portals-jetspeed-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From tay...@apache.org
Subject svn commit: r1610090 - in /portals/jetspeed-2/portal/trunk: components/jetspeed-portal/src/main/java/org/apache/jetspeed/administration/ components/jetspeed-portal/src/test/java/org/apache/jetspeed/administration/ jetspeed-portal-resources/src/main/res...
Date Sun, 13 Jul 2014 00:05:49 GMT
Author: taylor
Date: Sun Jul 13 00:05:48 2014
New Revision: 1610090

URL: http://svn.apache.org/r1610090
Log:
JS2-1296: fix for infinite loop of password generator. Contribution from David Dyer

Modified:
    portals/jetspeed-2/portal/trunk/components/jetspeed-portal/src/main/java/org/apache/jetspeed/administration/SimplePasswordGeneratorImpl.java
    portals/jetspeed-2/portal/trunk/components/jetspeed-portal/src/test/java/org/apache/jetspeed/administration/TestPortalAdministrationImpl.java
    portals/jetspeed-2/portal/trunk/jetspeed-portal-resources/src/main/resources/assembly/administration.xml
    portals/jetspeed-2/portal/trunk/jetspeed-portal-resources/src/main/resources/assembly/security-spi-atn.xml

Modified: portals/jetspeed-2/portal/trunk/components/jetspeed-portal/src/main/java/org/apache/jetspeed/administration/SimplePasswordGeneratorImpl.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/components/jetspeed-portal/src/main/java/org/apache/jetspeed/administration/SimplePasswordGeneratorImpl.java?rev=1610090&r1=1610089&r2=1610090&view=diff
==============================================================================
--- portals/jetspeed-2/portal/trunk/components/jetspeed-portal/src/main/java/org/apache/jetspeed/administration/SimplePasswordGeneratorImpl.java
(original)
+++ portals/jetspeed-2/portal/trunk/components/jetspeed-portal/src/main/java/org/apache/jetspeed/administration/SimplePasswordGeneratorImpl.java
Sun Jul 13 00:05:48 2014
@@ -16,40 +16,51 @@
  */
 package org.apache.jetspeed.administration;
 
-import java.util.ArrayList;
-
 import org.apache.jetspeed.security.CredentialPasswordValidator;
 import org.apache.jetspeed.security.SecurityException;
 import org.apache.taglibs.random.RandomStrg;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.util.ArrayList;
+import java.util.Arrays;
+
 
 /**
  * @version $Id$
  */
-public class SimplePasswordGeneratorImpl implements PasswordGenerator
-{
-    /** the list of characters from which a password can be generatored. */
-    protected static final char[]         DEFAULT_PASS_CHARS = { 'a', 'b', 'c', 'd', 'e',
'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p', 'q', 'r', 's',
-                    't', 'u', 'v', 'w', 'x', 'y', 'z', 'A', 'B', 'C', 'D', 'E', 'F', 'G',
'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U',
-                    'V', 'W', 'X', 'Y', 'Z', '1', '2', '3', '4', '5', '6', '7', '8', '9',
'0' };
+public class SimplePasswordGeneratorImpl implements PasswordGenerator {
+    Logger log = LoggerFactory.getLogger(SimplePasswordGeneratorImpl.class);
+
+    /**
+     * the list of characters from which a password can be generatored.
+     */
+    protected static final char[] DEFAULT_PASS_CHARS = {'a', 'b', 'c', 'd', 'e', 'f', 'g',
'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p', 'q', 'r', 's',
+            't', 'u', 'v', 'w', 'x', 'y', 'z', 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I',
'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U',
+            'V', 'W', 'X', 'Y', 'Z', '1', '2', '3', '4', '5', '6', '7', '8', '9', '0'};
     // removed these for aesthetic purposes
     // '!', '&', '-', '_', '=',
     // '*','@', '#', '$', '%', '^',
     // '+',
-    protected char[]                      passwordChars      = SimplePasswordGeneratorImpl.DEFAULT_PASS_CHARS;
-    protected ArrayList<Character>        upper              = new ArrayList<Character>();
-    protected ArrayList<Character>        lower              = new ArrayList<Character>();
-    protected Integer                     length             = new Integer(12);
+    protected char[] passwordChars = SimplePasswordGeneratorImpl.DEFAULT_PASS_CHARS;
+    protected ArrayList<Character> upper = new ArrayList<Character>();
+    protected ArrayList<Character> lower = new ArrayList<Character>();
+    protected Integer length = new Integer(12);
     protected CredentialPasswordValidator validator;
+    protected int maximumValidationAttempts = 1000;
+
+    public SimplePasswordGeneratorImpl() {
+    }
 
