Seam SVN: r7324 - trunk/src/main/org/jboss/seam/security.
by seam-commits@lists.jboss.org
Author: shane.bryzak(a)jboss.com
Date: 2008-01-31 17:54:14 -0500 (Thu, 31 Jan 2008)
New Revision: 7324
Modified:
trunk/src/main/org/jboss/seam/security/Identity.java
Log:
reset the username upon unauthenticating
Modified: trunk/src/main/org/jboss/seam/security/Identity.java
===================================================================
--- trunk/src/main/org/jboss/seam/security/Identity.java 2008-01-31 22:53:19 UTC (rev 7323)
+++ trunk/src/main/org/jboss/seam/security/Identity.java 2008-01-31 22:54:14 UTC (rev 7324)
@@ -305,6 +305,7 @@
{
principal = null;
subject = new Subject();
+ username = null;
}
protected LoginContext getLoginContext() throws LoginException
16 years, 10 months
Seam SVN: r7323 - trunk/src/main/org/jboss/seam/security.
by seam-commits@lists.jboss.org
Author: shane.bryzak(a)jboss.com
Date: 2008-01-31 17:53:19 -0500 (Thu, 31 Jan 2008)
New Revision: 7323
Modified:
trunk/src/main/org/jboss/seam/security/RuleBasedIdentity.java
Log:
oops, fixed compile error
Modified: trunk/src/main/org/jboss/seam/security/RuleBasedIdentity.java
===================================================================
--- trunk/src/main/org/jboss/seam/security/RuleBasedIdentity.java 2008-01-31 08:46:36 UTC (rev 7322)
+++ trunk/src/main/org/jboss/seam/security/RuleBasedIdentity.java 2008-01-31 22:53:19 UTC (rev 7323)
@@ -179,7 +179,7 @@
@SuppressWarnings("unchecked")
@Override
- protected void unAuthenticate()
+ public void unAuthenticate()
{
StatefulSession securityContext = getSecurityContext();
16 years, 10 months
Seam SVN: r7322 - trunk/src/remoting/org/jboss/seam/remoting.
by seam-commits@lists.jboss.org
Author: shane.bryzak(a)jboss.com
Date: 2008-01-31 03:46:36 -0500 (Thu, 31 Jan 2008)
New Revision: 7322
Modified:
trunk/src/remoting/org/jboss/seam/remoting/remote.js
Log:
JBSEAM-1679
Modified: trunk/src/remoting/org/jboss/seam/remoting/remote.js
===================================================================
--- trunk/src/remoting/org/jboss/seam/remoting/remote.js 2008-01-31 08:33:54 UTC (rev 7321)
+++ trunk/src/remoting/org/jboss/seam/remoting/remote.js 2008-01-31 08:46:36 UTC (rev 7322)
@@ -739,7 +739,7 @@
var value = Seam.Remoting.unmarshalValue(valueNode.firstChild, refs);
- call.callback(value, context);
+ call.callback(value, context, callId);
}
}
16 years, 10 months
Seam SVN: r7321 - trunk/doc/reference/en/modules.
by seam-commits@lists.jboss.org
Author: shane.bryzak(a)jboss.com
Date: 2008-01-31 03:33:54 -0500 (Thu, 31 Jan 2008)
New Revision: 7321
Modified:
trunk/doc/reference/en/modules/security.xml
Log:
documented RunAsOperation
Modified: trunk/doc/reference/en/modules/security.xml
===================================================================
--- trunk/doc/reference/en/modules/security.xml 2008-01-31 07:43:40 UTC (rev 7320)
+++ trunk/doc/reference/en/modules/security.xml 2008-01-31 08:33:54 UTC (rev 7321)
@@ -1465,7 +1465,47 @@
</table>
</sect1>
+
+ <sect1>
+ <title>Run As</title>
+
+ <para>
+ Sometimes it may be necessary to perform certain operations with elevated privileges, such
+ as creating a new user account as an unauthenticated user. Seam Security supports such a
+ mechanism via the <literal>RunAsOperation</literal> class. This class allows either the
+ <literal>Principal</literal> or <literal>Subject</literal>, or the user's roles to be
+ overridden for a single set of operations.
+ </para>
+
+ <para>
+ The following code example demonstrates how <literal>RunAsOperation</literal> is used, by
+ overriding its <literal>getRoles()</literal> method to specify a set of roles to masquerade
+ as for the duration of the operation. The <literal>execute()</literal> method contains the
+ code that will be executed with the elevated privileges.
