Author: norman
Date: Tue May 3 14:22:27 2011
New Revision: 1099068
URL: http://svn.apache.org/viewvc?rev=1099068&view=rev
Log:
Add support for LOGINDISABLED as stated in rfc3501. This completes IMAP-304
Modified:
james/imap/trunk/api/src/main/java/org/apache/james/imap/api/display/HumanReadableText.java
james/imap/trunk/api/src/main/java/org/apache/james/imap/api/process/ImapSession.java
james/imap/trunk/message/src/test/java/org/apache/james/imap/encode/FakeImapSession.java
james/imap/trunk/processor/src/main/java/org/apache/james/imap/processor/AuthenticateProcessor.java
james/imap/trunk/processor/src/main/java/org/apache/james/imap/processor/DefaultProcessorChain.java
james/imap/trunk/processor/src/main/java/org/apache/james/imap/processor/LoginProcessor.java
james/imap/trunk/processor/src/test/java/org/apache/james/imap/processor/base/MailboxEventAnalyserTest.java
Modified:
james/imap/trunk/api/src/main/java/org/apache/james/imap/api/display/HumanReadableText.java
URL:
http://svn.apache.org/viewvc/james/imap/trunk/api/src/main/java/org/apache/james/imap/api/display/HumanReadableText.java?rev=1099068&r1=1099067&r2=1099068&view=diff
==============================================================================
---
james/imap/trunk/api/src/main/java/org/apache/james/imap/api/display/HumanReadableText.java
(original)
+++
james/imap/trunk/api/src/main/java/org/apache/james/imap/api/display/HumanReadableText.java
Tue May 3 14:22:27 2011
@@ -115,6 +115,9 @@ public class HumanReadableText {
public static final HumanReadableText INVALID_LOGIN = new
HumanReadableText("org.apache.james.imap.INVALID_LOGIN", "failed. Invalid
login/password.");
+ public static final HumanReadableText DISABLED_LOGIN = new
HumanReadableText("org.apache.james.imap.DISABLED_LOGIN", "failed. Plain login
/ authentication are disabled.");
+
+
public static final HumanReadableText UNSUPPORTED_SEARCH_CRITERIA = new
HumanReadableText("org.apache.james.imap.UNSUPPORTED_CRITERIA", "failed. One or
more search criteria is unsupported.");
public static final HumanReadableText UNSUPPORTED_AUTHENTICATION_MECHANISM
= new
HumanReadableText("org.apache.james.imap.UNSUPPORTED_AUTHENTICATION_MECHANISM",
"failed. Authentication mechanism is unsupported.");
Modified:
james/imap/trunk/api/src/main/java/org/apache/james/imap/api/process/ImapSession.java
URL:
http://svn.apache.org/viewvc/james/imap/trunk/api/src/main/java/org/apache/james/imap/api/process/ImapSession.java?rev=1099068&r1=1099067&r2=1099068&view=diff
==============================================================================
---
james/imap/trunk/api/src/main/java/org/apache/james/imap/api/process/ImapSession.java
(original)
+++
james/imap/trunk/api/src/main/java/org/apache/james/imap/api/process/ImapSession.java
Tue May 3 14:22:27 2011
@@ -116,6 +116,13 @@ public interface ImapSession {
public boolean startTLS();
/**
+ * Return true if the session is bound to a TLS encrypted socket.
+ *
+ * @return tlsActive
+ */
+ public boolean isTLSActive();
+
+ /**
* Support startTLS ?
