Author: shane.bryzak(a)jboss.com Date: 2008-05-28 21:33:19 -0400 (Wed, 28 May 2008) New Revision: 8297 Added: trunk/src/main/org/jboss/seam/security/Credentials.java Modified: trunk/src/main/org/jboss/seam/security/Identity.java Log: separate credentials from identity Added: trunk/src/main/org/jboss/seam/security/Credentials.java =================================================================== --- trunk/src/main/org/jboss/seam/security/Credentials.java (rev 0) +++ trunk/src/main/org/jboss/seam/security/Credentials.java 2008-05-29 01:33:19 UTC (rev 8297) @@ -0,0 +1,122 @@ +package org.jboss.seam.security; + +import static org.jboss.seam.ScopeType.SESSION; +import static org.jboss.seam.annotations.Install.BUILT_IN; + +import java.io.IOException; +import java.io.Serializable; + +import javax.security.auth.callback.Callback; +import javax.security.auth.callback.CallbackHandler; +import javax.security.auth.callback.NameCallback; +import javax.security.auth.callback.PasswordCallback; +import javax.security.auth.callback.UnsupportedCallbackException; + +import org.jboss.seam.annotations.Install; +import org.jboss.seam.annotations.Name; +import org.jboss.seam.annotations.Scope; +import org.jboss.seam.annotations.Startup; +import org.jboss.seam.annotations.intercept.BypassInterceptors; +import org.jboss.seam.core.Events; +import org.jboss.seam.log.LogProvider; +import org.jboss.seam.log.Logging; + +(a)Name(&quot;org.jboss.seam.security.credentials&quot;) +@Scope(SESSION) +@Install(precedence = BUILT_IN) +@BypassInterceptors +@Startup +public class Credentials implements Serializable +{ + public static final String EVENT_CREDENTIALS_UPDATED = "org.jboss.seam.security.credentialsUpdated"; + + private static final LogProvider log = Logging.getLogProvider(Credentials.class); + + private String username; + private String password; + + private boolean invalid = false; + + public String getUsername() + { + return username; + } + + public void setUsername(String username) + { + if (this.username != username && (this.username == null || !this.username.equals(username))) + { + this.username = username; + invalid = false; + if (Events.exists()) Events.instance().raiseEvent(EVENT_CREDENTIALS_UPDATED); + } + } + + public String getPassword() + { + return password; + } + + public void setPassword(String password) + { + if (this.password != password && (this.password == null || !this.password.equals(password))) + { + this.password = password; + invalid = false; + if (Events.exists()) Events.instance().raiseEvent(EVENT_CREDENTIALS_UPDATED); + } + } + + public boolean isSet() + { + return username != null && password != null; + } + + public boolean isInvalid() + { + return invalid; + } + + public void invalidate() + { + invalid = true; + } + + public void clear() + { + username = null; + password = null; + } + + + /** + * Creates a callback handler that can handle a standard username/password + * callback, using the username and password properties. + */ + public CallbackHandler createCallbackHandler() + { + return new CallbackHandler() + { + public void handle(Callback[] callbacks) + throws IOException, UnsupportedCallbackException + { + for (int i=0; i < callbacks.length; i++) + { + if (callbacks[i] instanceof NameCallback) + { + ( (NameCallback) callbacks[i] ).setName(getUsername()); + } + else if (callbacks[i] instanceof PasswordCallback) + { + ( (PasswordCallback) callbacks[i] ).setPassword( getPassword() != null ? + getPassword().toCharArray() : null ); + } + else + { + log.warn("Unsupported callback " + callbacks[i]); + } + } + } + }; + } +} Modified: trunk/src/main/org/jboss/seam/security/Identity.java =================================================================== --- trunk/src/main/org/jboss/seam/security/Identity.java 2008-05-29 00:29:47 UTC (rev 8296) +++ trunk/src/main/org/jboss/seam/security/Identity.java 2008-05-29 01:33:19 UTC (rev 8297) @@ -3,7 +3,6 @@ import static org.jboss.seam.ScopeType.SESSION; import static org.jboss.seam.annotations.Install.BUILT_IN; -import java.io.IOException; import java.io.Serializable; import java.security.Principal; import java.security.acl.Group; @@ -13,11 +12,6 @@ import java.util.List; import javax.security.auth.Subject; -import javax.security.auth.callback.Callback; -import javax.security.auth.callback.CallbackHandler; -import javax.security.auth.callback.NameCallback; -import javax.security.auth.callback.PasswordCallback; -import javax.security.auth.callback.UnsupportedCallbackException; import javax.security.auth.login.LoginContext; import javax.security.auth.login.LoginException; @@ -59,7 +53,6 @@ public static final String EVENT_PRE_AUTHENTICATE = "org.jboss.seam.security.preAuthenticate"; public static final String EVENT_POST_AUTHENTICATE = "org.jboss.seam.security.postAuthenticate"; public static final String EVENT_LOGGED_OUT = "org.jboss.seam.security.loggedOut"; - public static final String EVENT_CREDENTIALS_UPDATED = "org.jboss.seam.security.credentialsUpdated"; public static final String EVENT_REMEMBER_ME = "org.jboss.seam.security.rememberMe"; public static final String EVENT_ALREADY_LOGGED_IN = "org.jboss.seam.security.alreadyLoggedIn"; @@ -74,8 +67,7 @@ private static final LogProvider log = Logging.getLogProvider(Identity.class); - private String username; - private String password; + private Credentials credentials; private MethodExpression authenticateMethod; @@ -104,6 +96,8 @@ { permissionMapper = (PermissionMapper) Component.getInstance(PermissionMapper.class); } + + credentials = (Credentials) Component.getInstance(Credentials.class); } public static boolean isSecurityEnabled() @@ -140,7 +134,7 @@ public boolean isLoggedIn(boolean attemptLogin) { - if (!authenticating && attemptLogin && getPrincipal() == null && isCredentialsSet() && + if (!authenticating && attemptLogin && getPrincipal() == null && credentials.isSet() && Contexts.isEventContextActive() && !Contexts.getEventContext().isSet(LOGIN_TRIED)) { @@ -161,11 +155,6 @@ { return subject; } - - public boolean isCredentialsSet() - { - return username != null && password != null; - } /** * Performs an authorization check, based on the specified security expression. @@ -241,6 +230,8 @@ } catch (LoginException ex) { + credentials.invalidate(); + if ( log.isDebugEnabled() ) { log.debug("Login failed for: " + getUsername(), ex); @@ -259,7 +250,7 @@ { try { - if (isCredentialsSet()) + if (credentials.isSet()) { authenticate(); if (isLoggedIn(false) && Contexts.isEventContextActive()) @@ -268,7 +259,10 @@ } } } - catch (LoginException ex) { } + catch (LoginException ex) + { + credentials.invalidate(); + } } /** @@ -279,7 +273,7 @@ throws LoginException { // If we're already authenticated, then don't authenticate again - if (!isLoggedIn(false)) + if (!isLoggedIn(false) && !credentials.isInvalid()) { principal = null; subject = new Subject(); @@ -300,7 +294,7 @@ finally { // Set password to null whether authentication is successful or not - password = null; + credentials.setPassword(null); authenticating = false; } } @@ -355,7 +349,7 @@ { principal = null; subject = new Subject(); - username = null; + credentials.clear(); } protected LoginContext getLoginContext() throws LoginException @@ -363,11 +357,11 @@ if (getJaasConfigName() != null) { return new LoginContext(getJaasConfigName(), getSubject(), - getDefaultCallbackHandler()); + credentials.createCallbackHandler()); } - return new LoginContext(Configuration.DEFAULT_JAAS_CONFIG_NAME, - getSubject(), getDefaultCallbackHandler(), Configuration.instance()); + return new LoginContext(Configuration.DEFAULT_JAAS_CONFIG_NAME, getSubject(), + credentials.createCallbackHandler(), Configuration.instance()); } public void logout() @@ -583,37 +577,6 @@ } /** - * Creates a callback handler that can handle a standard username/password - * callback, using the username and password properties. - */ - protected CallbackHandler getDefaultCallbackHandler() - { - return new CallbackHandler() - { - public void handle(Callback[] callbacks) - throws IOException, UnsupportedCallbackException - { - for (int i=0; i < callbacks.length; i++) - { - if (callbacks[i] instanceof NameCallback) - { - ( (NameCallback) callbacks[i] ).setName(getUsername()); - } - else if (callbacks[i] instanceof PasswordCallback) - { - ( (PasswordCallback) callbacks[i] ).setPassword( getPassword() != null ? - getPassword().toCharArray() : null ); - } - else - { - log.warn("Unsupported callback " + callbacks[i]); - } - } - } - }; - } - - /** * Evaluates the specified security expression, which must return a boolean * value. * @@ -625,32 +588,28 @@ return Expressions.instance().createValueExpression(expr, Boolean.class).getValue(); } + @Deprecated public String getUsername() { - return username; + return credentials.getUsername(); } - + + @Deprecated public void setUsername(String username) { - if (this.username != username && (this.username == null || !this.username.equals(username))) - { - this.username = username; - if (Events.exists()) Events.instance().raiseEvent(EVENT_CREDENTIALS_UPDATED); - } + credentials.setUsername(username); } + @Deprecated public String getPassword() { - return password; + return credentials.getPassword(); } + @Deprecated public void setPassword(String password) { - if (this.password != password && (this.password == null || !this.password.equals(password))) - { - this.password = password; - if (Events.exists()) Events.instance().raiseEvent(EVENT_CREDENTIALS_UPDATED); - } + credentials.setPassword(password); } public MethodExpression getAuthenticateMethod()