Author: sshyrkov Date: Thu Aug 23 10:49:12 2007 New Revision: 18249 URL: https://svndev.jahia.net/websvn/listing.php?sc=3D1&rev=3D18249&repname= =3Djahia Log: JAHIA-2182: Sp3: Enforce Security Password: some exceptions =
http://www.jahia.net/jira/browse/JAHIA-2182 Fixed: 1) refactor MySettingsEngine handling 2) prevent several errors Modified: branches/JAHIA-5-0-SP-BRANCH/core/src/java/org/jahia/admin/users/Manage= Users.java branches/JAHIA-5-0-SP-BRANCH/core/src/java/org/jahia/engines/mysettings= /MySettingsEngine.java branches/JAHIA-5-0-SP-BRANCH/core/src/java/org/jahia/engines/users/NewU= serRegistration_Engine.java branches/JAHIA-5-0-SP-BRANCH/core/src/java/org/jahia/params/valves/Cook= ieAuthValveImpl.java branches/JAHIA-5-0-SP-BRANCH/core/src/java/org/jahia/params/valves/Logi= nEngineAuthValveImpl.java branches/JAHIA-5-0-SP-BRANCH/core/src/java/org/jahia/services/pwdpolicy= /JahiaPasswordPolicyService.java branches/JAHIA-5-0-SP-BRANCH/core/src/java/org/jahia/services/pwdpolicy= /RuleConditions.java branches/JAHIA-5-0-SP-BRANCH/core/src/java/org/jahia/services/usermanag= er/JahiaUserManagerDBProvider.java Modified: branches/JAHIA-5-0-SP-BRANCH/core/src/java/org/jahia/admin/users/= ManageUsers.java URL: https://svndev.jahia.net/websvn/diff.php?path=3D/branches/JAHIA-5-0-SP= -BRANCH/core/src/java/org/jahia/admin/users/ManageUsers.java&rev=3D18249&re= pname=3Djahia =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D --- branches/JAHIA-5-0-SP-BRANCH/core/src/java/org/jahia/admin/users/Manage= Users.java (original) +++ branches/JAHIA-5-0-SP-BRANCH/core/src/java/org/jahia/admin/users/Manage= Users.java Thu Aug 23 10:49:12 2007 @@ -39,6 +39,7 @@ import org.jahia.services.homepages.JahiaHomepagesService; import org.jahia.services.pages.ContentPage; import org.jahia.services.pages.JahiaPageBaseService; +import org.jahia.services.pwdpolicy.JahiaPasswordPolicyService; import org.jahia.services.pwdpolicy.PolicyEnforcementResult; import org.jahia.services.sites.JahiaSite; import org.jahia.services.usermanager.*; @@ -419,12 +420,16 @@ jParams, jParams.getLocale()); return false; } + JahiaPasswordPolicyService pwdPolicyService =3D ServicesRegistry + .getInstance().getJahiaPasswordPolicyService(); + boolean pwdPolicyEnabled =3D pwdPolicyService.isPolicyEnabled(jahi= aSite + .getID()); String passwd =3D request.getParameter("passwd").trim(); if ("".equals(passwd)) { userMessage =3D JahiaResourceBundle.getAdminResource("org.jahi= a.admin.userMessage.passwdLeast6Chars.label", jParams, jParams.getLocale()); return false; - } else if(!ServicesRegistry.getInstance().getJahiaUserManagerServi= ce() + } else if(!pwdPolicyEnabled && !ServicesRegistry.getInstance().get= JahiaUserManagerService() .isPasswordSyntaxCorrect(passwd)) { userMessage =3D JahiaResourceBundle.getAdminResource("org.jahi= a.admin.JahiaDisplayMessage.onlyLettersDigitsUnderscoreWithPasswd.label", jParams, jParams.getLocale()); @@ -435,21 +440,22 @@ userMessage =3D JahiaResourceBundle.getAdminResource("org.ja= hia.admin.userMessage.passwdNotMatch.label", jParams, jParams.getLocale()); return false; - } else if (passwd.length() < 6) { + } else if (!pwdPolicyEnabled && passwd.length() < 6) { userMessage =3D JahiaResourceBundle.getAdminResource("org.ja= hia.admin.userMessage.passwdLeast6Chars.label", jParams, jParams.getLocale()); return false; } - PolicyEnforcementResult evalResult =3D ServicesRegistry.getIns= tance() - .getJahiaPasswordPolicyService() - .enforcePolicyOnPasswordChange( - new