portals-jetspeed-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From a..@apache.org
Subject svn commit: r926607 - in /portals/jetspeed-2/portal/trunk: components/jetspeed-security/src/main/java/org/apache/jetspeed/security/impl/ components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/ components/jetspeed-security/src/main/...
Date Tue, 23 Mar 2010 15:05:08 GMT
Author: ate
Date: Tue Mar 23 15:05:07 2010
New Revision: 926607

URL: http://svn.apache.org/viewvc?rev=926607&view=rev
Log:
JS2-1143: New LDAP UserPasswordCredentialManager providing LDAP authentication, maintenance of LDAP credentials and UserPasswordCredentialPolicyManager support
See: http://issues.apache.org/jira/browse/JS2-1143

Added:
    portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/LdapCredentialPasswordEncoder.java   (with props)
    portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/LdapUserPasswordCredentialManagerImpl.java   (with props)
    portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/util/UnixCrypt.java   (with props)
Modified:
    portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/impl/DefaultAuthenticationProvider.java
    portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/impl/LdapAuthenticationProvider.java
    portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/UserPasswordCredentialPolicyManager.java
    portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/JetspeedSecurityPersistenceManager.java
    portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/PasswordCredentialImpl.java
    portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/UserPasswordCredentialManagerImpl.java
    portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/UserPasswordCredentialPolicyManagerImpl.java
    portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/test/java/org/apache/jetspeed/security/AbstractLDAPSecurityTestCase.java
    portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/test/java/org/apache/jetspeed/security/TestHierarchicalGroups.java
    portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/test/java/org/apache/jetspeed/security/TestLoginModule.java
    portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/test/java/org/apache/jetspeed/security/TestUserManager.java
    portals/jetspeed-2/portal/trunk/jetspeed-portal-resources/src/main/resources/assembly/security-ldap.xml
    portals/jetspeed-2/portal/trunk/jetspeed-portal-resources/src/main/resources/assembly/security-providers.xml
    portals/jetspeed-2/portal/trunk/jetspeed-portal-resources/src/main/resources/assembly/security-spi.xml

Modified: portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/impl/DefaultAuthenticationProvider.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/impl/DefaultAuthenticationProvider.java?rev=926607&r1=926606&r2=926607&view=diff
==============================================================================
--- portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/impl/DefaultAuthenticationProvider.java (original)
+++ portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/impl/DefaultAuthenticationProvider.java Tue Mar 23 15:05:07 2010
@@ -21,6 +21,8 @@ import org.apache.jetspeed.security.Auth
 import org.apache.jetspeed.security.AuthenticatedUserImpl;
 import org.apache.jetspeed.security.PasswordCredential;
 import org.apache.jetspeed.security.SecurityException;
+import org.apache.jetspeed.security.User;
+import org.apache.jetspeed.security.UserManager;
 import org.apache.jetspeed.security.spi.UserPasswordCredentialManager;
 
 /**
@@ -30,23 +32,31 @@ import org.apache.jetspeed.security.spi.
 public class DefaultAuthenticationProvider extends BaseAuthenticationProvider
 {
     private UserPasswordCredentialManager upcm;
+    private UserManager um;
 
-    public DefaultAuthenticationProvider(String providerName, String providerDescription, UserPasswordCredentialManager upcm)
+    public DefaultAuthenticationProvider(String providerName, String providerDescription, UserPasswordCredentialManager upcm, UserManager um)
     {
         super(providerName, providerDescription);
         this.upcm = upcm;
+        this.um = um;
     }
 
     public DefaultAuthenticationProvider(String providerName, String providerDescription, String loginConfig,
-                                         UserPasswordCredentialManager upcm)
+                                         UserPasswordCredentialManager upcm, UserManager um)
     {
         super(providerName, providerDescription, loginConfig);
         this.upcm = upcm;
+        this.um = um;
     }
 
     public AuthenticatedUser authenticate(String userName, String password) throws SecurityException
     {
         PasswordCredential credential = upcm.getAuthenticatedPasswordCredential(userName, password);
-        return new AuthenticatedUserImpl(credential.getUser(), new UserCredentialImpl(credential));
+        User user = credential.getUser();
+        if (user == null)
+        {
+            user = um.getUser(credential.getUserName());
+        }
+        return new AuthenticatedUserImpl(user, new UserCredentialImpl(credential));
     }
 }

Modified: portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/impl/LdapAuthenticationProvider.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/impl/LdapAuthenticationProvider.java?rev=926607&r1=926606&r2=926607&view=diff
==============================================================================
--- portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/impl/LdapAuthenticationProvider.java (original)
+++ portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/impl/LdapAuthenticationProvider.java Tue Mar 23 15:05:07 2010
@@ -26,6 +26,7 @@ import javax.naming.directory.SearchResu
 import org.apache.commons.lang.StringUtils;
 import org.apache.jetspeed.security.AuthenticatedUser;
 import org.apache.jetspeed.security.AuthenticatedUserImpl;
+import org.apache.jetspeed.security.InvalidPasswordException;
 import org.apache.jetspeed.security.JetspeedPrincipalType;
 import org.apache.jetspeed.security.SecurityException;
 import org.apache.jetspeed.security.User;
@@ -58,7 +59,7 @@ public class LdapAuthenticationProvider 
 
     public LdapAuthenticationProvider(String providerName, String providerDescription, String loginConfig, 
                                        UserPasswordCredentialManager upcm, UserManager manager, JetspeedSecuritySynchronizer synchronizer,  PoolingContextSource poolingContextSource, 
-                                       String ldapBase, String userSearchBase, String userFilter, String userEntryPrefix, String searchScope)
+                                       String userSearchBase, String userFilter, String userEntryPrefix, String searchScope)
     {
         super(providerName, providerDescription, loginConfig);
         this.upcm = upcm;
@@ -66,8 +67,7 @@ public class LdapAuthenticationProvider 
         this.synchronizer = synchronizer;
         this.poolingContextsource = poolingContextSource;
         this.userEntryPrefix = userEntryPrefix;        
-        this.userSearchPath = new DistinguishedName(ldapBase);
-        this.userSearchPath.append(new DistinguishedName(userSearchBase));
+        this.userSearchPath = new DistinguishedName(userSearchBase);
         if (!StringUtils.isEmpty(userFilter))
         {
             this.userFilter = new HardcodedFilter(userFilter);
@@ -81,35 +81,21 @@ public class LdapAuthenticationProvider 
     public AuthenticatedUser authenticate(String userName, String password) throws SecurityException
     {
         AuthenticatedUser authUser = null;
-        try
+        if (StringUtils.isEmpty(userName))
         {
-            if (StringUtils.isEmpty(userName))
-            {
-                throw new SecurityException(SecurityException.PRINCIPAL_DOES_NOT_EXIST.createScoped(JetspeedPrincipalType.USER, userName));
-            }
-            if (password == null)
-            {
-                throw new SecurityException(SecurityException.PASSWORD_REQUIRED);
-            }
-            authenticateUser(userName, password);
-            if (synchronizer != null)
-            {
-                synchronizer.synchronizeUserPrincipal(userName,false);
-            }
-            User user = manager.getUser(userName);
-            authUser = new AuthenticatedUserImpl(user, new UserCredentialImpl(upcm.getPasswordCredential(user)));
+            throw new SecurityException(SecurityException.PRINCIPAL_DOES_NOT_EXIST.createScoped(JetspeedPrincipalType.USER, userName));
         }
-        catch (SecurityException authEx)
+        if (password == null)
         {
-            if (authEx.getCause() != null && authEx.getCause().getMessage().equalsIgnoreCase("[LDAP: error code 49 - Invalid Credentials]"))
-            {
-                throw new SecurityException(SecurityException.INCORRECT_PASSWORD);
-            }
-            else
-            {
-                throw authEx;
-            }
+            throw new SecurityException(SecurityException.PASSWORD_REQUIRED);
+        }
+        authenticateUser(userName, password);
+        if (synchronizer != null)
+        {
+            synchronizer.synchronizeUserPrincipal(userName,false);
         }
+        User user = manager.getUser(userName);
+        authUser = new AuthenticatedUserImpl(user, new UserCredentialImpl(upcm.getPasswordCredential(user)));
         return authUser;
     }
 
@@ -125,35 +111,36 @@ public class LdapAuthenticationProvider 
             }
             ctx = poolingContextsource.getReadOnlyContext();
             NamingEnumeration<SearchResult> results = ctx.search(userSearchPath, filter.encode(), searchControls);
-            LdapUtils.closeContext(ctx);
-            ctx = null;
             
-            String dn = null;            
+            String dn = null;         
             if (null != results && results.hasMore())
             {
                 SearchResult result = results.next();
-                dn = result.getName();
-                if (result.isRelative())
-                {
-                    DistinguishedName name = (DistinguishedName)userSearchPath.clone();
-                    name.append(new DistinguishedName(dn));
-                    dn = name.encode();
-                }
+                dn = result.getNameInNamespace();
             }
             if (dn == null)
             {
                 throw new SecurityException(SecurityException.PRINCIPAL_DOES_NOT_EXIST.createScoped(JetspeedPrincipalType.USER, userName));
             }
+            LdapUtils.closeContext(ctx);
+            
             // Note: this "authenticating" context is (logically) not pooled
             ctx = poolingContextsource.getContextSource().getContext(dn, password);
         }
         catch (AuthenticationException aex)
         {
-            throw new SecurityException(aex);
+            if (aex.getMessage() != null && aex.getMessage().equalsIgnoreCase("[LDAP: error code 49 - Invalid Credentials]"))
+            {
+                throw new InvalidPasswordException();
+            }
+            else
+            {
+                throw new SecurityException(aex);
+            }
         }
         catch (NamingException nex)
         {
-            throw new SecurityException(SecurityException.UNEXPECTED.create(getClass().getName(), "authenticateUser", nex.getMessage()));
+            throw new SecurityException(SecurityException.UNEXPECTED.create(getClass().getName(), "authenticateUser", nex.getMessage()), nex);
         }
         finally
         {

