| %line | %branch | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|
| org.apache.jetspeed.security.impl.PasswordCredentialValveImpl |
|
|
| 1 | /* |
|
| 2 | * Licensed to the Apache Software Foundation (ASF) under one or more |
|
| 3 | * contributor license agreements. See the NOTICE file distributed with |
|
| 4 | * this work for additional information regarding copyright ownership. |
|
| 5 | * The ASF licenses this file to You under the Apache License, Version 2.0 |
|
| 6 | * (the "License"); you may not use this file except in compliance with |
|
| 7 | * the License. You may obtain a copy of the License at |
|
| 8 | * |
|
| 9 | * http://www.apache.org/licenses/LICENSE-2.0 |
|
| 10 | * |
|
| 11 | * Unless required by applicable law or agreed to in writing, software |
|
| 12 | * distributed under the License is distributed on an "AS IS" BASIS, |
|
| 13 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
|
| 14 | * See the License for the specific language governing permissions and |
|
| 15 | * limitations under the License. |
|
| 16 | */ |
|
| 17 | package org.apache.jetspeed.security.impl; |
|
| 18 | ||
| 19 | import java.util.Arrays; |
|
| 20 | import java.util.List; |
|
| 21 | ||
| 22 | import javax.security.auth.Subject; |
|
| 23 | ||
| 24 | import org.apache.commons.logging.Log; |
|
| 25 | import org.apache.commons.logging.LogFactory; |
|
| 26 | import org.apache.jetspeed.pipeline.PipelineException; |
|
| 27 | import org.apache.jetspeed.pipeline.valve.AbstractValve; |
|
| 28 | import org.apache.jetspeed.pipeline.valve.PageProfilerValve; |
|
| 29 | import org.apache.jetspeed.pipeline.valve.ValveContext; |
|
| 30 | import org.apache.jetspeed.profiler.ProfileLocator; |
|
| 31 | import org.apache.jetspeed.request.RequestContext; |
|
| 32 | import org.apache.jetspeed.security.PasswordCredential; |
|
| 33 | import org.apache.jetspeed.security.SecurityHelper; |
|
| 34 | ||
| 35 | /** |
|
| 36 | * PasswordCredentialValve |
|
| 37 | * |
|
| 38 | * @author <a href="mailto:ate@apache.org">Ate Douma</a> |
|
| 39 | * @version $Id: PasswordCredentialValveImpl.java 516448 2007-03-09 16:25:47Z ate $ |
|
| 40 | */ |
|
| 41 | public class PasswordCredentialValveImpl extends AbstractValve implements org.apache.jetspeed.pipeline.valve.PasswordCredentialValve |
|
| 42 | { |
|
| 43 | 0 | private static final Log log = LogFactory.getLog(PasswordCredentialValveImpl.class); |
| 44 | ||
| 45 | 0 | private static final String CHECKED_KEY = PasswordCredentialValveImpl.class.getName() + ".checked"; |
| 46 | //private PageManager pageManager; |
|
| 47 | private int[] expirationWarningDays; |
|
| 48 | ||
| 49 | /** |
|
| 50 | * Create a PasswordCredentialValveImpl which only checks and handles PasswordCredential.isUpdateRequired(). |
|
| 51 | * |
|
| 52 | */ |
|
| 53 | public PasswordCredentialValveImpl() |
|
| 54 | 0 | { |
| 55 | 0 | expirationWarningDays = new int[]{}; |
| 56 | 0 | } |
| 57 | ||
| 58 | /** |
|
| 59 | * <p> |
|
| 60 | * Creates a PasswordCredentialValveImpl which, besides checking and handling PasswordCredential.isUpdateRequired(), |
|
| 61 | * also provides a warning when a password is about to be expired according to the provided list of |
|
| 62 | * expirationWarningDays.</p> |
|
| 63 | * @param expirationWarningDays the list of days before password expiration when a warning should be presented |
|
| 64 | */ |
|
| 65 | public PasswordCredentialValveImpl(List expirationWarningDays) |
|
| 66 | 0 | { |
| 67 | 0 | if ( expirationWarningDays != null ) |
| 68 | { |
|
| 69 | 0 | this.expirationWarningDays = new int[expirationWarningDays.size()]; |
| 70 | 0 | for ( int i = 0; i < this.expirationWarningDays.length; i++ ) |
| 71 | { |
|
| 72 | 0 | this.expirationWarningDays[i] = Integer.parseInt((String)expirationWarningDays.get(i)); |
| 73 | } |
|
| 74 | 0 | Arrays.sort(this.expirationWarningDays); |
