Coverage report

  %line %branch
org.apache.jetspeed.security.impl.LoginValidationValveImpl
0% 
0% 

 1   
 /*
 2   
  * Licensed to the Apache Software Foundation (ASF) under one or more
 3   
  * contributor license agreements.  See the NOTICE file distributed with
 4   
  * this work for additional information regarding copyright ownership.
 5   
  * The ASF licenses this file to You under the Apache License, Version 2.0
 6   
  * (the "License"); you may not use this file except in compliance with
 7   
  * the License.  You may obtain a copy of the License at
 8   
  *
 9   
  *      http://www.apache.org/licenses/LICENSE-2.0
 10   
  *
 11   
  * Unless required by applicable law or agreed to in writing, software
 12   
  * distributed under the License is distributed on an "AS IS" BASIS,
 13   
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 14   
  * See the License for the specific language governing permissions and
 15   
  * limitations under the License.
 16   
  */
 17   
 package org.apache.jetspeed.security.impl;
 18   
 
 19   
 import java.util.Iterator;
 20   
 import java.util.LinkedList;
 21   
 import java.util.List;
 22   
 
 23   
 import org.apache.commons.logging.Log;
 24   
 import org.apache.commons.logging.LogFactory;
 25   
 import org.apache.jetspeed.Jetspeed;
 26   
 import org.apache.jetspeed.login.LoginConstants;
 27   
 import org.apache.jetspeed.pipeline.PipelineException;
 28   
 import org.apache.jetspeed.pipeline.valve.AbstractValve;
 29   
 import org.apache.jetspeed.pipeline.valve.ValveContext;
 30   
 import org.apache.jetspeed.request.RequestContext;
 31   
 import org.apache.jetspeed.security.PasswordCredential;
 32   
 import org.apache.jetspeed.security.SecurityException;
 33   
 import org.apache.jetspeed.security.SecurityHelper;
 34   
 import org.apache.jetspeed.security.User;
 35   
 import org.apache.jetspeed.security.UserManager;
 36   
 import org.apache.jetspeed.security.UserPrincipal;
 37   
 
 38   
 /**
 39   
  * LoginValidationValve
 40   
  *
 41   
  * @author <a href="mailto:ate@apache.org">Ate Douma</a>
 42   
  * @version $Id: LoginValidationValveImpl.java 544402 2007-06-05 06:20:00Z taylor $
 43   
  */
 44   
 public class LoginValidationValveImpl extends AbstractValve implements org.apache.jetspeed.pipeline.valve.LoginValidationValve
 45   
 {
 46  0 
     private static final Log log = LogFactory.getLog(LoginValidationValveImpl.class);
 47   
 
 48   
     private int maxNumberOfAuthenticationFailures;
 49   
     private List sessionAttributes;
 50   
 
 51   
     /**
 52   
      * Creates a LoginValidationValveImpl instance which doesn't evaluate the maxNumberOfAuthenticationFailures
 53   
      * for LoginConstant.ERROR_FINAL_LOGIN_ATTEMPT error reporting.
 54   
      */
 55   
     public LoginValidationValveImpl(List sessionAttributes)
 56  0 
     {
 57  0 
         this.sessionAttributes = sessionAttributes;
 58  0 
     }
 59   
 
 60   
     /**
 61   
      * <p>
 62   
      * Creates a LoginValidationValveImpl instance which can evaluate {@link PasswordCredential#getAuthenticationFailures()}
 63   
      * to determine if a user only has one login attempt available before the maxNumberOfAuthenticationFailures parameter
 64   
      * value is reached and the credential will be disabled.</p>
 65   
      * <p>
 66   
      * The provided maxNumberOfAuthenticationFailures value should be equal to the value configured for the
 67   
      * MaxPasswordAuthenticationFailuresInterceptor (and > 2 to be useful).</p>
 68   
      */
 69   
     public LoginValidationValveImpl(int maxNumberOfAuthenticationFailures)
 70  0 
     {
 71  0 
         this.maxNumberOfAuthenticationFailures = maxNumberOfAuthenticationFailures;
 72  0 
         this.sessionAttributes = new LinkedList();
 73  0 
     }
 74   
 
 75   
     /**
 76   
      * <p>
 77   
      * Creates a LoginValidationValveImpl instance which can evaluate {@link PasswordCredential#getAuthenticationFailures()}
 78   
      * to determine if a user only has one login attempt available before the maxNumberOfAuthenticationFailures parameter
 79   
      * value is reached and the credential will be disabled.</p>
 80   
      * <p>
 81   
      * The provided maxNumberOfAuthenticationFailures value should be equal to the value configured for the
 82   
      * MaxPasswordAuthenticationFailuresInterceptor (and > 2 to be useful).</p>
 83   
      */
 84   
     public LoginValidationValveImpl(int maxNumberOfAuthenticationFailures, List sessionAttributes)
 85  0 
     {
 86  0 
         this.maxNumberOfAuthenticationFailures = maxNumberOfAuthenticationFailures;
 87  0 
         this.sessionAttributes = sessionAttributes;
 88  0 
     }
 89   
 
