1 |
|
|
2 |
|
|
3 |
|
|
4 |
|
|
5 |
|
|
6 |
|
|
7 |
|
|
8 |
|
|
9 |
|
|
10 |
|
|
11 |
|
|
12 |
|
|
13 |
|
|
14 |
|
|
15 |
|
|
16 |
|
|
17 |
|
package org.apache.jetspeed.security.spi.impl; |
18 |
|
|
19 |
|
import java.sql.Timestamp; |
20 |
|
import java.util.ArrayList; |
21 |
|
import java.util.Collection; |
22 |
|
import java.util.Date; |
23 |
|
import java.util.HashSet; |
24 |
|
import java.util.Iterator; |
25 |
|
import java.util.Set; |
26 |
|
|
27 |
|
import org.apache.commons.logging.Log; |
28 |
|
import org.apache.commons.logging.LogFactory; |
29 |
|
import org.apache.jetspeed.security.AlgorithmUpgradePasswordEncodingService; |
30 |
|
import org.apache.jetspeed.security.InvalidNewPasswordException; |
31 |
|
import org.apache.jetspeed.security.InvalidPasswordException; |
32 |
|
import org.apache.jetspeed.security.PasswordAlreadyUsedException; |
33 |
|
import org.apache.jetspeed.security.SecurityException; |
34 |
|
import org.apache.jetspeed.security.om.InternalCredential; |
35 |
|
import org.apache.jetspeed.security.om.InternalUserPrincipal; |
36 |
|
import org.apache.jetspeed.security.om.impl.InternalCredentialImpl; |
37 |
|
import org.apache.jetspeed.security.spi.CredentialHandler; |
38 |
|
import org.apache.jetspeed.security.spi.AlgorithmUpgradeCredentialPasswordEncoder; |
39 |
|
import org.apache.jetspeed.security.spi.InternalPasswordCredentialInterceptor; |
40 |
|
import org.apache.jetspeed.security.spi.PasswordCredentialProvider; |
41 |
|
import org.apache.jetspeed.security.spi.SecurityAccess; |
42 |
|
|
43 |
|
|
44 |
|
|
45 |
|
|
46 |
|
|
47 |
|
public class DefaultCredentialHandler implements CredentialHandler |
48 |
|
{ |
49 |
0 |
private static final Log log = LogFactory.getLog(DefaultCredentialHandler.class); |
50 |
|
|
51 |
|
private SecurityAccess securityAccess; |
52 |
|
|
53 |
|
private PasswordCredentialProvider pcProvider; |
54 |
|
|
55 |
|
private InternalPasswordCredentialInterceptor ipcInterceptor; |
56 |
|
|
57 |
|
public DefaultCredentialHandler(SecurityAccess securityAccess, PasswordCredentialProvider pcProvider, |
58 |
|
InternalPasswordCredentialInterceptor ipcInterceptor) |
59 |
0 |
{ |
60 |
0 |
this.securityAccess = securityAccess; |
61 |
0 |
this.pcProvider = pcProvider; |
62 |
0 |
this.ipcInterceptor = ipcInterceptor; |
63 |
0 |
} |
64 |
|
|
65 |
|
|
66 |
|
|
67 |
|
|
68 |
|
public Set getPrivateCredentials(String username) |
69 |
|
{ |
70 |
0 |
Set credentials = new HashSet(); |
71 |
0 |
InternalUserPrincipal internalUser = securityAccess.getInternalUserPrincipal(username, false); |
72 |
0 |
if (null != internalUser) |
73 |
|
{ |
74 |
0 |
InternalCredential credential = getPasswordCredential(internalUser, username ); |
75 |
0 |
if ( credential != null ) |
76 |
|
{ |
77 |
|
try |
78 |
|
{ |
79 |
0 |
credentials.add(pcProvider.create(username,credential)); |
80 |
|
} |
81 |
0 |
catch (SecurityException e) |
82 |
|
{ |
83 |
0 |
if ( log.isErrorEnabled() ) |
84 |
0 |
log.error("Failure creating a PasswordCredential for InternalCredential "+credential, e); |
85 |
0 |
} |
86 |
|
} |
87 |
|
} |
88 |
0 |
return credentials; |
89 |
|
} |
90 |
|
|
91 |
|
|
92 |
|
|
93 |
|
|
94 |
|
