continuum-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From tryg...@apache.org
Subject svn commit: r366250 - in /maven/continuum/trunk: continuum-api/src/main/java/org/apache/maven/continuum/security/ continuum-core/ continuum-core/src/main/java/org/apache/maven/continuum/security/ continuum-core/src/test/resources/org/apache/maven/conti...
Date Thu, 05 Jan 2006 19:25:33 GMT
Author: trygvis
Date: Thu Jan  5 11:24:43 2006
New Revision: 366250

URL: http://svn.apache.org/viewcvs?rev=366250&view=rev
Log:
o Adding some security stuff.

Added:
    maven/continuum/trunk/continuum-core/src/main/java/org/apache/maven/continuum/security/ContinuumAuthenticator.java
  (with props)
Modified:
    maven/continuum/trunk/continuum-api/src/main/java/org/apache/maven/continuum/security/ContinuumSecurity.java
    maven/continuum/trunk/continuum-core/pom.xml
    maven/continuum/trunk/continuum-core/src/test/resources/org/apache/maven/continuum/DefaultContinuumTest.xml
    maven/continuum/trunk/continuum-web/pom.xml
    maven/continuum/trunk/continuum-web/src/main/java/org/apache/maven/continuum/web/action/Login.java
    maven/continuum/trunk/continuum-web/src/main/resources/META-INF/plexus/components.xml
    maven/continuum/trunk/continuum-web/src/main/resources/templates/navigations/DefaultTop.vm
    maven/continuum/trunk/continuum-web/src/main/resources/templates/screens/Error.vm
    maven/continuum/trunk/continuum-web/src/main/resources/templates/screens/Login.vm
    maven/continuum/trunk/continuum-web/src/main/resources/templates/screens/Summary.vm

Modified: maven/continuum/trunk/continuum-api/src/main/java/org/apache/maven/continuum/security/ContinuumSecurity.java
URL: http://svn.apache.org/viewcvs/maven/continuum/trunk/continuum-api/src/main/java/org/apache/maven/continuum/security/ContinuumSecurity.java?rev=366250&r1=366249&r2=366250&view=diff
==============================================================================
--- maven/continuum/trunk/continuum-api/src/main/java/org/apache/maven/continuum/security/ContinuumSecurity.java
(original)
+++ maven/continuum/trunk/continuum-api/src/main/java/org/apache/maven/continuum/security/ContinuumSecurity.java
Thu Jan  5 11:24:43 2006
@@ -17,7 +17,6 @@
  */
 
 import org.apache.maven.continuum.model.system.ContinuumUser;
-import org.apache.maven.continuum.model.system.Permission;
 import org.apache.maven.continuum.model.system.UserGroup;
 
 import java.util.List;

Modified: maven/continuum/trunk/continuum-core/pom.xml
URL: http://svn.apache.org/viewcvs/maven/continuum/trunk/continuum-core/pom.xml?rev=366250&r1=366249&r2=366250&view=diff
==============================================================================
--- maven/continuum/trunk/continuum-core/pom.xml (original)
+++ maven/continuum/trunk/continuum-core/pom.xml Thu Jan  5 11:24:43 2006
@@ -42,6 +42,10 @@
       <artifactId>plexus-mail-sender-api</artifactId>
     </dependency>
     <dependency>
+      <groupId>org.codehaus.plexus</groupId>
+      <artifactId>plexus-security</artifactId>
+    </dependency>
+    <dependency>
       <groupId>org.apache.maven.continuum</groupId>
       <artifactId>continuum-test</artifactId>
       <scope>test</scope>
@@ -166,4 +170,4 @@
       <artifactId>maven-scm-provider-svn</artifactId>
     </dependency>
   </dependencies>
-</project>
\ No newline at end of file
+</project>

