[seam-commits] Seam SVN: r7849 - trunk/src/main/org/jboss/seam/security/management.
seam-commits at lists.jboss.org
seam-commits at lists.jboss.org
Mon Apr 7 21:09:57 EDT 2008
Author: shane.bryzak at jboss.com
Date: 2008-04-07 21:09:57 -0400 (Mon, 07 Apr 2008)
New Revision: 7849
Modified:
trunk/src/main/org/jboss/seam/security/management/JpaIdentityStore.java
Log:
fix password hashing
Modified: trunk/src/main/org/jboss/seam/security/management/JpaIdentityStore.java
===================================================================
--- trunk/src/main/org/jboss/seam/security/management/JpaIdentityStore.java 2008-04-07 23:55:47 UTC (rev 7848)
+++ trunk/src/main/org/jboss/seam/security/management/JpaIdentityStore.java 2008-04-08 01:09:57 UTC (rev 7849)
@@ -69,13 +69,13 @@
private Field propertyField;
private Method propertyGetter;
private Method propertySetter;
- private Class<? extends Annotation> annotation;
+ private Annotation annotation;
private String name;
private Class propertyClass;
private boolean isFieldProperty;
- public BeanProperty(Field propertyField, Class<? extends Annotation> annotation)
+ public BeanProperty(Field propertyField, Annotation annotation)
{
this.propertyField = propertyField;
isFieldProperty = true;
@@ -84,7 +84,7 @@
this.propertyClass = propertyField.getDeclaringClass();
}
- public BeanProperty(Method propertyMethod, Class<? extends Annotation> annotation)
+ public BeanProperty(Method propertyMethod, Annotation annotation)
{
if (!(propertyMethod.getName().startsWith("get") || (propertyMethod.getName().startsWith("is"))))
{
@@ -188,7 +188,7 @@
}
}
- public Class<? extends Annotation> getAnnotation()
+ public Annotation getAnnotation()
{
return annotation;
}
@@ -213,8 +213,6 @@
private BeanProperty roleNameProperty;
private BeanProperty roleGroupsProperty;
- private String passwordHash;
-
public Set<Feature> getFeatures()
{
return featureSet.getFeatures();
@@ -300,12 +298,18 @@
{
for (Field f : cls.getFields())
{
- if (f.isAnnotationPresent(annotation)) return new BeanProperty(f, annotation);
+ if (f.isAnnotationPresent(annotation))
+ {
+ return new BeanProperty(f, f.getAnnotation(annotation));
+ }
}
for (Method m : cls.getMethods())
{
- if (m.isAnnotationPresent(annotation)) return new BeanProperty(m, annotation);
+ if (m.isAnnotationPresent(annotation))
+ {
+ return new BeanProperty(m, m.getAnnotation(annotation));
+ }
}
return null;
@@ -337,11 +341,8 @@
if (userEnabledProperty != null) userEnabledProperty.setValue(user, false);
}
else
- {
- String passwordValue = passwordHash == null ? password :
- PasswordHash.instance().generateSaltedHash(password, getUserAccountSalt(user));
-
- userPasswordProperty.setValue(user, passwordValue);
+ {
+ userPasswordProperty.setValue(user, generatePasswordHash(password, getUserAccountSalt(user)));
if (userEnabledProperty != null) userEnabledProperty.setValue(user, true);
}
@@ -451,6 +452,8 @@
public boolean addRoleToGroup(String role, String group)
{
+ if (roleGroupsProperty == null) return false;
+
Object targetRole = lookupRole(role);
if (targetRole == null)
{
@@ -463,43 +466,53 @@
throw new NoSuchRoleException("Could not grant role, group '" + group + "' does not exist");
}
- if (roleGroupsProperty != null)
+
+ Collection roleGroups = (Collection) roleGroupsProperty.getValue(targetRole);
+ if (roleGroups == null)
{
- Collection roleGroups = (Collection) roleGroupsProperty.getValue(targetRole);
- if (roleGroups == null)
+ // This should either be a Set, or a List...
