Author: bdaw Date: 2006-12-19 18:28:04 -0500 (Tue, 19 Dec 2006) New Revision: 5907 Modified: trunk/identity/src/main/org/jboss/portal/identity/IdentityConfiguration.java trunk/identity/src/main/org/jboss/portal/identity/auth/IdentityLoginModule.java trunk/identity/src/main/org/jboss/portal/identity/ldap/LDAPConnectionContext.java trunk/identity/src/main/org/jboss/portal/identity/ldap/LDAPRoleImpl.java trunk/identity/src/main/org/jboss/portal/identity/ldap/LDAPRoleModule.java trunk/identity/src/main/org/jboss/portal/identity/ldap/LDAPRoleModuleImpl.java trunk/identity/src/main/org/jboss/portal/identity/ldap/LDAPStaticGroupMembershipModuleImpl.java trunk/identity/src/main/org/jboss/portal/identity/ldap/LDAPStaticRoleMembershipModuleImpl.java trunk/identity/src/main/org/jboss/portal/identity/ldap/LDAPUserImpl.java trunk/identity/src/main/org/jboss/portal/identity/ldap/LDAPUserModule.java trunk/identity/src/main/org/jboss/portal/identity/ldap/LDAPUserModuleImpl.java Log: - implement LDAPUserImpl password validating/updating correctly - fixed LDAPRoleImpl Modified: trunk/identity/src/main/org/jboss/portal/identity/IdentityConfiguration.java =================================================================== --- trunk/identity/src/main/org/jboss/portal/identity/IdentityConfiguration.java 2006-12-19 20:26:59 UTC (rev 5906) +++ trunk/identity/src/main/org/jboss/portal/identity/IdentityConfiguration.java 2006-12-19 23:28:04 UTC (rev 5907) @@ -82,7 +82,9 @@ public static final String HASH_ENCODING = "hashEncoding"; + public static final String ENCODE_PASSWORD_ON_UPDATE = "encodePasswordOnUpdate"; + public Set getValues(String optionGroup, String option); public String getValue(String optionGroup, String option); Modified: trunk/identity/src/main/org/jboss/portal/identity/auth/IdentityLoginModule.java =================================================================== Modified: trunk/identity/src/main/org/jboss/portal/identity/ldap/LDAPConnectionContext.java =================================================================== --- trunk/identity/src/main/org/jboss/portal/identity/ldap/LDAPConnectionContext.java 2006-12-19 20:26:59 UTC (rev 5906) +++ trunk/identity/src/main/org/jboss/portal/identity/ldap/LDAPConnectionContext.java 2006-12-19 23:28:04 UTC (rev 5907) @@ -31,6 +31,7 @@ import javax.naming.NamingException; import javax.naming.ldap.InitialLdapContext; import java.util.Hashtable; +import java.util.Map; /** * Keeps configuration of connection to LDAP server @@ -86,18 +87,22 @@ }*/ + public Hashtable getEnvironment() + { + Hashtable env = new Hashtable(); + env.put(Context.INITIAL_CONTEXT_FACTORY, this.getContextFactory()); + env.put(Context.PROVIDER_URL, "ldap://" + getHost() + ":" + getPort()); + env.put(Context.SECURITY_AUTHENTICATION, this.getAuthentication()); + env.put(Context.SECURITY_PRINCIPAL, this.getAdminDN()); + env.put(Context.SECURITY_CREDENTIALS, this.getAdminPassword()); + return env; + } - public InitialLdapContext createInitialContext() throws IdentityException { try { - Hashtable env = new Hashtable(); - env.put(Context.INITIAL_CONTEXT_FACTORY, this.getContextFactory()); - env.put(Context.PROVIDER_URL, "ldap://" + getHost() + ":" + getPort()); - env.put(Context.SECURITY_AUTHENTICATION, this.getAuthentication()); - env.put(Context.SECURITY_PRINCIPAL, this.getAdminDN()); - env.put(Context.SECURITY_CREDENTIALS, this.getAdminPassword()); + Hashtable env = getEnvironment(); return new InitialLdapContext(env, null); } catch (NamingException e) Modified: trunk/identity/src/main/org/jboss/portal/identity/ldap/LDAPRoleImpl.java =================================================================== --- trunk/identity/src/main/org/jboss/portal/identity/ldap/LDAPRoleImpl.java 2006-12-19 20:26:59 UTC (rev 5906) +++ trunk/identity/src/main/org/jboss/portal/identity/ldap/LDAPRoleImpl.java 2006-12-19 23:28:04 UTC (rev 5907) @@ -24,6 +24,7 @@ import org.jboss.portal.identity.Role; import org.jboss.portal.identity.IdentityContext; +import org.jboss.portal.identity.IdentityException; /** * @author <a href="mailto:boleslaw.dawidowicz@jboss.org">Boleslaw Dawidowicz</a> @@ -33,9 +34,6 @@ { private static final org.jboss.logging.Logger log = org.jboss.logging.Logger.getLogger(LDAPRoleImpl.class); - //TODO: make setters to update the state of the entry - - //TODO:only to make a fasade for implementing old Role interface private IdentityContext identityContext; private String dn; @@ -44,6 +42,8 @@ private String displayName; + private LDAPRoleModule roleModule; + private LDAPRoleImpl() { @@ -90,10 +90,22 @@ public void setDisplayName(String name) { - this.displayName = name; + if (name == null) + { + throw new IllegalArgumentException("DisplayName is null"); + } + try + { + getRoleModule().updateDisplayName(this, name); + this.displayName = name; + } + catch (IdentityException e) + { + log.debug("Unable to update role displayName: ", e); + } } - //TODO: fasade to MembershipModule.getUsers() method call - change this + // public Set getUsers() // { // try @@ -108,7 +120,24 @@ // return null; // } + protected LDAPRoleModule getRoleModule() throws IdentityException + { + if (roleModule == null) + { + try + { + this.roleModule = (LDAPRoleModule)identityContext.getObject(IdentityContext.TYPE_ROLE_MODULE); + } + catch (ClassCastException e) + { + throw new IdentityException("Not supported object as part of the context", e); + } + } + return roleModule; + } + + //************************** //*** Getter and Setters //************************** Modified: trunk/identity/src/main/org/jboss/portal/identity/ldap/LDAPRoleModule.java =================================================================== --- trunk/identity/src/main/org/jboss/portal/identity/ldap/LDAPRoleModule.java 2006-12-19 20:26:59 UTC (rev 5906) +++ trunk/identity/src/main/org/jboss/portal/identity/ldap/LDAPRoleModule.java 2006-12-19 23:28:04 UTC (rev 5907) @@ -28,6 +28,9 @@ import javax.naming.directory.Attributes; import javax.naming.directory.Attribute; +import javax.naming.directory.BasicAttributes; +import javax.naming.directory.BasicAttribute; +import javax.naming.directory.DirContext; import javax.naming.NamingException; import javax.naming.NamingEnumeration; import javax.naming.InitialContext; @@ -56,7 +59,30 @@ super.startService(); //To change body of overridden methods use File | Settings | File Templates. } + public void updateDisplayName(LDAPRoleImpl ldapr, String name) throws IdentityException + { + String attributeName = getDisplayNameAttributeID(); + try + { + //TODO: maybe perform a schema check if this attribute is allowed for such entry + + Attributes attrs = new BasicAttributes(true); + Attribute attr = new BasicAttribute(attributeName); + attr.add(name); + attrs.put(attr); + + getConnectionContext().createInitialContext().modifyAttributes(ldapr.getDn(), DirContext.REPLACE_ATTRIBUTE,attrs); + } + catch (NamingException e) + { + throw new IdentityException("Cannot set role displayName value.", e); + } + + } + + + protected LDAPRoleImpl createRoleInstance(Attributes attrs, String dn) throws IdentityException { LDAPRoleImpl ldapr = null; Modified: trunk/identity/src/main/org/jboss/portal/identity/ldap/LDAPRoleModuleImpl.java =================================================================== --- trunk/identity/src/main/org/jboss/portal/identity/ldap/LDAPRoleModuleImpl.java 