+ </para>
+
+ <programlisting><![CDATA[ new RunAsOperation() {
+ @Override
+ public String[] getRoles() {
+ return new String[] { "admin" };
+ }
+
+ public void execute() {
+ identityManager.createAccount(username, password);
+ identityManager.grantRole(username, "user");
+ }
+ }.run();]]></programlisting>
+
+ <para>
+ In a similar way, the <literal>getPrincipal()</literal> or <literal>getSubject()</literal>
+ methods can also be overriden to specify the <literal>Principal</literal> and
+ <literal>Subject</literal> instances to use for the duration of the operation.
+ Finally, the <literal>run()</literal> method is used to carry out the
+ <literal>RunAsOperation</literal>.
+ </para>
+ </sect1>
+
<sect1>
<title>Extending the Identity component</title>
@@ -1669,6 +1709,40 @@
Please note that this is a required parameter, and must always be specified when using the
<literal>JPAIdentityStore</literal>.
</para>
+
+ <sect3>
+ <title>Password hashing</title>
+
+ <para>
+ The <literal>JPAIdentityStore</literal> stores a salted hash of the user's password, using the username
+ as the source material for salt generation. This guarantees that two users with the same password will
+ still have different password hashes. The method for generating a password hash is listed here for
+ convenience - it may be useful for generating password hashes for inclusion in DML scripts, etc:
+ </para>
+
+ <programlisting><![CDATA[
+ public String hashPassword(String password, String saltPhrase)
+ {
+ try {
+ MessageDigest md = MessageDigest.getInstance("MD5");
+
+ md.update(saltPhrase.getBytes());
+ byte[] salt = md.digest();
+
+ md.reset();
+ md.update(password.getBytes("UTF-8"));
+ md.update(salt);
+
+ byte[] raw = md.digest();
+
+ return new String(Hex.encodeHex(raw));
+ }
+ catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ }
+ ]]></programlisting>
+ </sect3>
</sect2>
16 years, 10 months
Seam SVN: r7320 - trunk/src/main/org/jboss/seam/security.
by seam-commits@lists.jboss.org
Author: shane.bryzak(a)jboss.com
Date: 2008-01-31 02:43:40 -0500 (Thu, 31 Jan 2008)
New Revision: 7320
Modified:
trunk/src/main/org/jboss/seam/security/Identity.java
Log:
JBSEAM-895
Modified: trunk/src/main/org/jboss/seam/security/Identity.java
===================================================================
--- trunk/src/main/org/jboss/seam/security/Identity.java 2008-01-31 07:38:49 UTC (rev 7319)
+++ trunk/src/main/org/jboss/seam/security/Identity.java 2008-01-31 07:43:40 UTC (rev 7320)
@@ -301,18 +301,10 @@
* group from the user's subject.
*
*/
- protected void unAuthenticate()
+ public void unAuthenticate()
{
principal = null;
-
- for ( Group sg : getSubject().getPrincipals(Group.class) )
- {
- if ( ROLES_GROUP.equals( sg.getName() ) )
- {
- getSubject().getPrincipals().remove(sg);
- break;
- }
- }
+ subject = new Subject();
}
protected LoginContext getLoginContext() throws LoginException
16 years, 10 months
Seam SVN: r7319 - trunk/src/main/org/jboss/seam/security.
by seam-commits@lists.jboss.org
Author: shane.bryzak(a)jboss.com
Date: 2008-01-31 02:38:49 -0500 (Thu, 31 Jan 2008)
New Revision: 7319
Modified:
trunk/src/main/org/jboss/seam/security/Identity.java
Log:
we already set principal to null in unauthenticate()
Modified: trunk/src/main/org/jboss/seam/security/Identity.java
===================================================================
--- trunk/src/main/org/jboss/seam/security/Identity.java 2008-01-31 03:40:19 UTC (rev 7318)
+++ trunk/src/main/org/jboss/seam/security/Identity.java 2008-01-31 07:38:49 UTC (rev 7319)
@@ -329,7 +329,6 @@
public void logout()
{
- principal = null;
unAuthenticate();
Session.instance().invalidate();
if (Events.exists()) Events.instance().raiseEvent(EVENT_LOGGED_OUT);
16 years, 10 months
Seam SVN: r7318 - in trunk/src/main/org/jboss/seam: web and 1 other directory.
