[exo-jcr-commits] exo-jcr SVN: r4271 - in core/trunk: exo.core.component.organization.api/src/main/java/org/exoplatform/services/organization/auth and 5 other directories.
do-not-reply at jboss.org
do-not-reply at jboss.org
Fri Apr 22 04:36:08 EDT 2011
Author: dkuleshov
Date: 2011-04-22 04:36:08 -0400 (Fri, 22 Apr 2011)
New Revision: 4271
Added:
core/trunk/exo.core.component.organization.api/src/main/java/org/exoplatform/services/organization/ExtendedUserHandler.java
core/trunk/exo.core.component.security.core/src/main/java/org/exoplatform/services/security/DigestPasswordEncrypter.java
core/trunk/exo.core.component.security.core/src/main/java/org/exoplatform/services/security/j2ee/DigestAuthenticationJbossLoginModule.java
core/trunk/exo.core.component.security.core/src/main/java/org/exoplatform/services/security/j2ee/DigestAuthenticationJettyLoginModule.java
core/trunk/exo.core.component.security.core/src/main/java/org/exoplatform/services/security/j2ee/DigestAuthenticationTomcatLoginModule.java
Removed:
core/trunk/exo.core.component.organization.api/src/main/java/org/exoplatform/services/organization/DigestAuthenticator.java
core/trunk/exo.core.component.security.core/src/main/java/org/exoplatform/services/security/DigestAuthenticationHelper.java
Modified:
core/trunk/exo.core.component.organization.api/src/main/java/org/exoplatform/services/organization/auth/OrganizationAuthenticatorImpl.java
core/trunk/exo.core.component.organization.api/src/main/java/org/exoplatform/services/organization/impl/mock/DummyOrganizationService.java
core/trunk/exo.core.component.organization.jdbc/src/main/java/org/exoplatform/services/organization/hibernate/UserDAOImpl.java
core/trunk/exo.core.component.organization.jdbc/src/main/java/org/exoplatform/services/organization/jdbc/UserDAOImpl.java
core/trunk/exo.core.component.security.core/src/main/java/org/exoplatform/services/security/j2ee/JbossLoginModule.java
core/trunk/exo.core.component.security.core/src/main/java/org/exoplatform/services/security/j2ee/JettyLoginModule.java
core/trunk/exo.core.component.security.core/src/main/java/org/exoplatform/services/security/j2ee/TomcatLoginModule.java
Log:
EXOJCR-1019: digest auth redesigned
Deleted: core/trunk/exo.core.component.organization.api/src/main/java/org/exoplatform/services/organization/DigestAuthenticator.java
===================================================================
--- core/trunk/exo.core.component.organization.api/src/main/java/org/exoplatform/services/organization/DigestAuthenticator.java 2011-04-21 18:32:09 UTC (rev 4270)
+++ core/trunk/exo.core.component.organization.api/src/main/java/org/exoplatform/services/organization/DigestAuthenticator.java 2011-04-22 08:36:08 UTC (rev 4271)
@@ -1,43 +0,0 @@
-/*
- * Copyright (C) 2009 eXo Platform SAS.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-
-package org.exoplatform.services.organization;
-
-import org.exoplatform.services.security.Credential;
-
-/**
- * Created by The eXo Platform SAS .
- *
- * @author Dmitry Kuleshov
- * @version $Id: $
- */
-
-public interface DigestAuthenticator
-{
- /**
- * Checks if user's credentials are valid.
- * It is more flexible because Credential may contain password context
- * or some other useful data.
- * @param credentials
- * @return return true if the username and the password matches
- * the database record, else return false.
- * @throws Exception throw an exception if cannot access the database
- */
- public boolean authenticate(Credential[] credentials) throws Exception;
-}
Added: core/trunk/exo.core.component.organization.api/src/main/java/org/exoplatform/services/organization/ExtendedUserHandler.java
===================================================================
--- core/trunk/exo.core.component.organization.api/src/main/java/org/exoplatform/services/organization/ExtendedUserHandler.java (rev 0)
+++ core/trunk/exo.core.component.organization.api/src/main/java/org/exoplatform/services/organization/ExtendedUserHandler.java 2011-04-22 08:36:08 UTC (rev 4271)
@@ -0,0 +1,43 @@
+/*
+ * Copyright (C) 2009 eXo Platform SAS.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+
+package org.exoplatform.services.organization;
+
+import org.exoplatform.services.security.PasswordEncrypter;
+
+/**
+ * Created by The eXo Platform SAS .
+ *
+ * @author Dmitry Kuleshov
+ * @version $Id: $
+ */
+
+public interface ExtendedUserHandler
+{
+ /**
+ * Checks if user's credentials are valid.
+ * It is more flexible because Credential may contain password context
+ * or some other useful data.
+ * @param credentials
+ * @return return true if the username and the password matches
+ * the database record, else return false.
+ * @throws Exception throw an exception if cannot access the database
+ */
+ public boolean authenticate(String username, String password, PasswordEncrypter pe) throws Exception;
+}
Modified: core/trunk/exo.core.component.organization.api/src/main/java/org/exoplatform/services/organization/auth/OrganizationAuthenticatorImpl.java
===================================================================
--- core/trunk/exo.core.component.organization.api/src/main/java/org/exoplatform/services/organization/auth/OrganizationAuthenticatorImpl.java 2011-04-21 18:32:09 UTC (rev 4270)
+++ core/trunk/exo.core.component.organization.api/src/main/java/org/exoplatform/services/organization/auth/OrganizationAuthenticatorImpl.java 2011-04-22 08:36:08 UTC (rev 4271)
@@ -22,12 +22,13 @@
import org.exoplatform.container.component.RequestLifeCycle;
import org.exoplatform.services.log.ExoLogger;
import org.exoplatform.services.log.Log;
-import org.exoplatform.services.organization.DigestAuthenticator;
+import org.exoplatform.services.organization.ExtendedUserHandler;
import org.exoplatform.services.organization.Membership;
import org.exoplatform.services.organization.OrganizationService;
import org.exoplatform.services.organization.UserHandler;
import org.exoplatform.services.security.Authenticator;
import org.exoplatform.services.security.Credential;
+import org.exoplatform.services.security.DigestPasswordEncrypter;
import org.exoplatform.services.security.Identity;
import org.exoplatform.services.security.MembershipEntry;
import org.exoplatform.services.security.PasswordCredential;
@@ -37,6 +38,7 @@
import java.util.Collection;
import java.util.HashSet;
+import java.util.Map;
import java.util.Set;
import javax.security.auth.login.LoginException;
@@ -114,16 +116,22 @@
*/
public String validateUser(Credential[] credentials) throws LoginException, Exception
{
- String user = null;
+ String username = null;
String password = null;
+ Map<String, String> passwordContext= null;
for (Credential cred : credentials)
{
if (cred instanceof UsernameCredential)
- user = ((UsernameCredential)cred).getUsername();
+ {
+ username = ((UsernameCredential)cred).getUsername();
+ }
if (cred instanceof PasswordCredential)
+ {
password = ((PasswordCredential)cred).getPassword();
+ passwordContext = ((PasswordCredential)cred).getPasswordContext();
+ }
}
- if (user == null || password == null)
+ if (username == null || password == null)
throw new LoginException("Username or Password is not defined");
if (this.encrypter != null)
@@ -132,20 +140,21 @@
begin(orgService);
boolean success;
Object userHandler = orgService.getUserHandler();
- if (userHandler instanceof DigestAuthenticator)
+ if (passwordContext != null && userHandler instanceof ExtendedUserHandler)
{
- success = ((DigestAuthenticator)userHandler).authenticate(credentials);
+ PasswordEncrypter pe = new DigestPasswordEncrypter(username, passwordContext);
+ success = ((ExtendedUserHandler)userHandler).authenticate(username, password, pe);
}
else
{
- success = ((UserHandler)userHandler).authenticate(user, password);
+ success = ((UserHandler)userHandler).authenticate(username, password);
}
end(orgService);
if (!success)
- throw new LoginException("Login failed for " + user.replace("\n", " ").replace("\r", " "));
+ throw new LoginException("Login failed for " + username.replace("\n", " ").replace("\r", " "));
- return user;
+ return username;
}
public void begin(OrganizationService orgService) throws Exception
Modified: core/trunk/exo.core.component.organization.api/src/main/java/org/exoplatform/services/organization/impl/mock/DummyOrganizationService.java
===================================================================
--- core/trunk/exo.core.component.organization.api/src/main/java/org/exoplatform/services/organization/impl/mock/DummyOrganizationService.java 2011-04-21 18:32:09 UTC (rev 4270)
+++ core/trunk/exo.core.component.organization.api/src/main/java/org/exoplatform/services/organization/impl/mock/DummyOrganizationService.java 2011-04-22 08:36:08 UTC (rev 4271)
@@ -25,7 +25,7 @@
import org.exoplatform.commons.utils.ListAccess;
import org.exoplatform.commons.utils.PageList;
import org.exoplatform.services.organization.BaseOrganizationService;
-import org.exoplatform.services.organization.DigestAuthenticator;
+import org.exoplatform.services.organization.ExtendedUserHandler;
import org.exoplatform.services.organization.Group;
import org.exoplatform.services.organization.GroupEventListener;
import org.exoplatform.services.organization.GroupHandler;
@@ -43,16 +43,12 @@
import org.exoplatform.services.organization.impl.MembershipImpl;
import org.exoplatform.services.organization.impl.UserImpl;
import org.exoplatform.services.organization.impl.UserProfileImpl;
-import org.exoplatform.services.security.Credential;
-import org.exoplatform.services.security.DigestAuthenticationHelper;
-import org.exoplatform.services.security.PasswordCredential;
-import org.exoplatform.services.security.UsernameCredential;
+import org.exoplatform.services.security.PasswordEncrypter;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
-import java.util.Map;
/**
* @author benjaminmestrallet
@@ -154,7 +150,7 @@
}
}
