portals-jetspeed-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From tay...@apache.org
Subject svn commit: r544402 - in /portals/jetspeed-2/trunk: components/portal/src/java/org/apache/jetspeed/login/ components/portal/src/java/org/apache/jetspeed/security/impl/ components/portal/src/test/org/apache/jetspeed/pipeline/ components/security/src/jav...
Date Tue, 05 Jun 2007 06:20:02 GMT
Author: taylor
Date: Mon Jun  4 23:20:00 2007
New Revision: 544402

URL: http://svn.apache.org/viewvc?view=rev&rev=544402
Log:
https://issues.apache.org/jira/browse/JS2-712

Added:
    portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/activeauthentication/
    portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/activeauthentication/ActiveAuthenticationIdentityProviderImpl.java
    portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/activeauthentication/IdentityTokenImpl.java
    portals/jetspeed-2/trunk/jetspeed-api/src/java/org/apache/jetspeed/security/activeauthentication/
    portals/jetspeed-2/trunk/jetspeed-api/src/java/org/apache/jetspeed/security/activeauthentication/ActiveAuthenticationIdentityProvider.java
    portals/jetspeed-2/trunk/jetspeed-api/src/java/org/apache/jetspeed/security/activeauthentication/IdentityToken.java
Modified:
    portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/login/LoginProxyServlet.java
    portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/login/LoginRedirectorServlet.java
    portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/security/impl/AbstractSecurityValve.java
    portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/security/impl/LoginValidationValveImpl.java
    portals/jetspeed-2/trunk/components/portal/src/test/org/apache/jetspeed/pipeline/TestPipeline.java
    portals/jetspeed-2/trunk/etc/db-ojb/ehcache.xml
    portals/jetspeed-2/trunk/jetspeed-api/src/java/org/apache/jetspeed/login/LoginConstants.java
    portals/jetspeed-2/trunk/src/webapp/WEB-INF/assembly/administration.xml
    portals/jetspeed-2/trunk/src/webapp/WEB-INF/assembly/cache.xml

Modified: portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/login/LoginProxyServlet.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/login/LoginProxyServlet.java?view=diff&rev=544402&r1=544401&r2=544402
==============================================================================
--- portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/login/LoginProxyServlet.java
(original)
+++ portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/login/LoginProxyServlet.java
Mon Jun  4 23:20:00 2007
@@ -17,6 +17,8 @@
 package org.apache.jetspeed.login;
 
 import java.io.IOException;
+import java.util.Iterator;
+import java.util.List;
 
 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServlet;
@@ -27,6 +29,8 @@
 import org.apache.jetspeed.Jetspeed;
 import org.apache.jetspeed.PortalReservedParameters;
 import org.apache.jetspeed.administration.PortalAuthenticationConfiguration;
+import org.apache.jetspeed.security.activeauthentication.ActiveAuthenticationIdentityProvider;
+import org.apache.jetspeed.security.activeauthentication.IdentityToken;
 
 /**
  * LoginProxyServlet
@@ -43,14 +47,7 @@
         String parameter;
 
         request.setCharacterEncoding( "UTF-8" );
-        
-        PortalAuthenticationConfiguration authenticationConfiguration = (PortalAuthenticationConfiguration)
-        Jetspeed.getComponentManager().getComponent("org.apache.jetspeed.administration.PortalAuthenticationConfiguration");
  
-        if (authenticationConfiguration.isCreateNewSessionOnLogin())
-        {
-            request.getSession().invalidate();
-        }        
-        
+                
         HttpSession session = request.getSession(true);
 
         parameter = request.getParameter(LoginConstants.DESTINATION);
@@ -58,9 +55,9 @@
             session.setAttribute(LoginConstants.DESTINATION, parameter);
         else
             session.removeAttribute(LoginConstants.DESTINATION);
-        parameter = request.getParameter(LoginConstants.USERNAME);
-        if (parameter != null)
-            session.setAttribute(LoginConstants.USERNAME, parameter);
+        String username = request.getParameter(LoginConstants.USERNAME);
+        if (username != null)
+            session.setAttribute(LoginConstants.USERNAME, username);
         else
             session.removeAttribute(LoginConstants.USERNAME);
         parameter = request.getParameter(LoginConstants.PASSWORD);
@@ -80,10 +77,50 @@
                     decoratorName);
         }
 