JahiaDBUser(0, username, passwd, null, - jahiaSite.getID(), null), passwd, false); - if (!evalResult.isSuccess()) { - EngineMessages policyMsgs =3D evalResult.getEngineMessages(); - policyMsgs.saveMessages(((ParamBean) jParams).getRequest()); - return false; - } + if (pwdPolicyEnabled) { + PolicyEnforcementResult evalResult =3D pwdPolicyService + .enforcePolicyOnPasswordChange( + new JahiaDBUser(-1, username, passwd, null, + jahiaSite.getID(), null), passwd, = false); + if (!evalResult.isSuccess()) { + EngineMessages policyMsgs =3D evalResult.getEngineMess= ages(); + policyMsgs.saveMessages(((ParamBean) jParams).getReque= st()); + return false; + } + } } Properties userProps =3D new Properties(); = @@ -683,7 +689,12 @@ // passwd may be null in case of an LDAP user. if (passwd !=3D null) { passwd =3D passwd.trim(); + JahiaPasswordPolicyService pwdPolicyService =3D ServicesRegist= ry + .getInstance().getJahiaPasswordPolicyService(); + boolean pwdPolicyEnabled =3D false; if (!"".equals(passwd)) { + pwdPolicyEnabled =3D pwdPolicyService.isPolicyEnabled(jahi= aSite + .getID()); String passwdConfirm =3D request.getParameter("passwdconfi= rm"). trim(); if (!passwdConfirm.equals(passwd)) { @@ -691,11 +702,16 @@ "org.jahia.admin.userMessage.passwdNotMatch.label", jParams, jParams.getLocale()); return false; - } else if (passwd.length() < 6) { + } else if (!pwdPolicyEnabled && passwd.length() < 6) { userMessage =3D JahiaResourceBundle.getAdminResource( "org.jahia.admin.userMessage.passwdLeast6Chars.lab= el", jParams, jParams.getLocale()); return false; + } else if(!pwdPolicyEnabled && !ServicesRegistry.getInstan= ce().getJahiaUserManagerService() + .isPasswordSyntaxCorrect(passwd)) { + userMessage =3D JahiaResourceBundle.getAdminResource("= org.jahia.admin.JahiaDisplayMessage.onlyLettersDigitsUnderscoreWithPasswd.l= abel", + jParams, jParams.getLocale()); + return false; } } if (!"".equals(passwd) && !usr.setPassword(passwd)) { @@ -705,15 +721,16 @@ userMessage +=3D " [" + username + "] "; return false; } - PolicyEnforcementResult evalResult =3D ServicesRegistry.getIns= tance() - .getJahiaPasswordPolicyService() - .enforcePolicyOnPasswordChange(usr, passwd, false); - if (!evalResult.isSuccess()) { - EngineMessages policyMsgs =3D evalResult.getEngineMessages(); - policyMsgs.saveMessages(((ParamBean) jParams).getRequest()); - return false; - } - = + if (pwdPolicyEnabled) { + PolicyEnforcementResult evalResult =3D ServicesRegistry + .getInstance().getJahiaPasswordPolicyService() + .enforcePolicyOnPasswordChange(usr, passwd, false); + if (!evalResult.isSuccess()) { + EngineMessages policyMsgs =3D evalResult.getEngineMess= ages(); + policyMsgs.saveMessages(((ParamBean) jParams).getReque= st()); + return false; + } + } } // pick out all the user properties parameters, and set it into the // user properties Modified: branches/JAHIA-5-0-SP-BRANCH/core/src/java/org/jahia/engines/myse= ttings/MySettingsEngine.java URL: https://svndev.jahia.net/websvn/diff.php?path=3D/branches/JAHIA-5-0-SP= -BRANCH/core/src/java/org/jahia/engines/mysettings/MySettingsEngine.java&re= v=3D18249&repname=3Djahia =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D --- branches/JAHIA-5-0-SP-BRANCH/core/src/java/org/jahia/engines/mysettings= /MySettingsEngine.java (original) +++ branches/JAHIA-5-0-SP-BRANCH/core/src/java/org/jahia/engines/mysettings= /MySettingsEngine.java Thu Aug 23 10:49:12 2007 @@ -22,6 +22,8 @@ import java.util.HashMap; import java.util.Iterator; = +import javax.print.attribute.standard.MediaSize.Engineering; + import