portals-jetspeed-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From a..@apache.org
Subject cvs commit: jakarta-jetspeed-2/portal/src/webapp/WEB-INF/assembly jetspeed-spring.xml
Date Fri, 12 Nov 2004 03:17:47 GMT
ate         2004/11/11 19:17:47

  Modified:    jetspeed-api/src/java/org/apache/jetspeed/security
                        SecurityException.java
               components/security/src/test/org/apache/jetspeed/security/spi
                        TestInternalPasswordCredentialStateHandlingInterceptor.java
               jetspeed-api/src/java/org/apache/jetspeed/security/om
                        InternalCredential.java
               components/security/src/java/org/apache/jetspeed/security/om/impl
                        InternalCredentialImpl.java
               components/security/src/java/org/apache/jetspeed/security/spi/impl
                        InternalPasswordCredentialStateHandlingInterceptor.java
                        DefaultInternalPasswordCredentialInterceptor.java
                        DefaultCredentialHandler.java
               components/security/src/java/org/apache/jetspeed/security/spi
                        InternalPasswordCredentialInterceptor.java
               components/security/src/java/META-INF
                        security_repository.xml
               portal/src/webapp/WEB-INF/assembly jetspeed-spring.xml
  Added:       components/security/src/test/org/apache/jetspeed/security/spi
                        TestInternalPasswordCredentialHistoryHandlingInterceptor.java
               components/security/src/test/META-INF sipchhi.xml
               components/security/src/java/org/apache/jetspeed/security/spi/impl
                        InternalPasswordCredentialHistoryHandlingInterceptor.java
  Log:
  JS2-151 feature: password history implemented (item 3)
  
  Revision  Changes    Path
  1.6       +3 -0      jakarta-jetspeed-2/jetspeed-api/src/java/org/apache/jetspeed/security/SecurityException.java
  
  Index: SecurityException.java
  ===================================================================
  RCS file: /home/cvs/jakarta-jetspeed-2/jetspeed-api/src/java/org/apache/jetspeed/security/SecurityException.java,v
  retrieving revision 1.5
  retrieving revision 1.6
  diff -u -r1.5 -r1.6
  --- SecurityException.java	8 Nov 2004 03:23:35 -0000	1.5
  +++ SecurityException.java	12 Nov 2004 03:17:46 -0000	1.6
  @@ -60,6 +60,9 @@
       /** <p>Invalid authentication provider exception message.</p> */
       public static final String INVALID_AUTHENTICATION_PROVIDER = "Invalid authentication
provider.";    
   
  +    /** <p>Password already used exception message.</p> */
  +    public static final String PASSWORD_ALREADY_USED = "Password already used.";
  +
       /**
        * <p>Default Constructor.</p>
        */
  
  
  
  1.3       +4 -4      jakarta-jetspeed-2/components/security/src/test/org/apache/jetspeed/security/spi/TestInternalPasswordCredentialStateHandlingInterceptor.java
  
  Index: TestInternalPasswordCredentialStateHandlingInterceptor.java
  ===================================================================
  RCS file: /home/cvs/jakarta-jetspeed-2/components/security/src/test/org/apache/jetspeed/security/spi/TestInternalPasswordCredentialStateHandlingInterceptor.java,v
  retrieving revision 1.2
  retrieving revision 1.3
  diff -u -r1.2 -r1.3
  --- TestInternalPasswordCredentialStateHandlingInterceptor.java	8 Nov 2004 22:36:04 -0000
1.2
  +++ TestInternalPasswordCredentialStateHandlingInterceptor.java	12 Nov 2004 03:17:46 -0000
1.3
  @@ -22,8 +22,8 @@
   import junit.framework.Test;
   import junit.framework.TestSuite;
   
  +import org.apache.jetspeed.security.om.InternalCredential;
   import org.apache.jetspeed.security.om.InternalUserPrincipal;
  -import org.apache.jetspeed.security.om.impl.InternalCredentialImpl;
   import org.apache.jetspeed.security.util.test.AbstractSecurityTestcase;
   