*
* @return true if startTLS is supported
@@ -129,5 +136,13 @@ public interface ImapSession {
public void pushLineHandler(ImapLineHandler lineHandler);
public void popLineHandler();
+
+ /**
+ * Return true if the login / authentication via plain username / password
is
+ * disallowed
+ *
+ * @return plainDisallowed
+ */
+ public boolean isPlainAuthDisallowed();
}
Modified:
james/imap/trunk/message/src/test/java/org/apache/james/imap/encode/FakeImapSession.java
URL:
http://svn.apache.org/viewvc/james/imap/trunk/message/src/test/java/org/apache/james/imap/encode/FakeImapSession.java?rev=1099068&r1=1099067&r2=1099068&view=diff
==============================================================================
---
james/imap/trunk/message/src/test/java/org/apache/james/imap/encode/FakeImapSession.java
(original)
+++
james/imap/trunk/message/src/test/java/org/apache/james/imap/encode/FakeImapSession.java
Tue May 3 14:22:27 2011
@@ -121,4 +121,12 @@ public class FakeImapSession implements
}
+ public boolean isPlainAuthDisallowed() {
+ return false;
+ }
+
+ public boolean isTLSActive() {
+ return false;
+ }
+
}
Modified:
james/imap/trunk/processor/src/main/java/org/apache/james/imap/processor/AuthenticateProcessor.java
URL:
http://svn.apache.org/viewvc/james/imap/trunk/processor/src/main/java/org/apache/james/imap/processor/AuthenticateProcessor.java?rev=1099068&r1=1099067&r2=1099068&view=diff
==============================================================================
---
james/imap/trunk/processor/src/main/java/org/apache/james/imap/processor/AuthenticateProcessor.java
(original)
+++
james/imap/trunk/processor/src/main/java/org/apache/james/imap/processor/AuthenticateProcessor.java
Tue May 3 14:22:27 2011
@@ -20,7 +20,7 @@
package org.apache.james.imap.processor;
import java.nio.charset.Charset;
-import java.util.Arrays;
+import java.util.ArrayList;
import java.util.List;
import java.util.StringTokenizer;
@@ -55,54 +55,59 @@ public class AuthenticateProcessor exten
protected void doProcess(AuthenticateRequest request, ImapSession session,
final String tag, final ImapCommand command, final Responder responder) {
final String authType = request.getAuthType();
if (authType.equalsIgnoreCase(PLAIN)) {
- responder.respond(new AuthenticateResponse());
- session.pushLineHandler(new ImapLineHandler() {
+ // See if AUTH=PLAIN is allowed. See IMAP-304
+ if (session.isPlainAuthDisallowed() && session.isTLSActive() ==
false) {
+ no(command, tag, responder, HumanReadableText.DISABLED_LOGIN);
+ } else {
+ responder.respond(new AuthenticateResponse());
+ session.pushLineHandler(new ImapLineHandler() {
- public void onLine(ImapSession session, byte[] data) {
- String user = null, pass = null;
- try {
- // strip of the newline
- String userpass = new String(data, 0, data.length - 2,
Charset.forName("US-ASCII"));
-
- userpass = new String(Base64.decodeBase64(userpass));
- StringTokenizer authTokenizer = new
StringTokenizer(userpass, "\0");
- String authorize_id = authTokenizer.nextToken(); //
Authorization Identity
- user = authTokenizer.nextToken(); //
Authentication Identity
+ public void onLine(ImapSession session, byte[] data) {
+ String user = null, pass = null;
try {
- pass = authTokenizer.nextToken(); //
Password
- } catch (java.util.NoSuchElementException _) {
- // If we got here, this is what happened. RFC 2595
- // says that "the client may leave the
authorization
- // identity empty to indicate that it is the same
as
- // the authentication identity." As noted above,
- // that would be represented as a decoded string of
- // the form: "\0authenticate-id\0password". The
- // first call to nextToken will skip the empty
- // authorize-id, and give us the authenticate-id,
- // which we would store as the authorize-id. The
- // second call will give us the password, which we
- // think is the authenticate-id (user). Then when
- // we ask for the password, there are no more
- // elements, leading to the exception we just
- // caught. So we need to move the user to the
- // password, and the authorize_id to the user.
