Update of
/var/cvs/applications/cloudcontext/src/org/mmbase/security/implementation/cloudcontext
In directory
james.mmbase.org:/tmp/cvs-serv11446/src/org/mmbase/security/implementation/cloudcontext
Modified Files:
Authenticate.java BasicUserProvider.java UserProvider.java
Log Message:
MMB-1757
See also:
http://cvs.mmbase.org/viewcvs/applications/cloudcontext/src/org/mmbase/security/implementation/cloudcontext
See also: http://www.mmbase.org/jira/browse/MMB-1757
Index: Authenticate.java
===================================================================
RCS file:
/var/cvs/applications/cloudcontext/src/org/mmbase/security/implementation/cloudcontext/Authenticate.java,v
retrieving revision 1.30
retrieving revision 1.31
diff -u -b -r1.30 -r1.31
--- Authenticate.java 23 Dec 2008 17:30:42 -0000 1.30
+++ Authenticate.java 6 Jan 2009 14:38:21 -0000 1.31
@@ -31,11 +31,12 @@
* @author Eduard Witteveen
* @author Pierre van Rooden
* @author Michiel Meeuwissen
- * @version $Id: Authenticate.java,v 1.30 2008/12/23 17:30:42 michiel Exp $
+ * @version $Id: Authenticate.java,v 1.31 2009/01/06 14:38:21 michiel Exp $
*/
public class Authenticate extends Authentication {
private static final Logger log =
Logging.getLoggerInstance(Authenticate.class);
+
protected static final String ADMINS_PROPS = "admins.properties";
private int extraAdminsUniqueNumber;
@@ -112,10 +113,23 @@
/**
* {...@inheritdoc}
+ *
+ <table>
+ <caption>Password comparison strategies</caption>
+ <tr><th>client provided</th><th>database</th><th>application to
use</th><th>comments</th><tr>
+ <tr><td>plain</td><th>encoded</td><td>name/password</td><td>this is the
default and most
+ sensible case</td></tr>
+
<tr><td>encoded</td><th>encoded</td><td>name/encodedpassword</td><td>The
'allowEnoded' property must be true for this to work.</td></tr>
+
+ <tr><td>plain</td><th>plain</td><td>name/password</td><td>this is the
default if the password
+ set-processor is empty.</td></tr>
+
+
<tr><td>encoded</td><th>plain</td><td>name/encodedpassword</td><td></td></tr>
+ </table>
*/
- @Override public UserContext login(String s, Map<String, ?> map, Object
aobj[]) throws SecurityException {
+ @Override public UserContext login(String type, Map<String, ?> map, Object
aobj[]) throws SecurityException {
if (log.isTraceEnabled()) {
- log.trace("login-module: '" + s + "'");
+ log.trace("login-module: '" + type + "'");
}
MMObjectNode node = null;
UserProvider users = getUserProvider();
@@ -125,16 +139,16 @@
throw new SecurityException(msg);
}
allowEncodedPassword =
org.mmbase.util.Casting.toBoolean(users.getUserBuilder().getInitParameter("allowencodedpassword"));
- if ("anonymous".equals(s)) {
+ if ("anonymous".equals(type)) {
node = users.getAnonymousUser();
if (node == null) {
if (! warnedNoAnonymousUser) {
log.warn("No user node for anonymous found");
warnedNoAnonymousUser = true;
}
- return new LocalAdmin("anonymous", s,
Rank.getRank("anonymous"));
+ return new LocalAdmin("anonymous", type,
Rank.getRank("anonymous"));
}
- } else if ("name/password".equals(s)) {
+ } else if ("name/password".equals(type)) {
String userName = (String)map.get("username");
String password = (String)map.get("password");
if(userName == null || password == null) {
@@ -143,16 +157,16 @@
if (extraAdmins.containsKey(userName)) {
if(extraAdmins.get(userName).equals(password)) {
log.service("Logged in an 'extra' admin '" + userName +
"'. (from admins.properties)");
- User user = new LocalAdmin(userName, s);
+ User user = new LocalAdmin(userName, type);
loggedInExtraAdmins.put(userName, user);
return user;
}
}
- node = users.getUser(userName, password, true);
+ node = users.getUser(userName, password, false);
if (node != null && ! users.isValid(node)) {
throw new SecurityException("Logged in an invalid user");
}
- } else if (allowEncodedPassword && "name/encodedpassword".equals(s)) {
+ } else if (allowEncodedPassword &&
"name/encodedpassword".equals(type)) {
String userName = (String)map.get("username");
String password = (String)map.get("encodedpassword");
if(userName == null || password == null) {
@@ -161,25 +175,25 @@
if (extraAdmins.containsKey(userName)) {
if(users.encode((String)
extraAdmins.get(userName)).equals(password)) {
log.service("Logged in an 'extra' admin '" + userName +
"'. (from admins.properties)");
- User user = new LocalAdmin(userName, s);
+ User user = new LocalAdmin(userName, type);
loggedInExtraAdmins.put(userName, user);
return user;
}
}
- node = users.getUser(userName, password, false);
+ node = users.getUser(userName, password, true);
if (node != null && ! users.isValid(node)) {
throw new SecurityException("Logged in an invalid user");
}
- } else if ("class".equals(s)) {
+ } else if ("class".equals(type)) {
ClassAuthentication.Login li =
ClassAuthentication.classCheck("class", map);
if (li == null) {
- throw new SecurityException("Class authentication failed '" +
s + "' (class not authorized)");
+ throw new SecurityException("Class authentication failed '" +
type + "' (class not authorized)");
}
String userName = li.getMap().get(PARAMETER_USERNAME.getName());
String rank = li.getMap().get(PARAMETER_RANK.getName());
if (userName != null && (rank == null ||
(Rank.ADMIN.toString().equals(rank) && extraAdmins.containsKey(userName)))) {
log.service("Logged in an 'extra' admin '" + userName + "'.