   /**
  @@ -37,7 +37,7 @@
   public class TestInternalPasswordCredentialStateHandlingInterceptor extends AbstractSecurityTestcase
   {
       private InternalUserPrincipal internalUser;
  -    private InternalCredentialImpl credential;
  +    private InternalCredential credential;
       
       protected void setUp() throws Exception
       {
  @@ -85,7 +85,7 @@
       protected void loadUser() throws Exception
       {
           internalUser = securityAccess.getInternalUserPrincipal("testcred");
  -        credential = (InternalCredentialImpl)internalUser.getCredentials().iterator().next();
  +        credential = (InternalCredential)internalUser.getCredentials().iterator().next();
       }
       
       protected void updateCredential() throws Exception
  
  
  
  1.1                  jakarta-jetspeed-2/components/security/src/test/org/apache/jetspeed/security/spi/TestInternalPasswordCredentialHistoryHandlingInterceptor.java
  
  Index: TestInternalPasswordCredentialHistoryHandlingInterceptor.java
  ===================================================================
  /* Copyright 2004 Apache Software Foundation
   *
   * Licensed under the Apache License, Version 2.0 (the "License");
   * you may not use this file except in compliance with the License.
   * You may obtain a copy of the License at
   *
   *     http://www.apache.org/licenses/LICENSE-2.0
   *
   * Unless required by applicable law or agreed to in writing, software
   * distributed under the License is distributed on an "AS IS" BASIS,
   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
   * See the License for the specific language governing permissions and
   * limitations under the License.
   */
  package org.apache.jetspeed.security.spi;
  
  import java.util.ArrayList;
  import java.util.Arrays;
  import java.util.List;
  
  import junit.framework.Test;
  import junit.framework.TestSuite;
  
  import org.apache.jetspeed.security.SecurityException;
  import org.apache.jetspeed.security.om.InternalUserPrincipal;
  import org.apache.jetspeed.security.om.impl.InternalCredentialImpl;
  import org.apache.jetspeed.security.util.test.AbstractSecurityTestcase;
  
  /**
  * <p>
   * TestInternalPasswordCredentialHistoryHandlingInterceptor
   * </p>
   * 
   * @author <a href="mailto:ate@apache.org">Ate Douma</a>
   * @version $Id: TestInternalPasswordCredentialHistoryHandlingInterceptor.java,v 1.1 2004/11/12
03:17:46 ate Exp $
   */
  public class TestInternalPasswordCredentialHistoryHandlingInterceptor extends AbstractSecurityTestcase
  {
      private InternalUserPrincipal internalUser;
      private InternalCredentialImpl credential;
      
      protected void setUp() throws Exception
      {
          super.setUp(); 
          // cleanup for previously failed test
          destroyUser();
          initUser();
      }
  
      public void tearDown() throws Exception
      {
          destroyUser();
          super.tearDown();
      }
  
      public static Test suite()
      {
          return new TestSuite(TestInternalPasswordCredentialHistoryHandlingInterceptor.class);
      }
  
      public void testPasswordHistory() throws Exception
      {
          assertTrue("should be allowed to authenticate",ums.authenticate("testcred","password"));
          ums.setPassword("testcred","password","password1");
          ums.setPassword("testcred","password1","password2");
          assertTrue("should be allowed to authenticate",ums.authenticate("testcred","password2"));
          try
          {
              ums.setPassword("testcred","password2","password");
              fail("Should not be allowed to reuse a password from password history");
          }
          catch (SecurityException sex)
          {
              assertEquals(SecurityException.PASSWORD_ALREADY_USED, sex.getMessage());
          }
          ums.setPassword("testcred","password2","password3");
          ums.setPassword("testcred","password3","password4");
          ums.setPassword("testcred","password4","password");
          assertTrue("should be allowed to authenticate",ums.authenticate("testcred","password"));
      }
  
      protected void initUser() throws Exception
      {
          ums.addUser("testcred", "password");
      }
      
      protected void destroyUser() throws Exception
      {
          ums.removeUser("testcred");
      }
      
      protected String[] getConfigurations()
      {
          String[] confs = super.getConfigurations();
          List confList = new ArrayList(Arrays.asList(confs));
          confList.add("META-INF/sipchhi.xml");
          return (String[])confList.toArray(new String[1]);
      }    
  }
  
  
  
  1.1                  jakarta-jetspeed-2/components/security/src/test/META-INF/sipchhi.xml
  
  Index: sipchhi.xml
  ===================================================================
  <?xml version="1.0" encoding="UTF-8"?>
  <!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">
  <!--
  Copyright 2004 The Apache Software Foundation
  