 90   
     /**
 91   
      * @see org.apache.jetspeed.pipeline.valve.Valve#invoke(org.apache.jetspeed.request.RequestContext, org.apache.jetspeed.pipeline.valve.ValveContext)
 92   
      */
 93   
     public void invoke(RequestContext request, ValveContext context) throws PipelineException
 94   
     {
 95   
         try
 96   
         {
 97  0 
             if ( request.getRequest().getUserPrincipal() == null )
 98   
             {
 99  0 
                 if ( request.getSessionAttribute(LoginConstants.RETRYCOUNT) != null )
 100   
                 {
 101   
                     // we have a login attempt failure
 102  0 
                     String userName = (String)request.getSessionAttribute(LoginConstants.USERNAME);
 103  0 
                     if ( userName != null && !userName.equals(""))
 104   
                     {
 105  0 
                         UserManager um = (UserManager)Jetspeed.getComponentManager().getComponent(UserManager.class);
 106  0 
                         if ( um != null )
 107   
                         {
 108  0 
                             User user = null;
 109   
                             try
 110   
                             {
 111  0 
                                 user = um.getUser(userName);
 112  0 
                                 UserPrincipal userPrincipal = (UserPrincipal)SecurityHelper.getPrincipal(user.getSubject(), UserPrincipal.class);
 113  0 
                                 if ( !userPrincipal.isEnabled() )
 114   
                                 {
 115  0 
                                     request.setSessionAttribute(LoginConstants.ERRORCODE, LoginConstants.ERROR_USER_DISABLED);
 116   
                                 }
 117   
                                 else
 118   
                                 {
 119  0 
                                     PasswordCredential pwdCredential = SecurityHelper.getPasswordCredential(user.getSubject());
 120  0 
                                     if ( pwdCredential == null || !pwdCredential.isEnabled() )
 121   
                                     {
 122  0 
                                         request.setSessionAttribute(LoginConstants.ERRORCODE, LoginConstants.ERROR_CREDENTIAL_DISABLED);
 123   
                                     }
 124  0 
                                     else if ( pwdCredential.isExpired() )
 125   
                                     {
 126  0 
                                         request.setSessionAttribute(LoginConstants.ERRORCODE, LoginConstants.ERROR_CREDENTIAL_EXPIRED);
 127   
                                     }
 128  0 
                                     else if ( maxNumberOfAuthenticationFailures > 1 && pwdCredential.getAuthenticationFailures() == maxNumberOfAuthenticationFailures -1  )
 129   
                                     {
 130  0 
                                         request.setSessionAttribute(LoginConstants.ERRORCODE, LoginConstants.ERROR_FINAL_LOGIN_ATTEMPT);
 131   
                                     }
 132   
                                     else
 133   
                                     {
 134  0 
                                         request.setSessionAttribute(LoginConstants.ERRORCODE, LoginConstants.ERROR_INVALID_PASSWORD);
 135   
                                     }
 136   
                                 }
 137   
                             }
 138  0 
                             catch (SecurityException sex)
 139   
                             {
 140  0 
                                 request.setSessionAttribute(LoginConstants.ERRORCODE, LoginConstants.ERROR_UNKNOWN_USER);
 141  0 
                             }
 142   
                         }
 143  0 
                     }
 144   
                     else
 145   
                     {
 146  0 
                         request.setSessionAttribute(LoginConstants.ERRORCODE, LoginConstants.ERROR_UNKNOWN_USER);
 147   
                     }
 148  0 
                 }
 149   
             }
 150   
             else
 151   
             {
 152  0 
                 if (request.getSessionAttribute(LoginConstants.LOGIN_CHECK) == null)
 153   
                 {
 154  0 
                     clearSessionAttributes(request);
 155  0 
                     request.getRequest().getSession().setAttribute(LoginConstants.LOGIN_CHECK, "true");
 156   
                 }
 157   
             }
 158   
 
 159  0 
             context.invokeNext(request);
 160   
         }
 161  0 
         catch (Exception e)
 162   
         {
 163  0 
             log.error("Exception in request pipeline: " + e.getMessage(), e);
 164  0 
             throw new PipelineException(e.toString(), e);
 165  0 
         }
 166  0 
     }
 167   
 
 168   
     private void clearSessionAttributes(RequestContext request)
 169   
     {
 170  0 
         Iterator attributes = this.sessionAttributes.iterator();
 171  0 
         while (attributes.hasNext())
 172   
         {
 173  0 
             String attribute = (String)attributes.next();
 174  0 
             request.getRequest().getSession().removeAttribute(attribute);
 175  0 
         }
 176  0 
     }
 177   
 
 178   
     public String toString()
 179   
     {
 180  0 
         return "LoginValidationValve";
 181   
     }
 182   
 
 183   
 }

This report is generated by jcoverage, Maven and Maven JCoverage Plugin.