- static public class UserHandlerImpl implements UserHandler, DigestAuthenticator
+ static public class UserHandlerImpl implements UserHandler, ExtendedUserHandler
{
private static final int DEFAULT_LIST_SIZE = 6;
@@ -303,31 +299,9 @@
{
}
- public boolean authenticate(String username, String password) throws Exception
+ public boolean authenticate(String username, String password, PasswordEncrypter pe) throws Exception
{
- return authenticate(new Credential[]{new UsernameCredential(username), new PasswordCredential(password)});
- }
-
- public boolean authenticate(Credential[] credentials) throws Exception
- {
- String username = null;
- String password = null;
- Map<String, String> passwordContext = null;
- for (Credential cred : credentials)
- {
- if (cred instanceof UsernameCredential)
- {
- username = ((UsernameCredential)cred).getUsername();
- }
- if (cred instanceof PasswordCredential)
- {
- password = ((PasswordCredential)cred).getPassword();
- passwordContext = ((PasswordCredential)cred).getPasswordContext();
- }
- }
-
Iterator<User> it = users.iterator();
-
User usr = null;
User temp = null;
while (it.hasNext())
@@ -346,7 +320,7 @@
{
return true;
}
- if (passwordContext == null)
+ if (pe == null)
{
if (usr.getPassword().equals(password))
{
@@ -357,7 +331,7 @@
else
{
// so we need calculate MD5 cast
- String dp = DigestAuthenticationHelper.calculatePassword(username, usr.getPassword(), passwordContext);
+ String dp = new String(pe.encrypt(usr.getPassword().getBytes()));
// to compare it to sent by client
if (dp.equals(password))
{
@@ -367,9 +341,13 @@
}
return false;
+
}
-
+ public boolean authenticate(String username, String password) throws Exception
+ {
+ return authenticate(username, password, null);
+ }
}
public static class GroupHandlerImpl implements GroupHandler
Modified: core/trunk/exo.core.component.organization.jdbc/src/main/java/org/exoplatform/services/organization/hibernate/UserDAOImpl.java
===================================================================
--- core/trunk/exo.core.component.organization.jdbc/src/main/java/org/exoplatform/services/organization/hibernate/UserDAOImpl.java 2011-04-21 18:32:09 UTC (rev 4270)
+++ core/trunk/exo.core.component.organization.jdbc/src/main/java/org/exoplatform/services/organization/hibernate/UserDAOImpl.java 2011-04-22 08:36:08 UTC (rev 4271)
@@ -25,17 +25,14 @@
import org.exoplatform.services.cache.ExoCache;
import org.exoplatform.services.database.HibernateService;
import org.exoplatform.services.database.ObjectQuery;
-import org.exoplatform.services.organization.DigestAuthenticator;
+import org.exoplatform.services.organization.ExtendedUserHandler;
import org.exoplatform.services.organization.Query;
import org.exoplatform.services.organization.User;
import org.exoplatform.services.organization.UserEventListener;
import org.exoplatform.services.organization.UserEventListenerHandler;
import org.exoplatform.services.organization.UserHandler;
import org.exoplatform.services.organization.impl.UserImpl;
-import org.exoplatform.services.security.Credential;
-import org.exoplatform.services.security.DigestAuthenticationHelper;
-import org.exoplatform.services.security.PasswordCredential;
-import org.exoplatform.services.security.UsernameCredential;
+import org.exoplatform.services.security.PasswordEncrypter;
import org.hibernate.Session;
import org.hibernate.Transaction;
@@ -45,13 +42,12 @@
import java.util.Collection;
import java.util.Collections;
import java.util.List;
-import java.util.Map;
/**
* Created by The eXo Platform SAS Author : Mestrallet Benjamin benjmestrallet at users.sourceforge.net
* Author : Tuan Nguyen tuan08 at users.sourceforge.net Date: Aug 22, 2003 Time: 4:51:21 PM
*/
-public class UserDAOImpl implements UserHandler, UserEventListenerHandler, DigestAuthenticator
+public class UserDAOImpl implements UserHandler, UserEventListenerHandler, ExtendedUserHandler
{
public static final String queryFindUserByName =
"from u in class org.exoplatform.services.organization.impl.UserImpl " + "where u.userName = ?";
@@ -179,40 +175,26 @@
public boolean authenticate(String username, String password) throws Exception
{
- return authenticate(new Credential[]{new UsernameCredential(username), new PasswordCredential(password)});
+ return authenticate(username, password, null);
}
- public boolean authenticate(Credential[] credentials) throws Exception
+ public boolean authenticate(String username, String password, PasswordEncrypter pe) throws Exception
{
- String username = null;
- String password = null;
- Map<String, String> passwordContext= null;
- for (Credential cred : credentials)
- {
- if (cred instanceof UsernameCredential)
- {
- username = ((UsernameCredential)cred).getUsername();
- }
- if (cred instanceof PasswordCredential)
- {
- password = ((PasswordCredential)cred).getPassword();
- passwordContext = ((PasswordCredential)cred).getPasswordContext();
- }
- }
-
User user = findUserByName(username);
if (user == null)
+ {
return false;
+ }
boolean authenticated;
- if (passwordContext == null)
+ if (pe == null)
{
authenticated = user.getPassword().equals(password);
}
else
{
- authenticated =
- DigestAuthenticationHelper.calculatePassword(username, user.getPassword(), passwordContext).equals(password);
+ String encryptedPassword = new String(pe.encrypt(user.getPassword().getBytes()));
+ authenticated = encryptedPassword.equals(password);
}
if (authenticated)
{
Modified: core/trunk/exo.core.component.organization.jdbc/src/main/java/org/exoplatform/services/organization/jdbc/UserDAOImpl.java
===================================================================
--- core/trunk/exo.core.component.organization.jdbc/src/main/java/org/exoplatform/services/organization/jdbc/UserDAOImpl.java 2011-04-21 18:32:09 UTC (rev 4270)
+++ core/trunk/exo.core.component.organization.jdbc/src/main/java/org/exoplatform/services/organization/jdbc/UserDAOImpl.java 2011-04-22 08:36:08 UTC (rev 4271)
@@ -28,7 +28,7 @@
import org.exoplatform.services.listener.ListenerService;
import org.exoplatform.services.log.ExoLogger;
import org.exoplatform.services.log.Log;
-import org.exoplatform.services.organization.DigestAuthenticator;
+import org.exoplatform.services.organization.ExtendedUserHandler;
import org.exoplatform.services.organization.Group;
import org.exoplatform.services.organization.GroupHandler;
import org.exoplatform.services.organization.Membership;
@@ -38,19 +38,15 @@
import org.exoplatform.services.organization.User;
import org.exoplatform.services.organization.UserEventListener;
import org.exoplatform.services.organization.UserHandler;
-import org.exoplatform.services.security.Credential;
-import org.exoplatform.services.security.DigestAuthenticationHelper;
-import org.exoplatform.services.security.PasswordCredential;
-import org.exoplatform.services.security.UsernameCredential;
+import org.exoplatform.services.security.PasswordEncrypter;
import java.util.Calendar;
import java.util.List;
-import java.util.Map;
/**
* Created by The eXo Platform SAS Apr 7, 2007
*/
-public class UserDAOImpl extends StandardSQLDAO<UserImpl> implements UserHandler, DigestAuthenticator
+public class UserDAOImpl extends StandardSQLDAO<UserImpl> implements UserHandler, ExtendedUserHandler
{
protected static Log log = ExoLogger.getLogger("exo.core.component.organization.jdbc.UserDAOImpl");
@@ -87,44 +83,32 @@
public boolean authenticate(String username, String password) throws Exception
{
- return authenticate(new Credential[]{new UsernameCredential(username), new PasswordCredential(password)});
+ return authenticate(username, password, null);
}
- public boolean authenticate(Credential[] credentials) throws Exception
+ public boolean authenticate(String username, String password, PasswordEncrypter pe) throws Exception
{
- String username = null;
- String password = null;
- Map<String, String> passwordContext = null;
- for (Credential cred : credentials)
- {
- if (cred instanceof UsernameCredential)
- {
- username = ((UsernameCredential)cred).getUsername();
- }
- if (cred instanceof PasswordCredential)
- {
- password = ((PasswordCredential)cred).getPassword();
- passwordContext = ((PasswordCredential)cred).getPasswordContext();
- }
- }
-
User user = findUserByName(username);
if (user == null)
+ {
return false;
+ }
boolean authenticated;
- if (passwordContext == null)
+ if (pe == null)
{
authenticated = user.getPassword().equals(password);
}
else
{
- authenticated =
- DigestAuthenticationHelper.calculatePassword(username, user.getPassword(), passwordContext).equals(password);
+ String encryptedPassword = new String(pe.encrypt(user.getPassword().getBytes()));
+ authenticated = encryptedPassword.equals(password);
}
if (log.isDebugEnabled())
+ {
log.debug("+++++++++++AUTHENTICATE USERNAME " + username + " AND PASS " + password + " - " + authenticated);
+ }
if (authenticated)
{
UserImpl userImpl = (UserImpl)user;
@@ -243,5 +227,4 @@
public void addUserEventListener(UserEventListener listener)
{
}
-
}
Deleted: core/trunk/exo.core.component.security.core/src/main/java/org/exoplatform/services/security/DigestAuthenticationHelper.java
===================================================================
--- core/trunk/exo.core.component.security.core/src/main/java/org/exoplatform/services/security/DigestAuthenticationHelper.java 2011-04-21 18:32:09 UTC (rev 4270)
+++ core/trunk/exo.core.component.security.core/src/main/java/org/exoplatform/services/security/DigestAuthenticationHelper.java 2011-04-22 08:36:08 UTC (rev 4271)
@@ -1,111 +0,0 @@
-/*
- * Copyright (C) 2009 eXo Platform SAS.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.exoplatform.services.security;
-
-import java.security.MessageDigest;
-import java.security.NoSuchAlgorithmException;
-import java.util.Map;
-
-/**
- * @author Dmitry Kuleshov
- * @version $Id:$
- */
-
-public class DigestAuthenticationHelper
-{
-
- /**
- * Number of HEX digits used for A1, A2 strings and password encoding.