Modified: portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/UserPasswordCredentialPolicyManager.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/UserPasswordCredentialPolicyManager.java?rev=926607&r1=926606&r2=926607&view=diff
==============================================================================
--- portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/UserPasswordCredentialPolicyManager.java (original)
+++ portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/UserPasswordCredentialPolicyManager.java Tue Mar 23 15:05:07 2010
@@ -34,5 +34,7 @@ public interface UserPasswordCredentialP
     CredentialPasswordValidator getCredentialPasswordValidator();
     boolean onLoad(PasswordCredential credential, String userName) throws SecurityException;
     boolean authenticate(PasswordCredential credential, String userName, String password) throws SecurityException;
+    boolean authenticate(PasswordCredential credential, String userName, String password, boolean authenticated) throws SecurityException;
     void onStore(PasswordCredential credential) throws SecurityException;
+    void onStore(PasswordCredential credential, boolean authenticated) throws SecurityException;
 }

Modified: portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/JetspeedSecurityPersistenceManager.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/JetspeedSecurityPersistenceManager.java?rev=926607&r1=926606&r2=926607&view=diff
==============================================================================
--- portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/JetspeedSecurityPersistenceManager.java (original)
+++ portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/JetspeedSecurityPersistenceManager.java Tue Mar 23 15:05:07 2010
@@ -530,7 +530,7 @@ public class JetspeedSecurityPersistence
         {
             if (credential.getNewPassword() != null)
             {
-                credential.setPassword(credential.getNewPassword(), credential.isEncoded());                
+                credential.setPassword(credential.getNewPassword(), false);                
             }
         }
         getPersistenceBrokerTemplate().store(credential);

Added: portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/LdapCredentialPasswordEncoder.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/LdapCredentialPasswordEncoder.java?rev=926607&view=auto
==============================================================================
--- portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/LdapCredentialPasswordEncoder.java (added)
+++ portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/LdapCredentialPasswordEncoder.java Tue Mar 23 15:05:07 2010
@@ -0,0 +1,186 @@
+/* 
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/*
+ * Adapted and simplyfied from Apache Directory Studio:
+ *   /directory/studio/trunk/ldapbrowser-core/src/main/java/org/apache/directory/studio/ldapbrowser/core/model/Password.java, svn r827980
+ *   /directory/studio/trunk/ldif-parser/src/main/java/org/apache/directory/studio/ldifparser/LdifUtils.java, svn r827963
+ *   /directory/studio/trunk/ldapbrowser-core/src/main/java/org/apache/directory/studio/ldapbrowser/core/utils/UnixCrypt.java, svn r827980
+ * 
+ * UnixCrypt.java has been copied "as is", see /org/apache/jetspeed/security/util/UnixCrypt.java
+ */
+
+package org.apache.jetspeed.security.spi.impl;
+
+import java.io.UnsupportedEncodingException;
+
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
+import java.security.SecureRandom;
+
+import org.apache.commons.codec.binary.Base64;
+
+import org.apache.jetspeed.security.CredentialPasswordEncoder;
+import org.apache.jetspeed.security.SecurityException;
+import org.apache.jetspeed.security.util.UnixCrypt;
+
+/**
+ * <p> LdapCredentialPasswordEncoder </p>
+ * 
+ * @author <a href="mailto:ate@apache.org">Ate Douma</a>
+ * @version $Id$
+ */
+public class LdapCredentialPasswordEncoder implements CredentialPasswordEncoder
+{
+    private static final long serialVersionUID = -575380709827140201L;
+    
+    private static enum HashMethod { SHA, SSHA, MD5, SMD5, CRYPT };
+    private final HashMethod hashMethod;
+    private final MessageDigest digester;
+    private final boolean saltedDigest;
+
+    public LdapCredentialPasswordEncoder(String hashMethod) throws NoSuchAlgorithmException
+    {
+        if (HashMethod.CRYPT.toString().equals(hashMethod))
+        {
+            this.hashMethod = HashMethod.CRYPT;
+            this.digester = null;
+            this.saltedDigest = false;
+        }
+        else if (HashMethod.SHA.toString().equals(hashMethod))
+        {
+            this.hashMethod = HashMethod.SHA;
+            this.digester = MessageDigest.getInstance("SHA");
+            this.saltedDigest = false;
+        }
+        else if (HashMethod.SSHA.toString().equals(hashMethod))
+        {
+            this.hashMethod = HashMethod.SSHA;
+            this.digester = MessageDigest.getInstance("SHA");
+            this.saltedDigest = true;
+        }
+        else if (HashMethod.MD5.toString().equals(hashMethod))
+        {
+            this.hashMethod = HashMethod.MD5;
+            this.digester = MessageDigest.getInstance("MD5");
+            this.saltedDigest = false;
+        }
+        else if (HashMethod.SMD5.toString().equals(hashMethod))
+        {
+            this.hashMethod = HashMethod.SMD5;
+            this.digester = MessageDigest.getInstance("MD5");
+            this.saltedDigest = true;
+        }
+        else
+        {
+            throw new IllegalArgumentException("Unsupported hashMethod " + hashMethod);
+        }
+    }
+
+    /**
+     * @see org.apache.jetspeed.security.CredentialPasswordEncoder#encode(java.lang.String, java.lang.String)
+     */
+    public String encode(String userName, String clearTextPassword) throws SecurityException
+    {
+        StringBuffer sb = new StringBuffer().append('{').append(hashMethod).append('}');
+
+        if ( hashMethod == HashMethod.CRYPT )
+        {
+            byte[] salt = new byte[2];
+            SecureRandom sr = new SecureRandom();
+            int i1 = sr.nextInt( 64 );
+            int i2 = sr.nextInt( 64 );
+            salt[0] = ( byte ) ( i1 < 12 ? ( i1 + '.' ) : i1 < 38 ? ( i1 + 'A' - 12 ) : ( i1 + 'a' - 38 ) );
+            salt[1] = ( byte ) ( i2 < 12 ? ( i2 + '.' ) : i2 < 38 ? ( i2 + 'A' - 12 ) : ( i2 + 'a' - 38 ) );
+            String saltString = utf8decode(salt);
+            sb.append(saltString).append(UnixCrypt.crypt(clearTextPassword, saltString).substring(2));
+        }
+        else
+        {
+            sb.append(digest(clearTextPassword, saltedDigest));
+        }
+
+        return sb.toString();
+    }
+
+    private static byte[] utf8encode( String s )
+    {
+        try
+        {
+            return s.getBytes( "UTF-8" );
+        }
+        catch ( UnsupportedEncodingException e )
+        {
+            return s.getBytes();
+        }
+    }
+
+    private static String utf8decode( byte[] b )
+    {
+        try
+        {
+            return new String( b, "UTF-8" );
+        }
+        catch ( UnsupportedEncodingException e )
+        {
+            return new String( b );
+        }
+    }
+    
+    private String digest( String password, boolean salted )
+    {
+        byte[] result;
+        
+        byte[] passwordBytes = utf8encode( password );
+        
+        synchronized (digester)
+        {
+            digester.reset();
+            if ( salted )
+            {
+                // set salt
+                byte[] salt = new byte[8];
+                new SecureRandom().nextBytes( salt );
+                digester.update( passwordBytes );
+                digester.update( salt );
+                byte[] hashedPassword = digester.digest();
+                result = new byte[hashedPassword.length + salt.length];
+                
+                System.arraycopy( hashedPassword, 0, result, 0, hashedPassword.length );
+                System.arraycopy( salt, 0, result, hashedPassword.length, salt.length );
+            }
+            else
+            {
+                result = digester.digest(passwordBytes);
+            }
+        }
+        return utf8decode(Base64.encodeBase64(result));
+    }
+    
+    public static void main( String[] arg ) throws Exception
+    {
+        if ( arg.length != 2 )
+        {
+            System.err.println( "Usage - java org.apache.jetspeed.security.spi.impl.LdapCredentialPasswordEncoder <CRYPT|SHA|SSHA|MD5|SMD5> <password>" );
+            System.exit( 1 );
+        }
+        else
+        {
+            System.err.println( "Encoded password=" + new LdapCredentialPasswordEncoder(arg[0]).encode(null, arg[1]));
+        }
+    }
+}

Propchange: portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/LdapCredentialPasswordEncoder.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/LdapCredentialPasswordEncoder.java
------------------------------------------------------------------------------
    svn:keywords = Id

Propchange: portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/LdapCredentialPasswordEncoder.java
------------------------------------------------------------------------------
    svn:mime-type = text/plain

