gatein SVN: r6115 - epp/portal/branches/EPP_5_1_Branch/component/web/security/src/main/java/org/exoplatform/web/security/security. - gatein-commits

Wednesday, 23 March 2011


Author: hfnukal
Date: 2011-03-23 05:04:25 -0400 (Wed, 23 Mar 2011)
New Revision: 6115

Added:
  
epp/portal/branches/EPP_5_1_Branch/component/web/security/src/main/java/org/exoplatform/web/security/security/AbstractCodec.java
  
epp/portal/branches/EPP_5_1_Branch/component/web/security/src/main/java/org/exoplatform/web/security/security/ToThrowAwayCodec.java
Modified:
  
epp/portal/branches/EPP_5_1_Branch/component/web/security/src/main/java/org/exoplatform/web/security/security/CookieTokenService.java
  
epp/portal/branches/EPP_5_1_Branch/component/web/security/src/main/java/org/exoplatform/web/security/security/TokenContainer.java
Log:
JBEPP-610: Passwords saved by CookieTokenService are in JCR DB in plain form

Copied:
epp/portal/branches/EPP_5_1_Branch/component/web/security/src/main/java/org/exoplatform/web/security/security/AbstractCodec.java
(from rev 5167,
portal/branches/branch-GTNPORTAL-1643/component/web/security/src/main/java/org/exoplatform/web/security/security/AbstractCodec.java)
===================================================================
---
epp/portal/branches/EPP_5_1_Branch/component/web/security/src/main/java/org/exoplatform/web/security/security/AbstractCodec.java	
                       (rev 0)
+++
epp/portal/branches/EPP_5_1_Branch/component/web/security/src/main/java/org/exoplatform/web/security/security/AbstractCodec.java	2011-03-23
09:04:25 UTC (rev 6115)
@@ -0,0 +1,42 @@
+/*
+ * Copyright (C) 2009 eXo Platform SAS.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.exoplatform.web.security.security;
+
+import org.exoplatform.container.component.BaseComponentPlugin;
+
+/**
+ * Abstract codec used to encode/decode password stored/loaded on/from token entry
+ * 
+ * @author <a href="mailto:hoang281283@gmail.com">Minh Hoang
TO</a>
+ * Nov 19, 2010
+ */
+
+public abstract class AbstractCodec extends BaseComponentPlugin
+{
+
+   public String getName()
+   {
+      return this.getClass().toString();
+   }
+   
+   public abstract String encode(String plainInput);
+   
+   public abstract String decode(String encodedInput);
+   
+}

Modified:
epp/portal/branches/EPP_5_1_Branch/component/web/security/src/main/java/org/exoplatform/web/security/security/CookieTokenService.java
===================================================================
---
epp/portal/branches/EPP_5_1_Branch/component/web/security/src/main/java/org/exoplatform/web/security/security/CookieTokenService.java	2011-03-23
06:27:35 UTC (rev 6114)
+++
epp/portal/branches/EPP_5_1_Branch/component/web/security/src/main/java/org/exoplatform/web/security/security/CookieTokenService.java	2011-03-23
09:04:25 UTC (rev 6115)
@@ -24,6 +24,7 @@
 import org.exoplatform.commons.chromattic.ChromatticManager;
 import org.exoplatform.commons.chromattic.ContextualTask;
 import org.exoplatform.commons.chromattic.SessionContext;
+import org.exoplatform.container.component.ComponentPlugin;
 import org.exoplatform.container.xml.InitParams;
 import org.exoplatform.web.security.Credentials;
 import org.exoplatform.web.security.GateInToken;
@@ -47,6 +48,9 @@
    /** . */
    private String lifecycleName="autologin";
 
+   //TODO: Introduce the concept of priority and store the plugins in a map structure
+   private AbstractCodec codec;
+   
    public CookieTokenService(InitParams initParams, ChromatticManager chromatticManager)
    {
       super(initParams);
@@ -56,8 +60,19 @@
     	  lifecycleName =
(String)initParams.getValuesParam(SERVICE_CONFIG).getValues().get(3);
       }
       this.chromatticLifeCycle = chromatticManager.getLifeCycle(lifecycleName);
+      
+      //Set the default codec
+      this.codec = new ToThrowAwayCodec();
    }
 
