ate         2004/11/11 19:17:47

  Modified:    jetspeed-api/src/java/org/apache/jetspeed/security
                        SecurityException.java
               components/security/src/test/org/apache/jetspeed/security/spi
                        
TestInternalPasswordCredentialStateHandlingInterceptor.java
               jetspeed-api/src/java/org/apache/jetspeed/security/om
                        InternalCredential.java
               components/security/src/java/org/apache/jetspeed/security/om/impl
                        InternalCredentialImpl.java
               
components/security/src/java/org/apache/jetspeed/security/spi/impl
                        InternalPasswordCredentialStateHandlingInterceptor.java
                        DefaultInternalPasswordCredentialInterceptor.java
                        DefaultCredentialHandler.java
               components/security/src/java/org/apache/jetspeed/security/spi
                        InternalPasswordCredentialInterceptor.java
               components/security/src/java/META-INF
                        security_repository.xml
               portal/src/webapp/WEB-INF/assembly jetspeed-spring.xml
  Added:       components/security/src/test/org/apache/jetspeed/security/spi
                        
TestInternalPasswordCredentialHistoryHandlingInterceptor.java
               components/security/src/test/META-INF sipchhi.xml
               
components/security/src/java/org/apache/jetspeed/security/spi/impl
                        
InternalPasswordCredentialHistoryHandlingInterceptor.java
  Log:
  JS2-151 feature: password history implemented (item 3)
  
  Revision  Changes    Path
  1.6       +3 -0      
jakarta-jetspeed-2/jetspeed-api/src/java/org/apache/jetspeed/security/SecurityException.java
  
  Index: SecurityException.java
  ===================================================================
  RCS file: 
/home/cvs/jakarta-jetspeed-2/jetspeed-api/src/java/org/apache/jetspeed/security/SecurityException.java,v
  retrieving revision 1.5
  retrieving revision 1.6
  diff -u -r1.5 -r1.6
  --- SecurityException.java    8 Nov 2004 03:23:35 -0000       1.5
  +++ SecurityException.java    12 Nov 2004 03:17:46 -0000      1.6
  @@ -60,6 +60,9 @@
       /** <p>Invalid authentication provider exception message.</p> */
       public static final String INVALID_AUTHENTICATION_PROVIDER = "Invalid 
authentication provider.";    
   
  +    /** <p>Password already used exception message.</p> */
  +    public static final String PASSWORD_ALREADY_USED = "Password already 
used.";
  +
       /**
        * <p>Default Constructor.</p>
        */
  
  
  
  1.3       +4 -4      
jakarta-jetspeed-2/components/security/src/test/org/apache/jetspeed/security/spi/TestInternalPasswordCredentialStateHandlingInterceptor.java
  
  Index: TestInternalPasswordCredentialStateHandlingInterceptor.java
  ===================================================================
  RCS file: 
/home/cvs/jakarta-jetspeed-2/components/security/src/test/org/apache/jetspeed/security/spi/TestInternalPasswordCredentialStateHandlingInterceptor.java,v
  retrieving revision 1.2
  retrieving revision 1.3
  diff -u -r1.2 -r1.3
  --- TestInternalPasswordCredentialStateHandlingInterceptor.java       8 Nov 
2004 22:36:04 -0000       1.2
  +++ TestInternalPasswordCredentialStateHandlingInterceptor.java       12 Nov 
2004 03:17:46 -0000      1.3
  @@ -22,8 +22,8 @@
   import junit.framework.Test;
   import junit.framework.TestSuite;
   
  +import org.apache.jetspeed.security.om.InternalCredential;
   import org.apache.jetspeed.security.om.InternalUserPrincipal;
  -import org.apache.jetspeed.security.om.impl.InternalCredentialImpl;
   import org.apache.jetspeed.security.util.test.AbstractSecurityTestcase;
   
   /**
  @@ -37,7 +37,7 @@
   public class TestInternalPasswordCredentialStateHandlingInterceptor extends 
AbstractSecurityTestcase
   {
       private InternalUserPrincipal internalUser;
  -    private InternalCredentialImpl credential;
  +    private InternalCredential credential;
       
       protected void setUp() throws Exception
       {
  @@ -85,7 +85,7 @@
       protected void loadUser() throws Exception
       {
           internalUser = securityAccess.getInternalUserPrincipal("testcred");
  -        credential = 
(InternalCredentialImpl)internalUser.getCredentials().iterator().next();
  +        credential = 
(InternalCredential)internalUser.getCredentials().iterator().next();
       }
       
       protected void updateCredential() throws Exception
  
  
  
