portals-jetspeed-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From a..@apache.org
Subject svn commit: r927095 - in /portals/jetspeed-2/portal/trunk: components/jetspeed-portal/src/main/java/org/apache/jetspeed/administration/ jetspeed-api/src/main/java/org/apache/jetspeed/administration/ jetspeed-portal-resources/src/main/resources/assembly/
Date Wed, 24 Mar 2010 15:57:09 GMT
Author: ate
Date: Wed Mar 24 15:57:09 2010
New Revision: 927095

URL: http://svn.apache.org/viewvc?rev=927095&view=rev
Log:
JS2-548: Extending password policy to require alternate characters (eg 2 numbers along with
4 letters) will fail on auto-password generation for new user registration
See: http://issues.apache.org/jira/browse/JS2-548
Solved by providing a pluggable solution with a new o.a.j.administration.PasswordGenerator
interface and default implementation which can be customized, extended or even replaced.
The default implementation also provides support for an optional CredentialPasswordValidator
to ensure a new password complies with the existing password policy configuration.

Added:
    portals/jetspeed-2/portal/trunk/components/jetspeed-portal/src/main/java/org/apache/jetspeed/administration/SimplePasswordGeneratorImpl.java
  (with props)
    portals/jetspeed-2/portal/trunk/jetspeed-api/src/main/java/org/apache/jetspeed/administration/PasswordGenerator.java
  (with props)
Modified:
    portals/jetspeed-2/portal/trunk/components/jetspeed-portal/src/main/java/org/apache/jetspeed/administration/AdminUtil.java
    portals/jetspeed-2/portal/trunk/components/jetspeed-portal/src/main/java/org/apache/jetspeed/administration/PortalAdministrationImpl.java
    portals/jetspeed-2/portal/trunk/jetspeed-portal-resources/src/main/resources/assembly/administration.xml

Modified: portals/jetspeed-2/portal/trunk/components/jetspeed-portal/src/main/java/org/apache/jetspeed/administration/AdminUtil.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/components/jetspeed-portal/src/main/java/org/apache/jetspeed/administration/AdminUtil.java?rev=927095&r1=927094&r2=927095&view=diff
==============================================================================
--- portals/jetspeed-2/portal/trunk/components/jetspeed-portal/src/main/java/org/apache/jetspeed/administration/AdminUtil.java
(original)
+++ portals/jetspeed-2/portal/trunk/components/jetspeed-portal/src/main/java/org/apache/jetspeed/administration/AdminUtil.java
Wed Mar 24 15:57:09 2010
@@ -16,12 +16,7 @@
  */
 package org.apache.jetspeed.administration;
 
-import java.util.ArrayList;
-
-import javax.servlet.jsp.JspException;
-
 import org.apache.jetspeed.om.folder.Folder;
-import org.apache.taglibs.random.RandomStrg;
 
 /**
  * Helper for admininstration
@@ -32,45 +27,6 @@ import org.apache.taglibs.random.RandomS
  */
 public class AdminUtil
 {
-    /** the list of characters from which a password can be generatored. */
-    protected static final char[] PASS_CHARS = {'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i',
'j', 'k', 'l', 'm',
-        'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z',
-        'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M',
-        'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z',
-        '1', '2', '3', '4', '5', '6', '7', '8', '9', '0'};
-        // removed these for aesthetic purposes
-        //'!', '&',  '-', '_', '=',
-        // '*','@', '#', '$', '%', '^',
-        //'+',
-
-    public String generatePassword()
-    {
-        RandomStrg rs = new RandomStrg();
-        
-        //TODO put in a more secure random number provider
-        //rs.setAlgorithm();   -- ideally call this for super security.  need rnd provider
-        
-        try
-        {
-            rs.generateRandomObject();
-        } catch (JspException e)
-        {
-            // this would only get thrown if we tried a secure random and the provider
-            // was not available.
-            e.printStackTrace();
-        }
-        rs.setLength(new Integer(12));
-        rs.setSingle(PASS_CHARS,PASS_CHARS.length);
-        ArrayList upper = new ArrayList();
-        ArrayList lower = new ArrayList();
-        //upper.add(new Character('A'));
-        //lower.add(new Character('B'));
-        rs.setRanges(upper,lower);
-        String retval = rs.getRandom();
-        
-        return retval;        
-    }
-    
     static public String concatenatePaths(String base, String path)
     {
         String result = "";

Modified: portals/jetspeed-2/portal/trunk/components/jetspeed-portal/src/main/java/org/apache/jetspeed/administration/PortalAdministrationImpl.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/components/jetspeed-portal/src/main/java/org/apache/jetspeed/administration/PortalAdministrationImpl.java?rev=927095&r1=927094&r2=927095&view=diff
==============================================================================
--- portals/jetspeed-2/portal/trunk/components/jetspeed-portal/src/main/java/org/apache/jetspeed/administration/PortalAdministrationImpl.java
(original)
+++ portals/jetspeed-2/portal/trunk/components/jetspeed-portal/src/main/java/org/apache/jetspeed/administration/PortalAdministrationImpl.java
Wed Mar 24 15:57:09 2010
@@ -91,7 +91,7 @@ public class PortalAdministrationImpl im
     protected PortalSite portalSite;
     protected JavaMailSender mailSender;
     protected VelocityEngine velocityEngine;
-    protected AdminUtil adminUtil;
+    protected PasswordGenerator passwordGenerator;
     