Added: portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/LdapUserPasswordCredentialManagerImpl.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/LdapUserPasswordCredentialManagerImpl.java?rev=926607&view=auto
==============================================================================
--- portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/LdapUserPasswordCredentialManagerImpl.java (added)
+++ portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/LdapUserPasswordCredentialManagerImpl.java Tue Mar 23 15:05:07 2010
@@ -0,0 +1,374 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ * 
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jetspeed.security.spi.impl;
+
+import javax.naming.AuthenticationException;
+import javax.naming.NamingEnumeration;
+import javax.naming.NamingException;
+import javax.naming.directory.Attribute;
+import javax.naming.directory.BasicAttribute;
+import javax.naming.directory.DirContext;
+import javax.naming.directory.ModificationItem;
+import javax.naming.directory.SearchControls;
+import javax.naming.directory.SearchResult;
+
+import org.apache.commons.lang.StringUtils;
+import org.apache.jetspeed.security.CredentialPasswordEncoder;
+import org.apache.jetspeed.security.InvalidPasswordException;
+import org.apache.jetspeed.security.JetspeedPrincipalType;
+import org.apache.jetspeed.security.PasswordCredential;
+import org.apache.jetspeed.security.SecurityException;
+import org.apache.jetspeed.security.User;
+import org.apache.jetspeed.security.spi.AlgorithmUpgradeCredentialPasswordEncoder;
+import org.apache.jetspeed.security.spi.JetspeedSecuritySynchronizer;
+import org.apache.jetspeed.security.spi.UserPasswordCredentialAccessManager;
+import org.apache.jetspeed.security.spi.UserPasswordCredentialManager;
+import org.apache.jetspeed.security.spi.UserPasswordCredentialPolicyManager;
+import org.apache.jetspeed.security.spi.UserPasswordCredentialStorageManager;
+
+import org.springframework.ldap.core.DistinguishedName;
+import org.springframework.ldap.filter.AndFilter;
+import org.springframework.ldap.filter.EqualsFilter;
+import org.springframework.ldap.filter.Filter;
+import org.springframework.ldap.filter.HardcodedFilter;
+import org.springframework.ldap.pool.factory.PoolingContextSource;
+import org.springframework.ldap.support.LdapUtils;
+
+/**
+ * @version $Id$
+ */
+public class LdapUserPasswordCredentialManagerImpl implements UserPasswordCredentialManager
+{
+    private static final long serialVersionUID = 1131764631931510796L;
+    
+    private UserPasswordCredentialStorageManager upcsm;
+    private UserPasswordCredentialAccessManager upcam;
+    private UserPasswordCredentialPolicyManager upcpm;
+    private JetspeedSecuritySynchronizer synchronizer;
+    private PoolingContextSource poolingContextsource;
+    private String userEntryPrefix;
+    private DistinguishedName userSearchPath;
+    private SearchControls searchControls;
+    private Filter userFilter;
+    private CredentialPasswordEncoder cpe;
+    private boolean persistCredentials;
+    private boolean changePasswordByUser;
+    
+    public LdapUserPasswordCredentialManagerImpl(UserPasswordCredentialStorageManager upcsm, UserPasswordCredentialAccessManager upcam,
+                                                 UserPasswordCredentialPolicyManager upcpm, CredentialPasswordEncoder cpe,
+                                                 PoolingContextSource poolingContextSource, 
+                                                 String userSearchBase, String userFilter, String userEntryPrefix, String searchScope)
+    {
+        this.upcsm = upcsm;
+        this.upcam = upcam;
+        this.upcpm = upcpm;
+        this.cpe =  cpe != null && (upcpm == null || upcpm.getCredentialPasswordEncoder() != cpe) ? cpe : null;
+        this.poolingContextsource = poolingContextSource;
+        this.userEntryPrefix = userEntryPrefix;        
+        this.userSearchPath = new DistinguishedName(userSearchBase);
+        if (!StringUtils.isEmpty(userFilter))
+        {
+            this.userFilter = new HardcodedFilter(userFilter);
+        }        
+        this.searchControls = new SearchControls();
+        this.searchControls.setReturningAttributes(new String[]{});
+        this.searchControls.setReturningObjFlag(false);
+        this.searchControls.setSearchScope(Integer.parseInt(searchScope));
+    }
+    
+    protected String getUserDn(String userName) throws SecurityException
+    {
+        DirContext ctx = null;
+        try
+        {
+            Filter filter = new EqualsFilter(userEntryPrefix, userName);
+            if (userFilter != null)
+            {
+                filter = new AndFilter().and(userFilter).and(filter);
+            }
+            ctx = poolingContextsource.getReadOnlyContext();
+            NamingEnumeration<SearchResult> results = ctx.search(userSearchPath, filter.encode(), searchControls);
+            
+            String dn = null;         
+            if (null != results && results.hasMore())
+            {
+                SearchResult result = results.next();
+                dn = result.getNameInNamespace();
+            }
+            if (dn == null)
+            {
+                throw new SecurityException(SecurityException.PRINCIPAL_DOES_NOT_EXIST.createScoped(JetspeedPrincipalType.USER, userName));
+            }
+            return dn;
+        }
+        catch (NamingException nex)
+        {
+            throw new SecurityException(SecurityException.UNEXPECTED.create(getClass().getName(), "authenticateUser", nex.getMessage()), nex);
+        }
+        finally
+        {
+            LdapUtils.closeContext(ctx);
+        }
+    }
+
+    protected void authenticateUser(String userName, String dn, String password) throws SecurityException
+    {
+        DirContext ctx = null;
+        try
+        {
+            // Note: this "authenticating" context is (logically) not pooled
+            ctx = poolingContextsource.getContextSource().getContext(dn, password);
+            ctx.close();
+            ctx = null;
+        }
+        catch (AuthenticationException aex)
+        {
+            if (aex.getMessage() != null && aex.getMessage().equalsIgnoreCase("[LDAP: error code 49 - Invalid Credentials]"))
+            {
+                throw new InvalidPasswordException();
+            }
+            else
+            {
+                throw new SecurityException(aex);
+            }
+        }
+        catch (NamingException nex)
+        {
+            throw new SecurityException(SecurityException.UNEXPECTED.create(getClass().getName(), "authenticateUser", nex.getMessage()), nex);
+        }
+        finally
+        {
+            LdapUtils.closeContext(ctx);
+        }
+    }
+    
+    protected void setPassword(String userName, String dn, String oldPassword, String newPassword, boolean changePasswordByUserOnly) throws SecurityException
+    {
+        DirContext ctx = null;
+        try
+        {
+            if (changePasswordByUserOnly)
+            {
+                // Note: this "authenticating" context is (logically) not pooled
+                ctx = poolingContextsource.getContextSource().getContext(dn, oldPassword);
+            }
+            else
+            {
+                ctx = poolingContextsource.getReadWriteContext();
+            }
+            DistinguishedName name = new DistinguishedName(dn);
+            name.removeFirst(new DistinguishedName(ctx.getNameInNamespace()));
+            Attribute namingAttr = new BasicAttribute("userPassword", newPassword);
+            ModificationItem[] items = new ModificationItem[1];
+            items[0] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE, namingAttr);
+            ctx.modifyAttributes(name, items);
+        }
+        catch (NamingException nex)
+        {
+            throw new SecurityException(SecurityException.UNEXPECTED.create(getClass().getName(), "setPassword", nex.getMessage()), nex);
+        }
+        finally
+        {
+            LdapUtils.closeContext(ctx);
+        }
+    }
+    
+    public void setJetspeedSecuritySynchronizer(JetspeedSecuritySynchronizer synchronizer)
+    {
+        this.synchronizer = synchronizer;
+    }
+    
+    public void setPersistCredentials(boolean persistCredentials)
+    {
+        this.persistCredentials = persistCredentials;
+    }
+    
+    public boolean isPersistCredentials()
+    {
+        return persistCredentials;
+    }
+    
+    public void setChangePasswordByUser(boolean changePasswordByUser)
+    {
+        this.changePasswordByUser = changePasswordByUser;
+    }
+    
+    public boolean isChangePasswordByUser()
+    {
+        return changePasswordByUser;
+    }
+    
+    public PasswordCredential getPasswordCredential(User user) throws SecurityException
+    {
+        if (isPersistCredentials())
+        {
+            PasswordCredential credential = upcsm.getPasswordCredential(user);
+            if (!credential.isNew() && upcpm != null)
+            {
+                if (upcpm.onLoad(credential, user.getName()))
+                {
+                    upcsm.storePasswordCredential(credential);                
+                }
+            }
+            return credential;
+        }
+        else
+        {
+            // create new transient credential
+            PasswordCredentialImpl credential = new PasswordCredentialImpl();
+            credential.setUser(user);
+            return credential;
+        }
+    }
+
+    public void storePasswordCredential(PasswordCredential credential) throws SecurityException
+    {
+        String userDn = null;
+        boolean authenticated = false;
+        boolean isNewPasswordSet = credential.isNewPasswordSet();
+        String newPassword = credential.getNewPassword();
+        String oldPassword = credential.getOldPassword();
+        String password = credential.getPassword();
+        boolean encoded = credential.isEncoded();
+        
+        if (isNewPasswordSet && !SynchronizationStateAccess.isSynchronizing())
+        {
+            userDn = getUserDn(credential.getUserName());
+            if (oldPassword != null)
+            {
+                authenticateUser(credential.getUserName(), userDn, oldPassword);
+                authenticated = true;
+            }
+        }
+        
+        if (upcpm != null)
+        {
+            upcpm.onStore(credential, authenticated);
+        }
+        if (isPersistCredentials())
+        {
+            upcsm.storePasswordCredential(credential);
+        }
+        
+        if (isNewPasswordSet && !SynchronizationStateAccess.isSynchronizing())
+        {
+            String ldapPassword = credential.getPassword();
+            if (cpe != null && newPassword != null || !encoded)
+            {
+                // encode password for LDAP ourselves
+                ldapPassword = cpe.encode(credential.getUserName(), newPassword != null ? newPassword : password);
+            }
+            setPassword(credential.getUserName(), userDn, oldPassword, ldapPassword, oldPassword != null ? changePasswordByUser : false);
+        }
+    }
+
+    public PasswordCredential getAuthenticatedPasswordCredential(String userName, String password) throws SecurityException
+    {
+        if (!SynchronizationStateAccess.isSynchronizing())
+        {
+            authenticateUser(userName, getUserDn(userName), password);
+            if (synchronizer != null)
+            {
+                synchronizer.synchronizeUserPrincipal(userName,false);
+            }
+        }
+        PasswordCredential credential = isPersistCredentials() ? upcam.getPasswordCredential(userName) : new PasswordCredentialImpl();
+        boolean setPassword = false;
+        if (isPersistCredentials())
+        {
+            if (credential.isNew())
+            {
+                setPassword = true;
+            }
+            else
+            {
+                String encodedPassword = password;
+                if (upcpm != null && upcpm.getCredentialPasswordEncoder() != null && credential.isEncoded())
+                {
+                    CredentialPasswordEncoder encoder = upcpm.getCredentialPasswordEncoder();
+                    if (upcpm.getCredentialPasswordEncoder() instanceof AlgorithmUpgradeCredentialPasswordEncoder)
+                    {
+                        encodedPassword = ((AlgorithmUpgradeCredentialPasswordEncoder)encoder).encode(credential, password);
+                    }
+                    else
+                    {
+                        encodedPassword = encoder.encode(userName, password);
+                    }
+                }
+                if (!credential.getPassword().equals(encodedPassword))
+                {
+                    setPassword = true;
+                }
+            }
+            if (setPassword)
+            {
+                credential.setPassword(null, password);
+                boolean synchronizing = SynchronizationStateAccess.isSynchronizing();
+                try
+                {
+                    SynchronizationStateAccess.setSynchronizing(Boolean.TRUE);
+                    storePasswordCredential(credential);
+                }
+                finally
+                {
+                    SynchronizationStateAccess.setSynchronizing(synchronizing ? Boolean.TRUE : Boolean.FALSE);
+                }
+                credential = upcam.getPasswordCredential(userName);                
+            }
+            
+            if (upcpm != null)
+            {
+                if (upcpm.onLoad(credential, userName))
+                {
+                    upcsm.storePasswordCredential(credential);
+                }
+                if (credential.isEnabled() && !credential.isExpired())
+                {
+                    if (upcpm.authenticate(credential, userName, password, true))
+                    {
+                        upcsm.storePasswordCredential(credential);
+                    }
+                    if (!credential.isEnabled() || credential.isExpired())
+                    {
+                        throw new SecurityException(SecurityException.PRINCIPAL_DOES_NOT_EXIST.createScoped(JetspeedPrincipalType.USER, userName));
+                    }
+                    else if (credential.getAuthenticationFailures() != 0)
+                    {
+                        throw new SecurityException(SecurityException.INVALID_PASSWORD);
+                    }
+                }
+            }
+        }
+        if (!credential.isNew())
+        {            
+            try
+            {
+                upcam.loadPasswordCredentialUser(credential);
+            }
+            catch (Exception e)
+            {
+                throw new SecurityException(SecurityException.PRINCIPAL_DOES_NOT_EXIST.createScoped(JetspeedPrincipalType.USER, userName), e);
+            }            
+        }
+        else
+        {
+            ((PasswordCredentialImpl)credential).setUserName(userName);
+        }
+        
+        return credential;
+    }
+}

