Author: reto
Date: Mon Feb 21 10:05:23 2011
New Revision: 1072917
URL: http://svn.apache.org/viewvc?rev=1072917&view=rev
Log:
CLEREZZA-421: applied patch Daniel, fixed a few license hedaers
Added:
incubator/clerezza/trunk/parent/platform.security/src/main/java/org/apache/clerezza/platform/security/auth/AuthenticationService.java
Modified:
incubator/clerezza/trunk/parent/platform.security.auth.basic/src/main/java/org/apache/clerezza/platform/security/auth/basic/BasicAuthentication.java
incubator/clerezza/trunk/parent/platform.security.auth.cookie/src/main/java/org/apache/clerezza/platform/security/auth/cookie/CookieAuthentication.java
incubator/clerezza/trunk/parent/platform.security.auth.cookie/src/main/java/org/apache/clerezza/platform/security/auth/cookie/CookieLogin.java
incubator/clerezza/trunk/parent/platform.security/src/main/java/org/apache/clerezza/platform/security/auth/AuthenticationChecker.java
incubator/clerezza/trunk/parent/platform.security/src/main/java/org/apache/clerezza/platform/security/auth/AuthenticationCheckerImpl.java
Modified:
incubator/clerezza/trunk/parent/platform.security.auth.basic/src/main/java/org/apache/clerezza/platform/security/auth/basic/BasicAuthentication.java
URL:
http://svn.apache.org/viewvc/incubator/clerezza/trunk/parent/platform.security.auth.basic/src/main/java/org/apache/clerezza/platform/security/auth/basic/BasicAuthentication.java?rev=1072917&r1=1072916&r2=1072917&view=diff
==============================================================================
---
incubator/clerezza/trunk/parent/platform.security.auth.basic/src/main/java/org/apache/clerezza/platform/security/auth/basic/BasicAuthentication.java
(original)
+++
incubator/clerezza/trunk/parent/platform.security.auth.basic/src/main/java/org/apache/clerezza/platform/security/auth/basic/BasicAuthentication.java
Mon Feb 21 10:05:23 2011
@@ -53,7 +53,7 @@ public class BasicAuthentication impleme
private int weight = 10;
@Reference
- AuthenticationChecker authenticationChecker;
+ AuthenticationService authenticationService;
public void activate(ComponentContext componentContext) {
weight = (Integer)
componentContext.getProperties().get("weight");
@@ -74,7 +74,7 @@ public class BasicAuthentication impleme
password = "";
}
try {
- if
(authenticationChecker.authenticate(userName, password)) {
+ if
(authenticationService.authenticateUser(userName, password)) {
return userName;
} else {
throw new
LoginException(LoginException.PASSWORD_NOT_MATCHING);
Modified:
incubator/clerezza/trunk/parent/platform.security.auth.cookie/src/main/java/org/apache/clerezza/platform/security/auth/cookie/CookieAuthentication.java
URL:
http://svn.apache.org/viewvc/incubator/clerezza/trunk/parent/platform.security.auth.cookie/src/main/java/org/apache/clerezza/platform/security/auth/cookie/CookieAuthentication.java?rev=1072917&r1=1072916&r2=1072917&view=diff
==============================================================================
---
incubator/clerezza/trunk/parent/platform.security.auth.cookie/src/main/java/org/apache/clerezza/platform/security/auth/cookie/CookieAuthentication.java
(original)
+++
incubator/clerezza/trunk/parent/platform.security.auth.cookie/src/main/java/org/apache/clerezza/platform/security/auth/cookie/CookieAuthentication.java
Mon Feb 21 10:05:23 2011
@@ -61,8 +61,8 @@ public class CookieAuthentication implem
*/
private int weight = 20;
- @Reference
- AuthenticationChecker authenticationChecker;
+ @Reference
+ AuthenticationService authenticationService;
public void activate(ComponentContext componentContext) {
weight = (Integer)
componentContext.getProperties().get("weight");
@@ -88,7 +88,7 @@ public class CookieAuthentication implem
password = "";
}
try {
- if
(authenticationChecker.authenticate(userName, password)){
+ if
(authenticationService.authenticateUser(userName, password)){
return userName;
} else {
throw new
LoginException(LoginException.PASSWORD_NOT_MATCHING);
Modified:
incubator/clerezza/trunk/parent/platform.security.auth.cookie/src/main/java/org/apache/clerezza/platform/security/auth/cookie/CookieLogin.java
URL:
http://svn.apache.org/viewvc/incubator/clerezza/trunk/parent/platform.security.auth.cookie/src/main/java/org/apache/clerezza/platform/security/auth/cookie/CookieLogin.java?rev=1072917&r1=1072916&r2=1072917&view=diff
==============================================================================
---
incubator/clerezza/trunk/parent/platform.security.auth.cookie/src/main/java/org/apache/clerezza/platform/security/auth/cookie/CookieLogin.java
(original)
+++
incubator/clerezza/trunk/parent/platform.security.auth.cookie/src/main/java/org/apache/clerezza/platform/security/auth/cookie/CookieLogin.java
Mon Feb 21 10:05:23 2011
@@ -51,7 +51,7 @@ import org.slf4j.LoggerFactory;
import org.osgi.service.component.ComponentContext;
import org.apache.clerezza.jaxrs.utils.RedirectUtil;
import org.apache.clerezza.jaxrs.utils.TrailingSlash;
-import org.apache.clerezza.platform.security.auth.AuthenticationChecker;
+import org.apache.clerezza.platform.security.auth.AuthenticationService;
import org.apache.clerezza.platform.security.auth.LoginListener;
import org.apache.clerezza.platform.security.auth.NoSuchAgent;
import org.apache.clerezza.platform.security.auth.cookie.onotology.LOGIN;
@@ -75,7 +75,6 @@ import org.apache.felix.scr.annotations.
