portals-jetspeed-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From a..@apache.org
Subject svn commit: r692976 - in /portals/jetspeed-2/portal/branches/security-refactoring: components/jetspeed-security/src/main/java/org/apache/jetspeed/security/impl/UserManagerImpl.java jetspeed-api/src/main/java/org/apache/jetspeed/security/UserManager.java
Date Mon, 08 Sep 2008 01:36:24 GMT
Author: ate
Date: Sun Sep  7 18:36:24 2008
New Revision: 692976

URL: http://svn.apache.org/viewvc?rev=692976&view=rev
Log:
Another bigtime UserManager API refactoring 
- Subject creation now requires an AuthenticatedUser argument (only)
- extending/overriding the Subject building (e.g. additional principals and credentials) is
now possible through protected methods
- *all* PasswordCredential state handling (e.g. setting/importing password) is removed and
delegated to updating the PasswordCredential through the get- and storePasswordCredential(User)
method
- dropped setEnabled method, replaced with updateUser method

Modified:
    portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/impl/UserManagerImpl.java
    portals/jetspeed-2/portal/branches/security-refactoring/jetspeed-api/src/main/java/org/apache/jetspeed/security/UserManager.java

Modified: portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/impl/UserManagerImpl.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/impl/UserManagerImpl.java?rev=692976&r1=692975&r2=692976&view=diff
==============================================================================
--- portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/impl/UserManagerImpl.java
(original)
+++ portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/impl/UserManagerImpl.java
Sun Sep  7 18:36:24 2008
@@ -17,8 +17,6 @@
 package org.apache.jetspeed.security.impl;
 
 import java.security.Principal;
-import java.util.ArrayList;
-import java.util.Collection;
 import java.util.HashSet;
 import java.util.List;
 import java.util.Set;
@@ -27,27 +25,31 @@
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+import org.apache.jetspeed.security.AuthenticatedUser;
 import org.apache.jetspeed.security.DependentPrincipalException;
-import org.apache.jetspeed.security.InvalidPasswordException;
+import org.apache.jetspeed.security.GroupManager;
 import org.apache.jetspeed.security.JetspeedPrincipal;
 import org.apache.jetspeed.security.JetspeedPrincipalAssociationType;
+import org.apache.jetspeed.security.JetspeedPrincipalManager;
 import org.apache.jetspeed.security.JetspeedPrincipalType;
+import org.apache.jetspeed.security.JetspeedSubjectFactory;
 import org.apache.jetspeed.security.PasswordCredential;
 import org.apache.jetspeed.security.PrincipalAlreadyExistsException;
 import org.apache.jetspeed.security.PrincipalAssociationNotAllowedException;
 import org.apache.jetspeed.security.PrincipalAssociationRequiredException;
 import org.apache.jetspeed.security.PrincipalNotFoundException;
 import org.apache.jetspeed.security.PrincipalNotRemovableException;
+import org.apache.jetspeed.security.PrincipalReadOnlyException;
 import org.apache.jetspeed.security.PrincipalUpdateException;
+import org.apache.jetspeed.security.PrincipalsSet;
+import org.apache.jetspeed.security.RoleManager;
 import org.apache.jetspeed.security.SecurityException;
 import org.apache.jetspeed.security.User;
 import org.apache.jetspeed.security.UserManager;
-import org.apache.jetspeed.security.UserSubjectPrincipal;
-import org.apache.jetspeed.security.spi.AuthenticatedUser;
 import org.apache.jetspeed.security.spi.JetspeedPrincipalAccessManager;
 import org.apache.jetspeed.security.spi.JetspeedPrincipalPermissionStorageManager;
 import org.apache.jetspeed.security.spi.JetspeedPrincipalStorageManager;
-import org.apache.jetspeed.security.spi.impl.DefaultPasswordCredentialImpl;
+import org.apache.jetspeed.security.spi.UserPasswordCredentialManager;
 
 /**
  * <p>
@@ -58,57 +60,39 @@
  * @author <a href="mailto:vkumar@apache.org">Vivek Kumar </a>
  * @version $Id$
  */
-public class UserManagerImpl extends BaseJetspeedPrincipalManager implements UserManager
{
+public class UserManagerImpl extends BaseJetspeedPrincipalManager implements UserManager
+{
 	private static final Log log = LogFactory.getLog(UserManagerImpl.class);
 
 	private String anonymousUser = "guest";
 	private JetspeedPrincipalType roleType;
 	private JetspeedPrincipalType groupType;
+	
+	private UserPasswordCredentialManager credentialManager;
+	private RoleManager roleManager;
+	private GroupManager groupManager;
 