public Set getPublicCredentials(String username) |
95 |
|
{ |
96 |
0 |
return new HashSet(); |
97 |
|
} |
98 |
|
|
99 |
|
private InternalCredential getPasswordCredential(InternalUserPrincipal internalUser, String username) |
100 |
|
{ |
101 |
0 |
InternalCredential credential = null; |
102 |
|
|
103 |
0 |
Collection internalCredentials = internalUser.getCredentials(); |
104 |
0 |
if ( internalCredentials != null ) |
105 |
|
{ |
106 |
0 |
Iterator iter = internalCredentials.iterator(); |
107 |
|
|
108 |
0 |
while (iter.hasNext()) |
109 |
|
{ |
110 |
0 |
credential = (InternalCredential) iter.next(); |
111 |
0 |
if (credential.getType() == InternalCredential.PRIVATE ) |
112 |
|
{ |
113 |
0 |
if ((null != credential.getClassname()) |
114 |
|
&& (credential.getClassname().equals(pcProvider.getPasswordCredentialClass().getName()))) |
115 |
|
{ |
116 |
|
try |
117 |
|
{ |
118 |
0 |
if ( ipcInterceptor != null && ipcInterceptor.afterLoad(pcProvider, username, credential) ) |
119 |
|
{ |
120 |
|
|
121 |
0 |
securityAccess.setInternalUserPrincipal(internalUser,internalUser.isMappingOnly()); |
122 |
|
} |
123 |
0 |
break; |
124 |
|
} |
125 |
0 |
catch (SecurityException e) |
126 |
|
{ |
127 |
0 |
if ( log.isErrorEnabled() ) |
128 |
0 |
log.error("Failure loading InternalCredential "+credential, e); |
129 |
|
} |
130 |
|
} |
131 |
|
} |
132 |
0 |
credential = null; |
133 |
|
} |
134 |
|
} |
135 |
0 |
return credential; |
136 |
|
} |
137 |
|
|
138 |
|
|
139 |
|
|
140 |
|
|
141 |
|
public void setPassword(String userName, String oldPassword, String newPassword) throws SecurityException |
142 |
|
{ |
143 |
0 |
setPassword (userName, oldPassword, newPassword, false); |
144 |
0 |
} |
145 |
|
|
146 |
|
|
147 |
|
|
148 |
|
|
149 |
|
public void importPassword(String userName, String newPassword) throws SecurityException |
150 |
|
{ |
151 |
0 |
setPassword (userName, null, newPassword, true); |
152 |
0 |
} |
153 |
|
|
154 |
|
|
155 |
|
|
156 |
|
|
157 |
|
protected void setPassword(String userName, String oldPassword, String newPassword, boolean raw) throws SecurityException |
158 |
|
{ |
159 |
0 |
InternalUserPrincipal internalUser = securityAccess.getInternalUserPrincipal(userName, false); |
160 |
0 |
if (null == internalUser) |
161 |
|
{ |
162 |
0 |
throw new SecurityException(SecurityException.USER_DOES_NOT_EXIST.create(userName)); |
163 |
|
} |
164 |
|
|
165 |
0 |
Collection credentials = internalUser.getCredentials(); |
166 |
0 |
if (null == credentials) |
167 |
|
{ |
168 |
0 |
credentials = new ArrayList(); |
169 |
|
} |
170 |
|
|
171 |
0 |
InternalCredential credential = getPasswordCredential(internalUser, userName ); |
172 |
|
|
173 |
0 |
if (null != oldPassword) |
174 |
|
{ |
175 |
0 |
if ( credential != null && |
176 |
|
credential.getValue() != null && |
177 |
|
credential.isEncoded() && |
178 |
|
pcProvider.getEncoder() != null ) |
179 |
|
{ |
180 |
0 |
if ( pcProvider.getEncoder() instanceof AlgorithmUpgradeCredentialPasswordEncoder ) |
181 |
|
{ |
182 |
0 |
oldPassword = ((AlgorithmUpgradeCredentialPasswordEncoder)pcProvider.getEncoder()).encode(userName,oldPassword, credential); |
183 |
|
} |
184 |
|
else |