-    protected RandomStrg newRandomStrg()
-    {
+    public SimplePasswordGeneratorImpl(String defaultChars) {
+        this.passwordChars = defaultChars.toCharArray();
+    }
+
+    protected RandomStrg newRandomStrg() {
         RandomStrg rs = new RandomStrg();
-        try
-        {
+        try {
             rs.generateRandomObject();
-        }
-        catch (Exception e)
-        {
+        } catch (Exception e) {
             // this would only get thrown if we tried a secure random and the provider
             // was not available.
             e.printStackTrace();
@@ -57,58 +68,45 @@ public class SimplePasswordGeneratorImpl
         return rs;
     }
 
-    protected void initRandomStrg(RandomStrg rs)
-    {
+    protected void initRandomStrg(RandomStrg rs) {
         rs.setLength(new Integer(12));
         rs.setSingle(passwordChars, passwordChars.length);
         rs.setRanges(upper, lower);
     }
 
     /**
-     * @param length
-     *            the length to set
+     * @param length the length to set
      */
-    public void setLength(Integer length)
-    {
+    public void setLength(Integer length) {
         this.length = length;
     }
 
     /**
-     * @param validator
-     *            the validator to set
+     * @param validator the validator to set
      */
-    public void setValidator(CredentialPasswordValidator validator)
-    {
+    public void setValidator(CredentialPasswordValidator validator) {
         this.validator = validator;
     }
 
-    public void setPasswordChars(String passwordChars)
-    {
-        if (passwordChars != null && passwordChars.length() > 1)
-        {
+    public void setPasswordChars(String passwordChars) {
+        if (passwordChars != null && passwordChars.length() > 1) {
             this.passwordChars = passwordChars.toCharArray();
         }
     }
 
-    public void setLowerRange(String lowerChars)
-    {
-        if (lowerChars != null)
-        {
+    public void setLowerRange(String lowerChars) {
+        if (lowerChars != null) {
             lower.clear();
-            for (char c : lowerChars.toCharArray())
-            {
+            for (char c : lowerChars.toCharArray()) {
                 lower.add(new Character(c));
             }
         }
     }
 
-    public void setUpperRange(String upperChars)
-    {
-        if (upperChars != null)
-        {
+    public void setUpperRange(String upperChars) {
+        if (upperChars != null) {
             upper.clear();
-            for (char c : upperChars.toCharArray())
-            {
+            for (char c : upperChars.toCharArray()) {
                 upper.add(new Character(c));
             }
         }
@@ -118,26 +116,53 @@ public class SimplePasswordGeneratorImpl
      * (non-Javadoc)
      * @see org.apache.jetspeed.administration.PasswordGenerator#generatePassword()
      */
-    public String generatePassword()
-    {
+    public String generatePassword() {
         String retval = null;
         RandomStrg rs = newRandomStrg();
         initRandomStrg(rs);
-        while (retval == null)
-        {
+        int validationAttemptCount = 0;
+        while (retval == null) {
             retval = rs.getRandom();
-            if (validator != null)
-            {
-                try
-                {
+            if (validator != null) {
+                try {
+                    if (log.isDebugEnabled()) {
+                        log.debug("passing string " + retval + " to credential validator");
+                    }
                     validator.validate(retval);
-                }
-                catch (SecurityException sex)
-                {
+                } catch (SecurityException sex) {
+                    if (validationAttemptCount >= maximumValidationAttempts) {
+                        log.warn("Unable to validate generated password after " + maximumValidationAttempts
+
+                                " returning last generated password string unvalidated");
+                        break;
+                    }
                     retval = null;
                 }
             }
+
+            validationAttemptCount++;
+        }
+        if (log.isDebugEnabled()) {
+            log.debug("returning string " + retval + " after " + validationAttemptCount +
" validation attempts");
         }
         return retval;
     }
+
+    public char[] getPasswordChars() {
+        return passwordChars;
+    }
+
+    public void setPasswordChars(char[] passwordChars) {
+        if (log.isDebugEnabled()) {
+            log.debug("setting up password character array " + Arrays.toString(passwordChars));
+        }
+        this.passwordChars = passwordChars;
+    }
+
+    public int getMaximumValidationAttempts() {
+        return maximumValidationAttempts;
+    }
+
+    public void setMaximumValidationAttempts(int maximumValidationAttempts) {
+        this.maximumValidationAttempts = maximumValidationAttempts;
+    }
 }