 	public UserManagerImpl(JetspeedPrincipalType principalType, JetspeedPrincipalType roleType,
JetspeedPrincipalType groupType,
-			JetspeedPrincipalAccessManager jpam, JetspeedPrincipalStorageManager jpsm, JetspeedPrincipalPermissionStorageManager
jppsm) {
+			JetspeedPrincipalAccessManager jpam, JetspeedPrincipalStorageManager jpsm, JetspeedPrincipalPermissionStorageManager
jppsm,
+			UserPasswordCredentialManager credentialManager, RoleManager roleManager, GroupManager
groupManager) 
+	{
 		super(principalType, jpam, jpsm, jppsm);
-		this.roleType = roleType;
-		this.groupType = groupType;
+		this.credentialManager = credentialManager;
+		this.roleType = ((JetspeedPrincipalManager)roleManager).getPrincipalType();
+		this.groupType = ((JetspeedPrincipalManager)roleManager).getPrincipalType();
 	}
 
-	public void addUser(String username, String password) throws SecurityException
+	public User addUser(String username) throws SecurityException
 	{
-		try
-		{
-			User user = newUser(username, true);
-			super.addPrincipal(user, null);
-			PasswordCredential pwc = new DefaultPasswordCredentialImpl(user);
-			pwc.setPassword(password.toCharArray());
-			storePasswordCredential(pwc);
-		}
-		catch (PrincipalAlreadyExistsException e)
-		{
-			throw new SecurityException(SecurityException.USER_ALREADY_EXISTS.create(username));
-		}
-		catch (PrincipalAssociationRequiredException e)
-		{
-			// TODO: add SecurityException type for this?
-			throw new SecurityException(SecurityException.UNEXPECTED.create("UserManager.addUser",
"add", e.getMessage()));
-		}
-		catch (PrincipalAssociationNotAllowedException e)
-		{
-			throw new SecurityException(SecurityException.UNEXPECTED.create("UserManager.addUser",
"add", e.getMessage()));
-		}		
-		if (log.isDebugEnabled())
-			log.debug("Added user: " + username);
-
+	    return addUser(username, true);
 	}
 
-	public void addUser(String username, String password, boolean mapped) throws SecurityException
+	public User addUser(String username, boolean mapped) throws SecurityException
 	{
+        User user = newUser(username, mapped);
 		try
 		{
-			User user = newUser(username, mapped);
-			super.addPrincipal(user, null);
-			PasswordCredential pwc = new DefaultPasswordCredentialImpl(user);
-			pwc.setPassword(password.toCharArray());
-			storePasswordCredential(pwc);			
+            super.addPrincipal(user, null);
 		}
 		catch (PrincipalAlreadyExistsException e)
 		{
@@ -123,38 +107,14 @@
 		{
 			throw new SecurityException(SecurityException.UNEXPECTED.create("UserManager.addUser",
"add", e.getMessage()));
 		}		
+        catch (PrincipalNotFoundException e)
+        {
+            // cannot occurr as no associations are provided with addPrincipal
+        }
 		if (log.isDebugEnabled())
 			log.debug("Added user: " + username);
 
-	}
-
-	// TODO incomplete
-	public void addUser(String username, String password, boolean mapped, boolean passThrough)
throws SecurityException
-	{
-		try
-		{
-			User user = newUser(username, mapped);
-			super.addPrincipal(user, null);
-			PasswordCredential pwc = new DefaultPasswordCredentialImpl(user);
-			pwc.setPassword(password.toCharArray());
-			storePasswordCredential(pwc);			
-		}
-		catch (PrincipalAlreadyExistsException e)
-		{
-			throw new SecurityException(SecurityException.USER_ALREADY_EXISTS.create(username));
-		}
-		catch (PrincipalAssociationRequiredException e)
-		{
-			// TODO: add SecurityException type for this?
-			throw new SecurityException(SecurityException.UNEXPECTED.create("UserManager.addUser",
"add", e.getMessage()));
-		}
-		catch (PrincipalAssociationNotAllowedException e)
-		{
-			throw new SecurityException(SecurityException.UNEXPECTED.create("UserManager.addUser",
"add", e.getMessage()));
-		}
-		if (log.isDebugEnabled())
-			log.debug("Added user: " + username);
-
+        return user;
 	}
 
