP credentials and UserPasswordCredentialPolicyManager support
- fix creation of new PasswordCredential for first time users synchronized from LDAP 

Modified:
    portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/LdapUserPasswordCredentialManagerImpl.java
    portals/jetspeed-2/portal/trunk/jetspeed-portal-resources/src/main/resources/assembly/security-ldap.xml

Modified: portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/LdapUserPasswordCredentialManagerImpl.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/LdapUserPasswordCredentialManagerImpl.java?rev=930553&r1=930552&r2=930553&view=diff
==============================================================================
--- portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/LdapUserPasswordCredentialManagerImpl.java
(original)
+++ portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/LdapUserPasswordCredentialManagerImpl.java
Sat Apr  3 18:10:56 2010
@@ -33,6 +33,7 @@ import org.apache.jetspeed.security.Jets
 import org.apache.jetspeed.security.PasswordCredential;
 import org.apache.jetspeed.security.SecurityException;
 import org.apache.jetspeed.security.User;
+import org.apache.jetspeed.security.UserManager;
 import org.apache.jetspeed.security.spi.AlgorithmUpgradeCredentialPasswordEncoder;
 import org.apache.jetspeed.security.spi.JetspeedSecuritySynchronizer;
 import org.apache.jetspeed.security.spi.UserPasswordCredentialAccessManager;
@@ -40,6 +41,8 @@ import org.apache.jetspeed.security.spi.
 import org.apache.jetspeed.security.spi.UserPasswordCredentialPolicyManager;
 import org.apache.jetspeed.security.spi.UserPasswordCredentialStorageManager;
 
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 import org.springframework.ldap.core.DistinguishedName;
 import org.springframework.ldap.filter.AndFilter;
 import org.springframework.ldap.filter.EqualsFilter;
@@ -55,9 +58,12 @@ public class LdapUserPasswordCredentialM
 {
     private static final long serialVersionUID = 1131764631931510796L;
     
+    static final Logger log = LoggerFactory.getLogger(UserPasswordCredentialManager.class);
+    
     private UserPasswordCredentialStorageManager upcsm;
     private UserPasswordCredentialAccessManager upcam;
     private UserPasswordCredentialPolicyManager upcpm;
+    private UserManager um;
     private JetspeedSecuritySynchronizer synchronizer;
     private PoolingContextSource poolingContextsource;
     private String userEntryPrefix;
@@ -187,6 +193,11 @@ public class LdapUserPasswordCredentialM
         }
     }
     
+    public void setUserManager(UserManager um)
+    {
+        this.um = um;
+    }
+    
     public void setJetspeedSecuritySynchronizer(JetspeedSecuritySynchronizer synchronizer)
     {
         this.synchronizer = synchronizer;
@@ -245,7 +256,11 @@ public class LdapUserPasswordCredentialM
         String password = credential.getPassword();
         boolean encoded = credential.isEncoded();
         
-        if (isNewPasswordSet && !SynchronizationStateAccess.isSynchronizing())
+        if (SynchronizationStateAccess.isSynchronizing())
+        {
+            authenticated = true;
+        }
+        else if (isNewPasswordSet)
         {
             userDn = getUserDn(credential.getUserName());
             if (oldPassword != null)
@@ -287,8 +302,22 @@ public class LdapUserPasswordCredentialM
             }
         }
         PasswordCredential credential = isPersistCredentials() ? upcam.getPasswordCredential(userName)
: new PasswordCredentialImpl();
+        if (credential == null)
+        {
+            credential = new PasswordCredentialImpl();
+            // persistCredentials but user credentials not yet synchronized/stored
+            if (um == null)
+            {
+                log.error("New User PasswordCredential cannot be persisted: requires UserManager
to be set!!!");
+            }
+            else
+            {
+                // to be able to store the new password credential it needs the User to be
set
+                ((PasswordCredentialImpl)credential).setUser(um.getUser(userName));
+            }
+        }
         boolean setPassword = false;
-        if (isPersistCredentials())
+        if (isPersistCredentials() && (!credential.isNew() || credential.getUser()
!= null))
         {
             if (credential.isNew())
             {
@@ -326,8 +355,7 @@ public class LdapUserPasswordCredentialM
                 finally
                 {
                     SynchronizationStateAccess.setSynchronizing(synchronizing ? Boolean.TRUE
: Boolean.FALSE);
-                }
-                credential = upcam.getPasswordCredential(userName);                
+                }                
             }
             
             if (upcpm != null)
@@ -353,22 +381,24 @@ public class LdapUserPasswordCredentialM
                 }
             }
         }
-        if (!credential.isNew())
-        {            
-            try
-            {
-                upcam.loadPasswordCredentialUser(credential);
+        if (credential.getUser() == null)
+        {
+            if (!credential.isNew())
+            {            
+                try
+                {
+                    upcam.loadPasswordCredentialUser(credential);
+                }
+                catch (Exception e)
+                {
+                    throw new SecurityException(SecurityException.PRINCIPAL_DOES_NOT_EXIST.createScoped(JetspeedPrincipalType.USER,
userName), e);
+                }            
             }
-            catch (Exception e)
+            else
             {
-                throw new SecurityException(SecurityException.PRINCIPAL_DOES_NOT_EXIST.createScoped(JetspeedPrincipalType.USER,
userName), e);
-            }            
-        }
-        else
-        {
-            ((PasswordCredentialImpl)credential).setUserName(userName);
+                ((PasswordCredentialImpl)credential).setUserName(userName);
+            }
         }
-        
         return credential;
     }
 }