-        response.sendRedirect(response.encodeURL(request.getContextPath()
-                + "/login/redirector"));
+        PortalAuthenticationConfiguration authenticationConfiguration = (PortalAuthenticationConfiguration)
+        Jetspeed.getComponentManager().getComponent("org.apache.jetspeed.administration.PortalAuthenticationConfiguration");
  
+        if (authenticationConfiguration.isCreateNewSessionOnLogin())
+        {
+    
+            ActiveAuthenticationIdentityProvider identityProvider = (ActiveAuthenticationIdentityProvider)

+                Jetspeed.getComponentManager().getComponent("org.apache.jetspeed.security.activeauthentication.ActiveAuthenticationIdentityProvider");
+            IdentityToken token = identityProvider.createIdentityToken(username);
+            saveState(session, token, identityProvider.getSessionAttributeNames());
+            request.getSession().invalidate();
+            HttpSession newSession = request.getSession(true);
+            restoreState(newSession, token);
+            response.sendRedirect(response.encodeURL(request.getContextPath()
+                    + "/login/redirector?token=") + token.getToken());
+            
+        }
+        else
+        {
+            response.sendRedirect(response.encodeURL(request.getContextPath()
+                    + "/login/redirector"));
+        }
+    }
+
+    protected void saveState(HttpSession session, IdentityToken token, List sessionAttributes)
+    {
+        Iterator sessionNames = sessionAttributes.iterator();
+        while (sessionNames.hasNext())
+        {
+            String name = (String)sessionNames.next();
+            token.setAttribute(name, session.getAttribute(name));
+        }
     }
 
+    protected void restoreState(HttpSession session, IdentityToken token)
+    {
+        Iterator names = token.getAttributeNames();
+        while (names.hasNext())
+        {
+            String name = (String)names.next();
+            Object attribute = token.getAttribute(name);
+            session.setAttribute(name, attribute);
+        }        
+    }
+    
     public final void doPost(HttpServletRequest request,
             HttpServletResponse response) throws IOException, ServletException
     {

Modified: portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/login/LoginRedirectorServlet.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/login/LoginRedirectorServlet.java?view=diff&rev=544402&r1=544401&r2=544402
==============================================================================
--- portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/login/LoginRedirectorServlet.java
(original)
+++ portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/login/LoginRedirectorServlet.java
Mon Jun  4 23:20:00 2007
@@ -52,14 +52,7 @@
         session.removeAttribute(LoginConstants.PASSWORD);
         session.removeAttribute(LoginConstants.RETRYCOUNT);
         session.removeAttribute(PortalReservedParameters.PREFERED_LOCALE_ATTRIBUTE);
-        
-//        PortalAuthenticationConfiguration authenticationConfiguration = (PortalAuthenticationConfiguration)
-//        Jetspeed.getComponentManager().getComponent("org.apache.jetspeed.administration.PortalAuthenticationConfiguration");
  
-//        if (authenticationConfiguration.isCreateNewSessionOnLogin())
-//        {
-//            request.getSession().invalidate();
-//        }        
-        
+                
         response.sendRedirect(response.encodeURL(destination));
     }
 

Modified: portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/security/impl/AbstractSecurityValve.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/security/impl/AbstractSecurityValve.java?view=diff&rev=544402&r1=544401&r2=544402
==============================================================================
--- portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/security/impl/AbstractSecurityValve.java
(original)
+++ portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/security/impl/AbstractSecurityValve.java
Mon Jun  4 23:20:00 2007
@@ -14,12 +14,6 @@
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
-/*
- * Created on Nov 30, 2004
- *
- * TODO To change the template for this generated file go to
- * Window - Preferences - Java - Code Generation - Code and Comments
- */
 package org.apache.jetspeed.security.impl;
 
 import java.io.IOException;