  1.1                  
jakarta-jetspeed-2/components/security/src/test/org/apache/jetspeed/security/spi/TestInternalPasswordCredentialHistoryHandlingInterceptor.java
  
  Index: TestInternalPasswordCredentialHistoryHandlingInterceptor.java
  ===================================================================
  /* Copyright 2004 Apache Software Foundation
   *
   * Licensed under the Apache License, Version 2.0 (the "License");
   * you may not use this file except in compliance with the License.
   * You may obtain a copy of the License at
   *
   *     http://www.apache.org/licenses/LICENSE-2.0
   *
   * Unless required by applicable law or agreed to in writing, software
   * distributed under the License is distributed on an "AS IS" BASIS,
   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
   * See the License for the specific language governing permissions and
   * limitations under the License.
   */
  package org.apache.jetspeed.security.spi;
  
  import java.util.ArrayList;
  import java.util.Arrays;
  import java.util.List;
  
  import junit.framework.Test;
  import junit.framework.TestSuite;
  
  import org.apache.jetspeed.security.SecurityException;
  import org.apache.jetspeed.security.om.InternalUserPrincipal;
  import org.apache.jetspeed.security.om.impl.InternalCredentialImpl;
  import org.apache.jetspeed.security.util.test.AbstractSecurityTestcase;
  
  /**
  * <p>
   * TestInternalPasswordCredentialHistoryHandlingInterceptor
   * </p>
   * 
   * @author <a href="mailto:[EMAIL PROTECTED]">Ate Douma</a>
   * @version $Id: 
TestInternalPasswordCredentialHistoryHandlingInterceptor.java,v 1.1 2004/11/12 
03:17:46 ate Exp $
   */
  public class TestInternalPasswordCredentialHistoryHandlingInterceptor extends 
AbstractSecurityTestcase
  {
      private InternalUserPrincipal internalUser;
      private InternalCredentialImpl credential;
      
      protected void setUp() throws Exception
      {
          super.setUp(); 
          // cleanup for previously failed test
          destroyUser();
          initUser();
      }
  
      public void tearDown() throws Exception
      {
          destroyUser();
          super.tearDown();
      }
  
      public static Test suite()
      {
          return new 
TestSuite(TestInternalPasswordCredentialHistoryHandlingInterceptor.class);
      }
  
      public void testPasswordHistory() throws Exception
      {
          assertTrue("should be allowed to 
authenticate",ums.authenticate("testcred","password"));
          ums.setPassword("testcred","password","password1");
          ums.setPassword("testcred","password1","password2");
          assertTrue("should be allowed to 
authenticate",ums.authenticate("testcred","password2"));
          try
          {
              ums.setPassword("testcred","password2","password");
              fail("Should not be allowed to reuse a password from password 
history");
          }
          catch (SecurityException sex)
          {
              assertEquals(SecurityException.PASSWORD_ALREADY_USED, 
sex.getMessage());
          }
          ums.setPassword("testcred","password2","password3");
          ums.setPassword("testcred","password3","password4");
          ums.setPassword("testcred","password4","password");
          assertTrue("should be allowed to 
authenticate",ums.authenticate("testcred","password"));
      }
  
      protected void initUser() throws Exception
      {
          ums.addUser("testcred", "password");
      }
      
      protected void destroyUser() throws Exception
      {
          ums.removeUser("testcred");
      }
      
      protected String[] getConfigurations()
      {
          String[] confs = super.getConfigurations();
          List confList = new ArrayList(Arrays.asList(confs));
          confList.add("META-INF/sipchhi.xml");
          return (String[])confList.toArray(new String[1]);
      }    
  }
  
  
  
  1.1                  
jakarta-jetspeed-2/components/security/src/test/META-INF/sipchhi.xml
  
  Index: sipchhi.xml
  ===================================================================
  <?xml version="1.0" encoding="UTF-8"?>
  <!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" 
"http://www.springframework.org/dtd/spring-beans.dtd";>
  <!--
  Copyright 2004 The Apache Software Foundation
  