Propchange: portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/LdapUserPasswordCredentialManagerImpl.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/LdapUserPasswordCredentialManagerImpl.java
------------------------------------------------------------------------------
    svn:keywords = Id

Propchange: portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/LdapUserPasswordCredentialManagerImpl.java
------------------------------------------------------------------------------
    svn:mime-type = text/plain

Modified: portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/PasswordCredentialImpl.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/PasswordCredentialImpl.java?rev=926607&r1=926606&r2=926607&view=diff
==============================================================================
--- portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/PasswordCredentialImpl.java (original)
+++ portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/PasswordCredentialImpl.java Tue Mar 23 15:05:07 2010
@@ -69,11 +69,16 @@ public class PasswordCredentialImpl impl
     private boolean newPasswordSet;
     
     /**
-     * flag indicating if the current password is encoded
+     * flag indicating if the password is encoded
      */
     private boolean encoded;
     
     /**
+     * flag indicating if the current password is encoded
+     */
+    private boolean currentEncoded;
+    
+    /**
      * flag (default true) indicating if the credential password is updatable (e.g. by the user itself).
      */
     private boolean updateAllowed = true;
@@ -113,7 +118,6 @@ public class PasswordCredentialImpl impl
     /**
      * The type mapping field
      */
-    @SuppressWarnings("unused")
     private Short type = TYPE_CURRENT;
 
     public PasswordCredentialImpl()
@@ -189,7 +193,7 @@ public class PasswordCredentialImpl impl
      */
     public String getPassword()
     {
-        return currentPassword != null ? currentPassword : password;
+        return password;
     }
     
     public void setPassword(String password, boolean encoded)
@@ -199,7 +203,8 @@ public class PasswordCredentialImpl impl
         {
             if (!newPasswordSet && currentPassword == null)
             {
-                currentPassword = password;
+                this.currentPassword = this.password;
+                this.currentEncoded = this.encoded;
             }
             this.password = password;
             this.encoded = encoded;
@@ -216,7 +221,8 @@ public class PasswordCredentialImpl impl
         {
             if (!newPasswordSet && currentPassword == null)
             {
-                currentPassword = password;
+                currentPassword = this.password;
+                this.currentEncoded = this.encoded;
             }
             this.newPassword = newPassword;
             this.oldPassword = oldPassword;
@@ -236,7 +242,8 @@ public class PasswordCredentialImpl impl
     {
         if (newPasswordSet)
         {
-            newPassword = currentPassword;
+            password = currentPassword;
+            encoded = currentEncoded;
             currentPassword = null;
             oldPassword = null;
             newPassword = null;

Modified: portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/UserPasswordCredentialManagerImpl.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/UserPasswordCredentialManagerImpl.java?rev=926607&r1=926606&r2=926607&view=diff
==============================================================================
--- portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/UserPasswordCredentialManagerImpl.java (original)
+++ portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/UserPasswordCredentialManagerImpl.java Tue Mar 23 15:05:07 2010
@@ -51,7 +51,10 @@ public class UserPasswordCredentialManag
         PasswordCredential credential = upcsm.getPasswordCredential(user);
         if (!credential.isNew() && upcpm != null)
         {
-            upcpm.onLoad(credential, user.getName());
+            if (upcpm.onLoad(credential, user.getName()))
+            {
+                upcsm.storePasswordCredential(credential);
+            }
         }
         return credential;
     }

Modified: portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/UserPasswordCredentialPolicyManagerImpl.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/UserPasswordCredentialPolicyManagerImpl.java?rev=926607&r1=926606&r2=926607&view=diff
==============================================================================
--- portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/UserPasswordCredentialPolicyManagerImpl.java (original)
+++ portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/UserPasswordCredentialPolicyManagerImpl.java Tue Mar 23 15:05:07 2010
@@ -84,19 +84,26 @@ public class UserPasswordCredentialPolic
 
     public boolean authenticate(PasswordCredential credential, String userName, String password) throws SecurityException
     {
-        String encodedPassword = password;
-        boolean authenticated = false;
-        if (encoder != null && credential.isEncoded())
+        return authenticate(credential, userName, password, false);
+    }
+    
+    public boolean authenticate(PasswordCredential credential, String userName, String password, boolean authenticated) throws SecurityException
+    {
+        if (!authenticated)
         {
-            if (encoder instanceof AlgorithmUpgradeCredentialPasswordEncoder)
-            {
-                encodedPassword = ((AlgorithmUpgradeCredentialPasswordEncoder)encoder).encode(credential, password);
-            }
-            else
+            String encodedPassword = password;
+            if (encoder != null && credential.isEncoded())
             {
-                encodedPassword = encoder.encode(userName, password);
+                if (encoder instanceof AlgorithmUpgradeCredentialPasswordEncoder)
+                {
+                    encodedPassword = ((AlgorithmUpgradeCredentialPasswordEncoder)encoder).encode(credential, password);
+                }
+                else
+                {
+                    encodedPassword = encoder.encode(userName, password);
+                }
+                authenticated = credential.getPassword().equals(encodedPassword);            
             }
-            authenticated = credential.getPassword().equals(encodedPassword);            
         }
         boolean update = false;
 
@@ -123,7 +130,9 @@ public class UserPasswordCredentialPolic
             credential.setPreviousAuthenticationDate(credential.getLastAuthenticationDate());
             credential.setLastAuthenticationDate(new Timestamp(new Date().getTime()));
             update = true;
-        }else{
+        }
+        else
+        {
             credential.setAuthenticationFailures(credential.getAuthenticationFailures()+1);
         }
         
@@ -132,15 +141,18 @@ public class UserPasswordCredentialPolic
 
     public void onStore(PasswordCredential credential) throws SecurityException
     {
+        onStore(credential, false);
+    }
+    
+    public void onStore(PasswordCredential credential, boolean authenticated) throws SecurityException
+    {
         if (credential.isNewPasswordSet())
         {
             String newPassword = null;
-            boolean authenticated = false;
             if (credential.getNewPassword() != null)
             {
-                if (credential.getOldPassword() != null)
+                if (credential.getOldPassword() != null && !authenticated)
                 {
-                    authenticated = true;
                     String validatingOldPassword = credential.getOldPassword();
                     if (credential.isEncoded() && encoder != null)
                     {
@@ -157,6 +169,7 @@ public class UserPasswordCredentialPolic
                     {
                         throw new InvalidPasswordException();
                     }
+                    authenticated = true;
                 }
                 if (validator != null)
                 {
@@ -180,7 +193,6 @@ public class UserPasswordCredentialPolic
             
             if (!credential.isNew())
             {
-                credential.revertNewPasswordSet();
                 for (PasswordCredentialInterceptor pci : interceptors)
                 {
                     pci.beforeSetPassword(credential, newPassword, authenticated);