Modified: portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/security/impl/LoginValidationValveImpl.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/security/impl/LoginValidationValveImpl.java?view=diff&rev=544402&r1=544401&r2=544402
==============================================================================
--- portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/security/impl/LoginValidationValveImpl.java
(original)
+++ portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/security/impl/LoginValidationValveImpl.java
Mon Jun  4 23:20:00 2007
@@ -44,7 +44,6 @@
 public class LoginValidationValveImpl extends AbstractValve implements org.apache.jetspeed.pipeline.valve.LoginValidationValve
 {
     private static final Log log = LogFactory.getLog(LoginValidationValveImpl.class);
-    private static final String LOGIN_CHECK = "org.apache.jetspeed.login.check";
     
     private int maxNumberOfAuthenticationFailures;
     private List sessionAttributes; 
@@ -150,10 +149,10 @@
             }
             else
             {
-                if (request.getSessionAttribute(LOGIN_CHECK) == null)
+                if (request.getSessionAttribute(LoginConstants.LOGIN_CHECK) == null)
                 {
                     clearSessionAttributes(request);
-                    request.getRequest().getSession().setAttribute(LOGIN_CHECK, "true");
+                    request.getRequest().getSession().setAttribute(LoginConstants.LOGIN_CHECK,
"true");
                 }                
             }
             

Modified: portals/jetspeed-2/trunk/components/portal/src/test/org/apache/jetspeed/pipeline/TestPipeline.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/trunk/components/portal/src/test/org/apache/jetspeed/pipeline/TestPipeline.java?view=diff&rev=544402&r1=544401&r2=544402
==============================================================================
--- portals/jetspeed-2/trunk/components/portal/src/test/org/apache/jetspeed/pipeline/TestPipeline.java
(original)
+++ portals/jetspeed-2/trunk/components/portal/src/test/org/apache/jetspeed/pipeline/TestPipeline.java
Mon Jun  4 23:20:00 2007
@@ -56,10 +56,11 @@
         assertEquals("ProfilerValve", valves[6].toString());
         assertEquals("ContainerValve", valves[7].toString());
         assertEquals("ActionValveImpl", valves[8].toString());
-        assertEquals("DecorationValve", valves[9].toString());
-        assertEquals("HeaderAggregatorValve", valves[10].toString());
-        assertEquals("AggregatorValve", valves[11].toString());
-        assertEquals("CleanupValveImpl", valves[12].toString());
+        assertEquals("ResourceValveImpl", valves[9].toString());
+        assertEquals("DecorationValve", valves[10].toString());
+        assertEquals("HeaderAggregatorValve", valves[11].toString());
+        assertEquals("AggregatorValve", valves[12].toString());
+        assertEquals("CleanupValveImpl", valves[13].toString());
         
         
         assertNotNull(engine.getPipeline("action-pipeline"));

Added: portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/activeauthentication/ActiveAuthenticationIdentityProviderImpl.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/activeauthentication/ActiveAuthenticationIdentityProviderImpl.java?view=auto&rev=544402
==============================================================================
--- portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/activeauthentication/ActiveAuthenticationIdentityProviderImpl.java
(added)
+++ portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/activeauthentication/ActiveAuthenticationIdentityProviderImpl.java
Mon Jun  4 23:20:00 2007
@@ -0,0 +1,78 @@
+/*
+* Licensed to the Apache Software Foundation (ASF) under one or more
+* contributor license agreements.  See the NOTICE file distributed with
+* this work for additional information regarding copyright ownership.
+* The ASF licenses this file to You under the Apache License, Version 2.0
+* (the "License"); you may not use this file except in compliance with
+* the License.  You may obtain a copy of the License at
+*
+*     http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+package org.apache.jetspeed.security.activeauthentication;
+
+import java.util.List;
+
+import org.apache.jetspeed.cache.CacheElement;
+import org.apache.jetspeed.cache.JetspeedCache;
+
+/**
+ * <p>
+ * AuthenticationCacheBeanImpl
+ * </p>
+ * <p>
+ * Short-lived cache implementation to bridge deficiencies in Java Login Modules and general
Active Authentication patterns
+ * based on Java login modules. Caches Authentication information across redirects, requests,
and threads. The life-time
+ * of this cached authentication information is meant to be very short lived. 
+ * </p>
+ * @author <a href="mailto:taylor@apache.org">David Sean Taylor</a>
+ * @version $Id: $
+ *
+ */
+public class ActiveAuthenticationIdentityProviderImpl implements ActiveAuthenticationIdentityProvider
+{
+    JetspeedCache cache;
+    List sessionAttributes;
+    
+    public ActiveAuthenticationIdentityProviderImpl(JetspeedCache cache, List sessionAttributes)
+    {
+        this.cache = cache;
+        this.sessionAttributes = sessionAttributes;
+    }
+    
+    public IdentityToken createIdentityToken(String seed)
+    {
+        String token = seed + "-" + String.valueOf(System.currentTimeMillis());
+        return createToken(token);        
+    }
+
+    public IdentityToken createIdentityToken()
+    {
+        String token = String.valueOf(System.currentTimeMillis());
+        return createToken(token);
+    }
+
+    private IdentityToken createToken(String token)
+    {
+        IdentityToken identityToken = new IdentityTokenImpl(token);
+        CacheElement element = cache.createElement(token, identityToken);        
+        cache.put(element);
+        return identityToken;        
+    }
+    
+    public void completeAuthenticationEvent(String token)
+    {
+        cache.remove(token);
+    }
+    
+    public List getSessionAttributeNames()
+    {
+        return this.sessionAttributes;
+    }
+    
+}

