Author: gnodet
Date: Wed Sep 15 14:09:33 2010
New Revision: 997344
URL: http://svn.apache.org/viewvc?rev=997344&view=rev
Log:
[KARAF-34] put more logic in the abstract login module and support customized
prefix/suffix
Modified:
karaf/trunk/assembly/src/main/distribution/text/etc/org.apache.karaf.jaas.cfg
karaf/trunk/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/AbstractKarafLoginModule.java
karaf/trunk/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/jdbc/JDBCLoginModule.java
karaf/trunk/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/osgi/OsgiConfigLoginModule.java
karaf/trunk/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/properties/PropertiesLoginModule.java
karaf/trunk/jaas/modules/src/main/resources/OSGI-INF/blueprint/karaf-jaas-module.xml
Modified:
karaf/trunk/assembly/src/main/distribution/text/etc/org.apache.karaf.jaas.cfg
URL:
http://svn.apache.org/viewvc/karaf/trunk/assembly/src/main/distribution/text/etc/org.apache.karaf.jaas.cfg?rev=997344&r1=997343&r2=997344&view=diff
==============================================================================
---
karaf/trunk/assembly/src/main/distribution/text/etc/org.apache.karaf.jaas.cfg
(original)
+++
karaf/trunk/assembly/src/main/distribution/text/etc/org.apache.karaf.jaas.cfg
Wed Sep 15 14:09:33 2010
@@ -31,6 +31,16 @@ encryption.enabled = false
encryption.name =
#
+# Encryption prefix
+#
+encryption.prefix = {CRYPT}
+
+#
+# Encryption suffix
+#
+encryption.suffix = {CRYPT}
+
+#
# Set the encryption algorithm to use in Karaf JAAS login module
# Supported encryption algorithms follow:
# MD2
Modified:
karaf/trunk/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/AbstractKarafLoginModule.java
URL:
http://svn.apache.org/viewvc/karaf/trunk/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/AbstractKarafLoginModule.java?rev=997344&r1=997343&r2=997344&view=diff
==============================================================================
---
karaf/trunk/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/AbstractKarafLoginModule.java
(original)
+++
karaf/trunk/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/AbstractKarafLoginModule.java
Wed Sep 15 14:09:33 2010
@@ -55,8 +55,10 @@ public abstract class AbstractKarafLogin
/** the bundle context is required to use the encryption service */
protected BundleContext bundleContext;
- protected Encryption encryption;
-
+ private Encryption encryption;
+ private String encryptionPrefix;
+ private String encryptionSuffix;
+
private static final Log LOG =
LogFactory.getLog(AbstractKarafLoginModule.class);
public boolean commit() throws LoginException {
@@ -92,6 +94,8 @@ public abstract class AbstractKarafLogin
encOpts.put(key.substring("encryption.".length()),
options.get(key).toString());
}
}
+ encryptionPrefix = encOpts.remove("prefix");
+ encryptionSuffix = encOpts.remove("suffix");
boolean enabled = Boolean.parseBoolean(encOpts.remove("enabled"));
if (!enabled) {
if (debug) {
@@ -148,4 +152,44 @@ public abstract class AbstractKarafLogin
return encryption;
}
+ public String getEncryptedPassword(String password) {
+ Encryption encryption = getEncryption();
+ if (encryption == null) {
+ return password;
+ } else {
+ boolean prefix = encryptionPrefix == null ||
password.startsWith(encryptionPrefix);
+ boolean suffix = encryptionSuffix == null ||
password.endsWith(encryptionSuffix);
+ if (prefix && suffix) {
+ return password;
+ } else {
+ String p = encryption.encryptPassword(password);
+ if (encryptionPrefix != null) {
+ p = encryptionPrefix + p;
+ }
+ if (encryptionSuffix != null) {
+ p = p + encryptionSuffix;
+ }
+ return p;
+ }
+ }
+
+ }
+
+ public boolean checkPassword(String plain, String encrypted) {
+ Encryption encryption = getEncryption();
+ if (encryption == null) {
+ return plain.equals(encrypted);
+ } else {
+ boolean prefix = encryptionPrefix == null ||
encrypted.startsWith(encryptionPrefix);
+ boolean suffix = encryptionSuffix == null ||
encrypted.endsWith(encryptionSuffix);
+ if (prefix && suffix) {
+ encrypted = encrypted.substring(encryptionPrefix != null ?
encryptionPrefix.length() : 0,
+ encrypted.length() - (encryptionSuffix != null ?