org.jahia.data.JahiaData; import org.jahia.engines.EngineMessage; import org.jahia.engines.EngineMessages; @@ -33,6 +35,7 @@ import org.jahia.params.ParamBean; import org.jahia.params.ProcessingContext; import org.jahia.registries.ServicesRegistry; +import org.jahia.services.pwdpolicy.JahiaPasswordPolicyService; import org.jahia.services.pwdpolicy.PolicyEnforcementResult; import org.jahia.services.usermanager.JahiaUser; import org.jahia.services.usermanager.JahiaUserManagerService; @@ -64,7 +67,7 @@ public static final String ENGINE_NAME =3D "mysettings"; private static final String EDIT_JSP =3D "mysettings.jsp"; private static final String SUCCESS_JSP =3D "mysettingschanged.jsp"; - = + /** * logging */ @@ -128,7 +131,7 @@ = // displays the screen toolbox.displayScreen (jParams, engineMap); - + = return null; } = @@ -219,6 +222,14 @@ if (user =3D=3D null) return; = + if (jParams.getSessionState().getAttribute(EngineMessages.CONTEXT_= KEY) !=3D null) { + EngineMessages msgs =3D (EngineMessages) jParams.getSessionSta= te() + .getAttribute(EngineMessages.CONTEXT_KEY); + msgs.saveMessages(((ParamBean) jParams).getRequest()); + jParams.getSessionState().removeAttribute( + EngineMessages.CONTEXT_KEY); + } + = // by default, consider the request as successful, and change it t= o *false* when // any error occurs. boolean ok =3D true; @@ -264,9 +275,14 @@ if (logger.isDebugEnabled ()) logger.debug ("password changed, check for passwor= d confirmation"); = - if (password.length() < 6) { + JahiaPasswordPolicyService pwdPolicyService =3D regist= ry + .getJahiaPasswordPolicyService(); + boolean pwdPolicyEnabled =3D pwdPolicyService + .isPolicyEnabled(user); + = + if (!pwdPolicyEnabled && password.length() < 6) { EngineMessage errorMessage =3D new EngineMessage("= org.jahia.engines.mysettings.passwordTooShort"); - resultMessages.add("newUserRegistration", errorMes= sage); + resultMessages.add(errorMessage); resultMessages.saveMessages(((ParamBean)jParams).g= etRequest()); return false; } @@ -276,20 +292,25 @@ if (password.equals (passwordConfirmation)) { if (logger.isDebugEnabled ()) logger.debug ("password and password confirmat= ion match!"); - PolicyEnforcementResult evalResult =3D registry - .getJahiaPasswordPolicyService() - .enforcePolicyOnPasswordChange(user, password, - true); - if (!evalResult.isSuccess()) { - EngineMessages policyMsgs =3D evalResult - .getEngineMessages(); - for (Iterator iterator =3D policyMsgs.getMessages() - .iterator(); iterator.hasNext();) { - resultMessages.add((EngineMessage) iterator - .next()); - } - resultMessages.saveMessages(((ParamBean)jParam= s).getRequest()); - return false; + = + if (pwdPolicyEnabled) { + PolicyEnforcementResult evalResult =3D pwdPoli= cyService + .enforcePolicyOnPasswordChange(user, + password, true); + if (!evalResult.isSuccess()) { + EngineMessages policyMsgs =3D evalResult + .getEngineMessages(); + for (Iterator iterator =3D policyMsgs + .getMessages().iterator(); iterator + .hasNext();) { + resultMessages.add((EngineMessage) ite= rator + .next()); + } + resultMessages + .saveMessages(((ParamBean) jParams) + .getRequest()); + return false; + } } user.setPassword (password); = @@ -376,4 +397,5 @@ return true; } = + } Modified: branches/JAHIA-5-0-SP-BRANCH/core/src/java/org/jahia/engines/user= s/NewUserRegistration_Engine.java URL: https://svndev.jahia.net/websvn/diff.php?path=3D/branches/JAHIA-5-0-SP= -BRANCH/core/src/java/org/jahia/engines/users/NewUserRegistration_Engine.ja= va&rev=3D18249&repname=3Djahia =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D --- branches/JAHIA-5-0-SP-BRANCH/core/src/java/org/jahia/engines/users/NewU= serRegistration_Engine.java (original) +++ branches/JAHIA-5-0-SP-BRANCH/core/src/java/org/jahia/engines/users/NewU= serRegistration_Engine.java Thu Aug 23 10:49:12 2007 @@ -28,6 +28,9 @@ import org.jahia.params.ProcessingContext; import org.jahia.params.SessionState; import org.jahia.registries.ServicesRegistry; +import org.jahia.services.pwdpolicy.JahiaPasswordPolicyService; +import org.jahia.services.pwdpolicy.PolicyEnforcementResult; +import org.jahia.services.usermanager.JahiaDBUser; import org.jahia.services.usermanager.JahiaGroup; import org.jahia.services.usermanager.JahiaGroupManagerService; import org.jahia.services.usermanager.JahiaUser; @@ -35,6 +38,8 @@ = import java.util.*; = +import javax.imageio.spi.ServiceRegistry; + public class NewUserRegistration_Engine implements JahiaEngine { = private static final String EDIT_JSP =3D "newuserregistration.jsp"; @@ -220,12 +225,16 @@ resultMessages.add("newUserRegistration", errorMessage= ); } } - if (allValuesValid) { - if (password1.length() < 6) { - allValuesValid =3D false; - EngineMessage errorMessage =3D new EngineMessage("org.= jahia.engines.users.newuserregistration.passwordTooShort"); - resultMessages.add("newUserRegistration", errorMessage= ); - } + + JahiaPasswordPolicyService pwdPolicyService =3D ServicesRegist= ry + .getInstance().getJahiaPasswordPolicyService(); + boolean pwdPolicyEnabled =3D pwdPolicyService + .isPolicyEnabled(jParams.getSiteID()); + + if (allValuesValid && !pwdPolicyEnabled && password1.length() = < 6) { + allValuesValid =3D false; + EngineMessage errorMessage =3D new EngineMessage("org.jahi= a.engines.users.newuserregistration.passwordTooShort"); + resultMessages.add("newUserRegistration", errorMessage); } = JahiaUserManagerService uMgr =3D ServicesRegistry.getInstance(= ). @@ -264,6 +273,21 @@ } } = + if (allValuesValid && pwdPolicyEnabled) { + PolicyEnforcementResult evalResult =3D pwdPolicyService + .enforcePolicyOnPasswordChange(new JahiaDBUser(-1, + userName, password1, null, jParams.getSite= ID(), + null), password1, false); + if (!evalResult.isSuccess()) { + allValuesValid =3D false; + EngineMessages policyMsgs =3D evalResult.getEngineMess= ages(); + for (Iterator iterator =3D policyMsgs.getMessages() + .iterator(); iterator.hasNext();) { + resultMessages.add("newUserRegistration", + (EngineMessage) iterator.next()); + } + } + } if (allValuesValid) { JahiaUser newUser =3D null; Vector userList =3D uMgr.getUsernameList(0); Modified: branches/JAHIA-5-0-SP-BRANCH/core/src/java/org/jahia/params/valve= s/CookieAuthValveImpl.java URL: https://svndev.jahia.net/websvn/diff.php?path=3D/branches/JAHIA-5-0-SP= -BRANCH/core/src/java/org/jahia/params/valves/CookieAuthValveImpl.java&rev= =3D18249&repname=3Djahia =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D --- branches/JAHIA-5-0-SP-BRANCH/core/src/java/org/jahia/params/valves/Cook= ieAuthValveImpl.java (original) +++ branches/JAHIA-5-0-SP-BRANCH/core/src/java/org/jahia/params/valves/Cook= ieAuthValveImpl.java Thu Aug 23 10:49:12 2007 @@ -163,19 +163,20 @@ resultMessages.add((EngineMessage) iterator.next()); } if (paramBean !=3D null) { - resultMessages.saveMessages(paramBean.getRequest()); + paramBean.getRequest().getSession().setAttribute( + EngineMessages.CONTEXT_KEY, resultMessages); try { - String urlToForward =3D null; + String redirectUrl =3D null; if (paramBean.getPageID() !