Added: portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/activeauthentication/IdentityTokenImpl.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/activeauthentication/IdentityTokenImpl.java?view=auto&rev=544402
==============================================================================
--- portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/activeauthentication/IdentityTokenImpl.java
(added)
+++ portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/activeauthentication/IdentityTokenImpl.java
Mon Jun  4 23:20:00 2007
@@ -0,0 +1,63 @@
+/*
+* Licensed to the Apache Software Foundation (ASF) under one or more
+* contributor license agreements.  See the NOTICE file distributed with
+* this work for additional information regarding copyright ownership.
+* The ASF licenses this file to You under the Apache License, Version 2.0
+* (the "License"); you may not use this file except in compliance with
+* the License.  You may obtain a copy of the License at
+*
+*     http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+package org.apache.jetspeed.security.activeauthentication;
+
+import java.io.Serializable;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.Map;
+
+/**
+ * <p>
+ * IdentityTokenImpl
+ * </p>
+ *
+ * @author <a href="mailto:taylor@apache.org">David Sean Taylor</a>
+ * @version $Id: $
+ *
+ */
+public class IdentityTokenImpl implements IdentityToken, Serializable
+{
+    private Map attributes = new HashMap();
+    private String token;
+    
+    public IdentityTokenImpl(String uniqueToken)
+    {
+        this.token = uniqueToken;        
+    }
+    
+    public Object getAttribute(String name)
+    {
+        return attributes.get(name);
+    }
+
+    public Iterator getAttributeNames()
+    {
+        return attributes.keySet().iterator();
+    }
+
+    public String getToken()
+    {
+        return token;
+    }
+
+    public void setAttribute(String name, Object value)
+    {
+        if (value instanceof Serializable)
+            attributes.put(name, value);
+    }
+}
\ No newline at end of file

Modified: portals/jetspeed-2/trunk/etc/db-ojb/ehcache.xml
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/trunk/etc/db-ojb/ehcache.xml?view=diff&rev=544402&r1=544401&r2=544402
==============================================================================
--- portals/jetspeed-2/trunk/etc/db-ojb/ehcache.xml (original)
+++ portals/jetspeed-2/trunk/etc/db-ojb/ehcache.xml Mon Jun  4 23:20:00 2007
@@ -471,4 +471,14 @@
     </cache>
     -->
 
+    <cache name="authenticationCache"
+           maxElementsInMemory="1000"
+           maxElementsOnDisk="1000"
+           eternal="false"
+           overflowToDisk="false"
+           timeToIdleSeconds="30"
+           timeToLiveSeconds="30"
+           memoryStoreEvictionPolicy="LFU"
+            />
+
 </ehcache>

Modified: portals/jetspeed-2/trunk/jetspeed-api/src/java/org/apache/jetspeed/login/LoginConstants.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/trunk/jetspeed-api/src/java/org/apache/jetspeed/login/LoginConstants.java?view=diff&rev=544402&r1=544401&r2=544402
==============================================================================
--- portals/jetspeed-2/trunk/jetspeed-api/src/java/org/apache/jetspeed/login/LoginConstants.java
(original)
+++ portals/jetspeed-2/trunk/jetspeed-api/src/java/org/apache/jetspeed/login/LoginConstants.java
Mon Jun  4 23:20:00 2007
@@ -30,6 +30,7 @@
     public final static String DESTINATION = "org.apache.jetspeed.login.destination";
     public final static String RETRYCOUNT  = "org.apache.jetspeed.login.retrycount";
     public final static String ERRORCODE   = "org.apache.jetspeed.login.errorcode";
+    public final static String LOGIN_CHECK = "org.apache.jetspeed.login.check";
     
     public final static Integer ERROR_UNKNOWN_USER = new Integer(1);
     public final static Integer ERROR_INVALID_PASSWORD = new Integer(2);