Added: portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/util/UnixCrypt.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/util/UnixCrypt.java?rev=926607&view=auto
==============================================================================
--- portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/util/UnixCrypt.java (added)
+++ portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/util/UnixCrypt.java Tue Mar 23 15:05:07 2010
@@ -0,0 +1,536 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/*
+ * @(#)UnixCrypt.java   0.9 96/11/25
+ *
+ * Copyright (c) 1996 Aki Yoshida. All rights reserved.
+ *
+ * Permission to use, copy, modify and distribute this software
+ * for non-commercial or commercial purposes and without fee is
+ * hereby granted provided that this copyright notice appears in
+ * all copies.
+ */
+
+/**
+ * Unix crypt(3C) utility
+ *
+ * @version     0.9, 11/25/96
+ * @author  Aki Yoshida
+ */
+
+/**
+ * modified April 2001
+ * by Iris Van den Broeke, Daniel Deville
+ */
+
+package org.apache.jetspeed.security.util;
+
+/*
+ * @(#)UnixCrypt.java   0.9 96/11/25
+ *
+ * Copyright (c) 1996 Aki Yoshida. All rights reserved.
+ *
+ * Permission to use, copy, modify and distribute this software
+ * for non-commercial or commercial purposes and without fee is
+ * hereby granted provided that this copyright notice appears in
+ * all copies.
+*/
+
+/*
+ * Unix crypt(3C) utility
+ *
+ * @version     0.9, 11/25/96
+ * @author  Aki Yoshida
+ */
+
+/*
+ * modified April 2001
+ * by Iris Van den Broeke, Daniel Deville
+ */
+
+/*
+ * Copied from Apache Directory Studio, svn r827980:
+ * /directory/studio/trunk/ldapbrowser-core/src/main/java/org/apache/directory/studio/ldapbrowser/core/utils/UnixCrypt.java
+ */
+
+/* ------------------------------------------------------------ */
+/* Unix Crypt.
+ * Implements the one way cryptography used by Unix systems for
+ * simple password protection.
+ * @version $Id$
+ * @author Greg Wilkins (gregw)
+ */
+public class UnixCrypt
+{
+
+    /* (mostly) Standard DES Tables from Tom Truscott */
+    private static final byte[] IP =
+        { /* initial permutation */
+        58, 50, 42, 34, 26, 18, 10, 2, 60, 52, 44, 36, 28, 20, 12, 4, 62, 54, 46, 38, 30, 22, 14, 6, 64, 56, 48, 40,
+            32, 24, 16, 8, 57, 49, 41, 33, 25, 17, 9, 1, 59, 51, 43, 35, 27, 19, 11, 3, 61, 53, 45, 37, 29, 21, 13, 5,
+            63, 55, 47, 39, 31, 23, 15, 7 };
+
+    /* The final permutation is the inverse of IP - no table is necessary */
+    private static final byte[] ExpandTr =
+        { /* expansion operation */
+        32, 1, 2, 3, 4, 5, 4, 5, 6, 7, 8, 9, 8, 9, 10, 11, 12, 13, 12, 13, 14, 15, 16, 17, 16, 17, 18, 19, 20, 21, 20,
+            21, 22, 23, 24, 25, 24, 25, 26, 27, 28, 29, 28, 29, 30, 31, 32, 1 };
+
+    private static final byte[] PC1 =
+        { /* permuted choice table 1 */
+        57, 49, 41, 33, 25, 17, 9, 1, 58, 50, 42, 34, 26, 18, 10, 2, 59, 51, 43, 35, 27, 19, 11, 3, 60, 52, 44, 36,
+
+        63, 55, 47, 39, 31, 23, 15, 7, 62, 54, 46, 38, 30, 22, 14, 6, 61, 53, 45, 37, 29, 21, 13, 5, 28, 20, 12, 4 };
+
+    private static final byte[] Rotates =
+        { /* PC1 rotation schedule */
+        1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1 };
+
+    private static final byte[] PC2 =
+        { /* permuted choice table 2 */
+        9, 18, 14, 17, 11, 24, 1, 5, 22, 25, 3, 28, 15, 6, 21, 10, 35, 38, 23, 19, 12, 4, 26, 8, 43, 54, 16, 7, 27, 20,
+            13, 2,
+
+            0, 0, 41, 52, 31, 37, 47, 55, 0, 0, 30, 40, 51, 45, 33, 48, 0, 0, 44, 49, 39, 56, 34, 53, 0, 0, 46, 42, 50,
+            36, 29, 32 };
+
+    private static final byte[][] S =
+        { /* 48->32 bit substitution tables */
+                /* S[1]         */
+                { 14, 4, 13, 1, 2, 15, 11, 8, 3, 10, 6, 12, 5, 9, 0, 7, 0, 15, 7, 4, 14, 2, 13, 1, 10, 6, 12, 11, 9, 5,
+                    3, 8, 4, 1, 14, 8, 13, 6, 2, 11, 15, 12, 9, 7, 3, 10, 5, 0, 15, 12, 8, 2, 4, 9, 1, 7, 5, 11, 3, 14,
+                    10, 0, 6, 13 },
+                /* S[2]         */
+                { 15, 1, 8, 14, 6, 11, 3, 4, 9, 7, 2, 13, 12, 0, 5, 10, 3, 13, 4, 7, 15, 2, 8, 14, 12, 0, 1, 10, 6, 9,
+                    11, 5, 0, 14, 7, 11, 10, 4, 13, 1, 5, 8, 12, 6, 9, 3, 2, 15, 13, 8, 10, 1, 3, 15, 4, 2, 11, 6, 7,
+                    12, 0, 5, 14, 9 },
+                /* S[3]         */
+                { 10, 0, 9, 14, 6, 3, 15, 5, 1, 13, 12, 7, 11, 4, 2, 8, 13, 7, 0, 9, 3, 4, 6, 10, 2, 8, 5, 14, 12, 11,
+                    15, 1, 13, 6, 4, 9, 8, 15, 3, 0, 11, 1, 2, 12, 5, 10, 14, 7, 1, 10, 13, 0, 6, 9, 8, 7, 4, 15, 14,
+                    3, 11, 5, 2, 12 },
+                /* S[4]         */
+                { 7, 13, 14, 3, 0, 6, 9, 10, 1, 2, 8, 5, 11, 12, 4, 15, 13, 8, 11, 5, 6, 15, 0, 3, 4, 7, 2, 12, 1, 10,
+                    14, 9, 10, 6, 9, 0, 12, 11, 7, 13, 15, 1, 3, 14, 5, 2, 8, 4, 3, 15, 0, 6, 10, 1, 13, 8, 9, 4, 5,
+                    11, 12, 7, 2, 14 },
+                /* S[5]         */
+                { 2, 12, 4, 1, 7, 10, 11, 6, 8, 5, 3, 15, 13, 0, 14, 9, 14, 11, 2, 12, 4, 7, 13, 1, 5, 0, 15, 10, 3, 9,
+                    8, 6, 4, 2, 1, 11, 10, 13, 7, 8, 15, 9, 12, 5, 6, 3, 0, 14, 11, 8, 12, 7, 1, 14, 2, 13, 6, 15, 0,
+                    9, 10, 4, 5, 3 },
+                /* S[6]         */
+                { 12, 1, 10, 15, 9, 2, 6, 8, 0, 13, 3, 4, 14, 7, 5, 11, 10, 15, 4, 2, 7, 12, 9, 5, 6, 1, 13, 14, 0, 11,
+                    3, 8, 9, 14, 15, 5, 2, 8, 12, 3, 7, 0, 4, 10, 1, 13, 11, 6, 4, 3, 2, 12, 9, 5, 15, 10, 11, 14, 1,
+                    7, 6, 0, 8, 13 },
+                /* S[7]         */
+                { 4, 11, 2, 14, 15, 0, 8, 13, 3, 12, 9, 7, 5, 10, 6, 1, 13, 0, 11, 7, 4, 9, 1, 10, 14, 3, 5, 12, 2, 15,
+                    8, 6, 1, 4, 11, 13, 12, 3, 7, 14, 10, 15, 6, 8, 0, 5, 9, 2, 6, 11, 13, 8, 1, 4, 10, 7, 9, 5, 0, 15,
+                    14, 2, 3, 12 },
+                /* S[8]         */
+                { 13, 2, 8, 4, 6, 15, 11, 1, 10, 9, 3, 14, 5, 0, 12, 7, 1, 15, 13, 8, 10, 3, 7, 4, 12, 5, 6, 11, 0, 14,
+                    9, 2, 7, 11, 4, 1, 9, 12, 14, 2, 0, 6, 10, 13, 15, 3, 5, 8, 2, 1, 14, 7, 4, 10, 8, 13, 15, 12, 9,
+                    0, 3, 5, 6, 11 } };
+
+    private static final byte[] P32Tr =
+        { /* 32-bit permutation function */
+        16, 7, 20, 21, 29, 12, 28, 17, 1, 15, 23, 26, 5, 18, 31, 10, 2, 8, 24, 14, 32, 27, 3, 9, 19, 13, 30, 6, 22, 11,
+            4, 25 };
+
+    private static final byte[] CIFP =
+        { /* compressed/interleaved permutation */
+        1, 2, 3, 4, 17, 18, 19, 20, 5, 6, 7, 8, 21, 22, 23, 24, 9, 10, 11, 12, 25, 26, 27, 28, 13, 14, 15, 16, 29, 30,
+            31, 32,
+
+            33, 34, 35, 36, 49, 50, 51, 52, 37, 38, 39, 40, 53, 54, 55, 56, 41, 42, 43, 44, 57, 58, 59, 60, 45, 46, 47,
+            48, 61, 62, 63, 64 };
+
+    private static final byte[] ITOA64 =
+        { /* 0..63 => ascii-64 */
+        ( byte ) '.', ( byte ) '/', ( byte ) '0', ( byte ) '1', ( byte ) '2', ( byte ) '3', ( byte ) '4', ( byte ) '5',
+            ( byte ) '6', ( byte ) '7', ( byte ) '8', ( byte ) '9', ( byte ) 'A', ( byte ) 'B', ( byte ) 'C',
+            ( byte ) 'D', ( byte ) 'E', ( byte ) 'F', ( byte ) 'G', ( byte ) 'H', ( byte ) 'I', ( byte ) 'J',
+            ( byte ) 'K', ( byte ) 'L', ( byte ) 'M', ( byte ) 'N', ( byte ) 'O', ( byte ) 'P', ( byte ) 'Q',
+            ( byte ) 'R', ( byte ) 'S', ( byte ) 'T', ( byte ) 'U', ( byte ) 'V', ( byte ) 'W', ( byte ) 'X',
+            ( byte ) 'Y', ( byte ) 'Z', ( byte ) 'a', ( byte ) 'b', ( byte ) 'c', ( byte ) 'd', ( byte ) 'e',
+            ( byte ) 'f', ( byte ) 'g', ( byte ) 'h', ( byte ) 'i', ( byte ) 'j', ( byte ) 'k', ( byte ) 'l',
+            ( byte ) 'm', ( byte ) 'n', ( byte ) 'o', ( byte ) 'p', ( byte ) 'q', ( byte ) 'r', ( byte ) 's',
+            ( byte ) 't', ( byte ) 'u', ( byte ) 'v', ( byte ) 'w', ( byte ) 'x', ( byte ) 'y', ( byte ) 'z' };
+
+    /* =====  Tables that are initialized at run time  ==================== */
+
+    private static byte[] A64TOI = new byte[128]; /* ascii-64 => 0..63 */
+
+    /* Initial key schedule permutation */
+    private static long[][] PC1ROT = new long[16][16];
+
+    /* Subsequent key schedule rotation permutations */
+    private static long[][][] PC2ROT = new long[2][16][16];
+
+    /* Initial permutation/expansion table */
+    private static long[][] IE3264 = new long[8][16];
+
+    /* Table that combines the S, P, and E operations.  */
+    private static long[][] SPE = new long[8][64];
+
+    /* compressed/interleaved => final permutation table */
+    private static long[][] CF6464 = new long[16][16];
+
+    /* ==================================== */
+
+    static
+    {
+        byte[] perm = new byte[64];
+        byte[] temp = new byte[64];
+
+        // inverse table.
+        for ( int i = 0; i < 64; i++ )
+            A64TOI[ITOA64[i]] = ( byte ) i;
+
+        // PC1ROT - bit reverse, then PC1, then Rotate, then PC2
+        for ( int i = 0; i < 64; i++ )
+            perm[i] = ( byte ) 0;;
+        for ( int i = 0; i < 64; i++ )
+        {
+            int k;
+            if ( ( k = ( int ) PC2[i] ) == 0 )
+                continue;
+            k += Rotates[0] - 1;
+            if ( ( k % 28 ) < Rotates[0] )
+                k -= 28;
+            k = ( int ) PC1[k];
+            if ( k > 0 )
+            {
+                k--;
+                k = ( k | 0x07 ) - ( k & 0x07 );
+                k++;
+            }
+            perm[i] = ( byte ) k;
+        }
+        init_perm( PC1ROT, perm, 8 );
+
+        // PC2ROT - PC2 inverse, then Rotate, then PC2
+        for ( int j = 0; j < 2; j++ )
+        {
+            int k;
+            for ( int i = 0; i < 64; i++ )
+                perm[i] = temp[i] = 0;
+            for ( int i = 0; i < 64; i++ )