Added: maven/continuum/trunk/continuum-core/src/main/java/org/apache/maven/continuum/security/ContinuumAuthenticator.java
URL: http://svn.apache.org/viewcvs/maven/continuum/trunk/continuum-core/src/main/java/org/apache/maven/continuum/security/ContinuumAuthenticator.java?rev=366250&view=auto
==============================================================================
--- maven/continuum/trunk/continuum-core/src/main/java/org/apache/maven/continuum/security/ContinuumAuthenticator.java
(added)
+++ maven/continuum/trunk/continuum-core/src/main/java/org/apache/maven/continuum/security/ContinuumAuthenticator.java
Thu Jan  5 11:24:43 2006
@@ -0,0 +1,94 @@
+package org.apache.maven.continuum.security;
+
+/*
+ * Copyright 2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+import org.codehaus.plexus.security.Authenticator;
+import org.codehaus.plexus.security.exception.UnknownEntityException;
+import org.codehaus.plexus.security.exception.AuthenticationException;
+import org.codehaus.plexus.security.exception.UnauthorizedException;
+import org.apache.maven.continuum.store.ContinuumStore;
+import org.apache.maven.continuum.store.ContinuumStoreException;
+import org.apache.maven.continuum.model.system.ContinuumUser;
+
+import java.util.Map;
+
+/**
+ * TODO: Move this to o.a.m.c.security once plexus-security doesn't depend on plexus-summit.
+ *
+ * @author <a href="mailto:trygvis@inamo.no">Trygve Laugst&oslash;l</a>
+ * @version $Id$
+ */
+public class ContinuumAuthenticator
+    implements Authenticator
+{
+    /**
+     * @plexus.requirement
+     */
+    private ContinuumStore store;
+
+    // ----------------------------------------------------------------------
+    // Authenticator Implementation
+    // ----------------------------------------------------------------------
+
+    public Object authenticate( Map tokens )
+        throws UnknownEntityException, AuthenticationException, UnauthorizedException
+    {
+        String username = (String) tokens.get( "username" );
+        String password = (String) tokens.get( "password" );
+
+        ContinuumUser user = getUser( username );
+
+        if ( user == null )
+        {
+            throw new UnknownEntityException();
+        }
+
+        System.err.println( "username: " + username );
+        System.err.println( "password: " + password );
+        System.err.println( "user.password: " + user.getPassword() );
+
+        if ( !user.getPassword().equals( password ) )
+        {
+            throw new AuthenticationException( "Invalid password." );
+        }
+
+        return null;
+    }
+
+    public Object getAnonymousEntity()
+    {
+        throw new RuntimeException( "Not implemented" );
+    }
+
+    // ----------------------------------------------------------------------
+    // Private
+    // ----------------------------------------------------------------------
+
+    private ContinuumUser getUser( String username )
+        throws AuthenticationException
+    {
+        try
+        {
+            return store.getUserByUsername( username );
+        }
+        catch ( ContinuumStoreException e )
+        {
+            throw new AuthenticationException( "Error while retreiving user.", e );
+        }
+    }
+}

Propchange: maven/continuum/trunk/continuum-core/src/main/java/org/apache/maven/continuum/security/ContinuumAuthenticator.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: maven/continuum/trunk/continuum-core/src/main/java/org/apache/maven/continuum/security/ContinuumAuthenticator.java
------------------------------------------------------------------------------
    svn:keywords = Id

Modified: maven/continuum/trunk/continuum-core/src/test/resources/org/apache/maven/continuum/DefaultContinuumTest.xml
URL: http://svn.apache.org/viewcvs/maven/continuum/trunk/continuum-core/src/test/resources/org/apache/maven/continuum/DefaultContinuumTest.xml?rev=366250&r1=366249&r2=366250&view=diff
==============================================================================
--- maven/continuum/trunk/continuum-core/src/test/resources/org/apache/maven/continuum/DefaultContinuumTest.xml
(original)
+++ maven/continuum/trunk/continuum-core/src/test/resources/org/apache/maven/continuum/DefaultContinuumTest.xml
Thu Jan  5 11:24:43 2006
@@ -11,13 +11,13 @@
      |
      | These point to the flows that we use as part of the runtime.
      |
-     | TODO: these should probably be packaged in the core package but the plexus-workflow
package would
+     | TODO: these should probably be packaged in the core package but the plexus-osworkflow
package would
      | need to be modified in order to find them all packaged in the JAR.
      |
      -->
     <component>
-      <role>org.codehaus.plexus.workflow.WorkflowEngine</role>
-      <implementation>org.codehaus.plexus.workflow.DefaultWorkflowEngine</implementation>
+      <role>org.codehaus.plexus.osworkflow.WorkflowEngine</role>
+      <implementation>org.codehaus.plexus.osworkflow.DefaultWorkflowEngine</implementation>
       <configuration>
         <workflowDirectory>${basedir}/../continuum-plexus-application/src/conf/workflows</workflowDirectory>
       </configuration>