     /** list of default roles for a registered user */
     protected List defaultRoles;
@@ -123,7 +123,15 @@ public class PortalAdministrationImpl im
         this.portalSite = portalSite;
         this.mailSender = mailSender;
         this.velocityEngine = velocityEngine;
-        this.adminUtil = new AdminUtil();
+        this.passwordGenerator = new SimplePasswordGeneratorImpl();
+    }
+    
+    public void setPasswordGenerator(PasswordGenerator passwordGenerator)
+    {
+        if (passwordGenerator != null)
+        {
+            this.passwordGenerator = passwordGenerator;
+        }
     }
 
     public void start()
@@ -384,7 +392,7 @@ public class PortalAdministrationImpl im
      */
     public String generatePassword()
     {
-        return adminUtil.generatePassword();
+        return passwordGenerator.generatePassword();
     }
 
     /* (non-Javadoc)
@@ -499,10 +507,10 @@ public class PortalAdministrationImpl im
         {
             basePath = basePath.replace("/action", "/desktop");
         }
-        String jetspeedPath = adminUtil.concatenatePaths(baseUrl, basePath);
+        String jetspeedPath = AdminUtil.concatenatePaths(baseUrl, basePath);
         if (path == null)
             return jetspeedPath;
-        return adminUtil.concatenatePaths(jetspeedPath, response.encodeURL(path));
+        return AdminUtil.concatenatePaths(jetspeedPath, response.encodeURL(path));
     }
         
     

Added: portals/jetspeed-2/portal/trunk/components/jetspeed-portal/src/main/java/org/apache/jetspeed/administration/SimplePasswordGeneratorImpl.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/components/jetspeed-portal/src/main/java/org/apache/jetspeed/administration/SimplePasswordGeneratorImpl.java?rev=927095&view=auto
==============================================================================
--- portals/jetspeed-2/portal/trunk/components/jetspeed-portal/src/main/java/org/apache/jetspeed/administration/SimplePasswordGeneratorImpl.java
(added)
+++ portals/jetspeed-2/portal/trunk/components/jetspeed-portal/src/main/java/org/apache/jetspeed/administration/SimplePasswordGeneratorImpl.java
Wed Mar 24 15:57:09 2010
@@ -0,0 +1,146 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jetspeed.administration;
+
+import java.util.ArrayList;
+
+import org.apache.jetspeed.security.CredentialPasswordValidator;
+import org.apache.jetspeed.security.SecurityException;
+import org.apache.taglibs.random.RandomStrg;
+
+/**
+ * @version $Id$
+ *
+ */
+public class SimplePasswordGeneratorImpl implements PasswordGenerator
+{
+    /** the list of characters from which a password can be generatored. */
+    protected static final char[] DEFAULT_PASS_CHARS = {'a', 'b', 'c', 'd', 'e', 'f', 'g',
'h', 'i', 'j', 'k', 'l', 'm',
+        'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z',
+        'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M',
+        'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z',
+        '1', '2', '3', '4', '5', '6', '7', '8', '9', '0'};
+        // removed these for aesthetic purposes
+        //'!', '&',  '-', '_', '=',
+        // '*','@', '#', '$', '%', '^',
+        //'+',
+    
+    protected char[] passwordChars = DEFAULT_PASS_CHARS;
+    protected ArrayList<Character> upper = new ArrayList<Character>();
+    protected ArrayList<Character> lower = new ArrayList<Character>();
+    protected Integer length = new Integer(12);
+    protected CredentialPasswordValidator validator;
+    
+    protected RandomStrg newRandomStrg()
+    {
+        RandomStrg rs = new RandomStrg();
+        
+        try
+        {
+            rs.generateRandomObject();
+        } 
+        catch (Exception e)
+        {
+            // this would only get thrown if we tried a secure random and the provider
+            // was not available.
+            e.printStackTrace();
+        }
+        return rs;
+    }
+    
+    protected void initRandomStrg(RandomStrg rs)
+    {
+        rs.setLength(new Integer(12));
+        rs.setSingle(passwordChars,passwordChars.length);
+        rs.setRanges(upper,lower);
+    }
+    
+    /**
+	 * @param length the length to set
+	 */
+	public void setLength(Integer length)
+	{
+		this.length = length;
+	}
+
+	/**
+	 * @param validator the validator to set
+	 */
+	public void setValidator(CredentialPasswordValidator validator)
+	{
+		this.validator = validator;
+	}
+	
+	public void setPasswordChars(String passwordChars)
+	{
+		if (passwordChars != null && passwordChars.length() > 1)
+		{
+			this.passwordChars = passwordChars.toCharArray();
+		}
+	}
+	
+	public void setLowerRange(String lowerChars)
+	{
+	    if (lowerChars != null)
+	    {
+	        lower.clear();
+            for (char c : lowerChars.toCharArray())
+            {
+                lower.add(new Character(c));
+            }
+	    }
+	}
+	
+    public void setUpperRange(String upperChars)
+    {
+        if (upperChars != null)
+        {
+            upper.clear();
+            for (char c : upperChars.toCharArray())
+            {
+                upper.add(new Character(c));
+            }
+        }
+    }
+    
+	/* (non-Javadoc)
+     * @see org.apache.jetspeed.administration.PasswordGenerator#generatePassword()
+     */
+	public String generatePassword()
+    {
+        String retval = null;
+        
+        RandomStrg rs = newRandomStrg();
+        initRandomStrg(rs);
+        while (retval == null)
+        {
+        	retval = rs.getRandom();
+        	if (validator != null)
+        	{
+        		try
+        		{
+            		validator.validate(retval);
+        		}
+            	catch (SecurityException sex)
+            	{
+            		retval = null;
+            	}
+        	}
+        }
+        return retval;        
+    }
+}