+ if (Set.class.isAssignableFrom(roleGroupsProperty.getPropertyClass()))
{
- // This should either be a Set, or a List...
- if (Set.class.isAssignableFrom(roleGroupsProperty.getPropertyClass()))
- {
- roleGroups = new HashSet();
- }
- else if (List.class.isAssignableFrom(roleGroupsProperty.getPropertyClass()))
- {
- roleGroups = new ArrayList();
- }
-
- roleGroupsProperty.setValue(targetRole, roleGroups);
+ roleGroups = new HashSet();
}
- else if (((Collection) roleGroupsProperty.getValue(targetRole)).contains(targetGroup))
+ else if (List.class.isAssignableFrom(roleGroupsProperty.getPropertyClass()))
{
- return false;
+ roleGroups = new ArrayList();
}
-
- ((Collection) roleGroupsProperty.getValue(targetRole)).add(targetGroup);
- mergeEntity(targetRole);
- return true;
+ roleGroupsProperty.setValue(targetRole, roleGroups);
}
- else
+ else if (((Collection) roleGroupsProperty.getValue(targetRole)).contains(targetGroup))
{
return false;
}
+
+ ((Collection) roleGroupsProperty.getValue(targetRole)).add(targetGroup);
+ mergeEntity(targetRole);
+
+ return true;
}
public boolean removeRoleFromGroup(String role, String group)
{
- // TODO Auto-generated method stub
- return false;
+ if (roleGroupsProperty == null) return false;
+
+ Object roleToRemove = lookupRole(role);
+ if (role == null)
+ {
+ throw new NoSuchUserException("Could not remove role from group, no such role '" + role + "'");
+ }
+
+ Object targetGroup = lookupRole(group);
+ if (targetGroup == null)
+ {
+ throw new NoSuchRoleException("Could not remove role from group, no such group '" + group + "'");
+ }
+
+ boolean success = ((Collection) roleGroupsProperty.getValue(roleToRemove)).remove(targetGroup);
+
+ if (success) mergeEntity(roleToRemove);
+ return success;
}
public boolean createRole(String role)
@@ -606,7 +619,7 @@
throw new NoSuchUserException("Could not change password, user '" + username + "' does not exist");
}
- userPasswordProperty.setValue(user, PasswordHash.instance().generateSaltedHash(password, getUserAccountSalt(user)));
+ userPasswordProperty.setValue(user, generatePasswordHash(password, getUserAccountSalt(user)));
mergeEntity(user);
return true;
}
@@ -715,6 +728,38 @@
}
}
+ private String generatePasswordHash(String password, String salt)
+ {
+ String algorithm = ((UserPassword) userPasswordProperty.getAnnotation()).hash();
+
+ if (algorithm == null || "".equals(algorithm))
+ {
+ if (salt == null || "".equals(salt))
+ {
+ return PasswordHash.instance().generateHash(password);
+ }
+ else
+ {
+ return PasswordHash.instance().generateSaltedHash(password, salt);
+ }
+ }
+ else if ("none".equals(algorithm))
+ {
+ return password;
+ }
+ else
+ {
+ if (salt == null || "".equals(salt))
+ {
+ return PasswordHash.instance().generateHash(password, algorithm);
+ }
+ else
+ {
+ return PasswordHash.instance().generateSaltedHash(password, salt, algorithm);
+ }
+ }
+ }
+
public boolean authenticate(String username, String password)
{
Object user = lookupUser(username);
@@ -723,7 +768,7 @@
return false;
}
- String passwordHash = PasswordHash.instance().generateSaltedHash(password, getUserAccountSalt(user));
+ String passwordHash = generatePasswordHash(password, getUserAccountSalt(user));
boolean success = passwordHash.equals(userPasswordProperty.getValue(user));
if (success && Events.exists())
More information about the seam-commits
mailing list