- * More information is settled in<a href=http://www.apps.ietf.org/rfc/rfc2617.html#sec-3.2.2>RFC-2617</a>.
- */
- private static int HASH_HEX_LENGTH = 32;
-
- public static String calculatePassword(String username, String originalPassword, Map<String, String> passwordContext)
- throws NoSuchAlgorithmException
- {
- // fetch needed data
- String nc = passwordContext.get("nc");
- String a2 = passwordContext.get("md5a2");
- String uri = passwordContext.get("uri");
- String qop = passwordContext.get("qop");
- String nonce = passwordContext.get("nonce");
- String realm = passwordContext.get("realmName");
- String cnonce = passwordContext.get("cnonce");
- String entity = passwordContext.get("entity");
- String method = passwordContext.get("method");
- if (realm == null)
- {
- // in case we have a jboss server, it uses 'realm' name
- realm = passwordContext.get("realm");
- }
- if (a2 == null)
- {
- // in case we have a jboss server, it uses 'a2hash' name
- a2 = passwordContext.get("a2hash");
- }
-
- MessageDigest md = MessageDigest.getInstance("MD5");
- // calculate MD5 hash of A1 string
- String a1 = username + ":" + realm + ":" + originalPassword;
- md.update(a1.getBytes());
- // encode A1 in HEX digits
- a1 = convertToHex(md.digest());
-
- // if encoded A2 MD5 hash is not supplied by server
- // we need to calculate it manually
- if (a2 == null)
- {
- if (qop.equals("auth"))
- {
- md.update((method + ":" + uri).getBytes());
- a2 = convertToHex(md.digest());
- }
- else if (qop.equals("auth-int"))
- {
- md.update((method + ":" + uri + ":" + convertToHex(entity.getBytes())).getBytes());
- a2 = convertToHex(md.digest());
- }
- }
-
- // create a digest using provided data
- String digest = a1 + ":" + nonce + ":" + nc + ":" + cnonce + ":" + qop + ":" + a2;
- md.update(digest.getBytes());
- // return encoded hash using HEX digits digest
- return convertToHex(md.digest());
- }
-
- public static String convertToHex(byte[] bin)
- {
- StringBuffer tmpStr = new StringBuffer(HASH_HEX_LENGTH);
- int digit;
-
- for (int i = 0; i < HASH_HEX_LENGTH / 2; i++)
- {
- // get integer presentation of left 4 bits of byte
- digit = (bin[i] >> 4) & 0xf;
- // append HEX digit
- tmpStr.append(Integer.toHexString(digit));
- // get integer presentation of right 4 bits of byte
- digit = bin[i] & 0xf;
- tmpStr.append(Integer.toHexString(digit));
-
- };
- return tmpStr.toString();
- }
-}
Added: core/trunk/exo.core.component.security.core/src/main/java/org/exoplatform/services/security/DigestPasswordEncrypter.java
===================================================================
--- core/trunk/exo.core.component.security.core/src/main/java/org/exoplatform/services/security/DigestPasswordEncrypter.java (rev 0)
+++ core/trunk/exo.core.component.security.core/src/main/java/org/exoplatform/services/security/DigestPasswordEncrypter.java 2011-04-22 08:36:08 UTC (rev 4271)
@@ -0,0 +1,133 @@
+/*
+* Copyright (C) 2009 eXo Platform SAS.
+*
+* This is free software; you can redistribute it and/or modify it
+* under the terms of the GNU Lesser General Public License as
+* published by the Free Software Foundation; either version 2.1 of
+* the License, or (at your option) any later version.
+*
+* This software is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+* Lesser General Public License for more details.
+*
+* You should have received a copy of the GNU Lesser General Public
+* License along with this software; if not, write to the Free
+* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+*/
+
+package org.exoplatform.services.security;
+
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
+import java.util.Map;
+
+/**
+ * Created by The eXo Platform SAS.
+ * Encapsulates Digest Authentication encryption algorithm.
+ * More info <a href=http://www.faqs.org/rfcs/rfc2617.html>here</a>.
+ *
+ * @author Dmitry Kuleshov
+ * @version $Id: $
+ */
+
+public class DigestPasswordEncrypter implements PasswordEncrypter
+{
+ final private int HASH_HEX_LENGTH = 32;
+
+ final private Map<String, String> context;
+
+ final private String username;
+
+ public DigestPasswordEncrypter(String username, Map<String, String> context)
+ {
+ this.context = context;
+ this.username = username;
+ }
+
+ /**
+ * Number of HEX digits used for A1, A2 strings and password encoding.
+ * More information is settled in<a href=http://www.apps.ietf.org/rfc/rfc2617.html#sec-3.2.2>RFC-2617</a>.