=3D -1) { - urlToForward =3D paramBean.composeEngineUrl( - MySettingsEngine.ENGINE_NAME).substring( - paramBean.getRequest().getContextPath() - .length()) + redirectUrl =3D paramBean + .composeEngineUrl(MySettingsEngine.ENGINE_= NAME) + "?screen=3D" + MySettingsEngine.EDIT_TOK= EN; } else { - urlToForward =3D new StringBuffer(64).append( - Jahia.getServletPath()).append( - "/engineName/" + MySettingsEngine.ENGINE_N= AME) + redirectUrl =3D new StringBuffer(64).append( + paramBean.getRequest().getContextPath()) + .append(Jahia.getServletPath()).append( + "/engineName/" + + MySettingsEngine.ENGINE_= NAME) .append("/pid/").append( paramBean.getSite().getHomePageID(= )) .append( @@ -183,9 +184,7 @@ + MySettingsEngine.EDIT_TO= KEN) .toString(); } - paramBean.getRequest().getRequestDispatcher(urlToForwa= rd) - .forward(paramBean.getRequest(), - paramBean.getResponse()); + paramBean.getResponse().sendRedirect(redirectUrl); } catch (Exception ex) { logger.error( "Unable to forward to the mysettings engine pa= ge", Modified: branches/JAHIA-5-0-SP-BRANCH/core/src/java/org/jahia/params/valve= s/LoginEngineAuthValveImpl.java URL: https://svndev.jahia.net/websvn/diff.php?path=3D/branches/JAHIA-5-0-SP= -BRANCH/core/src/java/org/jahia/params/valves/LoginEngineAuthValveImpl.java= &rev=3D18249&repname=3Djahia =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D --- branches/JAHIA-5-0-SP-BRANCH/core/src/java/org/jahia/params/valves/Logi= nEngineAuthValveImpl.java (original) +++ branches/JAHIA-5-0-SP-BRANCH/core/src/java/org/jahia/params/valves/Logi= nEngineAuthValveImpl.java Thu Aug 23 10:49:12 2007 @@ -169,15 +169,13 @@ resultMessages.add((EngineMessage) iterator.next()); } if (paramBean !=3D null) { - resultMessages.saveMessages(paramBean.getRequest()); + paramBean.getRequest().getSession().setAttribute( + EngineMessages.CONTEXT_KEY, resultMessages); try { - String urlToForward =3D paramBean.composeEngineUrl( - MySettingsEngine.ENGINE_NAME).substring( - paramBean.getRequest().getContextPath().length= ()) + String urlToForward =3D paramBean + .composeEngineUrl(MySettingsEngine.ENGINE_NAME) + "?screen=3D" + MySettingsEngine.EDIT_TOKEN; - paramBean.getRequest().getRequestDispatcher(urlToForwa= rd) - .forward(paramBean.getRequest(), - paramBean.getResponse()); + paramBean.getResponse().sendRedirect(urlToForward); } catch (Exception ex) { logger.error( "Unable to forward to the mysettings engine pa= ge", Modified: branches/JAHIA-5-0-SP-BRANCH/core/src/java/org/jahia/services/pwd= policy/JahiaPasswordPolicyService.java URL: https://svndev.jahia.net/websvn/diff.php?path=3D/branches/JAHIA-5-0-SP= -BRANCH/core/src/java/org/jahia/services/pwdpolicy/JahiaPasswordPolicyServi= ce.java&rev=3D18249&repname=3Djahia =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D --- branches/JAHIA-5-0-SP-BRANCH/core/src/java/org/jahia/services/pwdpolicy= /JahiaPasswordPolicyService.java (original) +++ branches/JAHIA-5-0-SP-BRANCH/core/src/java/org/jahia/services/pwdpolicy= /JahiaPasswordPolicyService.java Thu Aug 23 10:49:12 2007 @@ -17,6 +17,7 @@ */ package org.jahia.services.pwdpolicy; = +import java.util.Enumeration; import java.util.Iterator; import java.util.List; = @@ -87,24 +88,23 @@ boolean onlyPeriodicalRules) { = PolicyEnforcementResult evaluationResult =3D PolicyEnforcementResu= lt.SUCCESS; - if (!user.isPasswordReadOnly()) { - if (isPolicyEnabled(user)) { - JahiaPasswordPolicy policy =3D getDefaultPolicy(); - if (policy !