+            {
+                if ( ( k = ( int ) PC2[i] ) == 0 )
+                    continue;
+                temp[k - 1] = ( byte ) ( i + 1 );
+            }
+            for ( int i = 0; i < 64; i++ )
+            {
+                if ( ( k = ( int ) PC2[i] ) == 0 )
+                    continue;
+                k += j;
+                if ( ( k % 28 ) <= j )
+                    k -= 28;
+                perm[i] = temp[k];
+            }
+
+            init_perm( PC2ROT[j], perm, 8 );
+        }
+
+        // Bit reverse, intial permupation, expantion
+        for ( int i = 0; i < 8; i++ )
+        {
+            for ( int j = 0; j < 8; j++ )
+            {
+                int k = ( j < 2 ) ? 0 : IP[ExpandTr[i * 6 + j - 2] - 1];
+                if ( k > 32 )
+                    k -= 32;
+                else if ( k > 0 )
+                    k--;
+                if ( k > 0 )
+                {
+                    k--;
+                    k = ( k | 0x07 ) - ( k & 0x07 );
+                    k++;
+                }
+                perm[i * 8 + j] = ( byte ) k;
+            }
+        }
+
+        init_perm( IE3264, perm, 8 );
+
+        // Compression, final permutation, bit reverse
+        for ( int i = 0; i < 64; i++ )
+        {
+            int k = IP[CIFP[i] - 1];
+            if ( k > 0 )
+            {
+                k--;
+                k = ( k | 0x07 ) - ( k & 0x07 );
+                k++;
+            }
+            perm[k - 1] = ( byte ) ( i + 1 );
+        }
+
+        init_perm( CF6464, perm, 8 );
+
+        // SPE table
+        for ( int i = 0; i < 48; i++ )
+            perm[i] = P32Tr[ExpandTr[i] - 1];
+        for ( int t = 0; t < 8; t++ )
+        {
+            for ( int j = 0; j < 64; j++ )
+            {
+                int k = ( ( ( j >> 0 ) & 0x01 ) << 5 ) | ( ( ( j >> 1 ) & 0x01 ) << 3 ) | ( ( ( j >> 2 ) & 0x01 ) << 2 )
+                    | ( ( ( j >> 3 ) & 0x01 ) << 1 ) | ( ( ( j >> 4 ) & 0x01 ) << 0 ) | ( ( ( j >> 5 ) & 0x01 ) << 4 );
+                k = S[t][k];
+                k = ( ( ( k >> 3 ) & 0x01 ) << 0 ) | ( ( ( k >> 2 ) & 0x01 ) << 1 ) | ( ( ( k >> 1 ) & 0x01 ) << 2 )
+                    | ( ( ( k >> 0 ) & 0x01 ) << 3 );
+                for ( int i = 0; i < 32; i++ )
+                    temp[i] = 0;
+                for ( int i = 0; i < 4; i++ )
+                    temp[4 * t + i] = ( byte ) ( ( k >> i ) & 0x01 );
+                long kk = 0;
+                for ( int i = 24; --i >= 0; )
+                    kk = ( ( kk << 1 ) | ( ( long ) temp[perm[i] - 1] ) << 32 | ( ( long ) temp[perm[i + 24] - 1] ) );
+
+                SPE[t][j] = to_six_bit( kk );
+            }
+        }
+    }
+
+
+    /**
+     * You can't call the constructer.
+     */
+    private UnixCrypt()
+    {
+    }
+
+
+    /**
+     * Returns the transposed and split code of a 24-bit code
+     * into a 4-byte code, each having 6 bits.
+     */
+    private static int to_six_bit( int num )
+    {
+        return ( ( ( num << 26 ) & 0xfc000000 ) | ( ( num << 12 ) & 0xfc0000 ) | ( ( num >> 2 ) & 0xfc00 ) | ( ( num >> 16 ) & 0xfc ) );
+    }
+
+
+    /**
+     * Returns the transposed and split code of two 24-bit code 
+     * into two 4-byte code, each having 6 bits.
+     */
+    private static long to_six_bit( long num )
+    {
+        return ( ( ( num << 26 ) & 0xfc000000fc000000L ) | ( ( num << 12 ) & 0xfc000000fc0000L )
+            | ( ( num >> 2 ) & 0xfc000000fc00L ) | ( ( num >> 16 ) & 0xfc000000fcL ) );
+    }
+
+
+    /**
+     * Returns the permutation of the given 64-bit code with
+     * the specified permutataion table.
+     */
+    private static long perm6464( long c, long[][] p )
+    {
+        long out = 0L;
+        for ( int i = 8; --i >= 0; )
+        {
+            int t = ( int ) ( 0x00ff & c );
+            c >>= 8;
+            long tp = p[i << 1][t & 0x0f];
+            out |= tp;
+            tp = p[( i << 1 ) + 1][t >> 4];
+            out |= tp;
+        }
+        return out;
+    }
+
+
+    /**
+     * Returns the permutation of the given 32-bit code with
+     * the specified permutataion table.
+     */
+    private static long perm3264( int c, long[][] p )
+    {
+        long out = 0L;
+        for ( int i = 4; --i >= 0; )
+        {
+            int t = ( 0x00ff & c );
+            c >>= 8;
+            long tp = p[i << 1][t & 0x0f];
+            out |= tp;
+            tp = p[( i << 1 ) + 1][t >> 4];
+            out |= tp;
+        }
+        return out;
+    }
+
+
+    /**
+     * Returns the key schedule for the given key.
+     */
+    private static long[] des_setkey( long keyword )
+    {
+        long K = perm6464( keyword, PC1ROT );
+        long[] KS = new long[16];
+        KS[0] = K & ~0x0303030300000000L;
+
+        for ( int i = 1; i < 16; i++ )
+        {
+            KS[i] = K;
+            K = perm6464( K, PC2ROT[Rotates[i] - 1] );
+
+            KS[i] = K & ~0x0303030300000000L;
+        }
+        return KS;
+    }
+
+
+    /**
+     * Returns the DES encrypted code of the given word with the specified 
+     * environment.
+     */
+    private static long des_cipher( long in, int salt, int num_iter, long[] KS )
+    {
+        salt = to_six_bit( salt );
+        long L = in;
+        long R = L;
+        L &= 0x5555555555555555L;
+        R = ( R & 0xaaaaaaaa00000000L ) | ( ( R >> 1 ) & 0x0000000055555555L );
+        L = ( ( ( ( L << 1 ) | ( L << 32 ) ) & 0xffffffff00000000L ) | ( ( R | ( R >> 32 ) ) & 0x00000000ffffffffL ) );
+
+        L = perm3264( ( int ) ( L >> 32 ), IE3264 );
+        R = perm3264( ( int ) ( L & 0xffffffff ), IE3264 );
+
+        while ( --num_iter >= 0 )
+        {
+            for ( int loop_count = 0; loop_count < 8; loop_count++ )
+            {
+                long kp;
+                long B;
+                long k;
+
+                kp = KS[( loop_count << 1 )];
+                k = ( ( R >> 32 ) ^ R ) & salt & 0xffffffffL;
+                k |= ( k << 32 );
+                B = ( k ^ R ^ kp );
+
+                L ^= ( SPE[0][( int ) ( ( B >> 58 ) & 0x3f )] ^ SPE[1][( int ) ( ( B >> 50 ) & 0x3f )]
+                    ^ SPE[2][( int ) ( ( B >> 42 ) & 0x3f )] ^ SPE[3][( int ) ( ( B >> 34 ) & 0x3f )]
+                    ^ SPE[4][( int ) ( ( B >> 26 ) & 0x3f )] ^ SPE[5][( int ) ( ( B >> 18 ) & 0x3f )]
+                    ^ SPE[6][( int ) ( ( B >> 10 ) & 0x3f )] ^ SPE[7][( int ) ( ( B >> 2 ) & 0x3f )] );
+
+                kp = KS[( loop_count << 1 ) + 1];
+                k = ( ( L >> 32 ) ^ L ) & salt & 0xffffffffL;
+                k |= ( k << 32 );
+                B = ( k ^ L ^ kp );
+
+                R ^= ( SPE[0][( int ) ( ( B >> 58 ) & 0x3f )] ^ SPE[1][( int ) ( ( B >> 50 ) & 0x3f )]
+                    ^ SPE[2][( int ) ( ( B >> 42 ) & 0x3f )] ^ SPE[3][( int ) ( ( B >> 34 ) & 0x3f )]
+                    ^ SPE[4][( int ) ( ( B >> 26 ) & 0x3f )] ^ SPE[5][( int ) ( ( B >> 18 ) & 0x3f )]
+                    ^ SPE[6][( int ) ( ( B >> 10 ) & 0x3f )] ^ SPE[7][( int ) ( ( B >> 2 ) & 0x3f )] );
+            }
+            // swap L and R
+            L ^= R;
+            R ^= L;
+            L ^= R;
+        }
+        L = ( ( ( ( L >> 35 ) & 0x0f0f0f0fL ) | ( ( ( L & 0xffffffff ) << 1 ) & 0xf0f0f0f0L ) ) << 32 | ( ( ( R >> 35 ) & 0x0f0f0f0fL ) | ( ( ( R & 0xffffffff ) << 1 ) & 0xf0f0f0f0L ) ) );
+
+        L = perm6464( L, CF6464 );
+
+        return L;
+    }
+
+
+    /**
+     * Initializes the given permutation table with the mapping table.
+     */
+    private static void init_perm( long[][] perm, byte[] p, int chars_out )
+    {
+        for ( int k = 0; k < chars_out * 8; k++ )
+        {
+
+            int l = p[k] - 1;
+            if ( l < 0 )
+                continue;
+            int i = l >> 2;
+            l = 1 << ( l & 0x03 );
+            for ( int j = 0; j < 16; j++ )
+            {
+                int s = ( ( k & 0x07 ) + ( ( 7 - ( k >> 3 ) ) << 3 ) );
+                if ( ( j & l ) != 0x00 )
+                    perm[i][j] |= ( 1L << s );
+            }
+        }
+    }
+
+
+    /**
+     * Encrypts String into crypt (Unix) code.
+     * @param key the key to be encrypted
+     * @param setting the salt to be used
+     * @return the encrypted String
+     */
+    public static String crypt( String key, String setting )
+    {
+        long constdatablock = 0L; /* encryption constant */
+        byte[] cryptresult = new byte[13]; /* encrypted result */
+        long keyword = 0L;
+        /* invalid parameters! */
+        if ( key == null || setting == null )
+            return "*"; // will NOT match under ANY circumstances!
+
+        int keylen = key.length();
+
+        for ( int i = 0; i < 8; i++ )
+        {
+            keyword = ( keyword << 8 ) | ( ( i < keylen ) ? 2 * key.charAt( i ) : 0 );
+        }
+
+        long[] KS = des_setkey( keyword );
+
+        int salt = 0;
+        for ( int i = 2; --i >= 0; )
+        {
+            char c = ( i < setting.length() ) ? setting.charAt( i ) : '.';
+            cryptresult[i] = ( byte ) c;
+            salt = ( salt << 6 ) | ( 0x00ff & A64TOI[c] );
+        }
+
+        long rsltblock = des_cipher( constdatablock, salt, 25, KS );
+
+        cryptresult[12] = ITOA64[( ( ( int ) rsltblock ) << 2 ) & 0x3f];
+        rsltblock >>= 4;
+        for ( int i = 12; --i >= 2; )
+        {
+            cryptresult[i] = ITOA64[( ( int ) rsltblock ) & 0x3f];
+            rsltblock >>= 6;
+        }
+
+        return new String( cryptresult, 0x00, 0, 13 );
+    }
+
+    public static void main( String[] arg )
+    {
+        if ( arg.length != 2 )
+        {
+            System.err.println( "Usage - java org.apache.jetspeed.security.util.UnixCrypt <key> <salt>" );
+            System.exit( 1 );
+        }
+
+        System.err.println( "Crypt=" + crypt( arg[0], arg[1] ) );
+    }
+}