+ */
+
+ private String convertToHex(byte[] bin)
+ {
+ StringBuffer tmpStr = new StringBuffer(HASH_HEX_LENGTH);
+ int digit;
+
+ for (int i = 0; i < HASH_HEX_LENGTH / 2; i++)
+ {
+ // get integer presentation of left 4 bits of byte
+ digit = (bin[i] >> 4) & 0xf;
+ // append HEX digit
+ tmpStr.append(Integer.toHexString(digit));
+ // get integer presentation of right 4 bits of byte
+ digit = bin[i] & 0xf;
+ tmpStr.append(Integer.toHexString(digit));
+
+ };
+ return tmpStr.toString();
+ }
+
+ public byte[] encrypt(byte[] plainPassword)
+ {
+ String nc = context.get("nc");
+ String a2 = context.get("md5a2");
+ String uri = context.get("uri");
+ String qop = context.get("qop");
+ String nonce = context.get("nonce");
+ String realm = context.get("realmName");
+ String cnonce = context.get("cnonce");
+ String entity = context.get("entity");
+ String method = context.get("method");
+ if (realm == null)
+ {
+ // in case we have a jboss server, it uses 'realm' name
+ realm = context.get("realm");
+ }
+ if (a2 == null)
+ {
+ // in case we have a jboss server, it uses 'a2hash' name
+ a2 = context.get("a2hash");
+ }
+
+ MessageDigest md = null;
+ try
+ {
+ md = MessageDigest.getInstance("MD5");
+ }
+ catch (NoSuchAlgorithmException e)
+ {
+ //TODO add exologger
+ }
+ // calculate MD5 hash of A1 string
+ String a1 = username + ":" + realm + ":" + new String(plainPassword);
+ md.update(a1.getBytes());
+ // encode A1 in HEX digits
+ a1 = convertToHex(md.digest());
+
+ // if encoded A2 MD5 hash is not supplied by server
+ // we need to calculate it manually
+ if (a2 == null)
+ {
+ if (qop.equals("auth"))
+ {
+ md.update((method + ":" + uri).getBytes());
+ a2 = convertToHex(md.digest());
+ }
+ else if (qop.equals("auth-int"))
+ {
+ md.update((method + ":" + uri + ":" + convertToHex(entity.getBytes())).getBytes());
+ a2 = convertToHex(md.digest());
+ }
+ }
+
+ // create a digest using provided data
+ String digest = a1 + ":" + nonce + ":" + nc + ":" + cnonce + ":" + qop + ":" + a2;
+ md.update(digest.getBytes());
+ // return encoded hash using HEX digits digest
+ return convertToHex(md.digest()).getBytes();
+
+ }
+}
Added: core/trunk/exo.core.component.security.core/src/main/java/org/exoplatform/services/security/j2ee/DigestAuthenticationJbossLoginModule.java
===================================================================
--- core/trunk/exo.core.component.security.core/src/main/java/org/exoplatform/services/security/j2ee/DigestAuthenticationJbossLoginModule.java (rev 0)
+++ core/trunk/exo.core.component.security.core/src/main/java/org/exoplatform/services/security/j2ee/DigestAuthenticationJbossLoginModule.java 2011-04-22 08:36:08 UTC (rev 4271)
@@ -0,0 +1,234 @@
+/*
+ * Copyright (C) 2009 eXo Platform SAS.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.exoplatform.services.security.j2ee;
+
+import org.exoplatform.services.security.Authenticator;
+import org.exoplatform.services.security.Credential;
+import org.exoplatform.services.security.Identity;
+import org.exoplatform.services.security.PasswordCredential;
+import org.exoplatform.services.security.UsernameCredential;
+import org.jboss.security.auth.callback.MapCallback;
+
+import java.io.IOException;
+import java.util.HashMap;
+import java.util.Map;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.NameCallback;
+import javax.security.auth.callback.PasswordCallback;
+import javax.security.auth.callback.UnsupportedCallbackException;
+import javax.security.auth.login.LoginException;
+
+/**
+ * Created by The eXo Platform SAS .
+ *
+ * @author Dmitry Kuleshov
+ * @version $Id: $
+ */
+
+public class DigestAuthenticationJbossLoginModule extends JbossLoginModule
+{
+ /**
+ * To retrieve password context during Digest Authentication.
+ */
+ private MapCallback[] mapCallback = {new MapCallback()};
+ /**
+ * {@inheritDoc}
+ */
+ @SuppressWarnings("unchecked")
+ @Override
+ public boolean login() throws LoginException
+ {
+ if (log.isDebugEnabled())
+ {
+ log.debug("In login of JbossLoginModule.");
+ }
+ try
+ {
+ if (sharedState.containsKey("exo.security.identity"))
+ {
+ if (log.isDebugEnabled())
+ {
+ log.debug("Use Identity from previous LoginModule");
+ }
+ identity = (Identity)sharedState.get("exo.security.identity");
+ }
+ else
+ {
+ if (!digestAuthenticationIsUsed())
+ {
+ return super.login();
+ }
+
+ if (log.isDebugEnabled())
+ {
+ log.debug("Try create identity");
+ }
+
+ Authenticator authenticator = (Authenticator)getContainer().getComponentInstanceOfType(Authenticator.class);
+
+ if (authenticator == null)
+ {
+ throw new LoginException("No Authenticator component found, check your configuration");
+ }
+
+ String userId = authenticator.validateUser(getCredentials());
+
+ identity = authenticator.createIdentity(userId);
+ sharedState.put("javax.security.auth.login.name", userId);
+ subject.getPrivateCredentials().add(getPassword());
+ subject.getPublicCredentials().add(getUsername());
+ }
+ return true;
+
+ }
+ catch (final Throwable e)
+ {
+ if (log.isDebugEnabled())
+ {
+ log.debug(e.getMessage(), e);
+ }
+
+ throw new LoginException(e.getMessage());
+ }
+ }
+
+ /**
+ * An utility method handles mapCallback and also checks if digest authentication is used.
+ * @return true if digest authentication is used, otherwise - false
+ * @throws IOException
+ */
+ private boolean digestAuthenticationIsUsed() throws IOException
+ {
+ try
+ {
+ // here we're trying to handle mapCallback
+ // if it is handled successfully than digest
+ // authentication is used
+ callbackHandler.handle(mapCallback);
+ return true;
+ }
+ catch (UnsupportedCallbackException uce)
+ {
+ // otherwise UnsupportedCallbackException is thrown
+ return false;
+ }
+ }
+
+ /**
+ * An utility method to retrieve credentials. All needed for password hashing information
+ * is retrieved from MapCallback. NameCallback and PasswordCallback are used to correspondingly
+ * retrieve username and password.
+ * @return Credential
+ * @throws IOException
+ * @throws Exception
+ */
+ private Credential[] getCredentials() throws IOException
+ {
+ String username = null;
+ String password = null;
+ Map<String, String> passwordContext = new HashMap<String, String>();
+
+ passwordContext.put("qop", (String)mapCallback[0].getInfo("qop"));
+ passwordContext.put("nonce", (String)mapCallback[0].getInfo("nonce"));
+ passwordContext.put("cnonce", (String)mapCallback[0].getInfo("cnonce"));
+ passwordContext.put("a2hash", (String)mapCallback[0].getInfo("a2hash"));
+ passwordContext.put("nc", (String)mapCallback[0].getInfo("nc"));
+ passwordContext.put("realm", (String)mapCallback[0].getInfo("realm"));
+
+ try
+ {
+ Callback[] nameCallback = {new NameCallback("Username")};
+ callbackHandler.handle(nameCallback);
+ username = ((NameCallback)nameCallback[0]).getName();
+ }
+ catch (UnsupportedCallbackException e)
+ {
+ if (log.isErrorEnabled())
+ {
+ log.error("Error on retrieving username from callback handler! ", e);
+ }
+ }
+
+ try
+ {
+ Callback[] passwordCallback = {new PasswordCallback("Password", false)};
+ callbackHandler.handle(passwordCallback);
+ password = new String(((PasswordCallback)passwordCallback[0]).getPassword());
+ ((PasswordCallback)passwordCallback[0]).clearPassword();
+ }
+ catch (UnsupportedCallbackException e)
+ {
+ if (log.isErrorEnabled())
+ {
+ log.error("Error on retrieving password from callback handler! ", e);
+ }
+ }
+
+ if (username == null || password == null)
+ {
+ return null;
+ }
+
+ return new Credential[]{new UsernameCredential(username), new PasswordCredential(password, passwordContext)};
+ }
+
+ private UsernameCredential getUsername() throws IOException
+ {
+ String username = null;
+
+ try
+ {
+ Callback[] nameCallback = {new NameCallback("Username")};
+ callbackHandler.handle(nameCallback);
+ username = ((NameCallback)nameCallback[0]).getName();
+ }
+ catch (UnsupportedCallbackException e)
+ {
+ if (log.isErrorEnabled())
+ {
+ log.error("Error on retrieving username from callback handler! ", e);
+ }
+ }
+
+ return new UsernameCredential(username);
+ }
+
+ private String getPassword() throws IOException
+ {
+ String password = null;
+
+ try
+ {
+ Callback[] passwordCallback = {new PasswordCallback("Password", false)};
+ callbackHandler.handle(passwordCallback);
+ password = new String(((PasswordCallback)passwordCallback[0]).getPassword());
+ ((PasswordCallback)passwordCallback[0]).clearPassword();
+ }
+ catch (UnsupportedCallbackException e)
+ {
+ if (log.isErrorEnabled())
+ {
+ log.error("Error on retrieving password from callback handler! ", e);
+ }
+ }
+
+ return password;
+ }
+}
Added: core/trunk/exo.core.component.security.core/src/main/java/org/exoplatform/services/security/j2ee/DigestAuthenticationJettyLoginModule.java
===================================================================
--- core/trunk/exo.core.component.security.core/src/main/java/org/exoplatform/services/security/j2ee/DigestAuthenticationJettyLoginModule.java (rev 0)
+++ core/trunk/exo.core.component.security.core/src/main/java/org/exoplatform/services/security/j2ee/DigestAuthenticationJettyLoginModule.java 2011-04-22 08:36:08 UTC (rev 4271)
@@ -0,0 +1,249 @@
+/*
+ * Copyright (C) 2009 eXo Platform SAS.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.exoplatform.services.security.j2ee;
+
+import org.eclipse.jetty.plus.jaas.callback.ObjectCallback;
+import org.eclipse.jetty.security.authentication.DigestAuthenticator;
+import org.exoplatform.services.security.Authenticator;
+import org.exoplatform.services.security.Credential;
+import org.exoplatform.services.security.Identity;
+import org.exoplatform.services.security.PasswordCredential;
+import org.exoplatform.services.security.UsernameCredential;
+
+import java.io.IOException;
+import java.lang.reflect.Field;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.Map;
+import java.util.Set;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.UnsupportedCallbackException;
+import javax.security.auth.login.LoginException;
+
+/**
+ * Created by The eXo Platform SAS .