185 |
|
{ |
186 |
0 |
oldPassword = pcProvider.getEncoder().encode(userName,oldPassword); |
187 |
|
} |
188 |
|
} |
189 |
|
} |
190 |
|
|
191 |
0 |
if (oldPassword != null && (credential == class="keyword">null || credential.getValue() == class="keyword">null || !credential.getValue().equals(oldPassword))) |
192 |
|
{ |
193 |
|
|
194 |
0 |
throw new InvalidPasswordException(); |
195 |
|
} |
196 |
0 |
if (!raw) |
197 |
|
{ |
198 |
0 |
if ( pcProvider.getValidator() != null ) |
199 |
|
{ |
200 |
|
try |
201 |
|
{ |
202 |
0 |
pcProvider.getValidator().validate(newPassword); |
203 |
|
} |
204 |
0 |
catch (InvalidPasswordException ipe) |
205 |
|
{ |
206 |
0 |
throw new InvalidNewPasswordException(); |
207 |
0 |
} |
208 |
|
} |
209 |
|
} |
210 |
0 |
boolean encoded = false; |
211 |
0 |
if ( pcProvider.getEncoder() != null ) |
212 |
|
{ |
213 |
0 |
if (!(raw)) |
214 |
0 |
newPassword = pcProvider.getEncoder().encode(userName, newPassword); |
215 |
0 |
encoded = true; |
216 |
|
} |
217 |
|
|
218 |
0 |
boolean create = credential == null; |
219 |
|
|
220 |
0 |
if ( create ) |
221 |
|
{ |
222 |
0 |
credential = new InternalCredentialImpl(internalUser.getPrincipalId(), class="keyword">newPassword, InternalCredential.PRIVATE, |
223 |
|
pcProvider.getPasswordCredentialClass().getName()); |
224 |
0 |
credential.setEncoded(encoded); |
225 |
0 |
credentials.add(credential); |
226 |
|
} |
227 |
0 |
else if ( oldPassword == null ) |
228 |
|
{ |
229 |
|
|
230 |
|
|
231 |
|
|
232 |
|
|
233 |
|
|
234 |
|
} |
235 |
0 |
else if ( oldPassword.equals(newPassword) ) |
236 |
|
{ |
237 |
0 |
throw new PasswordAlreadyUsedException(); |
238 |
|
} |
239 |
|
|
240 |
0 |
if ( ipcInterceptor != null ) |
241 |
|
{ |
242 |
0 |
if ( create ) |
243 |
|
{ |
244 |
0 |
ipcInterceptor.beforeCreate(internalUser, credentials, userName, credential, newPassword ); |
245 |
|
} |
246 |
|
else |
247 |
|
{ |
248 |
0 |
ipcInterceptor.beforeSetPassword(internalUser, credentials, userName, credential, newPassword, oldPassword != null ); |
249 |
|
} |
250 |
|
} |
251 |
|
|
252 |
0 |
if (!create) |
253 |
|
{ |
254 |
0 |
credential.setValue(newPassword); |
255 |
0 |
credential.setEncoded(encoded); |
256 |
0 |
credential.setUpdateRequired(false); |
257 |
|
} |
258 |
|
|
259 |
0 |
long time = new Date().getTime(); |
260 |
|
|
261 |
0 |
if ( oldPassword == null ) |
262 |
|
{ |
263 |
|
|
264 |
|
|
265 |
0 |
if ( encoded && pcProvider.getEncoder() instanceof AlgorithmUpgradePasswordEncodingService ) |
266 |
|
{ |
267 |
|
|
268 |
|
|
269 |
|
|
270 |
0 |
credential.setPreviousAuthenticationDate(new Timestamp(class="keyword">new Date().getTime())); |
271 |
0 |
credential.setLastAuthenticationDate(null); |
272 |
|
} |
273 |
|
} |
274 |
|
else |
275 |
|
{ |
276 |
|
|
277 |
0 |
credential.setPreviousAuthenticationDate(credential.getLastAuthenticationDate()); |
278 |
0 |
credential.setLastAuthenticationDate(new Timestamp(time)); |
279 |
|
} |
280 |
|
|
281 |
0 |
credential.setModifiedDate(new Timestamp(time)); |
282 |
0 |
internalUser.setModifiedDate(new Timestamp(time)); |
283 |
0 |
internalUser.setCredentials(credentials); |
284 |
|
|
285 |
0 |