Propchange: portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/util/UnixCrypt.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/util/UnixCrypt.java
------------------------------------------------------------------------------
    svn:keywords = Id

Propchange: portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/util/UnixCrypt.java
------------------------------------------------------------------------------
    svn:mime-type = text/plain

Modified: portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/test/java/org/apache/jetspeed/security/AbstractLDAPSecurityTestCase.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/test/java/org/apache/jetspeed/security/AbstractLDAPSecurityTestCase.java?rev=926607&r1=926606&r2=926607&view=diff
==============================================================================
--- portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/test/java/org/apache/jetspeed/security/AbstractLDAPSecurityTestCase.java (original)
+++ portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/test/java/org/apache/jetspeed/security/AbstractLDAPSecurityTestCase.java Tue Mar 23 15:05:07 2010
@@ -39,7 +39,7 @@ public abstract class AbstractLDAPSecuri
     {
         ldapService = new EmbeddedApacheDSTestService(getLdapBaseDN(), getLdapPort(), getLdapWorkingDir());
     }
-
+    
     public void ldapTestSetup() throws Exception
     {
         if (ldapService != null)
@@ -77,7 +77,7 @@ public abstract class AbstractLDAPSecuri
     }
 
     @Override
-    protected void tearDown() throws Exception
+    public void tearDown() throws Exception
     {
         if (ldapService != null && !ldapTestSetupRun)
         {

Modified: portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/test/java/org/apache/jetspeed/security/TestHierarchicalGroups.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/test/java/org/apache/jetspeed/security/TestHierarchicalGroups.java?rev=926607&r1=926606&r2=926607&view=diff
==============================================================================
--- portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/test/java/org/apache/jetspeed/security/TestHierarchicalGroups.java (original)
+++ portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/test/java/org/apache/jetspeed/security/TestHierarchicalGroups.java Tue Mar 23 15:05:07 2010
@@ -21,7 +21,6 @@ import java.util.List;
 import javax.security.auth.Subject;
 
 import junit.framework.Test;
-import junit.framework.TestSuite;
 
 /**
  * Test construction and application of hierarchical groups.
@@ -29,7 +28,7 @@ import junit.framework.TestSuite;
  * @author <a href="mailto:rwatler@apache.org">Randy Watler</a>
  * @version $Id$
  */
-public class TestHierarchicalGroups extends AbstractSecurityTestcase
+public class TestHierarchicalGroups extends AbstractLDAPSecurityTestCase
 {
     /**
      * Test runs all test*() methods by default.
@@ -38,7 +37,7 @@ public class TestHierarchicalGroups exte
      */
     public static Test suite()
     {
-        return new TestSuite(TestHierarchicalGroups.class);
+        return createFixturedTestSuite(TestHierarchicalGroups.class, "ldapTestSetup", "ldapTestTeardown");
     }
 
     /**

Modified: portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/test/java/org/apache/jetspeed/security/TestLoginModule.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/test/java/org/apache/jetspeed/security/TestLoginModule.java?rev=926607&r1=926606&r2=926607&view=diff
==============================================================================
--- portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/test/java/org/apache/jetspeed/security/TestLoginModule.java (original)
+++ portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/test/java/org/apache/jetspeed/security/TestLoginModule.java Tue Mar 23 15:05:07 2010
@@ -23,24 +23,24 @@ import javax.security.auth.login.LoginCo
 import javax.security.auth.login.LoginException;
 
 import junit.framework.Test;
-import junit.framework.TestSuite;
 
 import org.apache.jetspeed.security.impl.PassiveCallbackHandler;
 
 /**
  * @author <a href="mailto:dlestrat@apache.org">David Le Strat</a>
  */
-public class TestLoginModule extends AbstractSecurityTestcase
+public class TestLoginModule extends AbstractLDAPSecurityTestCase
 {
     /** <p>The JAAS login context.</p> */
     private LoginContext loginContext = null;
 
-    /**
-     * @see junit.framework.TestCase#setUp()
-     */
-    public void setUp() throws Exception
+    public static Test suite()
+    {
+        return createFixturedTestSuite(TestLoginModule.class, "ldapTestSetup", "ldapTestTeardown");
+    }
+
+    private void setupTest() throws Exception
     {
-        super.setUp();
         initUserObject();
 
         // Set up login context.
@@ -55,14 +55,9 @@ public class TestLoginModule extends Abs
         }
     }
 
-    public static Test suite()
-    {
-        // All methods starting with "test" will be executed in the test suite.
-        return new TestSuite(TestLoginModule.class);
-    }
-
     public void testLogin() throws Exception
-    {
+    { 
+        setupTest();
         loginContext.login();        
         Subject subject = loginContext.getSubject();
         Principal found = SubjectHelper.getPrincipal(loginContext.getSubject(), User.class);
@@ -70,8 +65,9 @@ public class TestLoginModule extends Abs
         assertTrue("found principal should be anonlogin, " + found.getName(), found.getName().equals("anonlogin"));      
     }
     
-    public void testLogout() throws LoginException
+    public void testLogout() throws Exception
     {
+        setupTest();
         loginContext.login();
         loginContext.logout();
         Principal found = SubjectHelper.getBestPrincipal(loginContext.getSubject(), User.class);

