Author: fmeschbe
Date: Wed Dec 2 13:55:59 2009
New Revision: 886144
URL: http://svn.apache.org/viewvc?rev=886144&view=rev
Log:
SLING-1208 As of Jackrabbit 1.6 the protected properties of the repository
reflection of users and groups are not returned as Authorizable properties any
more. Therefore the rep:principalName property which is checked in the
integration test does not exist any longer. Likeweis the rep:password is not
returned any more, so we have to use a (hacky) workaround.
Modified:
sling/trunk/bundles/jcr/jackrabbit-usermanager/src/main/java/org/apache/sling/jackrabbit/usermanager/impl/post/AbstractUserPostServlet.java
sling/trunk/bundles/jcr/jackrabbit-usermanager/src/main/java/org/apache/sling/jackrabbit/usermanager/impl/post/ChangeUserPasswordServlet.java
sling/trunk/bundles/jcr/jackrabbit-usermanager/src/main/java/org/apache/sling/jackrabbit/usermanager/impl/resource/AuthorizableValueMap.java
Modified:
sling/trunk/bundles/jcr/jackrabbit-usermanager/src/main/java/org/apache/sling/jackrabbit/usermanager/impl/post/AbstractUserPostServlet.java
URL:
http://svn.apache.org/viewvc/sling/trunk/bundles/jcr/jackrabbit-usermanager/src/main/java/org/apache/sling/jackrabbit/usermanager/impl/post/AbstractUserPostServlet.java?rev=886144&r1=886143&r2=886144&view=diff
==============================================================================
---
sling/trunk/bundles/jcr/jackrabbit-usermanager/src/main/java/org/apache/sling/jackrabbit/usermanager/impl/post/AbstractUserPostServlet.java
(original)
+++
sling/trunk/bundles/jcr/jackrabbit-usermanager/src/main/java/org/apache/sling/jackrabbit/usermanager/impl/post/AbstractUserPostServlet.java
Wed Dec 2 13:55:59 2009
@@ -33,7 +33,7 @@
/**
* To be used for the encryption. E.g. for passwords in
* {...@link javax.jcr.SimpleCredentials#getPassword()} SimpleCredentials}
- *
+ *
* @scr.property valueRef="DEFAULT_PASSWORD_DIGEST_ALGORITHM"
*/
private static final String PROP_PASSWORD_DIGEST_ALGORITHM =
"password.digest.algorithm";
@@ -64,17 +64,28 @@
/**
* Digest the given password using the configured digest algorithm
- *
+ *
* @param pwd the value to digest
* @return the digested value
* @throws IllegalArgumentException
*/
protected String digestPassword(String pwd) throws
IllegalArgumentException {
+ return digestPassword(pwd, passwordDigestAlgoritm);
+ }
+
+ /**
+ * Digest the given password using the given digest algorithm
+ *
+ * @param pwd the value to digest
+ * @param digest the digest algorithm to use for digesting
+ * @return the digested value
+ * @throws IllegalArgumentException
+ */
+ protected String digestPassword(String pwd, String digest) throws
IllegalArgumentException {
try {
StringBuffer password = new StringBuffer();
- password.append("{").append(passwordDigestAlgoritm).append("}");
- password.append(Text.digest(passwordDigestAlgoritm,
- pwd.getBytes("UTF-8")));
+ password.append("{").append(digest).append("}");
+ password.append(Text.digest(digest, pwd.getBytes("UTF-8")));
return password.toString();
} catch (NoSuchAlgorithmException e) {
throw new IllegalArgumentException(e.toString());
Modified:
sling/trunk/bundles/jcr/jackrabbit-usermanager/src/main/java/org/apache/sling/jackrabbit/usermanager/impl/post/ChangeUserPasswordServlet.java
URL:
http://svn.apache.org/viewvc/sling/trunk/bundles/jcr/jackrabbit-usermanager/src/main/java/org/apache/sling/jackrabbit/usermanager/impl/post/ChangeUserPasswordServlet.java?rev=886144&r1=886143&r2=886144&view=diff
==============================================================================
---
sling/trunk/bundles/jcr/jackrabbit-usermanager/src/main/java/org/apache/sling/jackrabbit/usermanager/impl/post/ChangeUserPasswordServlet.java
(original)
+++
sling/trunk/bundles/jcr/jackrabbit-usermanager/src/main/java/org/apache/sling/jackrabbit/usermanager/impl/post/ChangeUserPasswordServlet.java
Wed Dec 2 13:55:59 2009
@@ -16,12 +16,13 @@
*/
package org.apache.sling.jackrabbit.usermanager.impl.post;
+import java.lang.reflect.Method;
import java.util.List;
+import javax.jcr.Credentials;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
-import javax.jcr.Value;
-
+import javax.jcr.SimpleCredentials;
import org.apache.jackrabbit.api.security.user.Authorizable;
import org.apache.jackrabbit.api.security.user.User;
import org.apache.sling.api.SlingHttpServletRequest;
@@ -125,17 +126,10 @@
"New Password does not match the confirmation password");
}
- try {
- String digestedOldPwd = digestPassword(oldPwd);
- Value[] pwdProperty = ((User)
authorizable).getProperty("rep:password");
- if (pwdProperty != null && pwdProperty.length > 0) {
- String repPasswordValue = pwdProperty[0].getString();
- if (!digestedOldPwd.equals(repPasswordValue)) {
- // submitted oldPwd value is not correct.