| 75 | } |
|
| 76 | else |
|
| 77 | { |
|
| 78 | 0 | this.expirationWarningDays = new int[0]; |
| 79 | } |
|
| 80 | 0 | } |
| 81 | ||
| 82 | /** |
|
| 83 | * @see org.apache.jetspeed.pipeline.valve.Valve#invoke(org.apache.jetspeed.request.RequestContext, org.apache.jetspeed.pipeline.valve.ValveContext) |
|
| 84 | */ |
|
| 85 | public void invoke(RequestContext request, ValveContext context) throws PipelineException |
|
| 86 | { |
|
| 87 | try |
|
| 88 | { |
|
| 89 | 0 | if ( request.getRequest().getUserPrincipal() != null ) |
| 90 | { |
|
| 91 | 0 | Subject subject = request.getSubject(); |
| 92 | 0 | PasswordCredential pwdCredential = SecurityHelper.getPasswordCredential(subject); |
| 93 | 0 | Integer passwordDaysValid = null; |
| 94 | ||
| 95 | // check for an existing password credential |
|
| 96 | 0 | if ( pwdCredential != null ) |
| 97 | { |
|
| 98 | 0 | if ( pwdCredential.isUpdateRequired() ) |
| 99 | { |
|
| 100 | 0 | passwordDaysValid = new Integer(0); // required change |
| 101 | } |
|
| 102 | 0 | if ( request.getSessionAttribute(CHECKED_KEY) == null ) |
| 103 | { |
|
| 104 | 0 | request.setSessionAttribute(CHECKED_KEY,Boolean.TRUE); |
| 105 | 0 | if ( pwdCredential.getPreviousAuthenticationDate() != null && |
| 106 | pwdCredential.getLastAuthenticationDate() != null && |
|
| 107 | pwdCredential.getExpirationDate() != null ) |
|
| 108 | { |
|
| 109 | 0 | long expirationTime = pwdCredential.getExpirationDate().getTime(); |
| 110 | 0 | long lastAuthTime = pwdCredential.getLastAuthenticationDate().getTime(); |
| 111 | 0 | int lastAuthDaysBeforeExpiration = (class="keyword">int)((expirationTime-lastAuthTime)/(24*60*60*1000)); |
| 112 | 0 | if ( lastAuthDaysBeforeExpiration < 1 ) |
| 113 | { |
|
| 114 | 0 | passwordDaysValid = new Integer(1); |
| 115 | } |
|
| 116 | 0 | else if (expirationWarningDays.length > 0) |
| 117 | { |
|
| 118 | 0 | long prevAuthTime = Long.MIN_VALUE; |
| 119 | 0 | if (pwdCredential.getPreviousAuthenticationDate() != null ) |
| 120 | { |
|
| 121 | 0 | prevAuthTime = pwdCredential.getPreviousAuthenticationDate().getTime(); |
| 122 | } |
|
| 123 | 0 | int prevAuthDaysBeforeExpiration = (class="keyword">int)((expirationTime-prevAuthTime)/(24*60*60*1000)); |
| 124 | 0 | if ( prevAuthDaysBeforeExpiration > lastAuthDaysBeforeExpiration ) |
| 125 | { |
|
| 126 | 0 | for ( int i = 0; i < expirationWarningDays.length; i++ ) |
| 127 | { |
|
| 128 | 0 | int daysBefore = expirationWarningDays[i]-1; |
| 129 | 0 | if ( lastAuthDaysBeforeExpiration == daysBefore || |
| 130 | (lastAuthDaysBeforeExpiration < daysBefore && |
|
| 131 | prevAuthDaysBeforeExpiration > daysBefore ) ) |
|
| 132 | { |
|
| 133 | 0 | passwordDaysValid = new Integer(lastAuthDaysBeforeExpiration+1); |
| 134 | 0 | break; |
| 135 | } |
|
| 136 | } |
|
| 137 | } |
|
| 138 | } |
|
| 139 | } |
|
| 140 | } |
|
| 141 | } |
|
| 142 | 0 | if ( passwordDaysValid != null ) |
| 143 | { |
|
| 144 | // enforce the SECURITY_LOCATOR to be used to redirect to a change password portlet page |
|
| 145 | 0 | request.setAttribute(PageProfilerValve.PROFILE_LOCATOR_REQUEST_ATTR_KEY,ProfileLocator.SECURITY_LOCATOR); |
| 146 | // inform the change password portlet why it is invoked |
|
| 147 | 0 | request.setAttribute(PasswordCredential.PASSWORD_CREDENTIAL_DAYS_VALID_REQUEST_ATTR_KEY, passwordDaysValid); |
| 148 | } |
|
| 149 | } |
|
| 150 | 0 | context.invokeNext(request); |
| 151 | } |
|
| 152 | 0 | catch (Exception e) |
| 153 | { |
|
| 154 | 0 | log.error("Exception in request pipeline: " + e.getMessage(), e); |
| 155 | 0 | throw new PipelineException(e.toString(), e); |
| 156 | 0 | } |
| 157 | 0 | } |
| 158 | ||
| 159 | public String toString() |
|
| 160 | { |
|
| 161 | 0 | return "PasswordCredentialValve"; |
| 162 | } |
|
| 163 | ||
| 164 | } |
| This report is generated by jcoverage, Maven and Maven JCoverage Plugin. |