import org.osgi.framework.Bundle;
import org.wymiwyg.commons.util.Base64;
import org.wymiwyg.commons.util.dirbrowser.PathNode;
-import org.wymiwyg.wrhapi.HandlerException;
/**
*
@@ -103,7 +102,7 @@ public class CookieLogin {
private RenderletManager renderletManager;
@Reference
- AuthenticationChecker authenticationChecker;
+ AuthenticationService authenticationService;
/**
* The activate method is called when SCR activates the component
configuration.
@@ -190,7 +189,7 @@ public class CookieLogin {
PlainLiteral failedMessage = new
PlainLiteralImpl(
"Username name or password are
wrong");
try {
- if
(authenticationChecker.authenticate(userName,password)) {
+ if
(authenticationService.authenticateUser(userName,password)) {
Set<LoginListener>
tempLoginListenerSet = null;
synchronized(loginListenerSet) {
tempLoginListenerSet =
new HashSet<LoginListener>(loginListenerSet);
@@ -210,8 +209,6 @@ public class CookieLogin {
result.addProperty(LOGIN.refererUri, new UriRef(referer));
}
return result;
- } catch (HandlerException ex) {
- throw new RuntimeException(ex);
} catch (NoSuchAgent ex) {
result.addProperty(LOGIN.message,
failedMessage);
result.addProperty(LOGIN.refererUri,
new UriRef(referer));
Modified:
incubator/clerezza/trunk/parent/platform.security/src/main/java/org/apache/clerezza/platform/security/auth/AuthenticationChecker.java
URL:
http://svn.apache.org/viewvc/incubator/clerezza/trunk/parent/platform.security/src/main/java/org/apache/clerezza/platform/security/auth/AuthenticationChecker.java?rev=1072917&r1=1072916&r2=1072917&view=diff
==============================================================================
---
incubator/clerezza/trunk/parent/platform.security/src/main/java/org/apache/clerezza/platform/security/auth/AuthenticationChecker.java
(original)
+++
incubator/clerezza/trunk/parent/platform.security/src/main/java/org/apache/clerezza/platform/security/auth/AuthenticationChecker.java
Mon Feb 21 10:05:23 2011
@@ -1,27 +1,27 @@
/*
- * Copyright 2010 mir.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- * under the License.
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
*/
package org.apache.clerezza.platform.security.auth;
-import org.wymiwyg.wrhapi.HandlerException;
-
/**
* A service that checks if a provided username and password matches a
- * username and password in credentials store.
+ * username and password in a credentials store.
*
* @author mir
*/
@@ -29,13 +29,17 @@ public interface AuthenticationChecker {
/**
* Checks if the provided username and password matches a username and
- * password in credentials store.
+ * password in a credentials store.
* @param userName
+ * The name of the user to authenticate. The name uniquely
identifies
+ * the user.
* @param password
- * @return true if the password matched, false otherwise
- * @throws org.wymiwyg.wrhapi.HandlerException
- * @throws org.apache.clerezza.platform.security.auth.NoSuchAgent
+ * The password used to authenticate the user identified
by the user
+ * name.