(from admins.properties)");
- User user = new LocalAdmin(userName, s);
+ User user = new LocalAdmin(userName, type);
loggedInExtraAdmins.put(userName, user);
return user;
} else {
@@ -188,21 +202,21 @@
node = users.getUser(userName);
} catch (SecurityException se) {
log.service(se);
- return new LocalAdmin(userName, s, rank == null ?
Rank.ADMIN : Rank.getRank(rank));
+ return new LocalAdmin(userName, type, rank == null ?
Rank.ADMIN : Rank.getRank(rank));
}
} else if (rank != null) {
node = users.getUserByRank(rank, userName);
log.debug("Class authentication to rank " + rank + " found
node " + node);
if (node == null) {
- return new LocalAdmin(rank, s, Rank.getRank(rank));
+ return new LocalAdmin(rank, type, Rank.getRank(rank));
}
}
}
} else {
- throw new UnknownAuthenticationMethodException("login module with
name '" + s + "' not found, only 'anonymous', 'name/password' and 'class' are
supported");
+ throw new UnknownAuthenticationMethodException("login module with
name '" + type + "' not found, only 'anonymous', 'name/password' and 'class'
are supported");
}
if (node == null) return null;
- return new User(node, getKey(), s);
+ return new User(node, getKey(), type);
}
public static User getLoggedInExtraAdmin(String userName) {
Index: BasicUserProvider.java
===================================================================
RCS file:
/var/cvs/applications/cloudcontext/src/org/mmbase/security/implementation/cloudcontext/BasicUserProvider.java,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -b -r1.2 -r1.3
--- BasicUserProvider.java 6 Jan 2009 11:42:10 -0000 1.2
+++ BasicUserProvider.java 6 Jan 2009 14:38:21 -0000 1.3
@@ -28,14 +28,14 @@
* This is a basic implemention of {...@link Provider} that implements all the
methods in a default way.
*
* @author Michiel Meeuwissen
- * @version $Id: BasicUserProvider.java,v 1.2 2009/01/06 11:42:10 michiel Exp $
+ * @version $Id: BasicUserProvider.java,v 1.3 2009/01/06 14:38:21 michiel Exp $
* @since MMBase-1.9.1
*/
public abstract class BasicUserProvider implements UserProvider {
private static final Logger log =
Logging.getLoggerInstance(BasicUserProvider.class);
-
+ private static MD5 md5 = new MD5();
protected String statusField = Users.FIELD_STATUS;
protected String userNameField = Users.FIELD_USERNAME;
protected String passwordField = Users.FIELD_PASSWORD;
@@ -45,8 +45,10 @@
protected String lastLogonField = Users.FIELD_LAST_LOGON;
private final MMObjectBuilder userBuilder;
+ private Boolean dbPasswordsEncoded = null;
public BasicUserProvider(MMObjectBuilder ub) {
+ if (ub == null) throw new IllegalArgumentException();
userBuilder = ub;
}
@@ -55,12 +57,25 @@
return getUser("anonymous", "", true);
}
- public MMObjectNode getUser(String userName, String password, boolean
encode) {
+ protected boolean isDbPasswordsEncoded() {
+ if (dbPasswordsEncoded == null) {
+ final String testString = "TEST";
+ dbPasswordsEncoded = !