Modified: portals/jetspeed-2/portal/trunk/components/jetspeed-portal/src/test/java/org/apache/jetspeed/administration/TestPortalAdministrationImpl.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/components/jetspeed-portal/src/test/java/org/apache/jetspeed/administration/TestPortalAdministrationImpl.java?rev=1610090&r1=1610089&r2=1610090&view=diff
==============================================================================
--- portals/jetspeed-2/portal/trunk/components/jetspeed-portal/src/test/java/org/apache/jetspeed/administration/TestPortalAdministrationImpl.java
(original)
+++ portals/jetspeed-2/portal/trunk/components/jetspeed-portal/src/test/java/org/apache/jetspeed/administration/TestPortalAdministrationImpl.java
Sun Jul 13 00:05:48 2014
@@ -19,12 +19,16 @@ package org.apache.jetspeed.administrati
 import junit.framework.Test;
 import junit.framework.TestCase;
 import junit.framework.TestSuite;
+
 import org.apache.jetspeed.aggregator.TestWorkerMonitor;
+import org.apache.jetspeed.security.CredentialPasswordValidator;
+import org.apache.jetspeed.security.spi.impl.DefaultCredentialPasswordValidator;
 import org.springframework.mail.javamail.JavaMailSenderImpl;
 
 import javax.mail.*;
 import javax.mail.internet.InternetAddress;
 import javax.mail.internet.MimeMessage;
+
 import java.io.ByteArrayOutputStream;
 import java.net.URL;
 import java.net.URLClassLoader;
@@ -77,17 +81,75 @@ public class TestPortalAdministrationImp
         return new TestSuite(TestPortalAdministrationImpl.class);
     }
 
-    public void testPasswordGen() throws Exception
+    public void testBasicPasswordGen() throws Exception
     {
+    	System.out.println("*** testing basic (unvalidated) password generation");
         PortalAdministrationImpl pai = new PortalAdministrationImpl(null,null,null,null,null,null,null,null);
         String newPassword = pai.generatePassword();
+        System.out.println("new password is "+newPassword);
         assertNotNull("new password was NULL!!!",newPassword);
         assertTrue("password is not long enough",(newPassword.length() > 4) );
         
     }
     
+    public void testPasswordGenWithValidationFailure() throws Exception
+    {
+    	System.out.println("*** testing password generation with validator but unmatched character
array and pattern");
+        PortalAdministrationImpl pai = new PortalAdministrationImpl(null,null,null,null,null,null,null,null);
+        SimplePasswordGeneratorImpl pg = new SimplePasswordGeneratorImpl();
+        CredentialPasswordValidator cpv = new DefaultCredentialPasswordValidator("^.*(?=.{6,})(?=.*\\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[@#$%^&+=]).*$");
+        pg.setValidator(cpv);
+        pg.setMaximumValidationAttempts(1500);
+        pai.setPasswordGenerator(pg);
+        String newPassword = pai.generatePassword();
+        System.out.println("new password is "+newPassword);
+        assertNotNull("new password was NULL!!!",newPassword);
+        assertTrue("password is not long enough",(newPassword.length() > 4) );
+
+    }
+
+    public void testFullPasswordGenWithValidation() throws Exception
+    {
+    	System.out.println("*** testing password generation with matched character array and
pattern");
+        PortalAdministrationImpl pai = new PortalAdministrationImpl(null,null,null,null,null,null,null,null);
+        SimplePasswordGeneratorImpl pg = new SimplePasswordGeneratorImpl();
+        CredentialPasswordValidator cpv = new DefaultCredentialPasswordValidator("^.*(?=.{6,})(?=.*\\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[@#$%^&+=]).*$");
+        pg.setValidator(cpv);
+        pg.setMaximumValidationAttempts(1500);
+        pai.setPasswordGenerator(pg);
+        //char array that matches the pattern above
+        char[]   validChars = { 'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l',
'm', 'n', 'o', 'p', 'q', 'r', 's',
+                't', 'u', 'v', 'w', 'x', 'y', 'z', 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H',
'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U',
+                'V', 'W', 'X', 'Y', 'Z', '1', '2', '3', '4', '5', '6', '7', '8', '9', '0','@','#','$','%','^','&','+','='
};
+        pg.setPasswordChars(validChars);
+        String newPassword = pai.generatePassword();
+        
+        System.out.println("new password is "+newPassword);
+        assertNotNull("new password was NULL!!!",newPassword);
+        assertTrue("password is not long enough",(newPassword.length() > 4) );
+
+    }
+
+    public void testFullPasswordGenWithValidation2() throws Exception
+    {
+        System.out.println("*** testing password generation with matched character array
and pattern");
+        PortalAdministrationImpl pai = new PortalAdministrationImpl(null,null,null,null,null,null,null,null);
+        SimplePasswordGeneratorImpl pg = new SimplePasswordGeneratorImpl("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890@#$%^+=");
+        CredentialPasswordValidator cpv = new DefaultCredentialPasswordValidator("^.*(?=.{6,})(?=.*\\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[@#$%^&+=]).*$");
+        pg.setValidator(cpv);
+        pg.setMaximumValidationAttempts(1500);
+        pai.setPasswordGenerator(pg);
+        String newPassword = pai.generatePassword();
+
+        System.out.println("new password is "+newPassword);
+        assertNotNull("new password was NULL!!!",newPassword);
+        assertTrue("password is not long enough",(newPassword.length() > 4) );
+
+    }
+
     public void testSendEmail() throws Exception 
     {
+    	System.out.println("*** testing sendEmail");
         JavaMailSenderImpl javaMailSender = null;
         