2006-12-19 20:26:59 UTC (rev 5906) +++ trunk/identity/src/main/org/jboss/portal/identity/ldap/LDAPRoleModuleImpl.java 2006-12-19 23:28:04 UTC (rev 5907) @@ -91,7 +91,7 @@ { throw new IdentityException("Role search failed.", e); } - return null; + throw new IdentityException("No role found with name: " + name); } public Set findRolesByNames(String[] names) throws IdentityException, IllegalArgumentException Modified: trunk/identity/src/main/org/jboss/portal/identity/ldap/LDAPStaticGroupMembershipModuleImpl.java =================================================================== --- trunk/identity/src/main/org/jboss/portal/identity/ldap/LDAPStaticGroupMembershipModuleImpl.java 2006-12-19 20:26:59 UTC (rev 5906) +++ trunk/identity/src/main/org/jboss/portal/identity/ldap/LDAPStaticGroupMembershipModuleImpl.java 2006-12-19 23:28:04 UTC (rev 5907) @@ -378,10 +378,20 @@ } - //TODO:don't forget to add this.... + //TODO: Implement usage of conditions! public Set findRoleMembers(String roleName, int offset, int limit, String userNameFilter) throws IdentityException { - throw new UnsupportedOperationException("Not yet implemented"); + //throw new UnsupportedOperationException("Not yet implemented"); + Role role = getRoleModule().findRoleByName(roleName); + //if exception was thrown - propagate it, if not.... + if (role != null) + { + return getUsers(role); + } + else + { + throw new IdentityException("Role not found with roleName: " + roleName ); + } } Modified: trunk/identity/src/main/org/jboss/portal/identity/ldap/LDAPStaticRoleMembershipModuleImpl.java =================================================================== --- trunk/identity/src/main/org/jboss/portal/identity/ldap/LDAPStaticRoleMembershipModuleImpl.java 2006-12-19 20:26:59 UTC (rev 5906) +++ trunk/identity/src/main/org/jboss/portal/identity/ldap/LDAPStaticRoleMembershipModuleImpl.java 2006-12-19 23:28:04 UTC (rev 5907) @@ -367,9 +367,19 @@ } - //TODO:don't forget to add this.... + //TODO: Implement usage of conditions! public Set findRoleMembers(String roleName, int offset, int limit, String userNameFilter) throws IdentityException { - throw new UnsupportedOperationException("Not yet implemented"); + //throw new UnsupportedOperationException("Not yet implemented"); + Role role = getRoleModule().findRoleByName(roleName); + //if exception was thrown - propagate it, if not.... + if (role != null) + { + return getUsers(role); + } + else + { + throw new IdentityException("Role not found with roleName: " + roleName ); + } } } Modified: trunk/identity/src/main/org/jboss/portal/identity/ldap/LDAPUserImpl.java =================================================================== --- trunk/identity/src/main/org/jboss/portal/identity/ldap/LDAPUserImpl.java 2006-12-19 20:26:59 UTC (rev 5906) +++ trunk/identity/src/main/org/jboss/portal/identity/ldap/LDAPUserImpl.java 2006-12-19 23:28:04 UTC (rev 5907) @@ -51,10 +51,19 @@ //In ldap implementation it acts as a userName private String id; - private String password; + //private String password; //private String realEmail; + LDAPUserModule userModule; + + /** + * internal + */ + private String algorithm; + + private String encoding; + private LDAPUserImpl() { @@ -65,10 +74,9 @@ * * @param dn * @param context - * @param password - should contain already encrypted password from ldap * @throws IdentityException */ - protected LDAPUserImpl(String dn, IdentityContext context, String id, String password) throws IdentityException + protected LDAPUserImpl(String dn, IdentityContext context, String id) throws IdentityException { if (dn == null) { @@ -81,10 +89,10 @@ throw new IllegalArgumentException("IdentityContext