by seam-commits@lists.jboss.org
Author: shane.bryzak(a)jboss.com
Date: 2008-01-30 22:40:19 -0500 (Wed, 30 Jan 2008)
New Revision: 7318
Modified:
trunk/src/main/org/jboss/seam/security/Identity.java
trunk/src/main/org/jboss/seam/web/AuthenticationFilter.java
Log:
JBSEAM-2556
Modified: trunk/src/main/org/jboss/seam/security/Identity.java
===================================================================
--- trunk/src/main/org/jboss/seam/security/Identity.java 2008-01-30 21:49:43 UTC (rev 7317)
+++ trunk/src/main/org/jboss/seam/security/Identity.java 2008-01-31 03:40:19 UTC (rev 7318)
@@ -255,6 +255,8 @@
}
finally
{
+ // Set password to null whether authentication is successful or not
+ password = null;
authenticating = false;
}
}
@@ -290,8 +292,6 @@
}
preAuthenticationRoles.clear();
}
-
- password = null;
if (Events.exists()) Events.instance().raiseEvent(EVENT_POST_AUTHENTICATE, this);
}
Modified: trunk/src/main/org/jboss/seam/web/AuthenticationFilter.java
===================================================================
--- trunk/src/main/org/jboss/seam/web/AuthenticationFilter.java 2008-01-30 21:49:43 UTC (rev 7317)
+++ trunk/src/main/org/jboss/seam/web/AuthenticationFilter.java 2008-01-31 03:40:19 UTC (rev 7318)
@@ -114,6 +114,9 @@
HttpServletRequest httpRequest = (HttpServletRequest) request;
HttpServletResponse httpResponse = (HttpServletResponse) response;
+ // Force session creation
+ httpRequest.getSession();
+
if (AUTH_TYPE_BASIC.equals(authType))
processBasicAuth(httpRequest, httpResponse, chain);
else if (AUTH_TYPE_DIGEST.equals(authType))
@@ -155,7 +158,7 @@
}
}
- if (!identity.isLoggedIn() && !identity.isCredentialsSet())
+ if (!requireAuth && !identity.isLoggedIn() && !identity.isCredentialsSet())
{
requireAuth = true;
}
@@ -184,7 +187,8 @@
HttpServletResponse response, FilterChain chain)
throws IOException, ServletException
{
- Identity identity = (Identity) request.getSession().getAttribute( Seam.getComponentName(Identity.class) );
+ Context ctx = new SessionContext( new ServletRequestSessionMap(request) );
+ Identity identity = (Identity) ctx.get(Identity.class);
boolean requireAuth = false;
boolean nonceExpired = false;
16 years, 10 months
Seam SVN: r7317 - branches/Seam_2_0/build.
by seam-commits@lists.jboss.org
Author: norman.richards(a)jboss.com
Date: 2008-01-30 16:49:43 -0500 (Wed, 30 Jan 2008)
New Revision: 7317
Modified:
branches/Seam_2_0/build/default.build.properties
Log:
revert qualifier
Modified: branches/Seam_2_0/build/default.build.properties
===================================================================
--- branches/Seam_2_0/build/default.build.properties 2008-01-30 21:45:52 UTC (rev 7316)
+++ branches/Seam_2_0/build/default.build.properties 2008-01-30 21:49:43 UTC (rev 7317)
@@ -8,7 +8,7 @@
major.version 2
minor.version .0
patchlevel .1
-qualifier .GA
+qualifier -SNAPSHOT
#
# Other program locations
# -----------------------
16 years, 10 months
Seam SVN: r7316 - trunk/src/pdf/org/jboss/seam/pdf.
by seam-commits@lists.jboss.org
Author: norman.richards(a)jboss.com
Date: 2008-01-30 16:45:52 -0500 (Wed, 30 Jan 2008)
New Revision: 7316
Modified:
trunk/src/pdf/org/jboss/seam/pdf/DocumentData.java
Log:
JBSEAM-2554
Modified: trunk/src/pdf/org/jboss/seam/pdf/DocumentData.java
===================================================================
--- trunk/src/pdf/org/jboss/seam/pdf/DocumentData.java 2008-01-30 19:34:52 UTC (rev 7315)
+++ trunk/src/pdf/org/jboss/seam/pdf/DocumentData.java 2008-01-30 21:45:52 UTC (rev 7316)
@@ -41,7 +41,9 @@
return disposition;
}
- static public class DocumentType {
+ static public class DocumentType
+ implements Serializable
+ {
private String mimeType;
private String extension;
16 years, 10 months
Seam SVN: r7315 - branches/Seam_2_0/bootstrap.
by seam-commits@lists.jboss.org
Author: pete.muir(a)jboss.org
Date: 2008-01-30 14:34:52 -0500 (Wed, 30 Jan 2008)
New Revision: 7315
Modified:
branches/Seam_2_0/bootstrap/
Log:
ignores
Property changes on: branches/Seam_2_0/bootstrap
___________________________________________________________________
Name: svn:ignore
+ tmp
data
16 years, 10 months