encryptionSuffix.length() : 0));
+ return encryption.checkPassword(plain, encrypted);
+ } else {
+ return plain.equals(encrypted);
+ }
+ }
+ }
+
}
Modified:
karaf/trunk/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/jdbc/JDBCLoginModule.java
URL:
http://svn.apache.org/viewvc/karaf/trunk/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/jdbc/JDBCLoginModule.java?rev=997344&r1=997343&r2=997344&view=diff
==============================================================================
---
karaf/trunk/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/jdbc/JDBCLoginModule.java
(original)
+++
karaf/trunk/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/jdbc/JDBCLoginModule.java
Wed Sep 15 14:09:33 2010
@@ -162,14 +162,10 @@ public class JDBCLoginModule extends Abs
} else {
String storedPassword = passwordResultSet.getString(1);
- encryption = getEncryption();
- if (encryption != null && encryption.checkPassword(password,
storedPassword)) {
- principals.add(new UserPrincipal(user));
- } else if (encryption == null &&
password.equals(storedPassword)) {
- principals.add(new UserPrincipal(user));
- } else {
+ if (!checkPassword(password, storedPassword)) {
throw new LoginException("Password for " + user + " does
not match");
}
+ principals.add(new UserPrincipal(user));
}
//Retrieve user roles from database
Modified:
karaf/trunk/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/osgi/OsgiConfigLoginModule.java
URL:
http://svn.apache.org/viewvc/karaf/trunk/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/osgi/OsgiConfigLoginModule.java?rev=997344&r1=997343&r2=997344&view=diff
==============================================================================
---
karaf/trunk/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/osgi/OsgiConfigLoginModule.java
(original)
+++
karaf/trunk/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/osgi/OsgiConfigLoginModule.java
Wed Sep 15 14:09:33 2010
@@ -21,7 +21,6 @@ import java.security.Principal;
import java.util.Dictionary;
import java.util.HashSet;
import java.util.Map;
-import java.util.Set;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
@@ -31,6 +30,9 @@ import javax.security.auth.callback.Pass
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.FailedLoginException;
import javax.security.auth.login.LoginException;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
import org.apache.karaf.jaas.modules.AbstractKarafLoginModule;
import org.apache.karaf.jaas.modules.RolePrincipal;
@@ -42,6 +44,8 @@ public class OsgiConfigLoginModule exten
public static final String PID = "pid";
public static final String USER_PREFIX = "user.";
+ private static final Log LOG =
LogFactory.getLog(OsgiConfigLoginModule.class);
+
public void initialize(Subject subject, CallbackHandler callbackHandler,
Map<String, ?> sharedState, Map<String, ?> options) {
super.initialize(subject, callbackHandler, options);
}
@@ -64,18 +68,18 @@ public class OsgiConfigLoginModule exten
throw new LoginException(uce.getMessage() + " not available to
obtain information from user");
}
String user = ((NameCallback) callbacks[0]).getName();
- char[] tmpPassword = ((PasswordCallback)
callbacks[1]).getPassword();
- if (tmpPassword == null) {
- tmpPassword = new char[0];
- }
+ String password = new String(((PasswordCallback)
callbacks[1]).getPassword());
String userInfos = (String) properties.get(USER_PREFIX + user);
if (userInfos == null) {
throw new FailedLoginException("User does not exist");
}
String[] infos = userInfos.split(",");
- if (!new String(tmpPassword).equals(infos[0])) {
- throw new FailedLoginException("Password does not match");
+ String storedPassword = infos[0];
+
+ // check the provided password
+ if (!checkPassword(password, storedPassword)) {
+ throw new FailedLoginException("Password for " + user + " does
not match");
}
principals = new HashSet<Principal>();
Modified:
karaf/trunk/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/properties/PropertiesLoginModule.java
URL:
http://svn.apache.org/viewvc/karaf/trunk/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/properties/PropertiesLoginModule.java?rev=997344&r1=997343&r2=997344&view=diff
==============================================================================
---
karaf/trunk/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/properties/PropertiesLoginModule.java
(original)
+++
karaf/trunk/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/properties/PropertiesLoginModule.java