  Licensed under the Apache License, Version 2.0 (the "License");
  you may not use this file except in compliance with the License.
  You may obtain a copy of the License at
  
      http://www.apache.org/licenses/LICENSE-2.0
  
  Unless required by applicable law or agreed to in writing, software
  distributed under the License is distributed on an "AS IS" BASIS,
  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  See the License for the specific language governing permissions and
  limitations under the License.
  -->
  <beans>
   <!-- MessageDigestCredentialPasswordEncoder usage -->
    <bean id="org.apache.jetspeed.security.spi.CredentialPasswordValidator" 
         
class="org.apache.jetspeed.security.spi.impl.DefaultCredentialPasswordValidator"/>
  
    <bean id="org.apache.jetspeed.security.spi.CredentialPasswordEncoder" 
         
class="org.apache.jetspeed.security.spi.impl.MessageDigestCredentialPasswordEncoder">
         <constructor-arg index="0"><value>SHA-1</value></constructor-arg>      
 
    </bean>       
  
    <bean 
id="org.apache.jetspeed.security.spi.InternalPasswordCredentialInterceptor" 
         
class="org.apache.jetspeed.security.spi.impl.InternalPasswordCredentialHistoryHandlingInterceptor">
         <constructor-arg index="0"><value>3</value></constructor-arg>       
         <constructor-arg index="1"><value>7</value></constructor-arg>
         <!-- historySize -->       
         <constructor-arg index="2"><value>3</value></constructor-arg>       
    </bean>
  
    <bean id="org.apache.jetspeed.security.spi.PasswordCredentialProvider" 
         
class="org.apache.jetspeed.security.spi.impl.DefaultPasswordCredentialProvider">
         <constructor-arg index="0"><ref 
bean="org.apache.jetspeed.security.spi.CredentialPasswordValidator"/></constructor-arg>
       
         <constructor-arg index="1"><null/></constructor-arg>       
    </bean>       
  
    <!-- Security SPI: CredentialHandler -->
    <bean id="org.apache.jetspeed.security.spi.CredentialHandler" 
         class="org.apache.jetspeed.security.spi.impl.DefaultCredentialHandler"
    >       
         <constructor-arg index="0"><ref 
bean="org.apache.jetspeed.security.spi.SecurityAccess"/></constructor-arg>      
 
         <constructor-arg index="1"><ref 
bean="org.apache.jetspeed.security.spi.PasswordCredentialProvider"/></constructor-arg>
       
         <constructor-arg index="2"><ref 
bean="org.apache.jetspeed.security.spi.InternalPasswordCredentialInterceptor"/></constructor-arg>
       
    </bean>
    
  </beans>
  
  
  
  1.3       +5 -0      
jakarta-jetspeed-2/jetspeed-api/src/java/org/apache/jetspeed/security/om/InternalCredential.java
  
  Index: InternalCredential.java
  ===================================================================
  RCS file: 
/home/cvs/jakarta-jetspeed-2/jetspeed-api/src/java/org/apache/jetspeed/security/om/InternalCredential.java,v
  retrieving revision 1.2
  retrieving revision 1.3
  diff -u -r1.2 -r1.3
  --- InternalCredential.java   8 Nov 2004 03:23:36 -0000       1.2
  +++ InternalCredential.java   12 Nov 2004 03:17:46 -0000      1.3
  @@ -37,6 +37,11 @@
    */
   public interface InternalCredential extends Serializable, Cloneable
   {
  +    /** Private credentials type. */
  +    public static final int PRIVATE = 0;
  +    /** Public credentials type. */
  +    public static final int PUBLIC = 1;
  +
       /**
        * <p>Getter for the credential id.</p>
        * @return The credential id.
  
  
  
  1.3       +40 -1     
jakarta-jetspeed-2/components/security/src/java/org/apache/jetspeed/security/om/impl/InternalCredentialImpl.java
  
  Index: InternalCredentialImpl.java
  ===================================================================
  RCS file: 
/home/cvs/jakarta-jetspeed-2/components/security/src/java/org/apache/jetspeed/security/om/impl/InternalCredentialImpl.java,v
  retrieving revision 1.2
  retrieving revision 1.3
  diff -u -r1.2 -r1.3
  --- InternalCredentialImpl.java       8 Nov 2004 03:23:35 -0000       1.2
  +++ InternalCredentialImpl.java       12 Nov 2004 03:17:46 -0000      1.3
  @@ -18,6 +18,7 @@
   import java.sql.Timestamp;
   
   import org.apache.jetspeed.security.om.InternalCredential;
  +import org.apache.jetspeed.util.HashCodeBuilder;
   