+ *
+ * @author Dmitry Kuleshov
+ * @version $Id: $
+ */
+public class DigestAuthenticationJettyLoginModule extends JettyLoginModule
+{
+ /**
+ * To retrieve an object instance containing needed password context.
+ */
+ private Callback[] objectCallback = {new ObjectCallback()};
+
+ /**
+ * {@inheritDoc}
+ */
+ @SuppressWarnings("unchecked")
+ @Override
+ public boolean login() throws LoginException
+ {
+ if (log.isDebugEnabled())
+ {
+ log.debug("In login of JettyLoginModule.");
+ }
+ try
+ {
+ if (sharedState.containsKey("exo.security.identity"))
+ {
+ if (log.isDebugEnabled())
+ {
+ log.debug("Use Identity from previous LoginModule");
+ }
+ identity = (Identity)sharedState.get("exo.security.identity");
+ }
+ else
+ {
+ if (!digestAuthenticationIsUsed())
+ {
+ return super.login();
+ }
+
+ if (log.isDebugEnabled())
+ {
+ log.debug("Try create identity");
+ }
+
+ Authenticator authenticator = (Authenticator)getContainer().getComponentInstanceOfType(Authenticator.class);
+
+ if (authenticator == null)
+ {
+ throw new LoginException("No Authenticator component found, check your configuration");
+ }
+
+ String userId = authenticator.validateUser(getCredentials());
+
+ identity = authenticator.createIdentity(userId);
+ sharedState.put("javax.security.auth.login.name", userId);
+ // TODO use PasswordCredential wrapper
+ subject.getPrivateCredentials().add(getPassword());
+ subject.getPublicCredentials().add(getUsername());
+ }
+ return true;
+
+ }
+ catch (final Throwable e)
+ {
+ if (log.isDebugEnabled())
+ {
+ log.debug(e.getMessage(), e);
+ }
+
+ throw new LoginException(e.getMessage());
+ }
+ }
+
+ /**
+ * An utility method to handle object callback and also to checks if
+ * digest authentication is used during login operation.
+ * @return true if digest authentication is used, otherwise - false
+ * @throws IOException
+ * @throws UnsupportedCallbackException
+ */
+ private boolean digestAuthenticationIsUsed() throws IOException, UnsupportedCallbackException
+ {
+ callbackHandler.handle(objectCallback);
+ // in case we have a digest authentication
+ // objectCallback should contain a structured instance
+ // in case we have a basic authentication
+ // objectCallback should contain only a string with a password
+ return !(((ObjectCallback)objectCallback[0]).getObject() instanceof String);
+ }
+
+ /**
+ * An utility method to get Credentials from object callback instance.
+ * It uses reflection mechanism to get access to Digest inner class of
+ * DigestAuthenticator, which is provided by object callback as it
+ * contains all needed information for password hashing.
+ * @return Credential
+ * @throws NoSuchFieldException
+ * @throws SecurityException
+ * @throws IllegalAccessException
+ * @throws IllegalArgumentException
+ * @throws Exception
+ */
+ private Credential[] getCredentials()
+ {
+ Map<String, String> passwordContext = new HashMap<String, String>();
+ Set<String> contextElements = new HashSet<String>();
+ // object to contain DigestAuthenticator$Digest instance to get
+ // needed data from instance's fields
+ Object objectFromCallback = ((ObjectCallback)objectCallback[0]).getObject();
+ String username = null;
+ String password = null;
+ // to keep DigestAuthenticator$Digest representation
+ Class<?> digestAuthenticatorClazz = DigestAuthenticator.class.getDeclaredClasses()[0];
+
+ contextElements.add("cnonce");
+ contextElements.add("method");
+ contextElements.add("nc");
+ contextElements.add("nonce");
+ contextElements.add("qop");
+ contextElements.add("realm");
+ contextElements.add("uri");
+
+ try
+ {
+ // here we're going to retrieve needed information from Digest class fields
+ Iterator<String> elementIterator = contextElements.iterator();
+ String element;
+ Field field;
+ while (elementIterator.hasNext())
+ {
+ element = elementIterator.next();
+ field = digestAuthenticatorClazz.getDeclaredField(element);
+ // need to set true as all needed fields are in private class, thus are private
+ field.setAccessible(true);
+ passwordContext.put(element, (String)field.get(objectFromCallback));
+ }
+
+ // get username
+ field = digestAuthenticatorClazz.getDeclaredField("username");
+ field.setAccessible(true);
+ username = (String)field.get(objectFromCallback);
+
+ // get password
+ field = digestAuthenticatorClazz.getDeclaredField("response");
+ field.setAccessible(true);
+ password = (String)field.get(objectFromCallback);
+ }
+ catch (Exception e)
+ {
+ if (log.isErrorEnabled())
+ {
+ log.error("Could not get credentials.", e);
+ }
+ }
+
+ if (username == null || password == null)
+ {
+ return null;
+ }
+
+ return new Credential[]{new UsernameCredential(username), new PasswordCredential(password, passwordContext)};
+ }
+
+ private UsernameCredential getUsername()
+ {
+ String username = null;
+ Class<?> digestAuthenticatorClazz = DigestAuthenticator.class.getDeclaredClasses()[0];
+ try
+ {
+ Field field = digestAuthenticatorClazz.getDeclaredField("username");
+ field.setAccessible(true);
+ username = (String)field.get((((ObjectCallback)objectCallback[0]).getObject()));
+ }
+ catch (Exception e)
+ {
+ if (log.isErrorEnabled())
+ {
+ log.error("Could not get username.", e);
+ }
+ }
+
+ return new UsernameCredential(username);
+ }
+
+ private String getPassword() throws SecurityException, NoSuchFieldException, IllegalArgumentException,
+ IllegalAccessException
+ {
+ String password = null;
+ Class<?> digestAuthenticatorClazz = DigestAuthenticator.class.getDeclaredClasses()[0];
+ try
+ {
+ Field field = digestAuthenticatorClazz.getDeclaredField("response");
+ field.setAccessible(true);
+ password = (String)field.get((((ObjectCallback)objectCallback[0]).getObject()));
+ }
+ catch (Exception e)
+ {
+ if (log.isErrorEnabled())
+ {
+ log.error("Could not get password.", e);
+ }
+ }
+
+ return password;
+ }
+
+}
Added: core/trunk/exo.core.component.security.core/src/main/java/org/exoplatform/services/security/j2ee/DigestAuthenticationTomcatLoginModule.java
===================================================================
--- core/trunk/exo.core.component.security.core/src/main/java/org/exoplatform/services/security/j2ee/DigestAuthenticationTomcatLoginModule.java (rev 0)
+++ core/trunk/exo.core.component.security.core/src/main/java/org/exoplatform/services/security/j2ee/DigestAuthenticationTomcatLoginModule.java 2011-04-22 08:36:08 UTC (rev 4271)
@@ -0,0 +1,252 @@
+/*
+ * Copyright (C) 2009 eXo Platform SAS.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.exoplatform.services.security.j2ee;
+
+import org.exoplatform.services.security.Authenticator;
+import org.exoplatform.services.security.Credential;
+import org.exoplatform.services.security.Identity;
+import org.exoplatform.services.security.PasswordCredential;
+import org.exoplatform.services.security.UsernameCredential;
+
+import java.io.IOException;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.Map;
+import java.util.Set;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.NameCallback;
+import javax.security.auth.callback.PasswordCallback;
+import javax.security.auth.callback.TextInputCallback;
+import javax.security.auth.callback.UnsupportedCallbackException;
+import javax.security.auth.login.LoginException;
+
+/**
+ * Created by The eXo Platform SAS .