- pass = user;
- user = authorize_id;
- }
-
- authTokenizer = null;
- } catch (Exception e) {
- // Ignored - this exception in parsing will be dealt
- // with in the if clause below
- }
- // Authenticate user
- doAuth(user, pass, session, tag, command, responder,
HumanReadableText.AUTHENTICATION_FAILED);
+ // strip of the newline
+ String userpass = new String(data, 0, data.length
- 2, Charset.forName("US-ASCII"));
+
+ userpass = new
String(Base64.decodeBase64(userpass));
+ StringTokenizer authTokenizer = new
StringTokenizer(userpass, "\0");
+ String authorize_id = authTokenizer.nextToken();
// Authorization Identity
+ user = authTokenizer.nextToken();
// Authentication Identity
+ try {
+ pass = authTokenizer.nextToken();
// Password
+ } catch (java.util.NoSuchElementException _) {
+ // If we got here, this is what happened. RFC
2595
+ // says that "the client may leave the
authorization
+ // identity empty to indicate that it is the
same as
+ // the authentication identity." As noted
above,
+ // that would be represented as a decoded
string of
+ // the form: "\0authenticate-id\0password".
The
+ // first call to nextToken will skip the empty
+ // authorize-id, and give us the
authenticate-id,
+ // which we would store as the authorize-id.
The
+ // second call will give us the password,
which we
+ // think is the authenticate-id (user). Then
when
+ // we ask for the password, there are no more
+ // elements, leading to the exception we just
+ // caught. So we need to move the user to the
+ // password, and the authorize_id to the user.
+ pass = user;
+ user = authorize_id;
+ }
+
+ authTokenizer = null;
+ } catch (Exception e) {
+ // Ignored - this exception in parsing will be
dealt
+ // with in the if clause below
+ }
+ // Authenticate user
+ doAuth(user, pass, session, tag, command, responder,
HumanReadableText.AUTHENTICATION_FAILED);
- // remove the handler now
- session.popLineHandler();
+ // remove the handler now
+ session.popLineHandler();
- }
- });
+ }
+ });
+ }
} else {
session.getLog().info("Unsupported authentication mechanism '" +
authType + "'");
no(command, tag, responder,
HumanReadableText.UNSUPPORTED_AUTHENTICATION_MECHANISM);
@@ -114,7 +119,13 @@ public class AuthenticateProcessor exten
* @see
org.apache.james.imap.processor.CapabilityImplementingProcessor#getImplementedCapabilities(org.apache.james.imap.api.process.ImapSession)
*/
public List<String> getImplementedCapabilities(ImapSession session) {
- return Arrays.asList("AUTH=PLAIN");
+ List<String> caps = new ArrayList<String>();
+ // Only ounce AUTH=PLAIN if the session does allow plain auth or TLS
is active.
+ // See IMAP-304
+ if (session.isPlainAuthDisallowed() == false ||
session.isTLSActive()) {
+ caps.add("AUTH=PLAIN");
+ }
+ return caps;
}
}
Modified:
james/imap/trunk/processor/src/main/java/org/apache/james/imap/processor/DefaultProcessorChain.java
URL:
http://svn.apache.org/viewvc/james/imap/trunk/processor/src/main/java/org/apache/james/imap/processor/DefaultProcessorChain.java?rev=1099068&r1=1099067&r2=1099068&view=diff
==============================================================================
---
james/imap/trunk/processor/src/main/java/org/apache/james/imap/processor/DefaultProcessorChain.java
(original)
+++
james/imap/trunk/processor/src/main/java/org/apache/james/imap/processor/DefaultProcessorChain.java
Tue May 3 14:22:27 2011
@@ -38,6 +38,9 @@ public class DefaultProcessorChain {
final CapabilityProcessor capabilityProcessor = new
CapabilityProcessor(logoutProcessor, mailboxManager, statusResponseFactory);
final CheckProcessor checkProcessor = new
CheckProcessor(capabilityProcessor, mailboxManager, statusResponseFactory);
final LoginProcessor loginProcessor = new
LoginProcessor(checkProcessor, mailboxManager, statusResponseFactory);
+ // so it can announce the LOGINDISABLED if needed
+ capabilityProcessor.addProcessor(loginProcessor);
