[seam-commits] Seam SVN: r8297 - trunk/src/main/org/jboss/seam/security.
seam-commits at lists.jboss.org
seam-commits at lists.jboss.org
Wed May 28 21:33:19 EDT 2008
Author: shane.bryzak at jboss.com
Date: 2008-05-28 21:33:19 -0400 (Wed, 28 May 2008)
New Revision: 8297
Added:
trunk/src/main/org/jboss/seam/security/Credentials.java
Modified:
trunk/src/main/org/jboss/seam/security/Identity.java
Log:
separate credentials from identity
Added: trunk/src/main/org/jboss/seam/security/Credentials.java
===================================================================
--- trunk/src/main/org/jboss/seam/security/Credentials.java (rev 0)
+++ trunk/src/main/org/jboss/seam/security/Credentials.java 2008-05-29 01:33:19 UTC (rev 8297)
@@ -0,0 +1,122 @@
+package org.jboss.seam.security;
+
+import static org.jboss.seam.ScopeType.SESSION;
+import static org.jboss.seam.annotations.Install.BUILT_IN;
+
+import java.io.IOException;
+import java.io.Serializable;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.NameCallback;
+import javax.security.auth.callback.PasswordCallback;
+import javax.security.auth.callback.UnsupportedCallbackException;
+
+import org.jboss.seam.annotations.Install;
+import org.jboss.seam.annotations.Name;
+import org.jboss.seam.annotations.Scope;
+import org.jboss.seam.annotations.Startup;
+import org.jboss.seam.annotations.intercept.BypassInterceptors;
+import org.jboss.seam.core.Events;
+import org.jboss.seam.log.LogProvider;
+import org.jboss.seam.log.Logging;
+
+ at Name("org.jboss.seam.security.credentials")
+ at Scope(SESSION)
+ at Install(precedence = BUILT_IN)
+ at BypassInterceptors
+ at Startup
+public class Credentials implements Serializable
+{
+ public static final String EVENT_CREDENTIALS_UPDATED = "org.jboss.seam.security.credentialsUpdated";
+
+ private static final LogProvider log = Logging.getLogProvider(Credentials.class);
+
+ private String username;
+ private String password;
+
+ private boolean invalid = false;
+
+ public String getUsername()
+ {
+ return username;
+ }
+
+ public void setUsername(String username)
+ {
+ if (this.username != username && (this.username == null || !this.username.equals(username)))
+ {
+ this.username = username;
+ invalid = false;
+ if (Events.exists()) Events.instance().raiseEvent(EVENT_CREDENTIALS_UPDATED);
+ }
+ }
+
+ public String getPassword()
+ {
+ return password;
+ }
+
+ public void setPassword(String password)
+ {
+ if (this.password != password && (this.password == null || !this.password.equals(password)))
+ {
+ this.password = password;
+ invalid = false;
+ if (Events.exists()) Events.instance().raiseEvent(EVENT_CREDENTIALS_UPDATED);
+ }
+ }
+
+ public boolean isSet()
+ {
+ return username != null && password != null;
+ }
+
+ public boolean isInvalid()
+ {
+ return invalid;
+ }
+
+ public void invalidate()
+ {
+ invalid = true;
+ }
+
+ public void clear()
+ {
+ username = null;
+ password = null;
+ }
+
+
+ /**
+ * Creates a callback handler that can handle a standard username/password
+ * callback, using the username and password properties.
+ */
+ public CallbackHandler createCallbackHandler()
+ {
+ return new CallbackHandler()
+ {
+ public void handle(Callback[] callbacks)
+ throws IOException, UnsupportedCallbackException
+ {
+ for (int i=0; i < callbacks.length; i++)
+ {
+ if (callbacks[i] instanceof NameCallback)
+ {
+ ( (NameCallback) callbacks[i] ).setName(getUsername());
+ }
+ else if (callbacks[i] instanceof PasswordCallback)
+ {
+ ( (PasswordCallback) callbacks[i] ).setPassword( getPassword() != null ?