securityAccess.setInternalUserPrincipal(internalUser, false); |
286 |
0 |
} |
287 |
|
|
288 |
|
|
289 |
|
|
290 |
|
|
291 |
|
|
292 |
|
public void setPasswordEnabled(String userName, boolean enabled) throws SecurityException |
293 |
|
{ |
294 |
0 |
InternalUserPrincipal internalUser = securityAccess.getInternalUserPrincipal(userName, false); |
295 |
0 |
if (null != internalUser) |
296 |
|
{ |
297 |
0 |
InternalCredential credential = getPasswordCredential(internalUser, userName ); |
298 |
0 |
if ( credential != null && !credential.isExpired() && credential.isEnabled() != enabled ) |
299 |
|
{ |
300 |
0 |
long time = new Date().getTime(); |
301 |
0 |
credential.setEnabled(enabled); |
302 |
0 |
credential.setAuthenticationFailures(0); |
303 |
0 |
credential.setModifiedDate(new Timestamp(time)); |
304 |
0 |
internalUser.setModifiedDate(new Timestamp(time)); |
305 |
0 |
securityAccess.setInternalUserPrincipal(internalUser, false); |
306 |
|
} |
307 |
0 |
} |
308 |
|
else |
309 |
|
{ |
310 |
0 |
throw new SecurityException(SecurityException.USER_DOES_NOT_EXIST.create(userName)); |
311 |
|
} |
312 |
0 |
} |
313 |
|
|
314 |
|
|
315 |
|
|
316 |
|
|
317 |
|
public void setPasswordUpdateRequired(String userName, boolean updateRequired) throws SecurityException |
318 |
|
{ |
319 |
0 |
InternalUserPrincipal internalUser = securityAccess.getInternalUserPrincipal(userName, false); |
320 |
0 |
if (null != internalUser) |
321 |
|
{ |
322 |
0 |
InternalCredential credential = getPasswordCredential(internalUser, userName ); |
323 |
0 |
if ( credential != null && !credential.isExpired() && credential.isUpdateRequired() != updateRequired ) |
324 |
|
{ |
325 |
|
|
326 |
0 |
if ( !updateRequired && !credential.isEncoded() && pcProvider.getValidator() != null ) |
327 |
|
{ |
328 |
0 |
pcProvider.getValidator().validate(credential.getValue()); |
329 |
|
} |
330 |
0 |
credential.setUpdateRequired(updateRequired); |
331 |
0 |
long time = new Date().getTime(); |
332 |
0 |
credential.setModifiedDate(new Timestamp(time)); |
333 |
|
|
334 |
|
|
335 |
|
|
336 |
|
|
337 |
0 |
credential.setPreviousAuthenticationDate(new Timestamp(time)); |
338 |
0 |
credential.setModifiedDate(new Timestamp(time)); |
339 |
0 |
internalUser.setModifiedDate(new Timestamp(time)); |
340 |
0 |
securityAccess.setInternalUserPrincipal(internalUser, false); |
341 |
|
} |
342 |
0 |
} |
343 |
|
else |
344 |
|
{ |
345 |
0 |
throw new SecurityException(SecurityException.USER_DOES_NOT_EXIST.create(userName)); |
346 |
|
} |
347 |
0 |
} |
348 |
|
|
349 |
|
|
350 |
|
|
351 |
|
|
352 |
|
public void setPasswordExpiration(String userName, java.sql.Date expirationDate) throws SecurityException |
353 |
|
{ |
354 |
0 |
InternalUserPrincipal internalUser = securityAccess.getInternalUserPrincipal(userName, false); |
355 |
0 |
if (null != internalUser) |
356 |
|
{ |
357 |
0 |
InternalCredential credential = getPasswordCredential(internalUser, userName ); |
358 |
0 |
if ( credential != null ) |
359 |
|
{ |
360 |
0 |
long time = new Date().getTime(); |
361 |
0 |
if ( expirationDate != null && new java.sql.Date(time).after(expirationDate)) |
362 |
|
{ |
363 |
0 |
credential.setExpired(true); |
364 |
|
} |
365 |