 	public String getAnonymousUser()
@@ -164,23 +124,58 @@
 
 	public PasswordCredential getPasswordCredential(User user)
 	{
-		return null;		
-	}
-
-	public Subject getSubject(String username) throws SecurityException
-	{
-		UserSubjectPrincipal principal = new UserSubjectPrincipal(getUser(username));
-		Set<Principal> usrPrincipals = new HashSet<Principal>();
-		usrPrincipals.add(principal);
-		return new Subject(true, usrPrincipals, new HashSet(), new HashSet());
-	}
-
-	public Subject getSubject(AuthenticatedUser user, boolean mergeCredentials) throws SecurityException
-	{
-		// TODO Auto-generated method stub
-		return null;
-	}
-
+	    if (credentialManager != null)
+	    {
+	        return credentialManager.getPasswordCredential(user);
+	    }
+        return null;
+	}
+
+	public Subject getSubject(AuthenticatedUser user) throws SecurityException
+	{
+        Set<Principal> principals = new PrincipalsSet();
+        addSubjectPrincipals(user, principals);
+        return JetspeedSubjectFactory.createSubject(user.getUser(), getPublicCredentialsForSubject(user),
getPrivateCredentialsForSubject(user), principals);
+	}
+	
+	protected Set<Object> getPublicCredentialsForSubject(AuthenticatedUser user)
+	{
+        HashSet<Object> credentials = new HashSet<Object>();
+        if (user.getPublicCredentials() != null)
+        {
+            credentials.addAll(user.getPublicCredentials());
+        }
+        return credentials;
+	}
+	
+    protected Set<Object> getPrivateCredentialsForSubject(AuthenticatedUser user)
+    {
+        HashSet<Object> credentials = new HashSet<Object>();
+        if (user.getPrivateCredentials() != null)
+        {
+            credentials.addAll(user.getPrivateCredentials());
+        }
+        return credentials;
+    }
+    
+	protected void addSubjectPrincipals(AuthenticatedUser user, Set<Principal> principals)
throws SecurityException
+	{
+	    addSubjectRolePrincipals(user, principals, roleManager);
+        addSubjectGroupPrincipals(user, principals, groupManager);
+	}
+	
+	protected void addSubjectRolePrincipals(AuthenticatedUser user, Set<Principal> principals,
RoleManager roleManager) throws SecurityException
+	{
+        // TODO role hierarchies ...
+        principals.addAll(roleManager.getRolesForUser(user.getUserName()));
+	}
+
+    protected void addSubjectGroupPrincipals(AuthenticatedUser user, Set<Principal>
principals, GroupManager groupManager) throws SecurityException
+    {
+        // TODO group hierarchies ...
+        principals.addAll(groupManager.getGroupsForUser(user.getUserName()));
+    }
+	
 	public User getUser(String username) throws SecurityException
 	{
 		return (User) getPrincipal(username);
@@ -211,12 +206,6 @@
 		return (List<User>) super.getPrincipalsByAttribute(attributeName, attributeValue);
 	}
 
-	/**
-	 * Creating New Transient Jetspeed User Object
-	 * 
-	 * @return User
-	 * @see org.apache.jetspeed.security.User
-	 */
 	public User newTransientUser(String name)
 	{
 		TransientUser user = new TransientUser();
@@ -224,12 +213,6 @@
 		return user;
 	}
 
-	/**
-	 * Creating New Jetspeed User Object
-	 * 
-	 * @return User
-	 * @see org.apache.jetspeed.security.User
-	 */
 	public User newUser(String name)
 	{
 		UserImpl user = new UserImpl();
@@ -269,30 +252,15 @@
 
 	public void storePasswordCredential(PasswordCredential credential) throws SecurityException
 	{
-		//TODO Auto-generated method stub
-	}
-
-	public void setPassword(User user, String oldPassword, String newPassword) throws SecurityException
-	{
-		String portalPassword;
-		portalPassword = getPasswordCredential(user).getPassword().toString();
-		if (portalPassword.equals(oldPassword))
-		{
-			getPasswordCredential(user).setPassword(newPassword.toCharArray());
-		}
-		else
-		{
-			throw new InvalidPasswordException();
-		}
-	}
-
-	public void setUserEnabled(String userName, boolean enabled) throws SecurityException
-	{
-		getPasswordCredential(getUser(userName)).setEnabled(enabled);
+	    if (credentialManager == null)
+	    {
+	        throw new UnsupportedOperationException();
+	    }
+	    credentialManager.storePasswordCredential(credential);
 	}
 
 	public void updateUser(User user) throws SecurityException
-	{
+	{	    
 		try
 		{
 			super.updatePrincipal(user);
@@ -305,6 +273,10 @@
 		{
 			throw new SecurityException(SecurityException.UNEXPECTED.create(user.getName()));
 		}
+        catch (PrincipalReadOnlyException e)
+        {
+            throw new SecurityException(e);
+        }
 	}
 
 	public boolean userExists(String username)

Modified: portals/jetspeed-2/portal/branches/security-refactoring/jetspeed-api/src/main/java/org/apache/jetspeed/security/UserManager.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/branches/security-refactoring/jetspeed-api/src/main/java/org/apache/jetspeed/security/UserManager.java?rev=692976&r1=692975&r2=692976&view=diff
==============================================================================
--- portals/jetspeed-2/portal/branches/security-refactoring/jetspeed-api/src/main/java/org/apache/jetspeed/security/UserManager.java
(original)
+++ portals/jetspeed-2/portal/branches/security-refactoring/jetspeed-api/src/main/java/org/apache/jetspeed/security/UserManager.java
Sun Sep  7 18:36:24 2008
@@ -20,7 +20,6 @@
 
 import javax.security.auth.Subject;
 