+ getPassword().toCharArray() : null );
+ }
+ else
+ {
+ log.warn("Unsupported callback " + callbacks[i]);
+ }
+ }
+ }
+ };
+ }
+}
Modified: trunk/src/main/org/jboss/seam/security/Identity.java
===================================================================
--- trunk/src/main/org/jboss/seam/security/Identity.java 2008-05-29 00:29:47 UTC (rev 8296)
+++ trunk/src/main/org/jboss/seam/security/Identity.java 2008-05-29 01:33:19 UTC (rev 8297)
@@ -3,7 +3,6 @@
import static org.jboss.seam.ScopeType.SESSION;
import static org.jboss.seam.annotations.Install.BUILT_IN;
-import java.io.IOException;
import java.io.Serializable;
import java.security.Principal;
import java.security.acl.Group;
@@ -13,11 +12,6 @@
import java.util.List;
import javax.security.auth.Subject;
-import javax.security.auth.callback.Callback;
-import javax.security.auth.callback.CallbackHandler;
-import javax.security.auth.callback.NameCallback;
-import javax.security.auth.callback.PasswordCallback;
-import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
@@ -59,7 +53,6 @@
public static final String EVENT_PRE_AUTHENTICATE = "org.jboss.seam.security.preAuthenticate";
public static final String EVENT_POST_AUTHENTICATE = "org.jboss.seam.security.postAuthenticate";
public static final String EVENT_LOGGED_OUT = "org.jboss.seam.security.loggedOut";
- public static final String EVENT_CREDENTIALS_UPDATED = "org.jboss.seam.security.credentialsUpdated";
public static final String EVENT_REMEMBER_ME = "org.jboss.seam.security.rememberMe";
public static final String EVENT_ALREADY_LOGGED_IN = "org.jboss.seam.security.alreadyLoggedIn";
@@ -74,8 +67,7 @@
private static final LogProvider log = Logging.getLogProvider(Identity.class);
- private String username;
- private String password;
+ private Credentials credentials;
private MethodExpression authenticateMethod;
@@ -104,6 +96,8 @@
{
permissionMapper = (PermissionMapper) Component.getInstance(PermissionMapper.class);
}
+
+ credentials = (Credentials) Component.getInstance(Credentials.class);
}
public static boolean isSecurityEnabled()
@@ -140,7 +134,7 @@
public boolean isLoggedIn(boolean attemptLogin)
{
- if (!authenticating && attemptLogin && getPrincipal() == null && isCredentialsSet() &&
+ if (!authenticating && attemptLogin && getPrincipal() == null && credentials.isSet() &&
Contexts.isEventContextActive() &&
!Contexts.getEventContext().isSet(LOGIN_TRIED))
{
@@ -161,11 +155,6 @@
{
return subject;
}
-
- public boolean isCredentialsSet()
- {
- return username != null && password != null;
- }
/**
* Performs an authorization check, based on the specified security expression.
@@ -241,6 +230,8 @@
}
catch (LoginException ex)
{
+ credentials.invalidate();
+
if ( log.isDebugEnabled() )
{
log.debug("Login failed for: " + getUsername(), ex);
@@ -259,7 +250,7 @@
{
try
{
- if (isCredentialsSet())
+ if (credentials.isSet())
{
authenticate();
if (isLoggedIn(false) && Contexts.isEventContextActive())
@@ -268,7 +259,10 @@
}
}
}
- catch (LoginException ex) { }
+ catch (LoginException ex)
+ {
+ credentials.invalidate();
+ }
}
/**
@@ -279,7 +273,7 @@
throws LoginException
{
// If we're already authenticated, then don't authenticate again
- if (!isLoggedIn(false))
+ if (!isLoggedIn(false) && !credentials.isInvalid())
{
principal = null;
subject = new Subject();
@@ -300,7 +294,7 @@
finally
{
// Set password to null whether authentication is successful or not
- password = null;
+ credentials.setPassword(null);
authenticating = false;
}
}
@@ -355,7 +349,7 @@
{
principal = null;
subject = new Subject();
- username = null;
+ credentials.clear();
}
protected LoginContext getLoginContext() throws LoginException
@@ -363,11 +357,11 @@
if (getJaasConfigName() != null)
{
return new LoginContext(getJaasConfigName(), getSubject(),
- getDefaultCallbackHandler());
+ credentials.createCallbackHandler());
}
- return new LoginContext(Configuration.DEFAULT_JAAS_CONFIG_NAME,
- getSubject(), getDefaultCallbackHandler(), Configuration.instance());
+ return new LoginContext(Configuration.DEFAULT_JAAS_CONFIG_NAME, getSubject(),
+ credentials.createCallbackHandler(), Configuration.instance());
}
public void logout()
@@ -583,37 +577,6 @@
}
/**
- * Creates a callback handler that can handle a standard username/password
- * callback, using the username and password properties.
- */
- protected CallbackHandler getDefaultCallbackHandler()
- {
- return new CallbackHandler()
- {
- public void handle(Callback[] callbacks)
- throws IOException, UnsupportedCallbackException
- {
- for (int i=0; i < callbacks.length; i++)
- {
- if (callbacks[i] instanceof NameCallback)
- {
- ( (NameCallback) callbacks[i] ).setName(getUsername());
- }
- else if (callbacks[i] instanceof PasswordCallback)
- {
- ( (PasswordCallback) callbacks[i] ).setPassword( getPassword() != null ?
- getPassword().toCharArray() : null );
- }
- else
- {
- log.warn("Unsupported callback " + callbacks[i]);
- }
- }
- }
- };
- }
-
- /**
* Evaluates the specified security expression, which must return a boolean
* value.
*
@@ -625,32 +588,28 @@
return Expressions.instance().createValueExpression(expr, Boolean.class).getValue();
}
+ @Deprecated
public String getUsername()
{
- return username;
+ return credentials.getUsername();
}
-
+
+ @Deprecated
public void setUsername(String username)
{
- if (this.username != username && (this.username == null || !this.username.equals(username)))
- {
- this.username = username;
- if (Events.exists()) Events.instance().raiseEvent(EVENT_CREDENTIALS_UPDATED);
- }
+ credentials.setUsername(username);
}
+ @Deprecated
public String getPassword()
{
- return password;
+ return credentials.getPassword();
}
+ @Deprecated
public void setPassword(String password)
{
- if (this.password != password && (this.password == null || !this.password.equals(password)))
- {
- this.password = password;
- if (Events.exists()) Events.instance().raiseEvent(EVENT_CREDENTIALS_UPDATED);
- }
+ credentials.setPassword(password);
}
public MethodExpression getAuthenticateMethod()
More information about the seam-commits
mailing list