=3D null) { - evaluationResult =3D PolicyEvaluator.evaluate(policy, - new EvaluationContext(user, password, - isUserInitiated), onlyPeriodicalRules); - - } else { - logger - .warn("Unable to get the default password poli= cy. Skipping policy enforcement"); - } - } else if (logger.isDebugEnabled()) { - logger.debug("Policy enforcement not enabled for user " - + user.getUsername() - + ". Skipping password policy eforcement."); + if (isPolicyEnabled(user)) { + JahiaPasswordPolicy policy =3D getDefaultPolicy(); + if (policy !=3D null) { + evaluationResult =3D PolicyEvaluator.evaluate(policy, + new EvaluationContext(user, password, isUserInitia= ted), + onlyPeriodicalRules); + + } else { + logger + .warn("Unable to get the default password policy. = Skipping policy enforcement"); } + } else if (logger.isDebugEnabled()) { + logger.debug("Policy enforcement not enabled for user " + + user.getUsername() + + ". Skipping password policy eforcement."); } + return evaluationResult; } = @@ -156,47 +156,112 @@ return defPolicy; } = - private boolean isPolicyEnabled(JahiaUser user) { + /** + * Checks, if the password policy should be enforced for the specified= site + * ID. + * = + * @param siteId + * the ID of the site, to perform the check for + * @return <code>true</code>, if the password policy should be enforced + * for the specified site ID + */ + public boolean isPolicyEnabled(int siteId) { = boolean enforcePolicy =3D false; try { JahiaSite site =3D ServicesRegistry.getInstance() - .getJahiaSitesService().getSite(user.getSiteID()); + .getJahiaSitesService().getSite(siteId); // check if the policy is enabled for site if (site !=3D null) { enforcePolicy =3D StringUtils.equals("true", site.getSetti= ngs() .getProperty(PROPERTY_SITE_ENFORCE_POLICY)); } - // check if the policy is enabled for at least one of the user - // groups - if (enforcePolicy) { - JahiaGroupManagerService groupMgr =3D ServicesRegistry - .getInstance().getJahiaGroupManagerService(); - List groups =3D groupMgr.getUserMembership(user); - boolean enforccePolicyAtLeastForOneGroup =3D false; + } catch (JahiaException ex) { + logger.error("Unable to retrieve a property " + + PROPERTY_SITE_ENFORCE_POLICY + " for site ID " + sit= eId, + ex); + } + + return enforcePolicy; + } + + /** + * Checks, if the password policy should be enforced for the specified= user + * (existing user). + * = + * @param user + * the user, to perform the check for + * @return <code>true</code>, if the password policy should be enforced + * for the specified user (existing user) + */ + public boolean isPolicyEnabled(JahiaUser user) { + if (user =3D=3D null) + throw new IllegalArgumentException("The specified user is null= "); + + if (user.isPasswordReadOnly()) + return false; + + if (user.isRoot()) + return isPolicyEnabledForRoot(); + + boolean enforcePolicy =3D isPolicyEnabled(user.getSiteID()); + // check if the policy is enabled for at least one of the user + // groups + // additionally check the user key (for new user the key is null) + if (user.getUserKey() !=3D null && enforcePolicy) { + JahiaGroupManagerService groupMgr =3D ServicesRegistry.getInst= ance() + .getJahiaGroupManagerService(); + List groups =3D groupMgr.getUserMembership(user); + if (groups.size() > 0) { + boolean enforcePolicyAtLeastForOneGroup =3D false; for (Iterator iterator =3D groups.iterator(); iterator.has= Next();) { String groupName =3D (String) iterator.next(); JahiaGroup group =3D groupMgr.lookupGroup(groupName); if (group !