+ * @return true is the user has been authenticated, false if the
user can
+ * not be authenticated
+ * @throws NoSuchAgent if no user could be found for the provided user
name
*/
- boolean authenticate(String userName, String password) throws
HandlerException, NoSuchAgent;
+ boolean authenticate(String userName, String password) throws
NoSuchAgent;
}
Modified:
incubator/clerezza/trunk/parent/platform.security/src/main/java/org/apache/clerezza/platform/security/auth/AuthenticationCheckerImpl.java
URL:
http://svn.apache.org/viewvc/incubator/clerezza/trunk/parent/platform.security/src/main/java/org/apache/clerezza/platform/security/auth/AuthenticationCheckerImpl.java?rev=1072917&r1=1072916&r2=1072917&view=diff
==============================================================================
---
incubator/clerezza/trunk/parent/platform.security/src/main/java/org/apache/clerezza/platform/security/auth/AuthenticationCheckerImpl.java
(original)
+++
incubator/clerezza/trunk/parent/platform.security/src/main/java/org/apache/clerezza/platform/security/auth/AuthenticationCheckerImpl.java
Mon Feb 21 10:05:23 2011
@@ -29,7 +29,6 @@ import org.apache.clerezza.rdf.core.NonL
import org.apache.clerezza.rdf.core.Triple;
import org.apache.clerezza.rdf.core.impl.PlainLiteralImpl;
import org.apache.clerezza.rdf.ontologies.PERMISSION;
-import org.wymiwyg.wrhapi.HandlerException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -60,11 +59,10 @@ public class AuthenticationCheckerImpl i
* @param userName
* @param password
* @return true if the password matched, false otherwise
- * @throws org.wymiwyg.wrhapi.HandlerException
* @throws org.apache.clerezza.platform.security.auth.NoSuchAgent
*/
@Override
- public boolean authenticate(String userName, String password) throws
HandlerException, NoSuchAgent
+ public boolean authenticate(String userName, String password) throws
NoSuchAgent
{
AccessController.checkPermission(new
CheckAuthenticationPermission());
NonLiteral agent = getAgentFromGraph(userName);
@@ -73,7 +71,7 @@ public class AuthenticationCheckerImpl i
logger.debug("user {} successfully authenticated",
userName);
return true;
} else {
- logger.info("unsuccessful authentication attempt as
user {}", userName);
+ logger.debug("unsuccessful authentication attempt as
user {}", userName);
return false;
}
}
@@ -87,7 +85,7 @@ public class AuthenticationCheckerImpl i
if (agents.hasNext()) {
agent = agents.next().getSubject();
} else {
- logger.info("unsuccessful authentication
attempt as non-existent user {}", userName);
+ logger.debug("unsuccessful authentication
attempt as non-existent user {}", userName);
throw new NoSuchAgent();
}
} finally {
Added:
incubator/clerezza/trunk/parent/platform.security/src/main/java/org/apache/clerezza/platform/security/auth/AuthenticationService.java
URL:
http://svn.apache.org/viewvc/incubator/clerezza/trunk/parent/platform.security/src/main/java/org/apache/clerezza/platform/security/auth/AuthenticationService.java?rev=1072917&view=auto
==============================================================================
---
incubator/clerezza/trunk/parent/platform.security/src/main/java/org/apache/clerezza/platform/security/auth/AuthenticationService.java
(added)
+++
incubator/clerezza/trunk/parent/platform.security/src/main/java/org/apache/clerezza/platform/security/auth/AuthenticationService.java
Mon Feb 21 10:05:23 2011
@@ -0,0 +1,109 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.clerezza.platform.security.auth;
+
+import java.util.ArrayList;
+import java.util.List;
+import org.apache.felix.scr.annotations.Component;
+import org.apache.felix.scr.annotations.Reference;
+import org.apache.felix.scr.annotations.ReferenceCardinality;
+import org.apache.felix.scr.annotations.ReferencePolicy;
+import org.apache.felix.scr.annotations.Service;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ * Provides user authentication given the user credentials.
+ *
+ * This service considers all enabled {@link AuthenticationChecker} services
to
+ * authenticate a user. If multiple AuthenticationCheckers are present,
+ * only one needs to positively authenticate the user for the authentication
+ * process to succeed.
+ *
+ * @author daniel
+ */
+@Component
+@Service(AuthenticationService.class)
+@Reference(name = "restrictionElement",
+cardinality = ReferenceCardinality.MANDATORY_MULTIPLE,
+policy = ReferencePolicy.DYNAMIC,
+referenceInterface = AuthenticationChecker.class)
+public class AuthenticationService {
+ private final static Logger logger =
+
LoggerFactory.getLogger(AuthenticationCheckerImpl.class);
+
+ private List<AuthenticationChecker> authenticationCheckers =
+ new ArrayList<AuthenticationChecker>();
+
+
+ /**
+ * Authenticates a user given its user name and password credentials.
+ *
+ * @param userName
+ * The name of the user to authenticate. The name uniquely
identifies
+ * the user.
+ * @param password
+ * The password used to authenticate the user identified
by the user
+ * name.
+ * @return true is the user has been authenticated, false if the
user can
+ * not be authenticated
+ * @throws NoSuchAgent if no user could be found for the provided user
name
+ */
+ public boolean authenticateUser(String userName, String password)
+ throws NoSuchAgent {
+
+ boolean userNameExists = false;
+ for(AuthenticationChecker checker : authenticationCheckers) {
+ try {
+ if(checker.authenticate(userName, password)) {
+ return true;
+ }
+ userNameExists = true;
+ } catch (NoSuchAgent ex) {
+ continue;
+ }
+ }
+
+ if(!userNameExists) {
+ logger.info("No service could unsuccessfully
authenticate user {}. Reason: user does not exist", userName);
+ throw new NoSuchAgent();
+ }
+ return false;
+ }
+
+ /**
+ * Called when new {@link AuthenticationChecker} services are
registered in
+ * the OSGi environment.
+ *
+ * @param service the AuthenticationChecker
+ */
+ protected void bindAuthenticationChecker(AuthenticationChecker service)
{
+ authenticationCheckers.add(service);
+ }
+
+ /**
+ * Called when {@link AuthenticationChecker} services are unregistered
+ * in the OSGi environment.
+ *
+ * @param service the AuthenticationChecker
+ */
+ protected void unbindAuthenticationChecker(AuthenticationChecker
service) {
+ authenticationCheckers.remove(service);
+ }
+}