Added: portals/jetspeed-2/trunk/jetspeed-api/src/java/org/apache/jetspeed/security/activeauthentication/ActiveAuthenticationIdentityProvider.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/trunk/jetspeed-api/src/java/org/apache/jetspeed/security/activeauthentication/ActiveAuthenticationIdentityProvider.java?view=auto&rev=544402
==============================================================================
--- portals/jetspeed-2/trunk/jetspeed-api/src/java/org/apache/jetspeed/security/activeauthentication/ActiveAuthenticationIdentityProvider.java
(added)
+++ portals/jetspeed-2/trunk/jetspeed-api/src/java/org/apache/jetspeed/security/activeauthentication/ActiveAuthenticationIdentityProvider.java
Mon Jun  4 23:20:00 2007
@@ -0,0 +1,67 @@
+/*
+* Licensed to the Apache Software Foundation (ASF) under one or more
+* contributor license agreements.  See the NOTICE file distributed with
+* this work for additional information regarding copyright ownership.
+* The ASF licenses this file to You under the Apache License, Version 2.0
+* (the "License"); you may not use this file except in compliance with
+* the License.  You may obtain a copy of the License at
+*
+*     http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+package org.apache.jetspeed.security.activeauthentication;
+
+import java.util.List;
+
+
+/**
+ * <p>
+ * ActiveAuthenticationIdentityProvider
+ * </p>
+ * <p>
+ * Provides identity tokens used during active authentication to bridge the deficiencies
 
+ * in Java Login Modules and general Active Authentication patterns
+ * based on Java login modules. Creates a unique, short lived identity token, caching basic
Authentication information across redirects, 
+ * requests, and threads during the active authentication process. The life-time
+ * of this cached authentication information is meant to be very short lived. 
+ * </p>
+ * @author <a href="mailto:taylor@apache.org">David Sean Taylor</a>
+ * @version $Id: $
+ *
+ */
+public interface ActiveAuthenticationIdentityProvider
+{
+    /**
+     * Start an authentication event with the server, creating a new and unique identity
token 
+     * 
+     * @return the newly created identity token 
+     */
+    IdentityToken createIdentityToken();
+
+    /**
+     * Start an authentication event with the server, creating a new and unique identity
token 
+     *
+     * @param seed seed information to add to token
+     * @return the newly created identity token 
+     */
+    IdentityToken createIdentityToken(String seed);
+
+    /**
+     * Completes an authentication event for a given authentication token
+     * 
+     * @param token The token identifying the authentication event to be completed
+     */
+    void completeAuthenticationEvent(String token);
+    
+    /**
+     * Get a list of session attribute names that should be saved and restored upon authentication
events
+     * @return list of session attribute names
+     */
+    List getSessionAttributeNames();
+
+}

Added: portals/jetspeed-2/trunk/jetspeed-api/src/java/org/apache/jetspeed/security/activeauthentication/IdentityToken.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/trunk/jetspeed-api/src/java/org/apache/jetspeed/security/activeauthentication/IdentityToken.java?view=auto&rev=544402
==============================================================================
--- portals/jetspeed-2/trunk/jetspeed-api/src/java/org/apache/jetspeed/security/activeauthentication/IdentityToken.java
(added)
+++ portals/jetspeed-2/trunk/jetspeed-api/src/java/org/apache/jetspeed/security/activeauthentication/IdentityToken.java
Mon Jun  4 23:20:00 2007
@@ -0,0 +1,61 @@
+/*
+* Licensed to the Apache Software Foundation (ASF) under one or more
+* contributor license agreements.  See the NOTICE file distributed with
+* this work for additional information regarding copyright ownership.
+* The ASF licenses this file to You under the Apache License, Version 2.0
+* (the "License"); you may not use this file except in compliance with
+* the License.  You may obtain a copy of the License at
+*
+*     http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+package org.apache.jetspeed.security.activeauthentication;
+
+import java.util.Iterator;
+
+
+/**
+ * <p>
+ * Identity Token
+ * </p>
+ * <p>
+ * Holds a unique token identifying the current authentication process.  
+ * This token can hold one or more unique name / value (object) attributes
+ * </p>
+ * @author <a href="mailto:taylor@apache.org">David Sean Taylor</a>
+ * @version $Id: $
+ *
+ */
+public interface IdentityToken
+{
+    /**
+     * Get the value of the identity token 
+     * @return the identity token string
+     */
+    String getToken();
+    
+    /**
+     * set a name/value attribute on this token
+     * @param name
+     * @param value
+     */
+    void setAttribute(String name, Object value);
+    
+    /** 
+     * Get an attribute value given the attribute name
+     * @param name
+     * @return
+     */
+    Object getAttribute(String name);
+    
+    /**
+     * Get an iterator over all attribute names
+     * @return
+     */
+    Iterator getAttributeNames();
+}

