From do-not-reply at jboss.org Wed Mar 23 05:04:26 2011
Content-Type: multipart/mixed; boundary="===============7109217862610140823=="
MIME-Version: 1.0
From: do-not-reply at jboss.org
To: gatein-commits at lists.jboss.org
Subject: [gatein-commits] gatein SVN: r6115 -
epp/portal/branches/EPP_5_1_Branch/component/web/security/src/main/java/org/exoplatform/web/security/security.
Date: Wed, 23 Mar 2011 05:04:25 -0400
Message-ID: <201103230904.p2N94Pl3025003@svn01.web.mwc.hst.phx2.redhat.com>
--===============7109217862610140823==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Author: hfnukal
Date: 2011-03-23 05:04:25 -0400 (Wed, 23 Mar 2011)
New Revision: 6115
Added:
epp/portal/branches/EPP_5_1_Branch/component/web/security/src/main/java/=
org/exoplatform/web/security/security/AbstractCodec.java
epp/portal/branches/EPP_5_1_Branch/component/web/security/src/main/java/=
org/exoplatform/web/security/security/ToThrowAwayCodec.java
Modified:
epp/portal/branches/EPP_5_1_Branch/component/web/security/src/main/java/=
org/exoplatform/web/security/security/CookieTokenService.java
epp/portal/branches/EPP_5_1_Branch/component/web/security/src/main/java/=
org/exoplatform/web/security/security/TokenContainer.java
Log:
JBEPP-610: Passwords saved by CookieTokenService are in JCR DB in plain form
Copied: epp/portal/branches/EPP_5_1_Branch/component/web/security/src/main/=
java/org/exoplatform/web/security/security/AbstractCodec.java (from rev 516=
7, portal/branches/branch-GTNPORTAL-1643/component/web/security/src/main/ja=
va/org/exoplatform/web/security/security/AbstractCodec.java)
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
--- epp/portal/branches/EPP_5_1_Branch/component/web/security/src/main/java=
/org/exoplatform/web/security/security/AbstractCodec.java =
(rev 0)
+++ epp/portal/branches/EPP_5_1_Branch/component/web/security/src/main/java=
/org/exoplatform/web/security/security/AbstractCodec.java 2011-03-23 09:04:=
25 UTC (rev 6115)
@@ -0,0 +1,42 @@
+/*
+ * Copyright (C) 2009 eXo Platform SAS.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.exoplatform.web.security.security;
+
+import org.exoplatform.container.component.BaseComponentPlugin;
+
+/**
+ * Abstract codec used to encode/decode password stored/loaded on/from tok=
en entry
+ * =
+ * @author Minh Hoang TO
+ * Nov 19, 2010
+ */
+
+public abstract class AbstractCodec extends BaseComponentPlugin
+{
+
+ public String getName()
+ {
+ return this.getClass().toString();
+ }
+ =
+ public abstract String encode(String plainInput);
+ =
+ public abstract String decode(String encodedInput);
+ =
+}
Modified: epp/portal/branches/EPP_5_1_Branch/component/web/security/src/mai=
n/java/org/exoplatform/web/security/security/CookieTokenService.java
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
--- epp/portal/branches/EPP_5_1_Branch/component/web/security/src/main/java=
/org/exoplatform/web/security/security/CookieTokenService.java 2011-03-23 0=
6:27:35 UTC (rev 6114)
+++ epp/portal/branches/EPP_5_1_Branch/component/web/security/src/main/java=
/org/exoplatform/web/security/security/CookieTokenService.java 2011-03-23 0=
9:04:25 UTC (rev 6115)
@@ -24,6 +24,7 @@
import org.exoplatform.commons.chromattic.ChromatticManager;
import org.exoplatform.commons.chromattic.ContextualTask;
import org.exoplatform.commons.chromattic.SessionContext;
+import org.exoplatform.container.component.ComponentPlugin;
import org.exoplatform.container.xml.InitParams;
import org.exoplatform.web.security.Credentials;
import org.exoplatform.web.security.GateInToken;
@@ -47,6 +48,9 @@
/** . */
private String lifecycleName=3D"autologin";
=
+ //TODO: Introduce the concept of priority and store the plugins in a ma=
p structure
+ private AbstractCodec codec;
+ =
public CookieTokenService(InitParams initParams, ChromatticManager chro=
matticManager)
{
super(initParams);
@@ -56,8 +60,19 @@
lifecycleName =3D (String)initParams.getValuesParam(SERVICE_CONFIG)=
.getValues().get(3);
}