+
final RenameProcessor renameProcessor = new
RenameProcessor(loginProcessor, mailboxManager, statusResponseFactory);
final DeleteProcessor deleteProcessor = new
DeleteProcessor(renameProcessor, mailboxManager, statusResponseFactory);
final CreateProcessor createProcessor = new
CreateProcessor(deleteProcessor, mailboxManager, statusResponseFactory);
Modified:
james/imap/trunk/processor/src/main/java/org/apache/james/imap/processor/LoginProcessor.java
URL:
http://svn.apache.org/viewvc/james/imap/trunk/processor/src/main/java/org/apache/james/imap/processor/LoginProcessor.java?rev=1099068&r1=1099067&r2=1099068&view=diff
==============================================================================
---
james/imap/trunk/processor/src/main/java/org/apache/james/imap/processor/LoginProcessor.java
(original)
+++
james/imap/trunk/processor/src/main/java/org/apache/james/imap/processor/LoginProcessor.java
Tue May 3 14:22:27 2011
@@ -19,6 +19,9 @@
package org.apache.james.imap.processor;
+import java.util.ArrayList;
+import java.util.List;
+
import org.apache.james.imap.api.ImapCommand;
import org.apache.james.imap.api.display.HumanReadableText;
import org.apache.james.imap.api.message.response.StatusResponseFactory;
@@ -30,7 +33,7 @@ import org.apache.james.mailbox.MailboxM
/**
* Processes a <code>LOGIN</code> command.
*/
-public class LoginProcessor extends AbstractAuthProcessor<LoginRequest> {
+public class LoginProcessor extends AbstractAuthProcessor<LoginRequest>
implements CapabilityImplementingProcessor{
public LoginProcessor(final ImapProcessor next, final MailboxManager
mailboxManager, final StatusResponseFactory factory) {
super(LoginRequest.class, next, mailboxManager, factory);
@@ -43,7 +46,25 @@ public class LoginProcessor extends Abst
protected void doProcess(LoginRequest request, ImapSession session, String
tag, ImapCommand command, Responder responder) {
final String userid = request.getUserid();
final String passwd = request.getPassword();
-
- doAuth(userid, passwd, session, tag, command, responder,
HumanReadableText.INVALID_LOGIN);
+ // check if the login is allowed with LOGIN command. See IMAP-304
+ if (session.isPlainAuthDisallowed() && session.isTLSActive() ==
false) {
+ no(command, tag, responder, HumanReadableText.DISABLED_LOGIN);
+ } else {
+ doAuth(userid, passwd, session, tag, command, responder,
HumanReadableText.INVALID_LOGIN);
+ }
+ }
+
+ /*
+ * (non-Javadoc)
+ * @see
org.apache.james.imap.processor.CapabilityImplementingProcessor#getImplementedCapabilities(org.apache.james.imap.api.process.ImapSession)
+ */
+ public List<String> getImplementedCapabilities(ImapSession session) {
+ List<String> caps = new ArrayList<String>();
+ // Announce LOGINDISABLED if plain auth / login is deactivated and the
session is not using
+ // TLS. See IMAP-304
+ if (session.isPlainAuthDisallowed() && session.isTLSActive() == false)
{
+ caps.add("LOGINDISABLED");
+ }
+ return caps;
}
}
Modified:
james/imap/trunk/processor/src/test/java/org/apache/james/imap/processor/base/MailboxEventAnalyserTest.java
URL:
http://svn.apache.org/viewvc/james/imap/trunk/processor/src/test/java/org/apache/james/imap/processor/base/MailboxEventAnalyserTest.java?rev=1099068&r1=1099067&r2=1099068&view=diff
==============================================================================
---
james/imap/trunk/processor/src/test/java/org/apache/james/imap/processor/base/MailboxEventAnalyserTest.java
(original)
+++
james/imap/trunk/processor/src/test/java/org/apache/james/imap/processor/base/MailboxEventAnalyserTest.java
Tue May 3 14:22:27 2011
@@ -175,6 +175,15 @@ public class MailboxEventAnalyserTest {
public void authenticated() {
}
+
+ public boolean isPlainAuthDisallowed() {
+ return false;
+ }
+
+ public boolean isTLSActive() {
+ // TODO Auto-generated method stub
+ return false;
+ }
};
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