Modified: portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/test/java/org/apache/jetspeed/security/TestUserManager.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/test/java/org/apache/jetspeed/security/TestUserManager.java?rev=926607&r1=926606&r2=926607&view=diff
==============================================================================
--- portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/test/java/org/apache/jetspeed/security/TestUserManager.java (original)
+++ portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/test/java/org/apache/jetspeed/security/TestUserManager.java Tue Mar 23 15:05:07 2010
@@ -26,7 +26,6 @@ import javax.security.auth.login.LoginCo
 import javax.security.auth.login.LoginException;
 
 import junit.framework.Test;
-import junit.framework.TestSuite;
 
 import org.apache.jetspeed.security.impl.PassiveCallbackHandler;
 
@@ -37,11 +36,11 @@ import org.apache.jetspeed.security.impl
  * 
  * @author <a href="mailto:dlestrat@apache.org">David Le Strat </a>
  */
-public class TestUserManager extends AbstractSecurityTestcase
+public class TestUserManager extends AbstractLDAPSecurityTestCase
 {
     public static Test suite()
     {
-        return new TestSuite(TestUserManager.class);
+        return createFixturedTestSuite(TestUserManager.class, "ldapTestSetup", "ldapTestTeardown");
     }
 
     /**

Modified: portals/jetspeed-2/portal/trunk/jetspeed-portal-resources/src/main/resources/assembly/security-ldap.xml
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/jetspeed-portal-resources/src/main/resources/assembly/security-ldap.xml?rev=926607&r1=926606&r2=926607&view=diff
==============================================================================
--- portals/jetspeed-2/portal/trunk/jetspeed-portal-resources/src/main/resources/assembly/security-ldap.xml (original)
+++ portals/jetspeed-2/portal/trunk/jetspeed-portal-resources/src/main/resources/assembly/security-ldap.xml Tue Mar 23 15:05:07 2010
@@ -72,7 +72,7 @@
     <constructor-arg index="0" ref="org.apache.jetspeed.security.spi.JetspeedPrincipalManagerProvider" />
     <constructor-arg index="1" ref="org.apache.jetspeed.security.mapping.SecurityEntityManager" />
   </bean>
-
+<!-- 
   <bean id="org.apache.jetspeed.security.AuthenticationProvider" class="org.apache.jetspeed.security.impl.LdapAuthenticationProvider">
     <meta key="j2:cat" value="ldapSecurity" />
     <constructor-arg index="0"  value="ldapAuthenticationProvider" />
@@ -82,13 +82,62 @@
     <constructor-arg index="4"  ref="org.apache.jetspeed.security.UserManager" />
     <constructor-arg index="5"  ref="org.apache.jetspeed.security.spi.JetspeedSecuritySynchronizer" />
     <constructor-arg index="6"  ref="LdapSpringContext" />
-    <constructor-arg index="7"  value="${ldap.base}" />
-    <constructor-arg index="8"  value="${ldap.user.searchBase}" />
-    <constructor-arg index="9"  value="${ldap.user.filter}" />
-    <constructor-arg index="10"  value="${ldap.user.entryPrefix}" />
-    <constructor-arg index="11" value="${ldap.search.scope}" />
+    <constructor-arg index="7"  value="${ldap.user.searchBase}" />
+    <constructor-arg index="8"  value="${ldap.user.filter}" />
+    <constructor-arg index="9"  value="${ldap.user.entryPrefix}" />
+    <constructor-arg index="10" value="${ldap.search.scope}" />
+  </bean>
+ -->
+  <bean id="org.apache.jetspeed.security.spi.impl.LdapUserPasswordCredentialManagerImpl"
+    class="org.apache.jetspeed.security.spi.impl.LdapUserPasswordCredentialManagerImpl">
+    <meta key="j2:cat" value="ldapSecurity" />
+    <constructor-arg index="0" ref="org.apache.jetspeed.security.spi.JetspeedSecurityPersistenceManager" />
+    <constructor-arg index="1" ref="org.apache.jetspeed.security.spi.JetspeedSecurityPersistenceManager" />
+    <constructor-arg index="2" ref="org.apache.jetspeed.security.spi.UserPasswordCredentialPolicyManager" />
+    <constructor-arg index="3" ref="org.apache.jetspeed.security.spi.impl.LdapCredentialPasswordEncoder" />
+    <constructor-arg index="4"  ref="LdapSpringContext" />
+    <constructor-arg index="5"  value="${ldap.user.searchBase}" />
+    <constructor-arg index="6"  value="${ldap.user.filter}" />
+    <constructor-arg index="7"  value="${ldap.user.entryPrefix}" />
+    <constructor-arg index="8" value="${ldap.search.scope}" />
+    <property name="persistCredentials" value="true"/>
+    <property name="changePasswordByUser" value="false"/>
+  </bean>
+  
+  <bean id="_LdapUserPasswordCredentialManagerImplInitializer" class="org.springframework.beans.factory.config.MethodInvokingFactoryBean">
+    <meta key="j2:cat" value="ldapSecurity" />
+    <property name="targetObject"><ref bean="org.apache.jetspeed.security.spi.impl.LdapUserPasswordCredentialManagerImpl"/></property>
+    <property name="targetMethod"><value>setJetspeedSecuritySynchronizer</value></property>
+    <property name="arguments">
+      <list>
+        <ref bean="org.apache.jetspeed.security.spi.JetspeedSecuritySynchronizer"/>
+      </list>
+    </property>
+  </bean>
+  
+  <bean id="org.apache.jetspeed.security.spi.impl.LdapCredentialPasswordEncoder"
+    class="org.apache.jetspeed.security.spi.impl.LdapCredentialPasswordEncoder">
+    <meta key="j2:cat" value="default or security" />
+    <constructor-arg index="0">
+      <value>CRYPT</value>
+    </constructor-arg>
   </bean>
 
+  <bean id="org.apache.jetspeed.security.spi.UserPasswordCredentialManager" parent="baseTransactionProxy">
+    <meta key="j2:cat" value="ldapSecurity" />
+    <property name="proxyInterfaces">
+      <value>org.apache.jetspeed.security.spi.UserPasswordCredentialManager</value>
+    </property>
+    <property name="target">
+      <ref bean="org.apache.jetspeed.security.spi.impl.LdapUserPasswordCredentialManagerImpl" />
+    </property>
+    <property name="transactionAttributes">
+      <props>
+        <prop key="*">PROPAGATION_REQUIRED</prop>
+      </props>
+    </property>
+  </bean>
+  
   <bean id="org.apache.jetspeed.security.mapping.SecurityEntityManager"
     class="org.apache.jetspeed.security.mapping.ldap.dao.DefaultLDAPEntityManager">
     <meta key="j2:cat" value="ldapSecurity" />

Modified: portals/jetspeed-2/portal/trunk/jetspeed-portal-resources/src/main/resources/assembly/security-providers.xml
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/jetspeed-portal-resources/src/main/resources/assembly/security-providers.xml?rev=926607&r1=926606&r2=926607&view=diff
==============================================================================
--- portals/jetspeed-2/portal/trunk/jetspeed-portal-resources/src/main/resources/assembly/security-providers.xml (original)
+++ portals/jetspeed-2/portal/trunk/jetspeed-portal-resources/src/main/resources/assembly/security-providers.xml Tue Mar 23 15:05:07 2010
@@ -22,7 +22,7 @@
   <!-- Security: Default Authentication Provider -->
   <bean id="org.apache.jetspeed.security.AuthenticationProvider"
     class="org.apache.jetspeed.security.impl.DefaultAuthenticationProvider">
-    <meta key="j2:cat" value="dbSecurity" />
+    <meta key="j2:cat" value="dbSecurity or ldapSecurity" />
     <constructor-arg index="0">
       <value>DefaultAuthenticator</value>
     </constructor-arg>
@@ -35,7 +35,7 @@
     <constructor-arg index="3">
       <ref bean="org.apache.jetspeed.security.spi.UserPasswordCredentialManager" />
     </constructor-arg>
-
+    <constructor-arg index="4"  ref="org.apache.jetspeed.security.UserManager" />
   </bean>
 
   <!-- Security: Authorization Provider -->

Modified: portals/jetspeed-2/portal/trunk/jetspeed-portal-resources/src/main/resources/assembly/security-spi.xml
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/jetspeed-portal-resources/src/main/resources/assembly/security-spi.xml?rev=926607&r1=926606&r2=926607&view=diff
==============================================================================
--- portals/jetspeed-2/portal/trunk/jetspeed-portal-resources/src/main/resources/assembly/security-spi.xml (original)
+++ portals/jetspeed-2/portal/trunk/jetspeed-portal-resources/src/main/resources/assembly/security-spi.xml Tue Mar 23 15:05:07 2010
@@ -116,14 +116,14 @@
   
   <bean id="org.apache.jetspeed.security.spi.impl.UserPasswordCredentialManagerImpl"
     class="org.apache.jetspeed.security.spi.impl.UserPasswordCredentialManagerImpl">
-    <meta key="j2:cat" value="default or security" />
+    <meta key="j2:cat" value="dbSecurity" />
     <constructor-arg index="0" ref="org.apache.jetspeed.security.spi.JetspeedSecurityPersistenceManager" />
     <constructor-arg index="1" ref="org.apache.jetspeed.security.spi.JetspeedSecurityPersistenceManager" />
     <constructor-arg index="2" ref="org.apache.jetspeed.security.spi.UserPasswordCredentialPolicyManager" />
   </bean>
 
   <bean id="org.apache.jetspeed.security.spi.UserPasswordCredentialManager" parent="baseTransactionProxy">
-    <meta key="j2:cat" value="default or security" />
+    <meta key="j2:cat" value="dbSecurity" />
     <property name="proxyInterfaces">
       <value>org.apache.jetspeed.security.spi.UserPasswordCredentialManager</value>
     </property>



---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org


Mime
View raw message