   /**
    * <p>[EMAIL PROTECTED] InternalCredential} interface implementation.</p>
  @@ -34,7 +35,7 @@
       }
   
       /**
  -     * <p>InternalPrincipal constructor given a value, type and 
classname.</p>
  +     * <p>InternalCredentialImpl constructor given a value, type and 
classname.</p>
        * @param principalId The principal id.
        * @param value The value.
        * @param type The type.
  @@ -49,6 +50,28 @@
           this.creationDate = new Timestamp(System.currentTimeMillis());
           this.modifiedDate = this.creationDate;
       }
  +    
  +    /**
  +     * <p>InternalCredentialImpl copy constructor given another 
InternalCredential and overriding classname</p>
  +     * @param credential The credential to copy from
  +     * @param classname The classname for the new credential
  +     */
  +    public InternalCredentialImpl(InternalCredential credential, String 
classname)
  +    {
  +        this.authenticationFailures = credential.getAuthenticationFailures();
  +        this.classname = classname;
  +        this.creationDate = credential.getCreationDate();
  +        this.enabled = credential.isEnabled();
  +        this.encoded = credential.isEncoded();
  +        this.expirationDate = credential.getExpirationDate();
  +        this.expired = credential.isExpired();
  +        this.lastLogonDate = credential.getLastLogonDate();
  +        this.modifiedDate = credential.getModifiedDate();
  +        this.principalId = credential.getPrincipalId();
  +        this.type = credential.getType();
  +        this.updateRequired = credential.isUpdateRequired();
  +        this.value = credential.getValue();
  +    }
   
       private long credentialId;
   
  @@ -301,6 +324,22 @@
       {
           this.lastLogonDate = lastLogonDate;
       }
  +    
  +    /**
  +     * @see java.lang.Object#hashCode()
  +     */
  +    public int hashCode()
  +    {
  +        HashCodeBuilder hasher = new HashCodeBuilder(1, 3);
  +        hasher.append(getPrincipalId());
  +        hasher.append(getCreationDate().getTime());
  +        if (getClassname() != null)
  +        {
  +            hasher.append(getClassname());
  +        }
  +        return hasher.toHashCode();
  +    }
  +    
   
       /**
        * <p>Compares this [EMAIL PROTECTED] InternalCredential} to the 
provided credential
  
  
  
  1.3       +4 -4      
jakarta-jetspeed-2/components/security/src/java/org/apache/jetspeed/security/spi/impl/InternalPasswordCredentialStateHandlingInterceptor.java
  
  Index: InternalPasswordCredentialStateHandlingInterceptor.java
  ===================================================================
  RCS file: 
/home/cvs/jakarta-jetspeed-2/components/security/src/java/org/apache/jetspeed/security/spi/impl/InternalPasswordCredentialStateHandlingInterceptor.java,v
  retrieving revision 1.2
  retrieving revision 1.3
  diff -u -r1.2 -r1.3
  --- InternalPasswordCredentialStateHandlingInterceptor.java   8 Nov 2004 
22:35:41 -0000       1.2
  +++ InternalPasswordCredentialStateHandlingInterceptor.java   12 Nov 2004 
03:17:46 -0000      1.3
  @@ -103,12 +103,12 @@
       }
       
       /**
  -     * @see 
org.apache.jetspeed.security.spi.InternalPasswordCredentialInterceptor#beforeSetPassword(org.apache.jetspeed.security.om.InternalUserPrincipal,
 java.util.Collection, java.lang.String, 
org.apache.jetspeed.security.om.InternalCredential, java.lang.String)
  +     * @see 
org.apache.jetspeed.security.spi.InternalPasswordCredentialInterceptor#beforeSetPassword(org.apache.jetspeed.security.om.InternalUserPrincipal,
 java.util.Collection, java.lang.String, 
org.apache.jetspeed.security.om.InternalCredential, java.lang.String, boolean)
        */
       public void beforeSetPassword(InternalUserPrincipal internalUser, 
Collection credentials, String userName,
  -            InternalCredential credential, String password) throws 
SecurityException
  +            InternalCredential credential, String password, boolean 
authenticated) throws SecurityException
       {
  -        super.beforeSetPassword(internalUser, credentials, userName, 
credential, password);
  +        super.beforeSetPassword(internalUser, credentials, userName, 
credential, password, authenticated);
           credential.setExpirationDate(new 
Date(System.currentTimeMillis()+maxLifeSpanInMillis));
           credential.setExpired(false);
           credential.setAuthenticationFailures(0);
  