  Licensed under the Apache License, Version 2.0 (the "License");
  you may not use this file except in compliance with the License.
  You may obtain a copy of the License at
  
      http://www.apache.org/licenses/LICENSE-2.0
  
  Unless required by applicable law or agreed to in writing, software
  distributed under the License is distributed on an "AS IS" BASIS,
  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  See the License for the specific language governing permissions and
  limitations under the License.
  -->
  <beans>
   <!-- MessageDigestCredentialPasswordEncoder usage -->
    <bean id="org.apache.jetspeed.security.spi.CredentialPasswordValidator" 
         class="org.apache.jetspeed.security.spi.impl.DefaultCredentialPasswordValidator"/>
  
    <bean id="org.apache.jetspeed.security.spi.CredentialPasswordEncoder" 
         class="org.apache.jetspeed.security.spi.impl.MessageDigestCredentialPasswordEncoder">
         <constructor-arg index="0"><value>SHA-1</value></constructor-arg>
      
    </bean>       
  
    <bean id="org.apache.jetspeed.security.spi.InternalPasswordCredentialInterceptor" 
         class="org.apache.jetspeed.security.spi.impl.InternalPasswordCredentialHistoryHandlingInterceptor">
         <constructor-arg index="0"><value>3</value></constructor-arg>
      
         <constructor-arg index="1"><value>7</value></constructor-arg>
         <!-- historySize -->       
         <constructor-arg index="2"><value>3</value></constructor-arg>
      
    </bean>
  
    <bean id="org.apache.jetspeed.security.spi.PasswordCredentialProvider" 
         class="org.apache.jetspeed.security.spi.impl.DefaultPasswordCredentialProvider">
         <constructor-arg index="0"><ref bean="org.apache.jetspeed.security.spi.CredentialPasswordValidator"/></constructor-arg>
      
         <constructor-arg index="1"><null/></constructor-arg>       
    </bean>       
  
    <!-- Security SPI: CredentialHandler -->
    <bean id="org.apache.jetspeed.security.spi.CredentialHandler" 
         class="org.apache.jetspeed.security.spi.impl.DefaultCredentialHandler"
    >       
         <constructor-arg index="0"><ref bean="org.apache.jetspeed.security.spi.SecurityAccess"/></constructor-arg>
      
         <constructor-arg index="1"><ref bean="org.apache.jetspeed.security.spi.PasswordCredentialProvider"/></constructor-arg>
      
         <constructor-arg index="2"><ref bean="org.apache.jetspeed.security.spi.InternalPasswordCredentialInterceptor"/></constructor-arg>
      
    </bean>
    
  </beans>
  
  
  
  1.3       +5 -0      jakarta-jetspeed-2/jetspeed-api/src/java/org/apache/jetspeed/security/om/InternalCredential.java
  
  Index: InternalCredential.java
  ===================================================================
  RCS file: /home/cvs/jakarta-jetspeed-2/jetspeed-api/src/java/org/apache/jetspeed/security/om/InternalCredential.java,v
  retrieving revision 1.2
  retrieving revision 1.3
  diff -u -r1.2 -r1.3
  --- InternalCredential.java	8 Nov 2004 03:23:36 -0000	1.2
  +++ InternalCredential.java	12 Nov 2004 03:17:46 -0000	1.3
  @@ -37,6 +37,11 @@
    */
   public interface InternalCredential extends Serializable, Cloneable
   {
  +    /** Private credentials type. */
  +    public static final int PRIVATE = 0;
  +    /** Public credentials type. */
  +    public static final int PUBLIC = 1;
  +
       /**
        * <p>Getter for the credential id.</p>
        * @return The credential id.
  
  
  
  1.3       +40 -1     jakarta-jetspeed-2/components/security/src/java/org/apache/jetspeed/security/om/impl/InternalCredentialImpl.java
  
  Index: InternalCredentialImpl.java
  ===================================================================
  RCS file: /home/cvs/jakarta-jetspeed-2/components/security/src/java/org/apache/jetspeed/security/om/impl/InternalCredentialImpl.java,v
  retrieving revision 1.2
  retrieving revision 1.3
  diff -u -r1.2 -r1.3
  --- InternalCredentialImpl.java	8 Nov 2004 03:23:35 -0000	1.2
  +++ InternalCredentialImpl.java	12 Nov 2004 03:17:46 -0000	1.3
  @@ -18,6 +18,7 @@
   import java.sql.Timestamp;
   
   import org.apache.jetspeed.security.om.InternalCredential;
  +import org.apache.jetspeed.util.HashCodeBuilder;
   