can't be null"); } - if (password == null) - { - throw new IllegalArgumentException("Password can't be null"); - } +// if (password == null) +// { +// throw new IllegalArgumentException("Password can't be null"); +// } if (id == null) { @@ -92,7 +100,6 @@ } this.identityContext = context; - this.password = password; //this.realEmail = email; this.id = id; @@ -100,57 +107,38 @@ public void updatePassword(String password) { - //TODO: somehow update the password to ldap? - String algorithm = getHashAlgorightm(); - if (algorithm == null) + if (password == null) { - this.password = password; + throw new IllegalArgumentException("Password is null"); } - else + try { - try - { - this.password = Tools.hashAndEncodeString(password,algorithm, getHashEncoding()); - } - catch(Exception e) - { - log.error("Cannot update the password",e); - } + getUserModule().updatePassword(this, password); } + catch (IdentityException e) + { + log.debug("Password update failure: " + e); + } } public boolean validatePassword(String password) { - - String algorithm = getHashAlgorightm(); - if (algorithm == null) + if (password == null) { - return this.password.equals(password); + throw new IllegalArgumentException("Password is null"); } - else + try { - try - { - return this.password.equals(Tools.hashAndEncodeString(password,algorithm, getHashEncoding())); - } - catch(NoSuchAlgorithmException e) - { - log.error("Cannot validate the password",e); - } - return false; + return getUserModule().validatePassword(this,password); } + catch (IdentityException e) + { + log.debug("Password validation failure: " + e); + } + return false; } - public String getPassword() - { - return this.password; - } - public void setPassword(String password) - { - this.password = password; - } - //************************** //*** Getter and Setters //************************** @@ -197,32 +185,21 @@ return (IdentityConfiguration)identityContext.getObject(IdentityContext.TYPE_IDENTITY_CONFIGURATION); } - private String getHashAlgorightm() + protected LDAPUserModule getUserModule() throws IdentityException { - try - { - return getIdentityConfiguration().getValue(IdentityConfiguration.HASH_ALGORITHM); - } - catch(Exception e) - { - return null; - } - } - private String getHashEncoding() - { - try + if (userModule == null) { - String enc = getIdentityConfiguration().getValue(IdentityConfiguration.HASH_ENCODING); - if (enc != null) + try { - return enc; + this.userModule = (LDAPUserModule)identityContext.getObject(IdentityContext.TYPE_USER_MODULE); } + catch (ClassCastException e) + { + throw new IdentityException("Not supported object as part of the context - must be LDAPUserModule", e); + } } - catch(Exception e) - { - //nothing - } - return "hex"; + return userModule; } + } Modified: trunk/identity/src/main/org/jboss/portal/identity/ldap/LDAPUserModule.java =================================================================== --- trunk/identity/src/main/org/jboss/portal/identity/ldap/LDAPUserModule.java 2006-12-19 20:26:59 UTC (rev 5906) +++ trunk/identity/src/main/org/jboss/portal/identity/ldap/LDAPUserModule.java 2006-12-19 23:28:04 UTC (rev 5907) @@ -31,11 +31,17 @@ import javax.naming.directory.Attributes; import javax.naming.directory.Attribute; +import javax.naming.directory.BasicAttributes; +import javax.naming.directory.BasicAttribute; +import javax.naming.directory.DirContext; import javax.naming.NamingException; import javax.naming.NamingEnumeration; import javax.naming.InitialContext; +import javax.naming.Context; +import javax.naming.ldap.InitialLdapContext; import java.util.NoSuchElementException; import java.util.Map; +import