|
else |
366 |
|
{ |
367 |
0 |
credential.setExpired(false); |
368 |
|
} |
369 |
0 |
credential.setExpirationDate(expirationDate); |
370 |
|
|
371 |
0 |
credential.setModifiedDate(new Timestamp(time)); |
372 |
0 |
internalUser.setModifiedDate(new Timestamp(time)); |
373 |
0 |
securityAccess.setInternalUserPrincipal(internalUser, false); |
374 |
|
} |
375 |
0 |
} |
376 |
|
else |
377 |
|
{ |
378 |
0 |
throw new SecurityException(SecurityException.USER_DOES_NOT_EXIST.create(userName)); |
379 |
|
} |
380 |
0 |
} |
381 |
|
|
382 |
|
|
383 |
|
|
384 |
|
|
385 |
|
public boolean authenticate(String userName, String password) throws SecurityException |
386 |
|
{ |
387 |
0 |
boolean authenticated = false; |
388 |
0 |
InternalUserPrincipal internalUser = securityAccess.getInternalUserPrincipal(userName, false); |
389 |
0 |
if (null != internalUser) |
390 |
|
{ |
391 |
0 |
InternalCredential credential = getPasswordCredential(internalUser, userName ); |
392 |
0 |
if ( credential != null && credential.isEnabled() && !credential.isExpired()) |
393 |
|
{ |
394 |
0 |
String encodedPassword = password; |
395 |
0 |
if ( pcProvider.getEncoder() != null && credential.isEncoded()) |
396 |
|
{ |
397 |
0 |
if ( pcProvider.getEncoder() instanceof AlgorithmUpgradeCredentialPasswordEncoder ) |
398 |
|
{ |
399 |
0 |
encodedPassword = ((AlgorithmUpgradeCredentialPasswordEncoder)pcProvider.getEncoder()).encode(userName,password, credential); |
400 |
|
} |
401 |
|
else |
402 |
|
{ |
403 |
0 |
encodedPassword = pcProvider.getEncoder().encode(userName,password); |
404 |
|
} |
405 |
|
} |
406 |
|
|
407 |
0 |
authenticated = credential.getValue().equals(encodedPassword); |
408 |
0 |
boolean update = false; |
409 |
|
|
410 |
0 |
if ( ipcInterceptor != null ) |
411 |
|
{ |
412 |
0 |
update = ipcInterceptor.afterAuthenticated(internalUser, userName, credential, authenticated); |
413 |
0 |
if ( update && (!credential.isEnabled() || credential.isExpired())) |
414 |
|
{ |
415 |
0 |
authenticated = false; |
416 |
|
} |
417 |
|
} |
418 |
0 |
long time = new Date().getTime(); |
419 |
|
|
420 |
0 |
if ( authenticated ) |
421 |
|
{ |
422 |
0 |
credential.setAuthenticationFailures(0); |
423 |
|
|
424 |
0 |
if ( pcProvider.getEncoder() != null && pcProvider.getEncoder() instanceof AlgorithmUpgradeCredentialPasswordEncoder) |
425 |
|
{ |
426 |
0 |
((AlgorithmUpgradeCredentialPasswordEncoder)pcProvider.getEncoder()).recodeIfNeeded(userName,password,credential); |
427 |
|
} |
428 |
|
|
429 |
0 |
credential.setPreviousAuthenticationDate(credential.getLastAuthenticationDate()); |
430 |
0 |
credential.setLastAuthenticationDate(new Timestamp(time)); |
431 |
0 |
update = true; |
432 |
|
} |
433 |
|
|
434 |
0 |
if ( update ) |
435 |
|
{ |
436 |
0 |
credential.setModifiedDate(new Timestamp(time)); |
437 |
0 |
internalUser.setModifiedDate(new Timestamp(time)); |
438 |
0 |
securityAccess.setInternalUserPrincipal(internalUser, false); |
439 |
|
} |
440 |
|
} |
441 |
0 |
} |
442 |
|
else |
443 |
|
{ |
444 |
0 |
throw new SecurityException(SecurityException.USER_DOES_NOT_EXIST.create(userName)); |
445 |
|
} |
446 |
0 |
return authenticated; |
447 |
|
} |
448 |
|
} |