+   public final void setupCodec(ComponentPlugin codecPlugin)
+   {
+      if(codecPlugin instanceof AbstractCodec)
+      {
+         this.codec = (AbstractCodec)codecPlugin;
+      }
+   }
+   
    public String createToken(final Credentials credentials)
    {
       if (validityMillis < 0)
@@ -76,7 +91,9 @@
             long expirationTimeMillis = System.currentTimeMillis() + validityMillis;
             GateInToken token = new GateInToken(expirationTimeMillis, credentials);
             TokenContainer container = getTokenContainer();
-            container.saveToken(tokenId, token.getPayload(), new
Date(token.getExpirationTimeMillis()));
+            
+            //Save the token, password is encoded thanks to the codec
+            container.encodeAndSaveToken(tokenId, token.getPayload(), new
Date(expirationTimeMillis), codec);
             return tokenId;
          }
       }.executeWith(chromatticLifeCycle);
@@ -89,7 +106,8 @@
          @Override
          protected GateInToken execute()
          {
-            return getTokenContainer().getToken((String)id);
+            //Get the token, encoded password is decoded thanks to codec
+            return getTokenContainer().getTokenAndDecode(id, codec);
          }
       }.executeWith(chromatticLifeCycle);
    }

Copied:
epp/portal/branches/EPP_5_1_Branch/component/web/security/src/main/java/org/exoplatform/web/security/security/ToThrowAwayCodec.java
(from rev 5167,
portal/branches/branch-GTNPORTAL-1643/component/web/security/src/main/java/org/exoplatform/web/security/security/ToThrowAwayCodec.java)
===================================================================
---
epp/portal/branches/EPP_5_1_Branch/component/web/security/src/main/java/org/exoplatform/web/security/security/ToThrowAwayCodec.java	
                       (rev 0)
+++
epp/portal/branches/EPP_5_1_Branch/component/web/security/src/main/java/org/exoplatform/web/security/security/ToThrowAwayCodec.java	2011-03-23
09:04:25 UTC (rev 6115)
@@ -0,0 +1,41 @@
+/*
+ * Copyright (C) 2009 eXo Platform SAS.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.exoplatform.web.security.security;
+
+/**
+ * @author <a href="mailto:hoang281283@gmail.com">Minh Hoang
TO</a>
+ * Nov 19, 2010
+ */
+
+public class ToThrowAwayCodec extends AbstractCodec
+{
+
+   @Override
+   public String decode(String encodedInput)
+   {
+      return encodedInput;
+   }
+
+   @Override
+   public String encode(String plainInput)
+   {
+      return plainInput;
+   }
+
+}

Modified:
epp/portal/branches/EPP_5_1_Branch/component/web/security/src/main/java/org/exoplatform/web/security/security/TokenContainer.java
===================================================================
---
epp/portal/branches/EPP_5_1_Branch/component/web/security/src/main/java/org/exoplatform/web/security/security/TokenContainer.java	2011-03-23
06:27:35 UTC (rev 6114)
+++
epp/portal/branches/EPP_5_1_Branch/component/web/security/src/main/java/org/exoplatform/web/security/security/TokenContainer.java	2011-03-23
09:04:25 UTC (rev 6115)
@@ -84,5 +84,37 @@
       entry.setExpirationTime(expirationTime);
       return entry.getToken();
    }
+   
+   public GateInToken encodeAndSaveToken(String tokenId, Credentials credentials, Date
expirationTime, AbstractCodec codec)
+   {
+      Map<String, TokenEntry> tokens = getTokens();
+      TokenEntry entry = tokens.get(tokenId);
+      if (entry == null)
+      {
+         entry = createToken();
+         tokens.put(tokenId, entry);
+         entry.setUserName(credentials.getUsername());
+         entry.setPassword(codec.encode(credentials.getPassword()));
+      }
+      entry.setExpirationTime(expirationTime);
+      return entry.getToken();
+   }
+   
+   public GateInToken getTokenAndDecode(String tokenId, AbstractCodec codec)
+   {
+      Map<String, TokenEntry> tokens = getTokens();
+      TokenEntry entry = tokens.get(tokenId);
+      if(entry != null)
+      {
+         GateInToken gateInToken = entry.getToken();
+         Credentials payload = gateInToken.getPayload();
+         
+         //Return a cloned GateInToken
+         return new GateInToken(gateInToken.getExpirationTimeMillis(), new
Credentials(payload.getUsername(), codec
+               .decode(payload.getPassword())));
 
+      }
+      return null;
+   }
+
 }


    

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

gatein SVN: r6115 - epp/portal/branches/EPP_5_1_Branch/component/web/security/src/main/java/org/exoplatform/web/security/security.