testString.equals(passwordProcessorEncode(testString));
+ if (dbPasswordsEncoded) {
+ log.service("It was found that passwords in " +
getUserBuilder() + " are encoded");
+ } else {
+ log.service("It was found that passwords in " +
getUserBuilder() + " are not encoded");
+ }
+ }
+ return dbPasswordsEncoded;
+ }
+
+ public MMObjectNode getUser(final String userName, final String password,
final boolean encoded) {
if (log.isDebugEnabled()) {
log.debug("username: '" + userName + "' password: '" + password +
"'");
}
- MMObjectNode user = getUser(userName);
+ final MMObjectNode user = getUser(userName);
if (userName.equals("anonymous")) {
log.debug("an anonymous username");
@@ -74,9 +89,20 @@
log.debug("username: '" + userName + "' --> USERNAME NOT CORRECT");
return null;
}
- String encodedPassword = encode ? encode(password) : password;
- String dbPassword = user.getStringValue(getPasswordField());
- if (encodedPassword.equals(dbPassword)) {
+
+ final String userPassword;
+ final String dbPassword;
+
+ if (isDbPasswordsEncoded()) {
+ userPassword = encoded ? password : encode(password);
+ dbPassword = user.getStringValue(getPasswordField());
+ } else {
+ userPassword = password;
+ dbPassword = encoded ?
encode(user.getStringValue(getPasswordField())) :
user.getStringValue(getPasswordField());
+ }
+
+
+ if (userPassword.equals(dbPassword)) {
if (log.isDebugEnabled()) {
log.debug("username: '" + userName + "' password: '" +
password + "' found in node #" + user.getNumber());
}
@@ -110,7 +136,7 @@
return user;
} else {
if (log.isDebugEnabled()) {
- log.debug("username: '" + userName + "' found in node #" +
user.getNumber() + " --> PASSWORDS NOT EQUAL (" + encodedPassword + " != " +
dbPassword + ")");
+ log.debug("username: '" + userName + "' found in node #" +
user.getNumber() + " (encoded: " + encoded + ") --> PASSWORDS NOT EQUAL (" +
userPassword + " != " + dbPassword + ")");
}
throw new SecurityException("password for '" + userName + "'
incorrect");
}
@@ -245,6 +271,10 @@
}
+ protected boolean isStatusValid(MMObjectNode node) {
+ return node.getIntValue(getStatusField()) >= 0;
+ }
+
/**
* @javadoc
*/
@@ -267,7 +297,7 @@
valid = false;
}
}
- if (node.getIntValue(getStatusField()) < 0) {
+ if (! isStatusValid(node)) {
valid = false;
}
if (! valid) {
@@ -277,11 +307,26 @@
}
- public String encode(String e) {
+ protected final String passwordProcessorEncode(String e) {
org.mmbase.bridge.Field field =
getUserBuilder().getField(getPasswordField());
+ if (field == null) throw new IllegalStateException("No such field " +
getPasswordField());
return
org.mmbase.util.Casting.toString(field.getDataType().getProcessor(DataType.PROCESS_SET).process(null,
field, e));
}
+ protected final String clientEncode(String e) {
+ return md5.transform(e);
+ }
+
+
+ public String encode(String e) {
+ if (isDbPasswordsEncoded()) {
+ return passwordProcessorEncode(e);
+ } else {
+ return clientEncode(e);
+ }
+ }
+
+
public MMObjectBuilder getUserBuilder() {
return userBuilder;
}
Index: UserProvider.java
===================================================================
RCS file:
/var/cvs/applications/cloudcontext/src/org/mmbase/security/implementation/cloudcontext/UserProvider.java,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -b -r1.1 -r1.2
--- UserProvider.java 22 Dec 2008 15:27:05 -0000 1.1
+++ UserProvider.java 6 Jan 2009 14:38:21 -0000 1.2
@@ -19,7 +19,7 @@
* esential properties of them are acquired.
*
* @author Michiel Meeuwissen
- * @version $Id: UserProvider.java,v 1.1 2008/12/22 15:27:05 michiel Exp $
+ * @version $Id: UserProvider.java,v 1.2 2009/01/06 14:38:21 michiel Exp $
* MMBase-1.9.1
*/
public interface UserProvider {
@@ -33,6 +33,8 @@
/**
* Returns the node associated with a certain username/password
combination,
* or <code>null</code>
+ * @param encode Whether or not the user is requested usering the
username/encodedpassword login
+ * 'type' see {...@link Authenticate#login}.
*/
MMObjectNode getUser(String user, String pw, boolean encoded);
_______________________________________________
Cvs mailing list
[email protected]
http://lists.mmbase.org/mailman/listinfo/cvs