         if (smtpHost != null)
@@ -135,6 +197,7 @@ public class TestPortalAdministrationImp
     }
     
     public void testSendMailFromAnotherThread() throws Exception {
+    	System.out.println("*** testing sendEmailFromAnotherThread");
     	final List<Exception> exceptions = new ArrayList<Exception>();
     	
     	Thread t = new Thread(new Runnable() {

Modified: portals/jetspeed-2/portal/trunk/jetspeed-portal-resources/src/main/resources/assembly/administration.xml
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/jetspeed-portal-resources/src/main/resources/assembly/administration.xml?rev=1610090&r1=1610089&r2=1610090&view=diff
==============================================================================
--- portals/jetspeed-2/portal/trunk/jetspeed-portal-resources/src/main/resources/assembly/administration.xml
(original)
+++ portals/jetspeed-2/portal/trunk/jetspeed-portal-resources/src/main/resources/assembly/administration.xml
Sun Jul 13 00:05:48 2014
@@ -59,12 +59,20 @@
   
   <bean id="org.apache.jetspeed.administration.PasswordGenerator" class="org.apache.jetspeed.administration.SimplePasswordGeneratorImpl">
     <meta key="j2:cat" value="default" />
+      <!--  sample character array that matches the regex pattern in the DefaultCredentialValidator
defined in
+      security-spi-atn.xml -->
+      <constructor-arg index="0">
+          <value>abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890@#$%^+=</value>
+      </constructor-arg>
     <property name="validator">
       <!-- The default CredentialPasswordValidator configuration only checks against empty/null
passwords.
            If a more complex validation is enforced, make sure the PasswordGenerator matches
the rules.
            If a generated password fails validation, the SimplePasswordGeneratorImpl will
simply regenerate a new one to test. --> 
       <ref bean="org.apache.jetspeed.security.spi.CredentialPasswordValidator"/>
     </property>
+    <property name="maximumValidationAttempts">
+    	<value>1500</value>
+    </property>
   </bean>
 
   <bean id='PortalAdministrationImpl' init-method="start"

Modified: portals/jetspeed-2/portal/trunk/jetspeed-portal-resources/src/main/resources/assembly/security-spi-atn.xml
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/jetspeed-portal-resources/src/main/resources/assembly/security-spi-atn.xml?rev=1610090&r1=1610089&r2=1610090&view=diff
==============================================================================
--- portals/jetspeed-2/portal/trunk/jetspeed-portal-resources/src/main/resources/assembly/security-spi-atn.xml
(original)
+++ portals/jetspeed-2/portal/trunk/jetspeed-portal-resources/src/main/resources/assembly/security-spi-atn.xml
Sun Jul 13 00:05:48 2014
@@ -29,8 +29,8 @@
       * Must be at least 6 characters
       * Must contain at least one one lower case letter, one upper case letter, one digit
and one special character
       * Valid special characters are @#$%^&+=
-      <constructor-arg index="1"><value><![CDATA[^.*(?=.{6,})(?=.*\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[@#$%^&+=]).*$]]></value></constructor-arg>
      
-    -->
+      <constructor-arg index="0"><value><![CDATA[^.*(?=.{6,})(?=.*\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[@#$%^&+=]).*$]]></value></constructor-arg>
      
+     -->
   </bean>
 
   <!-- MessageDigest encode passwords using SHA-1 -->



---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org


Mime
View raw message