   /**
    * <p>{@link InternalCredential} interface implementation.</p>
  @@ -34,7 +35,7 @@
       }
   
       /**
  -     * <p>InternalPrincipal constructor given a value, type and classname.</p>
  +     * <p>InternalCredentialImpl constructor given a value, type and classname.</p>
        * @param principalId The principal id.
        * @param value The value.
        * @param type The type.
  @@ -49,6 +50,28 @@
           this.creationDate = new Timestamp(System.currentTimeMillis());
           this.modifiedDate = this.creationDate;
       }
  +    
  +    /**
  +     * <p>InternalCredentialImpl copy constructor given another InternalCredential
and overriding classname</p>
  +     * @param credential The credential to copy from
  +     * @param classname The classname for the new credential
  +     */
  +    public InternalCredentialImpl(InternalCredential credential, String classname)
  +    {
  +        this.authenticationFailures = credential.getAuthenticationFailures();
  +        this.classname = classname;
  +        this.creationDate = credential.getCreationDate();
  +        this.enabled = credential.isEnabled();
  +        this.encoded = credential.isEncoded();
  +        this.expirationDate = credential.getExpirationDate();
  +        this.expired = credential.isExpired();
  +        this.lastLogonDate = credential.getLastLogonDate();
  +        this.modifiedDate = credential.getModifiedDate();
  +        this.principalId = credential.getPrincipalId();
  +        this.type = credential.getType();
  +        this.updateRequired = credential.isUpdateRequired();
  +        this.value = credential.getValue();
  +    }
   
       private long credentialId;
   
  @@ -301,6 +324,22 @@
       {
           this.lastLogonDate = lastLogonDate;
       }
  +    
  +    /**
  +     * @see java.lang.Object#hashCode()
  +     */
  +    public int hashCode()
  +    {
  +        HashCodeBuilder hasher = new HashCodeBuilder(1, 3);
  +        hasher.append(getPrincipalId());
  +        hasher.append(getCreationDate().getTime());
  +        if (getClassname() != null)
  +        {
  +            hasher.append(getClassname());
  +        }
  +        return hasher.toHashCode();
  +    }
  +    
   
       /**
        * <p>Compares this {@link InternalCredential} to the provided credential
  
  
  
  1.3       +4 -4      jakarta-jetspeed-2/components/security/src/java/org/apache/jetspeed/security/spi/impl/InternalPasswordCredentialStateHandlingInterceptor.java
  
  Index: InternalPasswordCredentialStateHandlingInterceptor.java
  ===================================================================
  RCS file: /home/cvs/jakarta-jetspeed-2/components/security/src/java/org/apache/jetspeed/security/spi/impl/InternalPasswordCredentialStateHandlingInterceptor.java,v
  retrieving revision 1.2
  retrieving revision 1.3
  diff -u -r1.2 -r1.3
  --- InternalPasswordCredentialStateHandlingInterceptor.java	8 Nov 2004 22:35:41 -0000	1.2
  +++ InternalPasswordCredentialStateHandlingInterceptor.java	12 Nov 2004 03:17:46 -0000	1.3
  @@ -103,12 +103,12 @@
       }
       
       /**
  -     * @see org.apache.jetspeed.security.spi.InternalPasswordCredentialInterceptor#beforeSetPassword(org.apache.jetspeed.security.om.InternalUserPrincipal,
java.util.Collection, java.lang.String, org.apache.jetspeed.security.om.InternalCredential,
java.lang.String)
  +     * @see org.apache.jetspeed.security.spi.InternalPasswordCredentialInterceptor#beforeSetPassword(org.apache.jetspeed.security.om.InternalUserPrincipal,
java.util.Collection, java.lang.String, org.apache.jetspeed.security.om.InternalCredential,
java.lang.String, boolean)
        */
       public void beforeSetPassword(InternalUserPrincipal internalUser, Collection credentials,
String userName,
  -            InternalCredential credential, String password) throws SecurityException
  +            InternalCredential credential, String password, boolean authenticated) throws
SecurityException
       {
  -        super.beforeSetPassword(internalUser, credentials, userName, credential, password);
  +        super.beforeSetPassword(internalUser, credentials, userName, credential, password,
authenticated);
           credential.setExpirationDate(new Date(System.currentTimeMillis()+maxLifeSpanInMillis));
           credential.setExpired(false);
           credential.setAuthenticationFailures(0);
  