+ *
+ * @author Dmitry Kuleshov
+ * @version $Id: $
+ */
+
+public class DigestAuthenticationTomcatLoginModule extends TomcatLoginModule
+{
+ /**
+ * {@inheritDoc}
+ */
+ @SuppressWarnings("unchecked")
+ @Override
+ public boolean login() throws LoginException
+ {
+ if (log.isDebugEnabled())
+ {
+ log.debug("In login of ExtendedTomcatLoginModule.");
+ }
+ try
+ {
+ if (sharedState.containsKey("exo.security.identity"))
+ {
+ if (log.isDebugEnabled())
+ {
+ log.debug("Use Identity from previous LoginModule");
+ }
+ identity = (Identity)sharedState.get("exo.security.identity");
+ }
+ else
+ {
+ if (!digestAuthenticationIsUsed())
+ {
+ return super.login();
+ }
+
+ if (log.isDebugEnabled())
+ {
+ log.debug("Try create identity");
+ }
+
+ Authenticator authenticator = (Authenticator)getContainer().getComponentInstanceOfType(Authenticator.class);
+
+ if (authenticator == null)
+ {
+ throw new LoginException("No Authenticator component found, check your configuration");
+ }
+
+ String userId = authenticator.validateUser(getCredentials());
+
+ identity = authenticator.createIdentity(userId);
+ sharedState.put("javax.security.auth.login.name", userId);
+ subject.getPrivateCredentials().add(getPassword());
+ subject.getPublicCredentials().add(getUsername());
+ }
+ return true;
+
+ }
+ catch (final Throwable e)
+ {
+ if (log.isDebugEnabled())
+ {
+ log.debug(e.getMessage(), e);
+ }
+
+ throw new LoginException(e.getMessage());
+ }
+ }
+
+ /**
+ * An utility class to get credentials. To retrieve password context we use TextInputCallback.
+ * NameCallback and PasswordCallback are used to correspondingly retrieve username and password.
+ * @return Credential
+ * @throws IOException
+ * @throws Exception
+ */
+ private Credential[] getCredentials() throws IOException
+ {
+
+ Map<String, String> passwordContext = new HashMap<String, String>();
+ Set<String> contextElements = new HashSet<String>();
+ Callback[] digestCallback = new Callback[1];
+ String username = null;
+ String password = null;
+
+ contextElements.add("cnonce");
+ contextElements.add("nc");
+ contextElements.add("nonce");
+ contextElements.add("qop");
+ contextElements.add("realmName");
+ contextElements.add("md5a2");
+
+ Iterator<String> elementIterator = contextElements.iterator();
+
+ String element;
+ while (elementIterator.hasNext())
+ {
+ element = elementIterator.next();
+ try
+ {
+ digestCallback[0] = new TextInputCallback(element);
+ callbackHandler.handle(digestCallback);
+ passwordContext.put(element, ((TextInputCallback)digestCallback[0]).getText());
+ }
+ catch (UnsupportedCallbackException e)
+ {
+ if (log.isDebugEnabled())
+ {
+ log.debug("Unsupported callback type.", e);
+ }
+ }
+
+ }
+
+ try
+ {
+ Callback[] nameCallback = {new NameCallback("Username")};
+ callbackHandler.handle(nameCallback);
+ username = ((NameCallback)nameCallback[0]).getName();
+ }
+ catch (UnsupportedCallbackException e)
+ {
+ if (log.isErrorEnabled())
+ {
+ log.error("Error on retrieving username from callback handler! ", e);
+ }
+ }
+
+ try
+ {
+ Callback[] passwordCallback = {new PasswordCallback("Password", false)};
+ callbackHandler.handle(passwordCallback);
+ password = new String(((PasswordCallback)passwordCallback[0]).getPassword());
+ ((PasswordCallback)passwordCallback[0]).clearPassword();
+ }
+ catch (UnsupportedCallbackException e)
+ {
+ if (log.isErrorEnabled())
+ {
+ log.error("Error on retrieving password from callback handler! ", e);
+ }
+ }
+
+ if (username == null || password == null)
+ {
+ return null;
+ }
+
+ return new Credential[]{new UsernameCredential(username), new PasswordCredential(password, passwordContext)};
+ }
+
+ /**
+ * An utility method to check if digest authentication is used.
+ * @return true if digest authentication is used, otherwise - false
+ * @throws IOException
+ * @throws UnsupportedCallbackException
+ */
+ private boolean digestAuthenticationIsUsed() throws IOException, UnsupportedCallbackException
+ {
+ Callback[] authCallback = {new TextInputCallback("authMethod")};
+ callbackHandler.handle(authCallback);
+ String authMethod = (String)(((TextInputCallback)authCallback[0]).getText());
+
+ return "DIGEST".equalsIgnoreCase(authMethod);
+ }
+
+ private UsernameCredential getUsername() throws IOException
+ {
+ String username = null;
+
+ try
+ {
+ Callback[] nameCallback = {new NameCallback("Username")};
+ callbackHandler.handle(nameCallback);
+ username = ((NameCallback)nameCallback[0]).getName();
+ }
+ catch (UnsupportedCallbackException e)
+ {
+ if (log.isErrorEnabled())
+ {
+ log.error("Error on retrieving username from callback handler! ", e);
+ }
+ }
+
+ return new UsernameCredential(username);
+ }
+
+ private String getPassword() throws IOException
+ {
+ String password = null;
+
+ try
+ {
+ Callback[] passwordCallback = {new PasswordCallback("Password", false)};
+ callbackHandler.handle(passwordCallback);
+ password = new String(((PasswordCallback)passwordCallback[0]).getPassword());
+ ((PasswordCallback)passwordCallback[0]).clearPassword();
+ }
+ catch (UnsupportedCallbackException e)
+ {
+ if (log.isErrorEnabled())
+ {
+ log.error("Error on retrieving password from callback handler! ", e);
+ }
+ }
+
+ return password;
+ }
+
+
+}
Modified: core/trunk/exo.core.component.security.core/src/main/java/org/exoplatform/services/security/j2ee/JbossLoginModule.java
===================================================================
--- core/trunk/exo.core.component.security.core/src/main/java/org/exoplatform/services/security/j2ee/JbossLoginModule.java 2011-04-21 18:32:09 UTC (rev 4270)
+++ core/trunk/exo.core.component.security.core/src/main/java/org/exoplatform/services/security/j2ee/JbossLoginModule.java 2011-04-22 08:36:08 UTC (rev 4271)
@@ -21,33 +21,20 @@
import org.exoplatform.container.monitor.jvm.J2EEServerInfo;
import org.exoplatform.services.log.ExoLogger;
import org.exoplatform.services.log.Log;
-import org.exoplatform.services.security.Authenticator;
-import org.exoplatform.services.security.Credential;
-import org.exoplatform.services.security.Identity;
-import org.exoplatform.services.security.PasswordCredential;
-import org.exoplatform.services.security.UsernameCredential;
import org.exoplatform.services.security.jaas.DefaultLoginModule;
import org.exoplatform.services.security.jaas.JAASGroup;
import org.exoplatform.services.security.jaas.RolePrincipal;
import org.exoplatform.services.security.jaas.UserPrincipal;
-import org.jboss.security.auth.callback.MapCallback;
-import java.io.IOException;
import java.security.Principal;
import java.security.acl.Group;
import java.util.ArrayList;
-import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
-import java.util.Map;
import java.util.Set;
import javax.management.MBeanServer;
import javax.management.ObjectName;
-import javax.security.auth.callback.Callback;
-import javax.security.auth.callback.NameCallback;
-import javax.security.auth.callback.PasswordCallback;
-import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.LoginException;
/**
@@ -60,14 +47,9 @@
public class JbossLoginModule extends DefaultLoginModule
{
/** . */
- private static Log log = ExoLogger.getLogger("exo.core.component.security.core.JbossLoginModule.class");
+ protected static Log log = ExoLogger.getLogger("exo.core.component.security.core.JbossLoginModule.class");
/**
- * To retrieve password context during Digest Authentication.
- */
- private MapCallback[] mapCallback = {new MapCallback()};
-
- /**
* {@inheritDoc}
*/
@Override
@@ -99,190 +81,6 @@
}
/**
- * {@inheritDoc}
- */
- @SuppressWarnings("unchecked")
- @Override
- public boolean login() throws LoginException
- {
- if (log.isDebugEnabled())
- {
- log.debug("In login of JbossLoginModule.");
- }
- try
- {
- if (sharedState.containsKey("exo.security.identity"))
- {
- if (log.isDebugEnabled())
- {
- log.debug("Use Identity from previous LoginModule");
- }
- identity = (Identity)sharedState.get("exo.security.identity");
- }
- else
- {
- if (!digestAuthenticationIsUsed())
- {
- return super.login();
- }
-
- if (log.isDebugEnabled())
- {
- log.debug("Try create identity");
- }
-
- Authenticator authenticator = (Authenticator)getContainer().getComponentInstanceOfType(Authenticator.class);
-
- if (authenticator == null)
- {
- throw new LoginException("No Authenticator component found, check your configuration");
- }
-
- String userId = authenticator.validateUser(getCredentials());
-
- identity = authenticator.createIdentity(userId);
- sharedState.put("javax.security.auth.login.name", userId);
- subject.getPrivateCredentials().add(getPassword());
- subject.getPublicCredentials().add(getUsername());
- }
- return true;
-
- }
- catch (final Throwable e)
- {
- if (log.isDebugEnabled())
- {
- log.debug(e.getMessage(), e);
- }
-
- throw new LoginException(e.getMessage());
- }
- }
-
- /**
- * An utility method handles mapCallback and also checks if digest authentication is used.