  
  
  1.3       +3 -3      
jakarta-jetspeed-2/components/security/src/java/org/apache/jetspeed/security/spi/impl/DefaultInternalPasswordCredentialInterceptor.java
  
  Index: DefaultInternalPasswordCredentialInterceptor.java
  ===================================================================
  RCS file: 
/home/cvs/jakarta-jetspeed-2/components/security/src/java/org/apache/jetspeed/security/spi/impl/DefaultInternalPasswordCredentialInterceptor.java,v
  retrieving revision 1.2
  retrieving revision 1.3
  diff -u -r1.2 -r1.3
  --- DefaultInternalPasswordCredentialInterceptor.java 8 Nov 2004 22:35:41 
-0000       1.2
  +++ DefaultInternalPasswordCredentialInterceptor.java 12 Nov 2004 03:17:46 
-0000      1.3
  @@ -74,10 +74,10 @@
       }
   
       /**
  -     * @see 
org.apache.jetspeed.security.spi.InternalPasswordCredentialInterceptor#beforeSetPassword(org.apache.jetspeed.security.om.InternalUserPrincipal,
 java.util.Collection, java.lang.String, 
org.apache.jetspeed.security.om.InternalCredential, java.lang.String)
  +     * @see 
org.apache.jetspeed.security.spi.InternalPasswordCredentialInterceptor#beforeSetPassword(org.apache.jetspeed.security.om.InternalUserPrincipal,
 java.util.Collection, java.lang.String, 
org.apache.jetspeed.security.om.InternalCredential, java.lang.String, boolean)
        */
       public void beforeSetPassword(InternalUserPrincipal internalUser, 
Collection credentials, String userName,
  -            InternalCredential credential, String password) throws 
SecurityException
  +            InternalCredential credential, String password, boolean 
authenticated) throws SecurityException
       {
       }
   }
  
  
  
  1.10      +4 -10     
jakarta-jetspeed-2/components/security/src/java/org/apache/jetspeed/security/spi/impl/DefaultCredentialHandler.java
  
  Index: DefaultCredentialHandler.java
  ===================================================================
  RCS file: 
/home/cvs/jakarta-jetspeed-2/components/security/src/java/org/apache/jetspeed/security/spi/impl/DefaultCredentialHandler.java,v
  retrieving revision 1.9
  retrieving revision 1.10
  diff -u -r1.9 -r1.10
  --- DefaultCredentialHandler.java     8 Nov 2004 03:23:35 -0000       1.9
  +++ DefaultCredentialHandler.java     12 Nov 2004 03:17:46 -0000      1.10
  @@ -40,12 +40,6 @@
   {
       private static final Log log = 
LogFactory.getLog(DefaultCredentialHandler.class);
   
  -    /** Private credentials type. */
  -    private static final int PRIVATE = 0;
  -
  -    /** Public credentials type. */
  -    private static final int PUBLIC = 1;
  -
       private SecurityAccess securityAccess;
   
       private PasswordCredentialProvider pcProvider;
  @@ -106,7 +100,7 @@
               while (iter.hasNext())
               {
                   credential = (InternalCredential) iter.next();
  -                if (credential.getType() == PRIVATE )
  +                if (credential.getType() == InternalCredential.PRIVATE )
                   {
                       if ((null != credential.getClassname())
                               && 
(credential.getClassname().equals(pcProvider.getPasswordCredentialClass().getName())))
  @@ -184,9 +178,9 @@
   
           boolean create = credential == null;
   
  -        if ( credential == null )
  +        if ( create )
           {
  -            credential = new 
InternalCredentialImpl(internalUser.getPrincipalId(), newPassword, PRIVATE,
  +            credential = new 
InternalCredentialImpl(internalUser.getPrincipalId(), newPassword, 
InternalCredential.PRIVATE,
                               
pcProvider.getPasswordCredentialClass().getName());
               credential.setEncoded(encoded);
               credentials.add(credential);
  @@ -212,7 +206,7 @@
               }
               else
               {
  -                ipcInterceptor.beforeSetPassword(internalUser, credentials, 
userName, credential, newPassword );
  +                ipcInterceptor.beforeSetPassword(internalUser, credentials, 
userName, credential, newPassword, oldPassword != null );
               }
           }
           if (!create)
  
  
  