  
  
  1.3       +3 -3      jakarta-jetspeed-2/components/security/src/java/org/apache/jetspeed/security/spi/impl/DefaultInternalPasswordCredentialInterceptor.java
  
  Index: DefaultInternalPasswordCredentialInterceptor.java
  ===================================================================
  RCS file: /home/cvs/jakarta-jetspeed-2/components/security/src/java/org/apache/jetspeed/security/spi/impl/DefaultInternalPasswordCredentialInterceptor.java,v
  retrieving revision 1.2
  retrieving revision 1.3
  diff -u -r1.2 -r1.3
  --- DefaultInternalPasswordCredentialInterceptor.java	8 Nov 2004 22:35:41 -0000	1.2
  +++ DefaultInternalPasswordCredentialInterceptor.java	12 Nov 2004 03:17:46 -0000	1.3
  @@ -74,10 +74,10 @@
       }
   
       /**
  -     * @see org.apache.jetspeed.security.spi.InternalPasswordCredentialInterceptor#beforeSetPassword(org.apache.jetspeed.security.om.InternalUserPrincipal,
java.util.Collection, java.lang.String, org.apache.jetspeed.security.om.InternalCredential,
java.lang.String)
  +     * @see org.apache.jetspeed.security.spi.InternalPasswordCredentialInterceptor#beforeSetPassword(org.apache.jetspeed.security.om.InternalUserPrincipal,
java.util.Collection, java.lang.String, org.apache.jetspeed.security.om.InternalCredential,
java.lang.String, boolean)
        */
       public void beforeSetPassword(InternalUserPrincipal internalUser, Collection credentials,
String userName,
  -            InternalCredential credential, String password) throws SecurityException
  +            InternalCredential credential, String password, boolean authenticated) throws
SecurityException
       {
       }
   }
  
  
  
  1.10      +4 -10     jakarta-jetspeed-2/components/security/src/java/org/apache/jetspeed/security/spi/impl/DefaultCredentialHandler.java
  
  Index: DefaultCredentialHandler.java
  ===================================================================
  RCS file: /home/cvs/jakarta-jetspeed-2/components/security/src/java/org/apache/jetspeed/security/spi/impl/DefaultCredentialHandler.java,v
  retrieving revision 1.9
  retrieving revision 1.10
  diff -u -r1.9 -r1.10
  --- DefaultCredentialHandler.java	8 Nov 2004 03:23:35 -0000	1.9
  +++ DefaultCredentialHandler.java	12 Nov 2004 03:17:46 -0000	1.10
  @@ -40,12 +40,6 @@
   {
       private static final Log log = LogFactory.getLog(DefaultCredentialHandler.class);
   
  -    /** Private credentials type. */
  -    private static final int PRIVATE = 0;
  -
  -    /** Public credentials type. */
  -    private static final int PUBLIC = 1;
  -
       private SecurityAccess securityAccess;
   
       private PasswordCredentialProvider pcProvider;
  @@ -106,7 +100,7 @@
               while (iter.hasNext())
               {
                   credential = (InternalCredential) iter.next();
  -                if (credential.getType() == PRIVATE )
  +                if (credential.getType() == InternalCredential.PRIVATE )
                   {
                       if ((null != credential.getClassname())
                               && (credential.getClassname().equals(pcProvider.getPasswordCredentialClass().getName())))
  @@ -184,9 +178,9 @@
   
           boolean create = credential == null;
   
  -        if ( credential == null )
  +        if ( create )
           {
  -            credential = new InternalCredentialImpl(internalUser.getPrincipalId(), newPassword,
PRIVATE,
  +            credential = new InternalCredentialImpl(internalUser.getPrincipalId(), newPassword,
InternalCredential.PRIVATE,
                               pcProvider.getPasswordCredentialClass().getName());
               credential.setEncoded(encoded);
               credentials.add(credential);
  @@ -212,7 +206,7 @@
               }
               else
               {
  -                ipcInterceptor.beforeSetPassword(internalUser, credentials, userName, credential,
newPassword );
  +                ipcInterceptor.beforeSetPassword(internalUser, credentials, userName, credential,
newPassword, oldPassword != null );
               }
           }
           if (!create)
  
  
  