- * @return true if digest authentication is used, otherwise - false
- * @throws IOException
- */
- private boolean digestAuthenticationIsUsed() throws IOException
- {
- try
- {
- // here we're trying to handle mapCallback
- // if it is handled successfully than digest
- // authentication is used
- callbackHandler.handle(mapCallback);
- return true;
- }
- catch (UnsupportedCallbackException uce)
- {
- // otherwise UnsupportedCallbackException is thrown
- return false;
- }
- }
-
- /**
- * An utility method to retrieve credentials. All needed for password hashing information
- * is retrieved from MapCallback. NameCallback and PasswordCallback are used to correspondingly
- * retrieve username and password.
- * @return Credential
- * @throws IOException
- * @throws Exception
- */
- private Credential[] getCredentials() throws IOException
- {
- String username = null;
- String password = null;
- Map<String, String> passwordContext = new HashMap<String, String>();
-
- passwordContext.put("qop", (String)mapCallback[0].getInfo("qop"));
- passwordContext.put("nonce", (String)mapCallback[0].getInfo("nonce"));
- passwordContext.put("cnonce", (String)mapCallback[0].getInfo("cnonce"));
- passwordContext.put("a2hash", (String)mapCallback[0].getInfo("a2hash"));
- passwordContext.put("nc", (String)mapCallback[0].getInfo("nc"));
- passwordContext.put("realm", (String)mapCallback[0].getInfo("realm"));
-
- try
- {
- Callback[] nameCallback = {new NameCallback("Username")};
- callbackHandler.handle(nameCallback);
- username = ((NameCallback)nameCallback[0]).getName();
- }
- catch (UnsupportedCallbackException e)
- {
- if (log.isErrorEnabled())
- {
- log.error("Error on retrieving username from callback handler! ", e);
- }
- }
-
- try
- {
- Callback[] passwordCallback = {new PasswordCallback("Password", false)};
- callbackHandler.handle(passwordCallback);
- password = new String(((PasswordCallback)passwordCallback[0]).getPassword());
- ((PasswordCallback)passwordCallback[0]).clearPassword();
- }
- catch (UnsupportedCallbackException e)
- {
- if (log.isErrorEnabled())
- {
- log.error("Error on retrieving password from callback handler! ", e);
- }
- }
-
- if (username == null || password == null)
- {
- return null;
- }
-
- return new Credential[]{new UsernameCredential(username), new PasswordCredential(password, passwordContext)};
- }
-
- private UsernameCredential getUsername() throws IOException
- {
- String username = null;
-
- try
- {
- Callback[] nameCallback = {new NameCallback("Username")};
- callbackHandler.handle(nameCallback);
- username = ((NameCallback)nameCallback[0]).getName();
- }
- catch (UnsupportedCallbackException e)
- {
- if (log.isErrorEnabled())
- {
- log.error("Error on retrieving username from callback handler! ", e);
- }
- }
-
- return new UsernameCredential(username);
- }
-
- private String getPassword() throws IOException
- {
- String password = null;
-
- try
- {
- Callback[] passwordCallback = {new PasswordCallback("Password", false)};
- callbackHandler.handle(passwordCallback);
- password = new String(((PasswordCallback)passwordCallback[0]).getPassword());
- ((PasswordCallback)passwordCallback[0]).clearPassword();
- }
- catch (UnsupportedCallbackException e)
- {
- if (log.isErrorEnabled())
- {
- log.error("Error on retrieving password from callback handler! ", e);
- }
- }
-
- return password;
- }
-
- /**
* Attempts eviction of the subject in the JBoss security manager cache.
*
* @return a boolean
Modified: core/trunk/exo.core.component.security.core/src/main/java/org/exoplatform/services/security/j2ee/JettyLoginModule.java
===================================================================
--- core/trunk/exo.core.component.security.core/src/main/java/org/exoplatform/services/security/j2ee/JettyLoginModule.java 2011-04-21 18:32:09 UTC (rev 4270)
+++ core/trunk/exo.core.component.security.core/src/main/java/org/exoplatform/services/security/j2ee/JettyLoginModule.java 2011-04-22 08:36:08 UTC (rev 4271)
@@ -1,35 +1,16 @@
package org.exoplatform.services.security.j2ee;
-import org.eclipse.jetty.plus.jaas.callback.ObjectCallback;
-import org.eclipse.jetty.security.authentication.DigestAuthenticator;
-import org.exoplatform.services.security.Authenticator;
-import org.exoplatform.services.security.Credential;
-import org.exoplatform.services.security.Identity;
-import org.exoplatform.services.security.PasswordCredential;
-import org.exoplatform.services.security.UsernameCredential;
import org.exoplatform.services.security.jaas.DefaultLoginModule;
import org.exoplatform.services.security.jaas.RolePrincipal;
import org.exoplatform.services.security.jaas.UserPrincipal;
-import java.io.IOException;
-import java.lang.reflect.Field;
import java.security.Principal;
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.Iterator;
-import java.util.Map;
import java.util.Set;
-import javax.security.auth.callback.Callback;
-import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.LoginException;
public class JettyLoginModule extends DefaultLoginModule
{
- /**
- * To retrieve an object instance containing needed password context.
- */
- private Callback[] objectCallback = {new ObjectCallback()};
@Override
public boolean commit() throws LoginException
@@ -54,199 +35,4 @@
}
}
- /**
- * {@inheritDoc}
- */
- @SuppressWarnings("unchecked")
- @Override
- public boolean login() throws LoginException
- {
- if (log.isDebugEnabled())
- {
- log.debug("In login of JettyLoginModule.");
- }
- try
- {
- if (sharedState.containsKey("exo.security.identity"))
- {
- if (log.isDebugEnabled())
- {
- log.debug("Use Identity from previous LoginModule");
- }
- identity = (Identity)sharedState.get("exo.security.identity");
- }
- else
- {
- if (!digestAuthenticationIsUsed())
- {
- return super.login();
- }
-
- if (log.isDebugEnabled())
- {
- log.debug("Try create identity");
- }
-
- Authenticator authenticator = (Authenticator)getContainer().getComponentInstanceOfType(Authenticator.class);
-
- if (authenticator == null)
- {
- throw new LoginException("No Authenticator component found, check your configuration");
- }
-
- String userId = authenticator.validateUser(getCredentials());
-
- identity = authenticator.createIdentity(userId);
- sharedState.put("javax.security.auth.login.name", userId);
- // TODO use PasswordCredential wrapper
- subject.getPrivateCredentials().add(getPassword());
- subject.getPublicCredentials().add(getUsername());
- }
- return true;
-
- }
- catch (final Throwable e)
- {
- if (log.isDebugEnabled())
- {
- log.debug(e.getMessage(), e);
- }
-
- throw new LoginException(e.getMessage());
- }
- }
-
- /**
- * An utility method to handle object callback and also to checks if
- * digest authentication is used during login operation.
- * @return true if digest authentication is used, otherwise - false
- * @throws IOException
- * @throws UnsupportedCallbackException
- */
- private boolean digestAuthenticationIsUsed() throws IOException, UnsupportedCallbackException
- {
- callbackHandler.handle(objectCallback);
- // in case we have a digest authentication
- // objectCallback should contain a structured instance
- // in case we have a basic authentication
- // objectCallback should contain only a string with a password
- return !(((ObjectCallback)objectCallback[0]).getObject() instanceof String);
- }
-
- /**
- * An utility method to get Credentials from object callback instance.
- * It uses reflection mechanism to get access to Digest inner class of
- * DigestAuthenticator, which is provided by object callback as it
- * contains all needed information for password hashing.