- throw new RepositoryException("Old Password does not
match");
- }
- }
+ // verify old password
+ checkPassword(authorizable, oldPwd);
+ try {
((User) authorizable).changePassword(digestPassword(newPwd));
changes.add(Modification.onModified(resource.getPath()
@@ -144,4 +138,33 @@
throw new RepositoryException("Failed to change user password.",
re);
}
}
+
+ private void checkPassword(Authorizable authorizable, String oldPassword)
+ throws RepositoryException {
+ Credentials oldCreds = ((User) authorizable).getCredentials();
+ if (oldCreds instanceof SimpleCredentials) {
+ char[] oldCredsPwd = ((SimpleCredentials) oldCreds).getPassword();
+ if (oldPassword.equals(String.valueOf(oldCredsPwd))) {
+ return;
+ }
+ } else {
+ try {
+ // CryptSimpleCredentials.matches(SimpleCredentials
credentials)
+ Class<?> oldCredsClass = oldCreds.getClass();
+ Method matcher = oldCredsClass.getMethod("matches",
+ SimpleCredentials.class);
+ SimpleCredentials newCreds = new SimpleCredentials(
+ authorizable.getPrincipal().getName(),
+ oldPassword.toCharArray());
+ boolean match = (Boolean) matcher.invoke(oldCreds, newCreds);
+ if (match) {
+ return;
+ }
+ } catch (Throwable t) {
+ // failure here, fall back to password check failure below
+ }
+ }
+
+ throw new RepositoryException("Old Password does not match");
+ }
}
Modified:
sling/trunk/bundles/jcr/jackrabbit-usermanager/src/main/java/org/apache/sling/jackrabbit/usermanager/impl/resource/AuthorizableValueMap.java
URL:
http://svn.apache.org/viewvc/sling/trunk/bundles/jcr/jackrabbit-usermanager/src/main/java/org/apache/sling/jackrabbit/usermanager/impl/resource/AuthorizableValueMap.java?rev=886144&r1=886143&r2=886144&view=diff
==============================================================================
---
sling/trunk/bundles/jcr/jackrabbit-usermanager/src/main/java/org/apache/sling/jackrabbit/usermanager/impl/resource/AuthorizableValueMap.java
(original)
+++
sling/trunk/bundles/jcr/jackrabbit-usermanager/src/main/java/org/apache/sling/jackrabbit/usermanager/impl/resource/AuthorizableValueMap.java
Wed Dec 2 13:55:59 2009
@@ -18,11 +18,9 @@
import java.lang.reflect.Array;
import java.util.ArrayList;
-import java.util.Arrays;
import java.util.Calendar;
import java.util.Collection;
import java.util.Date;
-import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.List;
@@ -46,8 +44,13 @@
public class AuthorizableValueMap implements ValueMap {
private Logger logger =
LoggerFactory.getLogger(AuthorizableValueMap.class);
- private Set<String> hiddenProperties = new HashSet<String>(
- Arrays.asList(new String[] { "rep:password", "jcr:uuid" }));
+ /**
+ * Principal Name property of the Authorizable. This has been returned
+ * before Jackrabbit 1.6 as part of the Authorizable properties but is
+ * now removed from the set. We add this to the properties again to be
+ * able to convey this data to the request.
+ */
+ private static final String REP_PRINCIPAL_NAME = "rep:principalName";
private boolean fullyRead;
@@ -138,14 +141,18 @@
return null;
}
- if (hiddenProperties.contains(key)) {
- return null;
- }
-
try {
- if (authorizable.hasProperty(key)) {
- Value[] property = authorizable.getProperty(key);
- Object value = valuesToJavaObject(property);
+ final Object value;
+ if (REP_PRINCIPAL_NAME.equals(key)) {
+ value = authorizable.getPrincipal().getName();
+ } else if (authorizable.hasProperty(key)) {
+ final Value[] property = authorizable.getProperty(key);
+ value = valuesToJavaObject(property);
+ } else {
+ value = null;
+ }
+
+ if (value != null) {
cache.put(key, value);
return value;
}
@@ -179,17 +186,19 @@
Iterator pi = authorizable.getPropertyNames();
while (pi.hasNext()) {
String key = (String) pi.next();
-
- if (hiddenProperties.contains(key)) {
- continue; // skip it.
- }
-
if (!cache.containsKey(key)) {
Value[] property = authorizable.getProperty(key);
Object value = valuesToJavaObject(property);
cache.put(key, value);
}
}
+
+ // add principal name
+ if (!cache.containsKey(REP_PRINCIPAL_NAME)) {
+ cache.put(REP_PRINCIPAL_NAME,
+ authorizable.getPrincipal().getName());
+ }
+
fullyRead = true;
} catch (RepositoryException re) {
// TODO: log !!