Wed Sep 15 14:09:33 2010
@@ -33,7 +33,6 @@ import javax.security.auth.login.LoginEx
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.karaf.jaas.modules.AbstractKarafLoginModule;
-import org.apache.karaf.jaas.modules.Encryption;
import org.apache.karaf.jaas.modules.RolePrincipal;
import org.apache.karaf.jaas.modules.UserPrincipal;
import org.apache.karaf.util.Properties;
@@ -90,7 +89,7 @@ public class PropertiesLoginModule exten
String userInfos = null;
try {
- userInfos = (String) users.get(user);
+ userInfos = users.get(user);
} catch (NullPointerException e) {
//error handled in the next statement
}
@@ -102,54 +101,40 @@ public class PropertiesLoginModule exten
String[] infos = userInfos.split(",");
String storedPassword = infos[0];
- // check if encryption is enabled
- Encryption encryption = getEncryption();
- if (encryption != null) {
+ // check if the stored password is flagged as encrypted
+ String encryptedPassword = getEncryptedPassword(storedPassword);
+ if (!storedPassword.equals(encryptedPassword)) {
if (debug) {
- LOG.debug("Encryption is enabled.");
+ LOG.debug("The password isn't flagged as encrypted, encrypt
it.");
}
- // check if the stored password is flagged as encrypted
- if (!storedPassword.startsWith("{CRYPT}")) {
- if (debug) {
- LOG.debug("The password isn't flagged as encrypted,
encrypt it.");
- }
- storedPassword = "{CRYPT}" +
encryption.encryptPassword(storedPassword);
- if (debug) {
- LOG.debug("Rebuild the user informations string.");
- }
- userInfos = storedPassword + ",";
- for (int i = 1; i < infos.length; i++) {
- if (i == (infos.length - 1)) {
- userInfos = userInfos + infos[i];
- } else {
- userInfos = userInfos + infos[i] + ",";
- }
+ if (debug) {
+ LOG.debug("Rebuild the user informations string.");
+ }
+ userInfos = encryptedPassword + ",";
+ for (int i = 1; i < infos.length; i++) {
+ if (i == (infos.length - 1)) {
+ userInfos = userInfos + infos[i];
+ } else {
+ userInfos = userInfos + infos[i] + ",";
}
+ }
+ if (debug) {
+ LOG.debug("Push back the user informations in the users
properties.");
+ }
+ users.put(user, userInfos);
+ try {
if (debug) {
- LOG.debug("Push back the user informations in the users
properties.");
- }
- users.put(user, userInfos);
- try {
- if (debug) {
- LOG.debug("Store the users properties file.");
- }
- users.save();
- } catch (IOException ioe) {
- LOG.warn("Unable to write user properties file " + f, ioe);
+ LOG.debug("Store the users properties file.");
}
+ users.save();
+ } catch (IOException ioe) {
+ LOG.warn("Unable to write user properties file " + f, ioe);
}
- storedPassword = storedPassword.substring(7);
+ storedPassword = encryptedPassword;
}
// check the provided password
- boolean result;
- if (encryption == null) {
- result = storedPassword.equals(password);
- } else {
- result = encryption.checkPassword(password, storedPassword);
- }
- if (!result) {
- LOG.error("Check password failed: " + password + " / " +
storedPassword);
+ if (!checkPassword(password, storedPassword)) {
throw new FailedLoginException("Password for " + user + " does not
match");
}
Modified:
karaf/trunk/jaas/modules/src/main/resources/OSGI-INF/blueprint/karaf-jaas-module.xml
URL:
http://svn.apache.org/viewvc/karaf/trunk/jaas/modules/src/main/resources/OSGI-INF/blueprint/karaf-jaas-module.xml?rev=997344&r1=997343&r2=997344&view=diff
==============================================================================
---
karaf/trunk/jaas/modules/src/main/resources/OSGI-INF/blueprint/karaf-jaas-module.xml
(original)
+++
karaf/trunk/jaas/modules/src/main/resources/OSGI-INF/blueprint/karaf-jaas-module.xml
Wed Sep 15 14:09:33 2010
@@ -34,8 +34,10 @@
<cm:default-properties>
<cm:property name="encryption.name" value="" />
<cm:property name="encryption.enabled" value="false" />
+ <cm:property name="encryption.prefix" value="{CRYPT}" />
+ <cm:property name="encryption.suffix" value="{CRYPT}" />
<cm:property name="encryption.algorithm" value="MD5" />
- <cm:property name="encryption.encoding" value="" />
+ <cm:property name="encryption.encoding" value="hexadeciman" />
</cm:default-properties>
</cm:property-placeholder>
@@ -44,6 +46,8 @@
users = $[karaf.base]/etc/users.properties
encryption.name = ${encryption.name}
encryption.enabled = ${encryption.enabled}
+ encryption.prefix = ${encryption.prefix}
+ encryption.suffix = ${encryption.suffix}
encryption.algorithm = ${encryption.algorithm}
encryption.encoding = ${encryption.encoding}
</jaas:module>