- * @return Credential
- * @throws NoSuchFieldException
- * @throws SecurityException
- * @throws IllegalAccessException
- * @throws IllegalArgumentException
- * @throws Exception
- */
- private Credential[] getCredentials()
- {
- Map<String, String> passwordContext = new HashMap<String, String>();
- Set<String> contextElements = new HashSet<String>();
- // object to contain DigestAuthenticator$Digest instance to get
- // needed data from instance's fields
- Object objectFromCallback = ((ObjectCallback)objectCallback[0]).getObject();
- String username = null;
- String password = null;
- // to keep DigestAuthenticator$Digest representation
- Class<?> digestAuthenticatorClazz = DigestAuthenticator.class.getDeclaredClasses()[0];
-
- contextElements.add("cnonce");
- contextElements.add("method");
- contextElements.add("nc");
- contextElements.add("nonce");
- contextElements.add("qop");
- contextElements.add("realm");
- contextElements.add("uri");
-
- try
- {
- // here we're going to retrieve needed information from Digest class fields
- Iterator<String> elementIterator = contextElements.iterator();
- String element;
- Field field;
- while (elementIterator.hasNext())
- {
- element = elementIterator.next();
- field = digestAuthenticatorClazz.getDeclaredField(element);
- // need to set true as all needed fields are in private class, thus are private
- field.setAccessible(true);
- passwordContext.put(element, (String)field.get(objectFromCallback));
- }
-
- // get username
- field = digestAuthenticatorClazz.getDeclaredField("username");
- field.setAccessible(true);
- username = (String)field.get(objectFromCallback);
-
- // get password
- field = digestAuthenticatorClazz.getDeclaredField("response");
- field.setAccessible(true);
- password = (String)field.get(objectFromCallback);
- }
- catch (Exception e)
- {
- if (log.isErrorEnabled())
- {
- log.error("Could not get credentials.", e);
- }
- }
-
- if (username == null || password == null)
- {
- return null;
- }
-
- return new Credential[]{new UsernameCredential(username), new PasswordCredential(password, passwordContext)};
- }
-
- private UsernameCredential getUsername()
- {
- String username = null;
- Class<?> digestAuthenticatorClazz = DigestAuthenticator.class.getDeclaredClasses()[0];
- try
- {
- Field field = digestAuthenticatorClazz.getDeclaredField("username");
- field.setAccessible(true);
- username = (String)field.get((((ObjectCallback)objectCallback[0]).getObject()));
- }
- catch (Exception e)
- {
- if (log.isErrorEnabled())
- {
- log.error("Could not get username.", e);
- }
- }
-
- return new UsernameCredential(username);
- }
-
- private String getPassword() throws SecurityException, NoSuchFieldException, IllegalArgumentException,
- IllegalAccessException
- {
- String password = null;
- Class<?> digestAuthenticatorClazz = DigestAuthenticator.class.getDeclaredClasses()[0];
- try
- {
- Field field = digestAuthenticatorClazz.getDeclaredField("response");
- field.setAccessible(true);
- password = (String)field.get((((ObjectCallback)objectCallback[0]).getObject()));
- }
- catch (Exception e)
- {
- if (log.isErrorEnabled())
- {
- log.error("Could not get password.", e);
- }
- }
-
- return password;
- }
-
}
Modified: core/trunk/exo.core.component.security.core/src/main/java/org/exoplatform/services/security/j2ee/TomcatLoginModule.java
===================================================================
--- core/trunk/exo.core.component.security.core/src/main/java/org/exoplatform/services/security/j2ee/TomcatLoginModule.java 2011-04-21 18:32:09 UTC (rev 4270)
+++ core/trunk/exo.core.component.security.core/src/main/java/org/exoplatform/services/security/j2ee/TomcatLoginModule.java 2011-04-22 08:36:08 UTC (rev 4271)
@@ -18,28 +18,13 @@
*/
package org.exoplatform.services.security.j2ee;
-import org.exoplatform.services.security.Authenticator;
-import org.exoplatform.services.security.Credential;
-import org.exoplatform.services.security.Identity;
-import org.exoplatform.services.security.PasswordCredential;
-import org.exoplatform.services.security.UsernameCredential;
import org.exoplatform.services.security.jaas.DefaultLoginModule;
import org.exoplatform.services.security.jaas.RolePrincipal;
import org.exoplatform.services.security.jaas.UserPrincipal;
-import java.io.IOException;
import java.security.Principal;
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.Iterator;
-import java.util.Map;
import java.util.Set;
-import javax.security.auth.callback.Callback;
-import javax.security.auth.callback.NameCallback;
-import javax.security.auth.callback.PasswordCallback;
-import javax.security.auth.callback.TextInputCallback;
-import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.LoginException;
/**
@@ -78,206 +63,4 @@
}
}
- /**
- * {@inheritDoc}
- */
- @SuppressWarnings("unchecked")
- @Override
- public boolean login() throws LoginException
- {
- if (log.isDebugEnabled())
- {
- log.debug("In login of TomcatLoginModule.");
- }
- try
- {
- if (sharedState.containsKey("exo.security.identity"))
- {
- if (log.isDebugEnabled())
- {
- log.debug("Use Identity from previous LoginModule");
- }
- identity = (Identity)sharedState.get("exo.security.identity");
- }
- else
- {
- if (!digestAuthenticationIsUsed())
- {
- return super.login();
- }
-
- if (log.isDebugEnabled())
- {
- log.debug("Try create identity");
- }
-
- Authenticator authenticator = (Authenticator)getContainer().getComponentInstanceOfType(Authenticator.class);
-
- if (authenticator == null)
- {
- throw new LoginException("No Authenticator component found, check your configuration");
- }
-
- String userId = authenticator.validateUser(getCredentials());
-
- identity = authenticator.createIdentity(userId);
- sharedState.put("javax.security.auth.login.name", userId);
- subject.getPrivateCredentials().add(getPassword());
- subject.getPublicCredentials().add(getUsername());
- }
- return true;
-
- }
- catch (final Throwable e)
- {
- if (log.isDebugEnabled())
- {
- log.debug(e.getMessage(), e);
- }
-
- throw new LoginException(e.getMessage());
- }
- }
-
- /**
- * An utility class to get credentials. To retrieve password context we use TextInputCallback.
- * NameCallback and PasswordCallback are used to correspondingly retrieve username and password.
- * @return Credential
- * @throws IOException
- * @throws Exception
- */
- private Credential[] getCredentials() throws IOException
- {
-
- Map<String, String> passwordContext = new HashMap<String, String>();
- Set<String> contextElements = new HashSet<String>();
- Callback[] digestCallback = new Callback[1];
- String username = null;
- String password = null;
-
- contextElements.add("cnonce");
- contextElements.add("nc");
- contextElements.add("nonce");
- contextElements.add("qop");
- contextElements.add("realmName");
- contextElements.add("md5a2");
-
- Iterator<String> elementIterator = contextElements.iterator();
-
- String element;
- while (elementIterator.hasNext())
- {
- element = elementIterator.next();
- try
- {
- digestCallback[0] = new TextInputCallback(element);
- callbackHandler.handle(digestCallback);
- passwordContext.put(element, ((TextInputCallback)digestCallback[0]).getText());
- }
- catch (UnsupportedCallbackException e)
- {
- if (log.isDebugEnabled())
- {
- log.debug("Unsupported callback type.", e);
- }
- }
-
- }
-
- try
- {
- Callback[] nameCallback = {new NameCallback("Username")};
- callbackHandler.handle(nameCallback);
- username = ((NameCallback)nameCallback[0]).getName();
- }
- catch (UnsupportedCallbackException e)
- {
- if (log.isErrorEnabled())
- {
- log.error("Error on retrieving username from callback handler! ", e);
- }
- }
-
- try
- {
- Callback[] passwordCallback = {new PasswordCallback("Password", false)};
- callbackHandler.handle(passwordCallback);
- password = new String(((PasswordCallback)passwordCallback[0]).getPassword());
- ((PasswordCallback)passwordCallback[0]).clearPassword();
- }
- catch (UnsupportedCallbackException e)
- {
- if (log.isErrorEnabled())
- {
- log.error("Error on retrieving password from callback handler! ", e);
- }
- }
-
- if (username == null || password == null)
- {
- return null;
- }
-
- return new Credential[]{new UsernameCredential(username), new PasswordCredential(password, passwordContext)};
- }
-
- /**
- * An utility method to check if digest authentication is used.
- * @return true if digest authentication is used, otherwise - false
- * @throws IOException
- * @throws UnsupportedCallbackException
- */
- private boolean digestAuthenticationIsUsed() throws IOException, UnsupportedCallbackException
- {
- Callback[] authCallback = {new TextInputCallback("authMethod")};
- callbackHandler.handle(authCallback);
- String authMethod = (String)(((TextInputCallback)authCallback[0]).getText());
-
- return "DIGEST".equalsIgnoreCase(authMethod);
- }
-
- private UsernameCredential getUsername() throws IOException
- {
- String username = null;
-
- try
- {
- Callback[] nameCallback = {new NameCallback("Username")};
- callbackHandler.handle(nameCallback);
- username = ((NameCallback)nameCallback[0]).getName();
- }
- catch (UnsupportedCallbackException e)
- {
- if (log.isErrorEnabled())
- {
- log.error("Error on retrieving username from callback handler! ", e);
- }
- }
-
- return new UsernameCredential(username);
- }
-
- private String getPassword() throws IOException
- {
- String password = null;
-
- try
- {
- Callback[] passwordCallback = {new PasswordCallback("Password", false)};
- callbackHandler.handle(passwordCallback);
- password = new String(((PasswordCallback)passwordCallback[0]).getPassword());
- ((PasswordCallback)passwordCallback[0]).clearPassword();
- }
- catch (UnsupportedCallbackException e)
- {
- if (log.isErrorEnabled())
- {
- log.error("Error on retrieving password from callback handler! ", e);
- }
- }
-
- return password;
- }
-
-
}
More information about the exo-jcr-commits
mailing list