Propchange: portals/jetspeed-2/portal/trunk/components/jetspeed-portal/src/main/java/org/apache/jetspeed/administration/SimplePasswordGeneratorImpl.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: portals/jetspeed-2/portal/trunk/components/jetspeed-portal/src/main/java/org/apache/jetspeed/administration/SimplePasswordGeneratorImpl.java
------------------------------------------------------------------------------
    svn:keywords = Id

Propchange: portals/jetspeed-2/portal/trunk/components/jetspeed-portal/src/main/java/org/apache/jetspeed/administration/SimplePasswordGeneratorImpl.java
------------------------------------------------------------------------------
    svn:mime-type = text/plain

Added: portals/jetspeed-2/portal/trunk/jetspeed-api/src/main/java/org/apache/jetspeed/administration/PasswordGenerator.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/jetspeed-api/src/main/java/org/apache/jetspeed/administration/PasswordGenerator.java?rev=927095&view=auto
==============================================================================
--- portals/jetspeed-2/portal/trunk/jetspeed-api/src/main/java/org/apache/jetspeed/administration/PasswordGenerator.java
(added)
+++ portals/jetspeed-2/portal/trunk/jetspeed-api/src/main/java/org/apache/jetspeed/administration/PasswordGenerator.java
Wed Mar 24 15:57:09 2010
@@ -0,0 +1,6 @@
+package org.apache.jetspeed.administration;
+
+public interface PasswordGenerator
+{
+    public abstract String generatePassword();
+}
\ No newline at end of file

Propchange: portals/jetspeed-2/portal/trunk/jetspeed-api/src/main/java/org/apache/jetspeed/administration/PasswordGenerator.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: portals/jetspeed-2/portal/trunk/jetspeed-api/src/main/java/org/apache/jetspeed/administration/PasswordGenerator.java
------------------------------------------------------------------------------
    svn:keywords = Id

Propchange: portals/jetspeed-2/portal/trunk/jetspeed-api/src/main/java/org/apache/jetspeed/administration/PasswordGenerator.java
------------------------------------------------------------------------------
    svn:mime-type = text/plain

Modified: portals/jetspeed-2/portal/trunk/jetspeed-portal-resources/src/main/resources/assembly/administration.xml
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/jetspeed-portal-resources/src/main/resources/assembly/administration.xml?rev=927095&r1=927094&r2=927095&view=diff
==============================================================================
--- portals/jetspeed-2/portal/trunk/jetspeed-portal-resources/src/main/resources/assembly/administration.xml
(original)
+++ portals/jetspeed-2/portal/trunk/jetspeed-portal-resources/src/main/resources/assembly/administration.xml
Wed Mar 24 15:57:09 2010
@@ -56,6 +56,16 @@
       <value>false</value>
     </property>
   </bean>
+  
+  <bean id="org.apache.jetspeed.administration.PasswordGenerator" class="org.apache.jetspeed.administration.SimplePasswordGeneratorImpl">
+    <meta key="j2:cat" value="default" />
+    <property name="validator">
+      <!-- The default CredentialPasswordValidator configuration only checks against empty/null
passwords.
+           If a more complex validation is enforced, make sure the PasswordGenerator matches
the rules.
+           If a generated password fails validation, the SimplePasswordGeneratorImpl will
simply regenerate a new one to test. --> 
+      <ref bean="org.apache.jetspeed.security.spi.CredentialPasswordValidator"/>
+    </property>
+  </bean>
 
   <bean id='PortalAdministrationImpl' init-method="start"
     class='org.apache.jetspeed.administration.PortalAdministrationImpl'>
@@ -84,6 +94,9 @@
     <constructor-arg index='7'>
       <ref bean="adminVelocityEngine" />
     </constructor-arg>
+    <property name="passwordGenerator">
+      <ref bean="org.apache.jetspeed.administration.PasswordGenerator"/>
+    </property>
   </bean>
 
   <bean id="PortalAdministration" parent="baseTransactionProxy">



---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org


Mime
View raw message