Modified: portals/jetspeed-2/portal/trunk/jetspeed-portal-resources/src/main/resources/assembly/security-ldap.xml
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/jetspeed-portal-resources/src/main/resources/assembly/security-ldap.xml?rev=930553&r1=930552&r2=930553&view=diff
==============================================================================
--- portals/jetspeed-2/portal/trunk/jetspeed-portal-resources/src/main/resources/assembly/security-ldap.xml
(original)
+++ portals/jetspeed-2/portal/trunk/jetspeed-portal-resources/src/main/resources/assembly/security-ldap.xml
Sat Apr  3 18:10:56 2010
@@ -19,9 +19,9 @@
   xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.5.xsd">
 
   <bean id="org.apache.jetspeed.security.spi.impl.JetspeedPrincipalLdapStorageManager"
class="org.apache.jetspeed.security.spi.impl.JetspeedPrincipalLdapStorageManager">
-  	<meta key="j2:cat" value="ldapSecurity" />
-    	<constructor-arg index="0" ref="org.apache.jetspeed.security.spi.JetspeedSecurityPersistenceManager"
/>
-    	<constructor-arg index="1" ref="org.apache.jetspeed.security.mapping.SecurityEntityManager"
/>
+    <meta key="j2:cat" value="ldapSecurity" />
+        <constructor-arg index="0" ref="org.apache.jetspeed.security.spi.JetspeedSecurityPersistenceManager"
/>
+        <constructor-arg index="1" ref="org.apache.jetspeed.security.mapping.SecurityEntityManager"
/>
   </bean>
   
    <bean id="org.apache.jetspeed.security.spi.JetspeedPrincipalStorageManager" parent="baseTransactionProxy">
@@ -40,15 +40,15 @@
   </bean>
     
    <bean id="org.apache.jetspeed.security.spi.JetspeedPrincipalAssociationStorageManager"

-  	class="org.apache.jetspeed.security.spi.impl.JetspeedPrincipalLdapAssociationStorageManager">
 	
-  		<meta key="j2:cat" value="ldapSecurity" />  	
-    	<constructor-arg index="0" ref="org.apache.jetspeed.security.spi.JetspeedSecurityPersistenceManager"
/>
-    	<constructor-arg index="1" ref="org.apache.jetspeed.security.mapping.SecurityEntityManager"
/>		  		
-    </bean>  	
+    class="org.apache.jetspeed.security.spi.impl.JetspeedPrincipalLdapAssociationStorageManager">
  
+        <meta key="j2:cat" value="ldapSecurity" />      
+        <constructor-arg index="0" ref="org.apache.jetspeed.security.spi.JetspeedSecurityPersistenceManager"
/>
+        <constructor-arg index="1" ref="org.apache.jetspeed.security.mapping.SecurityEntityManager"
/>              
+    </bean>     
     
   <!--
-  	OnStartupSecuritySynchronizationBean will load the guest user from LDAP, in-case its not
in portal database
-  	It would be required for loading default page.
+    OnStartupSecuritySynchronizationBean will load the guest user from LDAP, in-case its
not in portal database
+    It would be required for loading default page.
     This bean is wrapped in a ContextRefreshableBeanInitializer to kickstart it once the
complete Spring context is initialized.
    -->
   <bean id="_ldapOnStartupSecuritySynchronizer" class="org.apache.jetspeed.components.ContextRefreshableBeanInitializer">
@@ -104,7 +104,20 @@
     <property name="changePasswordByUser" value="false"/>
   </bean>
   
-  <bean id="_LdapUserPasswordCredentialManagerImplInitializer" class="org.springframework.beans.factory.config.MethodInvokingFactoryBean">
+  <!-- required when LdapUserPasswordCredentialManagerImpl.persistCredentials is set to
true (see above) -->
+  <bean id="_LdapUserPasswordCredentialManagerImplInitializer1" class="org.springframework.beans.factory.config.MethodInvokingFactoryBean">
+    <meta key="j2:cat" value="ldapSecurity" />
+    <property name="targetObject"><ref bean="org.apache.jetspeed.security.spi.impl.LdapUserPasswordCredentialManagerImpl"/></property>
+    <property name="targetMethod"><value>setUserManager</value></property>
+    <property name="arguments">
+      <list>
+        <ref bean="org.apache.jetspeed.security.UserManager"/>
+      </list>
+    </property>
+  </bean>
+  
+  <!-- required when LdapUserPasswordCredentialManagerImpl should synchronize users on
authentication  -->
+  <bean id="_LdapUserPasswordCredentialManagerImplInitializer2" class="org.springframework.beans.factory.config.MethodInvokingFactoryBean">
     <meta key="j2:cat" value="ldapSecurity" />
     <property name="targetObject"><ref bean="org.apache.jetspeed.security.spi.impl.LdapUserPasswordCredentialManagerImpl"/></property>
     <property name="targetMethod"><value>setJetspeedSecuritySynchronizer</value></property>
@@ -387,4 +400,4 @@
     <property name="testOnBorrow" value="true" />
   </bean>
   
-</beans>
+</beans>
\ No newline at end of file



---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org


Mime
View raw message