-import org.apache.jetspeed.security.spi.AuthenticatedUser;
 
 /**
  * <p>
@@ -46,99 +45,74 @@
     
     /**
      * <p>
-     * Add a new user provided a username and password.
+     * Add a new user
      * </p>
      * <p>
      * If an external security storage manager is used, the user will be mapped/replicated
to it as well.
      * </p>
-     * @param username The user name.
-     * @param password The password.
+     * @param userName The user name.
+     * @return the new {@link User}
      * @throws Throws a security exception.
      */
-    void addUser(String username, String password) throws SecurityException;
+    User addUser(String userName) throws SecurityException;
 
     /**
      * <p>
-     * Add a new user provided a username and password and optionally map/replicate it to
an external storage manager (if configured).
+     * Add a new user and optionally map/replicate it to an external storage manager (if
configured).
      * </p>
      * 
-     * @param username The user name.
-     * @param password The password.
+     * @param userName The user name.
      * @param mapped if the new User should be mapped/replicated to an external security
storage manager (if used) or not.
+     * @return the new {@link User}
      * @throws Throws a security exception.
      */
-    void addUser(String username, String password, boolean mapped) throws SecurityException;
+    User addUser(String userName, boolean mapped) throws SecurityException;
 
     
     /**
      * <p>
-     * Import a new user with username and password and allow to bypass the enconding algorithm
-     * </p>
-     * 
-     * @param username The user name.
-     * @param password The password.
-     * @param mapped if the new User should be mapped/replicated to an external security
storage manager (if used) or not.
-     * @param passThrough If true the provided password will not be validated/encoded
-     * @throws Throws a security exception.
-     */
-    void addUser(String username, String password, boolean mapped, boolean passThrough) throws
SecurityException;
-
-    /**
-     * <p>
      * Remove a user. If there user attributes associated with this user, they will be removed
as well.
      * </p>
      * <p>
      * {@link java.security.Permission}for this user will be removed as well.
      * </p>
      * 
-     * @param username The user name.
+     * @param userName The user name.
      * @throws Throws a security exception.
      */
-    void removeUser(String username) throws SecurityException;
+    void removeUser(String userName) throws SecurityException;
 
     /**
      * <p>
      * Whether or not a user exists.
      * </p>
      * 
-     * @param username The user name.
+     * @param userName The user name.
      * @return Whether or not a user exists.
      */
-    boolean userExists(String username);
+    boolean userExists(String userName);
 
     /**
      * <p>
-     * Get a {@link User}for a given username.
+     * Get a {@link User}for a given user name.
      * </p>
      * 
-     * @param username The username.
+     * @param userName The user name.
      * @return The {@link User}.
      * @throws Throws a security exception if the user cannot be found.
      */
-    User getUser(String username) throws SecurityException;
-
-    /**
-     * <p>
-     * Get a Subject for a given username.
-     * </p>
-     * 
-     * @param username The username.
-     * @return The Subject.
-     * @throws Throws a security exception if the user cannot be found
-     */
-    Subject getSubject(String username) throws SecurityException;
+    User getUser(String userName) throws SecurityException;
 
     /**
      * <p>
-     * Get a Subject for an (externally) authenticated user with (optionally) already provided
credentials.
+     * Get a Subject for an (possibly externally) authenticated user with (optionally) provided
credentials.
      * </p>
      * 
      * @param user The authenticated user.
-     * @param mergeCredentials indicate if provided credentials should be merged with the
Jetspeed Credentials for the user (if available).
      * @return The Subject.
      * @throws Throws a security exception if the user cannot be found
      */
-    Subject getSubject(AuthenticatedUser user, boolean mergeCredentials) throws SecurityException;
+    Subject getSubject(AuthenticatedUser user) throws SecurityException;
 
     /**
      * <p>
@@ -182,14 +156,7 @@
     List<User> getUsersInGroup(String groupName) throws SecurityException;
     
     /**
-     * Enable or disable a user.
-     * @param userName The user name
-     * @param enabled enabled flag for the user
-     */
-    void setUserEnabled(String userName, boolean enabled) throws SecurityException;
-
-    /**
-     * Updates a user and all attributes and associations
+     * Updates a user and all its attributes
      * @param user
      * @throws SecurityException
      */
@@ -211,7 +178,5 @@
      */
     PasswordCredential getPasswordCredential(User user);
     
-    void setPassword(User user, String oldPassword, String newPassword) throws SecurityException;
-    
     void storePasswordCredential(PasswordCredential credential) throws SecurityException;
 }
\ No newline at end of file



---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org


Mime
View raw message