  1.1                  
jakarta-jetspeed-2/components/security/src/java/org/apache/jetspeed/security/spi/impl/InternalPasswordCredentialHistoryHandlingInterceptor.java
  
  Index: InternalPasswordCredentialHistoryHandlingInterceptor.java
  ===================================================================
  /* Copyright 2004 Apache Software Foundation
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
  package org.apache.jetspeed.security.spi.impl;
  
  import java.sql.Timestamp;
  import java.util.ArrayList;
  import java.util.Collection;
  import java.util.Collections;
  import java.util.Comparator;
  import java.util.Iterator;
  
  import org.apache.jetspeed.security.SecurityException;
  import org.apache.jetspeed.security.om.InternalCredential;
  import org.apache.jetspeed.security.om.InternalUserPrincipal;
  import org.apache.jetspeed.security.om.impl.InternalCredentialImpl;
  
  /**
   * <p>
   * InternalPasswordCredentialHistoryHandlingInterceptor
   * </p>
   * 
   * @author <a href="mailto:[EMAIL PROTECTED]">Ate Douma</a>
   * @version $Id: InternalPasswordCredentialHistoryHandlingInterceptor.java,v 
1.1 2004/11/12 03:17:46 ate Exp $
   */
  public class InternalPasswordCredentialHistoryHandlingInterceptor extends
          InternalPasswordCredentialStateHandlingInterceptor
  {
      private int historySize;
      
      private static String HISTORICAL_PASSWORD_CREDENTIAL = 
"org.apache.jetspeed.security.spi.impl.HistoricalPasswordCredentialImpl";
      
      private static final Comparator internalCredentialCreationDateComparator =
          new Comparator()
          {
              public int compare(Object obj1, Object obj2)
              {
                  return 
((InternalCredential)obj2).getCreationDate().compareTo(((InternalCredential)obj1).getCreationDate());
              }
          };
      
      public InternalPasswordCredentialHistoryHandlingInterceptor(int 
maxNumberOfAuthenticationFailures,
              int maxLifeSpanInDays, int historySize)
      {
          super(maxNumberOfAuthenticationFailures, maxLifeSpanInDays);
          this.historySize = historySize;
      }
      
      /**
       * @see 
org.apache.jetspeed.security.spi.InternalPasswordCredentialStateHandlingInterceptor#beforeSetPassword(org.apache.jetspeed.security.om.InternalUserPrincipal,
 java.util.Collection, java.lang.String, 
org.apache.jetspeed.security.om.InternalCredential, java.lang.String, boolean)
       */
      public void beforeSetPassword(InternalUserPrincipal internalUser, 
Collection credentials, String userName,
              InternalCredential credential, String password, boolean 
authenticated) throws SecurityException
      {
          Collection internalCredentials = internalUser.getCredentials();
          ArrayList historicalPasswordCredentials = new ArrayList();
          if ( internalCredentials != null )
          {
              InternalCredential currCredential;
              Iterator iter = internalCredentials.iterator();
              
              while (iter.hasNext())
              {
                  currCredential = (InternalCredential) iter.next();
                  if (currCredential.getType() == InternalCredential.PRIVATE )
                  {
                      if ((null != currCredential.getClassname())
                              && 
(currCredential.getClassname().equals(HISTORICAL_PASSWORD_CREDENTIAL)))
                      {
                          historicalPasswordCredentials.add(currCredential);
                      }
                  }
              }
          }
          if (historicalPasswordCredentials.size() > 1)
          {
              
Collections.sort(historicalPasswordCredentials,internalCredentialCreationDateComparator);
          }
          
          int historyCount = historyCount = 
historicalPasswordCredentials.size();
          InternalCredential historicalPasswordCredential;
          if ( authenticated )
          {
              // check password already used
              for ( int i = 0; i < historyCount && i < historySize; i++ )
              {
                  historicalPasswordCredential = 
(InternalCredential)historicalPasswordCredentials.get(i);
                  if ( historicalPasswordCredential.getValue() != null &&
                          
historicalPasswordCredential.getValue().equals(password) )
                  {
                      throw new 
SecurityException(SecurityException.PASSWORD_ALREADY_USED);
                  }
              }
          }
  
          for ( int i = historySize-1; i < historyCount; i++ )
          {
              credentials.remove(historicalPasswordCredentials.get(i));
          }
          historicalPasswordCredential = new 
InternalCredentialImpl(credential,HISTORICAL_PASSWORD_CREDENTIAL);
          credentials.add(historicalPasswordCredential);
          
