brooklyn-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From sjcorb...@apache.org
Subject [1/3] git commit: Adds AbstractSecurityProvider
Date Tue, 09 Sep 2014 17:08:24 GMT
Repository: incubator-brooklyn
Updated Branches:
  refs/heads/master e8d8a723b -> ed69cf621


Adds AbstractSecurityProvider

Simplifies ExplicitUsersSecurityProvider and LdapSecurityProvider


Project: http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/commit/ded72870
Tree: http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/tree/ded72870
Diff: http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/diff/ded72870

Branch: refs/heads/master
Commit: ded72870f156f0459ef9be1768c224ad92fcb3d2
Parents: dd7339e
Author: Sam Corbett <sam.corbett@cloudsoftcorp.com>
Authored: Mon Sep 8 16:58:04 2014 +0100
Committer: Sam Corbett <sam.corbett@cloudsoftcorp.com>
Committed: Mon Sep 8 16:58:04 2014 +0100

----------------------------------------------------------------------
 .../provider/AbstractSecurityProvider.java      | 62 ++++++++++++++++++++
 .../provider/ExplicitUsersSecurityProvider.java | 36 ++----------
 .../security/provider/LdapSecurityProvider.java | 27 ++-------
 3 files changed, 72 insertions(+), 53 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/blob/ded72870/usage/rest-server/src/main/java/brooklyn/rest/security/provider/AbstractSecurityProvider.java
----------------------------------------------------------------------
diff --git a/usage/rest-server/src/main/java/brooklyn/rest/security/provider/AbstractSecurityProvider.java
b/usage/rest-server/src/main/java/brooklyn/rest/security/provider/AbstractSecurityProvider.java
new file mode 100644
index 0000000..c81977d
--- /dev/null
+++ b/usage/rest-server/src/main/java/brooklyn/rest/security/provider/AbstractSecurityProvider.java
@@ -0,0 +1,62 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package brooklyn.rest.security.provider;
+
+import javax.servlet.http.HttpSession;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ * Provides default implementations of {@link #isAuthenticated(HttpSession)} and
+ * {@link #logout(HttpSession)}.
+ */
+public abstract class AbstractSecurityProvider implements SecurityProvider {
+
+    public static final Logger LOG = LoggerFactory.getLogger(AbstractSecurityProvider.class);
+
+    @Override
+    public boolean isAuthenticated(HttpSession session) {
+        if (session == null) return false;
+        Object value = session.getAttribute(getAuthenticationKey());
+        return value != null && Boolean.TRUE.equals(value);
+    }
+
+    @Override
+    public boolean logout(HttpSession session) {
+        if (session == null) return false;
+        session.removeAttribute(getAuthenticationKey());
+        return true;
+    }
+
+    /**
+     * Sets an authentication token for the user on the session. Always returns true.
+     */
+    protected boolean allow(HttpSession session, String user) {
+        LOG.debug("Web console {} authenticated user {}", getClass().getSimpleName(), user);
+        session.setAttribute(getAuthenticationKey(), user);
+        return true;
+    }
+
+    protected String getAuthenticationKey() {
+        LOG.info("Using authentication key {}", getClass().getCanonicalName() + ".AUTHENTICATED");
+        return getClass().getCanonicalName() + ".AUTHENTICATED";
+    }
+
+}

http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/blob/ded72870/usage/rest-server/src/main/java/brooklyn/rest/security/provider/ExplicitUsersSecurityProvider.java
----------------------------------------------------------------------
diff --git a/usage/rest-server/src/main/java/brooklyn/rest/security/provider/ExplicitUsersSecurityProvider.java
b/usage/rest-server/src/main/java/brooklyn/rest/security/provider/ExplicitUsersSecurityProvider.java
index 3fa7845..3741b29 100644
--- a/usage/rest-server/src/main/java/brooklyn/rest/security/provider/ExplicitUsersSecurityProvider.java
+++ b/usage/rest-server/src/main/java/brooklyn/rest/security/provider/ExplicitUsersSecurityProvider.java
@@ -35,29 +35,18 @@ import brooklyn.rest.security.PasswordHasher;
 
 /** security provider which validates users against passwords according to property keys,
  * as set in {@link BrooklynWebConfig#USERS} and {@link BrooklynWebConfig#PASSWORD_FOR_USER(String)}*/
-public class ExplicitUsersSecurityProvider implements SecurityProvider {
+public class ExplicitUsersSecurityProvider extends AbstractSecurityProvider implements SecurityProvider
{
 
     public static final Logger LOG = LoggerFactory.getLogger(ExplicitUsersSecurityProvider.class);
     
-    public static final String AUTHENTICATION_KEY = ExplicitUsersSecurityProvider.class.getCanonicalName()+"."+"AUTHENTICATED";
-
     protected final ManagementContext mgmt;
-    
+    private boolean allowAnyUserWithValidPass;
+    private Set<String> allowedUsers = null;
+
     public ExplicitUsersSecurityProvider(ManagementContext mgmt) {
         this.mgmt = mgmt;
     }
-    
-    @Override
-    public boolean isAuthenticated(HttpSession session) {
-        if (session==null) return false;
-        Object value = session.getAttribute(AUTHENTICATION_KEY);
-        return (value!=null);
-    }
 