  1.1                  jakarta-jetspeed-2/components/security/src/java/org/apache/jetspeed/security/spi/impl/InternalPasswordCredentialHistoryHandlingInterceptor.java
  
  Index: InternalPasswordCredentialHistoryHandlingInterceptor.java
  ===================================================================
  /* Copyright 2004 Apache Software Foundation
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
  package org.apache.jetspeed.security.spi.impl;
  
  import java.sql.Timestamp;
  import java.util.ArrayList;
  import java.util.Collection;
  import java.util.Collections;
  import java.util.Comparator;
  import java.util.Iterator;
  
  import org.apache.jetspeed.security.SecurityException;
  import org.apache.jetspeed.security.om.InternalCredential;
  import org.apache.jetspeed.security.om.InternalUserPrincipal;
  import org.apache.jetspeed.security.om.impl.InternalCredentialImpl;
  
  /**
   * <p>
   * InternalPasswordCredentialHistoryHandlingInterceptor
   * </p>
   * 
   * @author <a href="mailto:ate@apache.org">Ate Douma</a>
   * @version $Id: InternalPasswordCredentialHistoryHandlingInterceptor.java,v 1.1 2004/11/12
03:17:46 ate Exp $
   */
  public class InternalPasswordCredentialHistoryHandlingInterceptor extends
          InternalPasswordCredentialStateHandlingInterceptor
  {
      private int historySize;
      
      private static String HISTORICAL_PASSWORD_CREDENTIAL = "org.apache.jetspeed.security.spi.impl.HistoricalPasswordCredentialImpl";
      
      private static final Comparator internalCredentialCreationDateComparator =
          new Comparator()
          {
              public int compare(Object obj1, Object obj2)
              {
                  return ((InternalCredential)obj2).getCreationDate().compareTo(((InternalCredential)obj1).getCreationDate());
              }
          };
      
      public InternalPasswordCredentialHistoryHandlingInterceptor(int maxNumberOfAuthenticationFailures,
              int maxLifeSpanInDays, int historySize)
      {
          super(maxNumberOfAuthenticationFailures, maxLifeSpanInDays);
          this.historySize = historySize;
      }
      
      /**
       * @see org.apache.jetspeed.security.spi.InternalPasswordCredentialStateHandlingInterceptor#beforeSetPassword(org.apache.jetspeed.security.om.InternalUserPrincipal,
java.util.Collection, java.lang.String, org.apache.jetspeed.security.om.InternalCredential,
java.lang.String, boolean)
       */
      public void beforeSetPassword(InternalUserPrincipal internalUser, Collection credentials,
String userName,
              InternalCredential credential, String password, boolean authenticated) throws
SecurityException
      {
          Collection internalCredentials = internalUser.getCredentials();
          ArrayList historicalPasswordCredentials = new ArrayList();
          if ( internalCredentials != null )
          {
              InternalCredential currCredential;
              Iterator iter = internalCredentials.iterator();
              
              while (iter.hasNext())
              {
                  currCredential = (InternalCredential) iter.next();
                  if (currCredential.getType() == InternalCredential.PRIVATE )
                  {
                      if ((null != currCredential.getClassname())
                              && (currCredential.getClassname().equals(HISTORICAL_PASSWORD_CREDENTIAL)))
                      {
                          historicalPasswordCredentials.add(currCredential);
                      }
                  }
              }
          }
          if (historicalPasswordCredentials.size() > 1)
          {
              Collections.sort(historicalPasswordCredentials,internalCredentialCreationDateComparator);
          }
          
          int historyCount = historyCount = historicalPasswordCredentials.size();
          InternalCredential historicalPasswordCredential;
          if ( authenticated )
          {
              // check password already used
              for ( int i = 0; i < historyCount && i < historySize; i++ )
              {
                  historicalPasswordCredential = (InternalCredential)historicalPasswordCredentials.get(i);
                  if ( historicalPasswordCredential.getValue() != null &&
                          historicalPasswordCredential.getValue().equals(password) )
                  {
                      throw new SecurityException(SecurityException.PASSWORD_ALREADY_USED);
                  }
              }
          }
  
          for ( int i = historySize-1; i < historyCount; i++ )
          {
              credentials.remove(historicalPasswordCredentials.get(i));
          }
          historicalPasswordCredential = new InternalCredentialImpl(credential,HISTORICAL_PASSWORD_CREDENTIAL);
          credentials.add(historicalPasswordCredential);
          