          // fake update to current InternalCredential as being an insert of a 
new one
          credential.setCreationDate(new Timestamp(System.currentTimeMillis()));
          
          super.beforeSetPassword(internalUser, credentials, userName, 
credential, password, authenticated);
      }
  }
  
  
  
  1.3       +2 -2      
jakarta-jetspeed-2/components/security/src/java/org/apache/jetspeed/security/spi/InternalPasswordCredentialInterceptor.java
  
  Index: InternalPasswordCredentialInterceptor.java
  ===================================================================
  RCS file: 
/home/cvs/jakarta-jetspeed-2/components/security/src/java/org/apache/jetspeed/security/spi/InternalPasswordCredentialInterceptor.java,v
  retrieving revision 1.2
  retrieving revision 1.3
  diff -u -r1.2 -r1.3
  --- InternalPasswordCredentialInterceptor.java        8 Nov 2004 22:35:41 
-0000       1.2
  +++ InternalPasswordCredentialInterceptor.java        12 Nov 2004 03:17:46 
-0000      1.3
  @@ -33,5 +33,5 @@
       boolean afterLoad(PasswordCredentialProvider pcProvider, String 
userName, InternalCredential credential) throws SecurityException;
       boolean afterAuthenticated(InternalUserPrincipal internalUser, String 
userName, InternalCredential credential, boolean authenticated) throws 
SecurityException;
       void beforeCreate(InternalUserPrincipal internalUser, Collection 
credentials, String userName, InternalCredential credential, String password) 
throws SecurityException;
  -    void beforeSetPassword(InternalUserPrincipal internalUser, Collection 
credentials, String userName, InternalCredential credential, String password) 
throws SecurityException;
  +    void beforeSetPassword(InternalUserPrincipal internalUser, Collection 
credentials, String userName, InternalCredential credential, String password, 
boolean authenticated) throws SecurityException;
   }
  
  
  
  1.3       +2 -0      
jakarta-jetspeed-2/components/security/src/java/META-INF/security_repository.xml
  
  Index: security_repository.xml
  ===================================================================
  RCS file: 
/home/cvs/jakarta-jetspeed-2/components/security/src/java/META-INF/security_repository.xml,v
  retrieving revision 1.2
  retrieving revision 1.3
  diff -u -r1.2 -r1.3
  --- security_repository.xml   8 Nov 2004 03:23:36 -0000       1.2
  +++ security_repository.xml   12 Nov 2004 03:17:46 -0000      1.3
  @@ -81,6 +81,8 @@
            <collection-descriptor
                name="credentials"
                
element-class-ref="org.apache.jetspeed.security.om.impl.InternalCredentialImpl"
  +          proxy="true"
  +          refresh="true"          
                auto-retrieve="true"
                auto-update="object"
                auto-delete="object"
  
  
  
  1.32      +3 -1      
jakarta-jetspeed-2/portal/src/webapp/WEB-INF/assembly/jetspeed-spring.xml
  
  Index: jetspeed-spring.xml
  ===================================================================
  RCS file: 
/home/cvs/jakarta-jetspeed-2/portal/src/webapp/WEB-INF/assembly/jetspeed-spring.xml,v
  retrieving revision 1.31
  retrieving revision 1.32
  diff -u -r1.31 -r1.32
  --- jetspeed-spring.xml       8 Nov 2004 03:23:37 -0000       1.31
  +++ jetspeed-spring.xml       12 Nov 2004 03:17:47 -0000      1.32
  @@ -385,11 +385,13 @@
     </bean>       
   
     <bean 
id="org.apache.jetspeed.security.spi.InternalPasswordCredentialInterceptor" 
  -       
class="org.apache.jetspeed.security.spi.impl.InternalPasswordCredentialStateHandlingInterceptor">
  +       
class="org.apache.jetspeed.security.spi.impl.InternalPasswordCredentialHistoryHandlingInterceptor">
          <!-- maxNumberOfAuthenticationFailures -->
          <constructor-arg index="0"><value>3</value></constructor-arg>  
          <!-- maxLifeSpanInDays -->     
          <constructor-arg index="1"><value>60</value></constructor-arg>       
  +       <!-- historySize -->     
  +       <constructor-arg index="2"><value>3</value></constructor-arg>       
     </bean>
   
     <!-- Security SPI: CredentialHandler -->
  
  
  

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to