=3D null) { String propValue =3D group .getProperty(JahiaGroup.PROPERTY_ENFORCE_P= ASSWORD_POLICY); - // is porperty for group not set (overriden) or is= true? + // is porperty for group not set (overriden) or is + // true? if (StringUtils.isEmpty(propValue) || "true".equals(propValue)) { // we do force policy check - enforccePolicyAtLeastForOneGroup =3D true; + enforcePolicyAtLeastForOneGroup =3D true; break; } } } enforcePolicy =3D enforcePolicy - && enforccePolicyAtLeastForOneGroup; + && enforcePolicyAtLeastForOneGroup; + } + } + return enforcePolicy; + } + + /** + * Checks, if the password policy should be enforced for the root user. + * = + * @return <code>true</code>, if the password policy should be enforced + * for the root user + */ + private boolean isPolicyEnabledForRoot() { + + boolean enforcePolicy =3D false; + try { + Enumeration sites =3D ServicesRegistry.getInstance() + .getJahiaSitesService().getSites(); + while (sites.hasMoreElements()) { + JahiaSite site =3D (JahiaSite) sites.nextElement(); + if (isPolicyEnabled(site.getID())) { + enforcePolicy =3D true; + break; + } } } catch (JahiaException ex) { - logger.error("Unable to retrieve a property " - + PROPERTY_SITE_ENFORCE_POLICY + " for site ID " - + user.getSiteID(), ex); + logger + .error("Unable to check policy enforcement for root us= er", + ex); } + return enforcePolicy; } = Modified: branches/JAHIA-5-0-SP-BRANCH/core/src/java/org/jahia/services/pwd= policy/RuleConditions.java URL: https://svndev.jahia.net/websvn/diff.php?path=3D/branches/JAHIA-5-0-SP= -BRANCH/core/src/java/org/jahia/services/pwdpolicy/RuleConditions.java&rev= =3D18249&repname=3Djahia =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D --- branches/JAHIA-5-0-SP-BRANCH/core/src/java/org/jahia/services/pwdpolicy= /RuleConditions.java (original) +++ branches/JAHIA-5-0-SP-BRANCH/core/src/java/org/jahia/services/pwdpolicy= /RuleConditions.java Thu Aug 23 10:49:12 2007 @@ -199,13 +199,16 @@ = String encryptedPassword =3D JahiaUserManagerService .encryptPassword(ctx.getPassword()); - for (int i =3D 0; i < checkedPasswordCount && i < history.= size(); i++) { - if (encryptedPassword - .equals(((UserProperty) history.get(i)).getVal= ue())) { - success =3D false; - break; + if (encryptedPassword !=3D null) { + for (int i =3D 0; i < checkedPasswordCount + && i < history.size(); i++) { + UserProperty prop =3D (UserProperty) history.get(i= ); + if (prop !=3D null && prop.getValue() !=3D null + && encryptedPassword.equals(prop.getValue(= ))) { + success =3D false; + break; + } } - } } = Modified: branches/JAHIA-5-0-SP-BRANCH/core/src/java/org/jahia/services/use= rmanager/JahiaUserManagerDBProvider.java URL: https://svndev.jahia.net/websvn/diff.php?path=3D/branches/JAHIA-5-0-SP= -BRANCH/core/src/java/org/jahia/services/usermanager/JahiaUserManagerDBProv= ider.java&rev=3D18249&repname=3Djahia =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D --- branches/JAHIA-5-0-SP-BRANCH/core/src/java/org/jahia/services/usermanag= er/JahiaUserManagerDBProvider.java (original) +++ branches/JAHIA-5-0-SP-BRANCH/core/src/java/org/jahia/services/usermanag= er/JahiaUserManagerDBProvider.java Thu Aug 23 10:49:12 2007 @@ -146,7 +146,9 @@ } = if (!password.startsWith("SHA-1:")) { - if (!isPasswordSyntaxCorrect(password)) { + if (!ServicesRegistry.getInstance().getJahiaPasswordPolicyServ= ice() + .isPolicyEnabled(siteID) + && !isPasswordSyntaxCorrect(password)) { return null; } // Encrypt the password _______________________________________________ cvs_list mailing list [email protected] http://lists.jahia.org/cgi-bin/mailman/listinfo/cvs_list