          // fake update to current InternalCredential as being an insert of a new one
          credential.setCreationDate(new Timestamp(System.currentTimeMillis()));
          
          super.beforeSetPassword(internalUser, credentials, userName, credential, password,
authenticated);
      }
  }
  
  
  
  1.3       +2 -2      jakarta-jetspeed-2/components/security/src/java/org/apache/jetspeed/security/spi/InternalPasswordCredentialInterceptor.java
  
  Index: InternalPasswordCredentialInterceptor.java
  ===================================================================
  RCS file: /home/cvs/jakarta-jetspeed-2/components/security/src/java/org/apache/jetspeed/security/spi/InternalPasswordCredentialInterceptor.java,v
  retrieving revision 1.2
  retrieving revision 1.3
  diff -u -r1.2 -r1.3
  --- InternalPasswordCredentialInterceptor.java	8 Nov 2004 22:35:41 -0000	1.2
  +++ InternalPasswordCredentialInterceptor.java	12 Nov 2004 03:17:46 -0000	1.3
  @@ -33,5 +33,5 @@
       boolean afterLoad(PasswordCredentialProvider pcProvider, String userName, InternalCredential
credential) throws SecurityException;
       boolean afterAuthenticated(InternalUserPrincipal internalUser, String userName, InternalCredential
credential, boolean authenticated) throws SecurityException;
       void beforeCreate(InternalUserPrincipal internalUser, Collection credentials, String
userName, InternalCredential credential, String password) throws SecurityException;
  -    void beforeSetPassword(InternalUserPrincipal internalUser, Collection credentials,
String userName, InternalCredential credential, String password) throws SecurityException;
  +    void beforeSetPassword(InternalUserPrincipal internalUser, Collection credentials,
String userName, InternalCredential credential, String password, boolean authenticated) throws
SecurityException;
   }
  
  
  
  1.3       +2 -0      jakarta-jetspeed-2/components/security/src/java/META-INF/security_repository.xml
  
  Index: security_repository.xml
  ===================================================================
  RCS file: /home/cvs/jakarta-jetspeed-2/components/security/src/java/META-INF/security_repository.xml,v
  retrieving revision 1.2
  retrieving revision 1.3
  diff -u -r1.2 -r1.3
  --- security_repository.xml	8 Nov 2004 03:23:36 -0000	1.2
  +++ security_repository.xml	12 Nov 2004 03:17:46 -0000	1.3
  @@ -81,6 +81,8 @@
   	    <collection-descriptor
   	        name="credentials"
   	        element-class-ref="org.apache.jetspeed.security.om.impl.InternalCredentialImpl"
  +          proxy="true"
  +          refresh="true"          
   	        auto-retrieve="true"
   	        auto-update="object"
   	        auto-delete="object"
  
  
  
  1.32      +3 -1      jakarta-jetspeed-2/portal/src/webapp/WEB-INF/assembly/jetspeed-spring.xml
  
  Index: jetspeed-spring.xml
  ===================================================================
  RCS file: /home/cvs/jakarta-jetspeed-2/portal/src/webapp/WEB-INF/assembly/jetspeed-spring.xml,v
  retrieving revision 1.31
  retrieving revision 1.32
  diff -u -r1.31 -r1.32
  --- jetspeed-spring.xml	8 Nov 2004 03:23:37 -0000	1.31
  +++ jetspeed-spring.xml	12 Nov 2004 03:17:47 -0000	1.32
  @@ -385,11 +385,13 @@
     </bean>       
   
     <bean id="org.apache.jetspeed.security.spi.InternalPasswordCredentialInterceptor"

  -       class="org.apache.jetspeed.security.spi.impl.InternalPasswordCredentialStateHandlingInterceptor">
  +       class="org.apache.jetspeed.security.spi.impl.InternalPasswordCredentialHistoryHandlingInterceptor">
          <!-- maxNumberOfAuthenticationFailures -->
          <constructor-arg index="0"><value>3</value></constructor-arg>
 
          <!-- maxLifeSpanInDays -->     
          <constructor-arg index="1"><value>60</value></constructor-arg>
      
  +       <!-- historySize -->     
  +       <constructor-arg index="2"><value>3</value></constructor-arg>
      
     </bean>
   
     <!-- Security SPI: CredentialHandler -->
  
  
  

---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jetspeed-dev-help@jakarta.apache.org


Mime
View raw message