this.chromatticLifeCycle =3D chromatticManager.getLifeCycle(lifecycl=
eName);
+ =
+ //Set the default codec
+ this.codec =3D new ToThrowAwayCodec();
}
=
+ public final void setupCodec(ComponentPlugin codecPlugin)
+ {
+ if(codecPlugin instanceof AbstractCodec)
+ {
+ this.codec =3D (AbstractCodec)codecPlugin;
+ }
+ }
+ =
public String createToken(final Credentials credentials)
{
if (validityMillis < 0)
@@ -76,7 +91,9 @@
long expirationTimeMillis =3D System.currentTimeMillis() + val=
idityMillis;
GateInToken token =3D new GateInToken(expirationTimeMillis, cr=
edentials);
TokenContainer container =3D getTokenContainer();
- container.saveToken(tokenId, token.getPayload(), new Date(toke=
n.getExpirationTimeMillis()));
+ =
+ //Save the token, password is encoded thanks to the codec
+ container.encodeAndSaveToken(tokenId, token.getPayload(), new =
Date(expirationTimeMillis), codec);
return tokenId;
}
}.executeWith(chromatticLifeCycle);
@@ -89,7 +106,8 @@
@Override
protected GateInToken execute()
{
- return getTokenContainer().getToken((String)id);
+ //Get the token, encoded password is decoded thanks to codec
+ return getTokenContainer().getTokenAndDecode(id, codec);
}
}.executeWith(chromatticLifeCycle);
}
Copied: epp/portal/branches/EPP_5_1_Branch/component/web/security/src/main/=
java/org/exoplatform/web/security/security/ToThrowAwayCodec.java (from rev =
5167, portal/branches/branch-GTNPORTAL-1643/component/web/security/src/main=
/java/org/exoplatform/web/security/security/ToThrowAwayCodec.java)
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
--- epp/portal/branches/EPP_5_1_Branch/component/web/security/src/main/java=
/org/exoplatform/web/security/security/ToThrowAwayCodec.java =
(rev 0)
+++ epp/portal/branches/EPP_5_1_Branch/component/web/security/src/main/java=
/org/exoplatform/web/security/security/ToThrowAwayCodec.java 2011-03-23 09:=
04:25 UTC (rev 6115)
@@ -0,0 +1,41 @@
+/*
+ * Copyright (C) 2009 eXo Platform SAS.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.exoplatform.web.security.security;
+
+/**
+ * @author Minh Hoang TO
+ * Nov 19, 2010
+ */
+
+public class ToThrowAwayCodec extends AbstractCodec
+{
+
+ @Override
+ public String decode(String encodedInput)
+ {
+ return encodedInput;
+ }
+
+ @Override
+ public String encode(String plainInput)
+ {
+ return plainInput;
+ }
+
+}
Modified: epp/portal/branches/EPP_5_1_Branch/component/web/security/src/mai=
n/java/org/exoplatform/web/security/security/TokenContainer.java
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
--- epp/portal/branches/EPP_5_1_Branch/component/web/security/src/main/java=
/org/exoplatform/web/security/security/TokenContainer.java 2011-03-23 06:27=
:35 UTC (rev 6114)
+++ epp/portal/branches/EPP_5_1_Branch/component/web/security/src/main/java=
/org/exoplatform/web/security/security/TokenContainer.java 2011-03-23 09:04=
:25 UTC (rev 6115)
@@ -84,5 +84,37 @@
entry.setExpirationTime(expirationTime);
return entry.getToken();
}
+ =
+ public GateInToken encodeAndSaveToken(String tokenId, Credentials crede=
ntials, Date expirationTime, AbstractCodec codec)
+ {
+ Map tokens =3D getTokens();
+ TokenEntry entry =3D tokens.get(tokenId);
+ if (entry =3D=3D null)
+ {
+ entry =3D createToken();
+ tokens.put(tokenId, entry);
+ entry.setUserName(credentials.getUsername());
+ entry.setPassword(codec.encode(credentials.getPassword()));
+ }
+ entry.setExpirationTime(expirationTime);
+ return entry.getToken();
+ }
+ =
+ public GateInToken getTokenAndDecode(String tokenId, AbstractCodec code=
c)
+ {
+ Map tokens =3D getTokens();
+ TokenEntry entry =3D tokens.get(tokenId);
+ if(entry !=3D null)
+ {
+ GateInToken gateInToken =3D entry.getToken();
+ Credentials payload =3D gateInToken.getPayload();
+ =
+ //Return a cloned GateInToken
+ return new GateInToken(gateInToken.getExpirationTimeMillis(), new=
Credentials(payload.getUsername(), codec
+ .decode(payload.getPassword())));
=
+ }
+ return null;
+ }
+
}
--===============7109217862610140823==--