portals-jetspeed-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From a..@apache.org
Subject svn commit: r419015 - in /portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl: DefaultCredentialHandler.java EncodePasswordOnFirstLoadInterceptor.java
Date Tue, 04 Jul 2006 14:21:06 GMT
Author: ate
Date: Tue Jul  4 07:21:06 2006
New Revision: 419015

URL: http://svn.apache.org/viewvc?rev=419015&view=rev
Log:
Further improvement and a small fix for JS2-550: A new Two-way password encoding service allowing
decoding of encoded passwords
See: http://issues.apache.org/jira/browse/JS2-550#action_12418846
- make sure old non-encoded passwords which are encoded on first load, are recognized as using
the new encoding scheme

Modified:
    portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/DefaultCredentialHandler.java
    portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/EncodePasswordOnFirstLoadInterceptor.java

Modified: portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/DefaultCredentialHandler.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/DefaultCredentialHandler.java?rev=419015&r1=419014&r2=419015&view=diff
==============================================================================
--- portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/DefaultCredentialHandler.java
(original)
+++ portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/DefaultCredentialHandler.java
Tue Jul  4 07:21:06 2006
@@ -24,6 +24,7 @@
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+import org.apache.jetspeed.security.AlgorithmUpgradePasswordEncodingService;
 import org.apache.jetspeed.security.InvalidNewPasswordException;
 import org.apache.jetspeed.security.InvalidPasswordException;
 import org.apache.jetspeed.security.PasswordAlreadyUsedException;
@@ -241,11 +242,14 @@
         {
             // non-user (admin) modified the password
             
-            // set current time in previous auth date, and clear last authentication date
-            // !!! While this might be a bit strange logic, it is *required* for the AlgorithmUpgradePBEPasswordEncodingService
-            // to be able to distinguise password changes from other changes
-            credential.setPreviousAuthenticationDate(new Timestamp(new Date().getTime()));
-            credential.setLastAuthenticationDate(null);
+            if ( encoded && pcProvider.getEncoder() instanceof AlgorithmUpgradePasswordEncodingService
)
+            {
+                // set current time in previous auth date, and clear last authentication
date
+                // !!! While this might be a bit strange logic, it is *required* for the
AlgorithmUpgradePBEPasswordEncodingService
+                // to be able to distinguise password changes from other changes
+                credential.setPreviousAuthenticationDate(new Timestamp(new Date().getTime()));
+                credential.setLastAuthenticationDate(null);
+            }
         }
         else
         {

Modified: portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/EncodePasswordOnFirstLoadInterceptor.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/EncodePasswordOnFirstLoadInterceptor.java?rev=419015&r1=419014&r2=419015&view=diff
==============================================================================
--- portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/EncodePasswordOnFirstLoadInterceptor.java
(original)
+++ portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/EncodePasswordOnFirstLoadInterceptor.java
Tue Jul  4 07:21:06 2006
@@ -14,6 +14,10 @@
 */
 package org.apache.jetspeed.security.spi.impl;
 
+import java.sql.Timestamp;
+import java.util.Date;
+
+import org.apache.jetspeed.security.AlgorithmUpgradePasswordEncodingService;
 import org.apache.jetspeed.security.SecurityException;
 import org.apache.jetspeed.security.om.InternalCredential;
 import org.apache.jetspeed.security.spi.PasswordCredentialProvider;
@@ -43,6 +47,17 @@
         {
             credential.setValue(pcProvider.getEncoder().encode(userName,credential.getValue()));
             credential.setEncoded(true);
+            
+            if ( pcProvider.getEncoder() instanceof AlgorithmUpgradePasswordEncodingService)
+            {
+                // For the AlgorithmUpgradePBEPasswordService to be able to distinguise between
+                // old and new encoded passwords, it evaluates the last and previous authentication
timestamps.
+                // With an automatic encoding (using the new encoding schema) the last authentication
must be
+                // set to null (as the user hasn't been authenticated yet again, which leaves
the previous
+                // authentication timestamp for indicating when the (new) encoding took place.
+                credential.setPreviousAuthenticationDate(new Timestamp(new Date().getTime()));
+                credential.setLastAuthenticationDate(null);
+            }
             updated = true;
         }
         return updated;



---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org


Mime
View raw message