This is an automated email from the ASF dual-hosted git repository. rombert pushed a commit to annotated tag org.apache.sling.jcr.jackrabbit.usermanager-2.0.4 in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-jcr-jackrabbit-usermanager.git
commit 3e7a727c308c2face8127d7c65c68efa945120f8 Author: Felix Meschberger <[email protected]> AuthorDate: Wed Dec 2 13:55:59 2009 +0000 SLING-1208 As of Jackrabbit 1.6 the protected properties of the repository reflection of users and groups are not returned as Authorizable properties any more. Therefore the rep:principalName property which is checked in the integration test does not exist any longer. Likeweis the rep:password is not returned any more, so we have to use a (hacky) workaround. git-svn-id: https://svn.apache.org/repos/asf/sling/trunk/bundles/jcr/jackrabbit-usermanager@886144 13f79535-47bb-0310-9956-ffa450edef68 --- .../impl/post/AbstractUserPostServlet.java | 21 +++++++--- .../impl/post/ChangeUserPasswordServlet.java | 47 ++++++++++++++++------ .../impl/resource/AuthorizableValueMap.java | 41 +++++++++++-------- 3 files changed, 76 insertions(+), 33 deletions(-) diff --git a/src/main/java/org/apache/sling/jackrabbit/usermanager/impl/post/AbstractUserPostServlet.java b/src/main/java/org/apache/sling/jackrabbit/usermanager/impl/post/AbstractUserPostServlet.java index 9f661ed..90071b3 100644 --- a/src/main/java/org/apache/sling/jackrabbit/usermanager/impl/post/AbstractUserPostServlet.java +++ b/src/main/java/org/apache/sling/jackrabbit/usermanager/impl/post/AbstractUserPostServlet.java @@ -33,7 +33,7 @@ public abstract class AbstractUserPostServlet extends /** * To be used for the encryption. E.g. for passwords in * {@link javax.jcr.SimpleCredentials#getPassword()} SimpleCredentials} - * + * * @scr.property valueRef="DEFAULT_PASSWORD_DIGEST_ALGORITHM" */ private static final String PROP_PASSWORD_DIGEST_ALGORITHM = "password.digest.algorithm"; @@ -64,17 +64,28 @@ public abstract class AbstractUserPostServlet extends /** * Digest the given password using the configured digest algorithm - * + * * @param pwd the value to digest * @return the digested value * @throws IllegalArgumentException */ protected String digestPassword(String pwd) throws IllegalArgumentException { + return digestPassword(pwd, passwordDigestAlgoritm); + } + + /** + * Digest the given password using the given digest algorithm + * + * @param pwd the value to digest + * @param digest the digest algorithm to use for digesting + * @return the digested value + * @throws IllegalArgumentException + */ + protected String digestPassword(String pwd, String digest) throws IllegalArgumentException { try { StringBuffer password = new StringBuffer(); - password.append("{").append(passwordDigestAlgoritm).append("}"); - password.append(Text.digest(passwordDigestAlgoritm, - pwd.getBytes("UTF-8"))); + password.append("{").append(digest).append("}"); + password.append(Text.digest(digest, pwd.getBytes("UTF-8"))); return password.toString(); } catch (NoSuchAlgorithmException e) { throw new IllegalArgumentException(e.toString()); diff --git a/src/main/java/org/apache/sling/jackrabbit/usermanager/impl/post/ChangeUserPasswordServlet.java b/src/main/java/org/apache/sling/jackrabbit/usermanager/impl/post/ChangeUserPasswordServlet.java index 1cd0c79..a741b2c 100644 --- a/src/main/java/org/apache/sling/jackrabbit/usermanager/impl/post/ChangeUserPasswordServlet.java +++ b/src/main/java/org/apache/sling/jackrabbit/usermanager/impl/post/ChangeUserPasswordServlet.java @@ -16,12 +16,13 @@ */ package org.apache.sling.jackrabbit.usermanager.impl.post; +import java.lang.reflect.Method; import java.util.List; +import javax.jcr.Credentials; import javax.jcr.RepositoryException; import javax.jcr.Session; -import javax.jcr.Value; - +import javax.jcr.SimpleCredentials; import org.apache.jackrabbit.api.security.user.Authorizable; import org.apache.jackrabbit.api.security.user.User; import org.apache.sling.api.SlingHttpServletRequest; @@ -125,17 +126,10 @@ public class ChangeUserPasswordServlet extends AbstractUserPostServlet { "New Password does not match the confirmation password"); } - try { - String digestedOldPwd = digestPassword(oldPwd); - Value[] pwdProperty = ((User) authorizable).getProperty("rep:password"); - if (pwdProperty != null && pwdProperty.length > 0) { - String repPasswordValue = pwdProperty[0].getString(); - if (!digestedOldPwd.equals(repPasswordValue)) { - // submitted oldPwd value is not correct. - throw new RepositoryException("Old Password does not match"); - } - } + // verify old password + checkPassword(authorizable, oldPwd); + try { ((User) authorizable).changePassword(digestPassword(newPwd)); changes.add(Modification.onModified(resource.getPath() @@ -144,4 +138,33 @@ public class ChangeUserPasswordServlet extends AbstractUserPostServlet { throw new RepositoryException("Failed to change user password.", re); } } + + private void checkPassword(Authorizable authorizable, String oldPassword) + throws RepositoryException { + Credentials oldCreds = ((User) authorizable).getCredentials(); + if (oldCreds instanceof SimpleCredentials) { + char[] oldCredsPwd = ((SimpleCredentials) oldCreds).getPassword(); + if (oldPassword.equals(String.valueOf(oldCredsPwd))) { + return; + } + } else { + try { + // CryptSimpleCredentials.matches(SimpleCredentials credentials) + Class<?> oldCredsClass = oldCreds.getClass(); + Method matcher = oldCredsClass.getMethod("matches", + SimpleCredentials.class); + SimpleCredentials newCreds = new SimpleCredentials( + authorizable.getPrincipal().getName(), + oldPassword.toCharArray()); + boolean match = (Boolean) matcher.invoke(oldCreds, newCreds); + if (match) { + return; + } + } catch (Throwable t) { + // failure here, fall back to password check failure below + } + } + + throw new RepositoryException("Old Password does not match"); + } } diff --git a/src/main/java/org/apache/sling/jackrabbit/usermanager/impl/resource/AuthorizableValueMap.java b/src/main/java/org/apache/sling/jackrabbit/usermanager/impl/resource/AuthorizableValueMap.java index b9761ed..f93834e 100644 --- a/src/main/java/org/apache/sling/jackrabbit/usermanager/impl/resource/AuthorizableValueMap.java +++ b/src/main/java/org/apache/sling/jackrabbit/usermanager/impl/resource/AuthorizableValueMap.java @@ -18,11 +18,9 @@ package org.apache.sling.jackrabbit.usermanager.impl.resource; import java.lang.reflect.Array; import java.util.ArrayList; -import java.util.Arrays; import java.util.Calendar; import java.util.Collection; import java.util.Date; -import java.util.HashSet; import java.util.Iterator; import java.util.LinkedHashMap; import java.util.List; @@ -46,8 +44,13 @@ import org.slf4j.LoggerFactory; public class AuthorizableValueMap implements ValueMap { private Logger logger = LoggerFactory.getLogger(AuthorizableValueMap.class); - private Set<String> hiddenProperties = new HashSet<String>( - Arrays.asList(new String[] { "rep:password", "jcr:uuid" })); + /** + * Principal Name property of the Authorizable. This has been returned + * before Jackrabbit 1.6 as part of the Authorizable properties but is + * now removed from the set. We add this to the properties again to be + * able to convey this data to the request. + */ + private static final String REP_PRINCIPAL_NAME = "rep:principalName"; private boolean fullyRead; @@ -138,14 +141,18 @@ public class AuthorizableValueMap implements ValueMap { return null; } - if (hiddenProperties.contains(key)) { - return null; - } - try { - if (authorizable.hasProperty(key)) { - Value[] property = authorizable.getProperty(key); - Object value = valuesToJavaObject(property); + final Object value; + if (REP_PRINCIPAL_NAME.equals(key)) { + value = authorizable.getPrincipal().getName(); + } else if (authorizable.hasProperty(key)) { + final Value[] property = authorizable.getProperty(key); + value = valuesToJavaObject(property); + } else { + value = null; + } + + if (value != null) { cache.put(key, value); return value; } @@ -179,17 +186,19 @@ public class AuthorizableValueMap implements ValueMap { Iterator pi = authorizable.getPropertyNames(); while (pi.hasNext()) { String key = (String) pi.next(); - - if (hiddenProperties.contains(key)) { - continue; // skip it. - } - if (!cache.containsKey(key)) { Value[] property = authorizable.getProperty(key); Object value = valuesToJavaObject(property); cache.put(key, value); } } + + // add principal name + if (!cache.containsKey(REP_PRINCIPAL_NAME)) { + cache.put(REP_PRINCIPAL_NAME, + authorizable.getPrincipal().getName()); + } + fullyRead = true; } catch (RepositoryException re) { // TODO: log !! -- To stop receiving notification emails like this one, please contact "[email protected]" <[email protected]>.
