ValidatePasswordOnLoadInterceptor xref

View Javadoc

1   /* 
2    * Licensed to the Apache Software Foundation (ASF) under one or more
3    * contributor license agreements.  See the NOTICE file distributed with
4    * this work for additional information regarding copyright ownership.
5    * The ASF licenses this file to You under the Apache License, Version 2.0
6    * (the "License"); you may not use this file except in compliance with
7    * the License.  You may obtain a copy of the License at
8   *
9   *     http://www.apache.org/licenses/LICENSE-2.0
10  *
11  * Unless required by applicable law or agreed to in writing, software
12  * distributed under the License is distributed on an "AS IS" BASIS,
13  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14  * See the License for the specific language governing permissions and
15  * limitations under the License.
16  */
17  package org.apache.jetspeed.security.spi.impl;
18  
19  import org.apache.commons.logging.Log;
20  import org.apache.commons.logging.LogFactory;
21  import org.apache.jetspeed.security.SecurityException;
22  import org.apache.jetspeed.security.om.InternalCredential;
23  import org.apache.jetspeed.security.spi.InternalPasswordCredentialInterceptor;
24  import org.apache.jetspeed.security.spi.PasswordCredentialProvider;
25  
26  /***
27   * <p>
28   * Checks if a (pre)set password in the persitent store is valid according to the configured
29   * {@link PasswordCredentialProvider#getValidator() validator} when loaded from the persistent store.</p>
30   * <p>
31   * If the password checks out to be invalid, an error is logged and the credential is flagged to be 
32   * {@link InternalCredential#isUpdateRequired() updateRequired}.</p>
33   * 
34   * @author <a href="mailto:ate@douma.nu">Ate Douma</a>
35   * @version $Id$
36   */
37  public class ValidatePasswordOnLoadInterceptor extends AbstractInternalPasswordCredentialInterceptorImpl
38  {
39      private static final Log log = LogFactory.getLog(InternalPasswordCredentialInterceptor.class);
40      
41      /***
42       * @return true is the password was invalid and update is required
43       * @see org.apache.jetspeed.security.spi.InternalPasswordCredentialInterceptor#afterLoad(org.apache.jetspeed.security.spi.PasswordCredentialProvider, java.lang.String, org.apache.jetspeed.security.om.InternalCredential)
44       */
45      public boolean afterLoad(PasswordCredentialProvider pcProvider, String userName, InternalCredential credential)
46              throws SecurityException
47      {
48          boolean updated = false;
49          if (!credential.isEncoded() && pcProvider.getValidator() != null )
50          {
51              try
52              {
53                  pcProvider.getValidator().validate(credential.getValue());
54              }
55              catch (SecurityException e)
56              {
57                  log.error("Loaded password for user "+userName+" is invalid. The user will be required to change it.");
58                  // persitent store contains an invalid password
59                  // allow login (assuming the user knows the invalid value) but enforce an update
60                  credential.setUpdateRequired(true);
61                  updated = true;
62              }
63          }
64          return updated;
65      }
66  }