java.util.Hashtable; /** * Abstract LDAPUserModule that should be extended to provide compabitibility across identity modules @@ -64,7 +70,49 @@ super.startService(); //To change body of overridden methods use File | Settings | File Templates. } - //TODO: add enabled + public void updatePassword(LDAPUserImpl ldapu, String password) throws IdentityException + { + String attributeName = getPasswordAttributeId(); + + try + { + //TODO: maybe perform a schema check if this attribute is allowed for such entry + + Attributes attrs = new BasicAttributes(true); + Attribute attr = new BasicAttribute(attributeName); + attr.add(password); + attrs.put(attr); + + getConnectionContext().createInitialContext().modifyAttributes(ldapu.getDn(), DirContext.REPLACE_ATTRIBUTE,attrs); + } + catch (NamingException e) + { + throw new IdentityException("Cannot set user password value.", e); + } + + } + + public boolean validatePassword(LDAPUserImpl ldapu, String password) throws IdentityException + { + Hashtable env =getConnectionContext().getEnvironment(); + env.put(Context.SECURITY_PRINCIPAL, ldapu.getDn()); + env.put(Context.SECURITY_CREDENTIALS, password); + try + { + InitialContext ctx = new InitialLdapContext(env, null); + if (ctx != null) + { + return true; + } + } + catch (NamingException e) + { + // + } + return false; + } + + public LDAPUserImpl createUserInstance(Attributes attrs, String dn) throws IdentityException { LDAPUserImpl ldapu = null; @@ -79,13 +127,13 @@ throw new IdentityException("LDAP entry doesn't contain proper attribute:" + getUidAttributeID()); } - Attribute passwd = attrs.get(getPasswordAttributeId()); - if (passwd == null) - { - throw new IdentityException("LDAP entry doesn't contain proper attribute:" + getPasswordAttributeId()); - } +// Attribute passwd = attrs.get(getPasswordAttributeId()); +// if (passwd == null) +// { +// throw new IdentityException("LDAP entry doesn't contain proper attribute:" + getPasswordAttributeId()); +// } - ldapu = new LDAPUserImpl(dn,getIdentityContext(), uida.get().toString(), passwd.get().toString()); + ldapu = new LDAPUserImpl(dn,getIdentityContext(), uida.get().toString()); log.debug("user uid: " + ldapu.getId()); Modified: trunk/identity/src/main/org/jboss/portal/identity/ldap/LDAPUserModuleImpl.java =================================================================== --- trunk/identity/src/main/org/jboss/portal/identity/ldap/LDAPUserModuleImpl.java 2006-12-19 20:26:59 UTC (rev 5906) +++ trunk/identity/src/main/org/jboss/portal/identity/ldap/LDAPUserModuleImpl.java 2006-12-19 23:28:04 UTC (rev 5907) @@ -171,16 +171,17 @@ } //TODO:testcase password behaviour - String algorithm = getHashAlgorightm(); - if (algorithm == null) - { - attrs.put(getPasswordAttributeId(), password); - } - else - { - attrs.put(getPasswordAttributeId(), Tools.hashAndEncodeString(password,algorithm, getHashEncoding())); - } +// String algorithm = getHashAlgorightm(); +// if (algorithm == null) +// { +// attrs.put(getPasswordAttributeId(), password); +// } +// else +// { +// attrs.put(getPasswordAttributeId(), Tools.hashAndEncodeString(password,algorithm, getHashEncoding())); +// } + attrs.put(getPasswordAttributeId(), password); // //email //attrs.put(getEmailAttributeId(), realEmail); @@ -190,10 +191,10 @@ log.debug("creating ldap entry for: " + dn + "; " + attrs); ctx.createSubcontext(dn, attrs); } - catch (NoSuchAlgorithmException e) - { - throw new IdentityException("Failed to create user", e); - } +// catch (NoSuchAlgorithmException e) +// { +// throw new IdentityException("Failed to create user", e); +// } catch (NamingException e) { throw new IdentityException("Failed to create user", e);