Modified: portals/jetspeed-2/trunk/src/webapp/WEB-INF/assembly/administration.xml
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/trunk/src/webapp/WEB-INF/assembly/administration.xml?view=diff&rev=544402&r1=544401&r2=544402
==============================================================================
--- portals/jetspeed-2/trunk/src/webapp/WEB-INF/assembly/administration.xml (original)
+++ portals/jetspeed-2/trunk/src/webapp/WEB-INF/assembly/administration.xml Mon Jun  4 23:20:00
2007
@@ -106,18 +106,37 @@
 
    <!--  create new session upon authentication -->   
    <constructor-arg index='0'>
-   		<value>false</value>
+   		<value>true</value>
    </constructor-arg>	
    <!--  hard session timeout limit in seconds, regardless of (in)activity, setting to
0 turns off this feature 
    		 note:this feature should be used with 'create new session upon authentication' feature

    -->   
    <constructor-arg index='1'>
-   		<value>0</value>
+   		<value>4800</value>
    </constructor-arg>
    <!--  redirect location for hard session expiration -->   
    <constructor-arg index='2'>
    		<value>/login/logout</value>
    </constructor-arg>
 </bean>    
-    
+
+<bean id='org.apache.jetspeed.security.activeauthentication.ActiveAuthenticationIdentityProvider'
+	class='org.apache.jetspeed.security.activeauthentication.ActiveAuthenticationIdentityProviderImpl'>
+    <constructor-arg index="0">
+        <ref bean="activeAuthenticationCache" />
+    </constructor-arg>
+    <!--  list of session attribute names that should be saved and restored upon authentication
events -->
+    <constructor-arg>    
+    <list>
+    	<value>org.apache.jetspeed.login.username</value>
+    	<value>org.apache.jetspeed.login.password</value>
+    	<value>org.apache.jetspeed.login.destination</value>
+    	<value>org.apache.jetspeed.login.retrycount</value>
+    	<value>org.apache.jetspeed.login.errorcode</value>
+    	<value>org.apache.jetspeed.login.check</value>    
+    	<value>org.apache.jetspeed.theme.override</value>	
+    </list>    
+    </constructor-arg>
+</bean>    
+
 </beans>

Modified: portals/jetspeed-2/trunk/src/webapp/WEB-INF/assembly/cache.xml
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/trunk/src/webapp/WEB-INF/assembly/cache.xml?view=diff&rev=544402&r1=544401&r2=544402
==============================================================================
--- portals/jetspeed-2/trunk/src/webapp/WEB-INF/assembly/cache.xml (original)
+++ portals/jetspeed-2/trunk/src/webapp/WEB-INF/assembly/cache.xml Mon Jun  4 23:20:00 2007
@@ -121,4 +121,22 @@
 		</constructor-arg>
 	</bean>
 
+	<!--  Active Authentication Cache: only use with Active Authentication -->
+	<!-- Factory bean used to instantiate a EHCache with the specified name (and corresponding
+		configuration in cacheManager.xml -->
+	<bean id="ehActiveAuthenticationCache"
+		class="org.springframework.cache.ehcache.EhCacheFactoryBean">
+		<property name="cacheManager">
+			<ref local="cacheManager" />
+		</property>
+		<property name="cacheName" value="activeAuthenticationCache" />
+	</bean>
+
+	<bean id="activeAuthenticationCache"
+		class="org.apache.jetspeed.cache.impl.EhCacheImpl">
+		<constructor-arg index="0">
+			<ref bean="ehActiveAuthenticationCache" />
+		</constructor-arg>
+	</bean>
+
 </beans>



---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org


Mime
View raw message