-    private boolean allowAnyUserWithValidPass = false;
-    
-    private Set<String> allowedUsers = null;
-    
     private synchronized void initialize() {
         if (allowedUsers!=null) return;
 
@@ -98,7 +87,7 @@ public class ExplicitUsersSecurityProvider implements SecurityProvider {
         String expectedSha256 = properties.getConfig(BrooklynWebConfig.SHA256_FOR_USER(user));
         
         if (expectedP != null) {
-            if (expectedP.equals(password)){
+            if (expectedP.equals(password)) {
                 // password is good
                 return allow(session, user);
             } else {
@@ -116,21 +105,8 @@ public class ExplicitUsersSecurityProvider implements SecurityProvider
{
                 return false;
             }                
         }
-        LOG.warn("Web console rejecting passwordless user "+user);
+        LOG.warn("Web console rejecting passwordless user " + user);
         return false;
     }
 
-    private boolean allow(HttpSession session, String user) {
-        LOG.debug("Web console "+getClass().getSimpleName()+" authenticated user "+user);
-        session.setAttribute(AUTHENTICATION_KEY, user);
-        return true;
-    }
-
-    @Override
-    public boolean logout(HttpSession session) { 
-        if (session==null) return false;
-        session.removeAttribute(AUTHENTICATION_KEY);
-        return true;
-    }
-
 }

http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/blob/ded72870/usage/rest-server/src/main/java/brooklyn/rest/security/provider/LdapSecurityProvider.java
----------------------------------------------------------------------
diff --git a/usage/rest-server/src/main/java/brooklyn/rest/security/provider/LdapSecurityProvider.java
b/usage/rest-server/src/main/java/brooklyn/rest/security/provider/LdapSecurityProvider.java
index 88b4208..e93826f 100644
--- a/usage/rest-server/src/main/java/brooklyn/rest/security/provider/LdapSecurityProvider.java
+++ b/usage/rest-server/src/main/java/brooklyn/rest/security/provider/LdapSecurityProvider.java
@@ -41,12 +41,11 @@ import brooklyn.util.text.Strings;
  *
  * @author Peter Veentjer.
  */
-public class LdapSecurityProvider implements SecurityProvider {
+public class LdapSecurityProvider extends AbstractSecurityProvider implements SecurityProvider
{
 
     public static final Logger LOG = LoggerFactory.getLogger(LdapSecurityProvider.class);
 
     public static final String LDAP_CONTEXT_FACTORY = "com.sun.jndi.ldap.LdapCtxFactory";
-    public static final String AUTHENTICATED_SESSION_TOKEN_NAME = LdapSecurityProvider.class.getCanonicalName()+":"+"AUTHENTICATED";
 
     private final String ldapUrl;
     private final String ldapRealm;
@@ -55,8 +54,7 @@ public class LdapSecurityProvider implements SecurityProvider {
         StringConfigMap properties = mgmt.getConfig();
         ldapUrl = properties.getConfig(BrooklynWebConfig.LDAP_URL);
         Strings.checkNonEmpty(ldapUrl, "LDAP security provider configuration missing required
property "+BrooklynWebConfig.LDAP_URL);
-        ldapRealm = CharMatcher.isNot('"').retainFrom(properties.getConfig
-                (BrooklynWebConfig.LDAP_REALM));
+        ldapRealm = CharMatcher.isNot('"').retainFrom(properties.getConfig(BrooklynWebConfig.LDAP_REALM));
         Strings.checkNonEmpty(ldapRealm, "LDAP security provider configuration missing required
property "+BrooklynWebConfig.LDAP_REALM);
     }
 
@@ -78,37 +76,20 @@ public class LdapSecurityProvider implements SecurityProvider {
         env.put(Context.SECURITY_PRINCIPAL, getUserDN(user));
         env.put(Context.SECURITY_CREDENTIALS, password);
 
-        boolean authenticated = false;
         try {
             new InitialDirContext(env);
-            authenticated = true;
+            return allow(session, user);
         } catch (NamingException e) {
             LOG.warn("Failed to authenticate user: " + user);
         }
 
-        if (session != null)
-            session.setAttribute(AUTHENTICATED_SESSION_TOKEN_NAME, authenticated);
-        return authenticated;
+        return false;
     }
 
     private String getUserDN(String user) {
         return "cn=" + user + "," + ldapRealm;
     }
 
-    @Override
-    public boolean isAuthenticated(HttpSession session) {
-        if (session == null) return false;
-        Boolean authenticatedToken = (Boolean) session.getAttribute(AUTHENTICATED_SESSION_TOKEN_NAME);
-        return authenticatedToken == null ? false : authenticatedToken;
-    }
-
-    @Override
-    public boolean logout(HttpSession session) {
-        if (session != null)
-            session.setAttribute(AUTHENTICATED_SESSION_TOKEN_NAME, null);
-        return true;
-    }
-    
     static boolean triedLoading = false;
     public synchronized static void checkCanLoad() {
         if (triedLoading) return;


Mime
View raw message