Modified: maven/continuum/trunk/continuum-web/pom.xml
URL: http://svn.apache.org/viewcvs/maven/continuum/trunk/continuum-web/pom.xml?rev=366250&r1=366249&r2=366250&view=diff
==============================================================================
--- maven/continuum/trunk/continuum-web/pom.xml (original)
+++ maven/continuum/trunk/continuum-web/pom.xml Thu Jan  5 11:24:43 2006
@@ -31,11 +31,6 @@
       <artifactId>continuum-model</artifactId>
     </dependency>
     <dependency>
-      <groupId>org.codehaus.plexus</groupId>
-      <artifactId>plexus-security</artifactId>
-      <version>1.0-alpha-2</version>
-    </dependency>
-    <dependency>
       <groupId>org.apache.maven.continuum</groupId>
       <artifactId>continuum-core</artifactId>
     </dependency>
@@ -86,4 +81,4 @@
       <version>1.0-beta-1</version>
     </dependency>
   </dependencies>
-</project>
\ No newline at end of file
+</project>

Modified: maven/continuum/trunk/continuum-web/src/main/java/org/apache/maven/continuum/web/action/Login.java
URL: http://svn.apache.org/viewcvs/maven/continuum/trunk/continuum-web/src/main/java/org/apache/maven/continuum/web/action/Login.java?rev=366250&r1=366249&r2=366250&view=diff
==============================================================================
--- maven/continuum/trunk/continuum-web/src/main/java/org/apache/maven/continuum/web/action/Login.java
(original)
+++ maven/continuum/trunk/continuum-web/src/main/java/org/apache/maven/continuum/web/action/Login.java
Thu Jan  5 11:24:43 2006
@@ -20,9 +20,15 @@
 import org.apache.maven.continuum.store.ContinuumStore;
 import org.apache.maven.continuum.web.model.SessionUser;
 import org.codehaus.plexus.security.summit.SecureRunData;
+import org.codehaus.plexus.security.Authenticator;
+import org.codehaus.plexus.security.exception.UnknownEntityException;
+import org.codehaus.plexus.security.exception.UnauthorizedException;
+import org.codehaus.plexus.security.exception.AuthenticationException;
 import org.codehaus.plexus.action.AbstractAction;
+import org.codehaus.plexus.util.StringUtils;
 
 import java.util.Map;
+import java.util.HashMap;
 
 /**
  * @author <a href="mailto:trygvis@inamo.no">Trygve Laugst&oslash;l</a>
@@ -37,34 +43,76 @@
      */
     private ContinuumStore store;
 
+    /**
+     * @plexus.requirement
+     */
+    private Authenticator authenticator;
+
     public void execute( Map map )
         throws Exception
     {
-        String login = (String) map.get( "login.username" );
+        SecureRunData data = (SecureRunData) map.get( "data" );
 
-        getLogger().info( "Trying to log in " + login );
+        String username = (String) map.get( "login.username" );
 
-        String password = (String) map.get( "login.password" );
+        getLogger().info( "Trying to log in '" + username + "'." );
 
-        ContinuumUser user = store.getUserByUsername( login );
+        String password = (String) map.get( "login.password" );
 
-        if ( user != null && user.equalsPassword( password ) )
+        if ( StringUtils.isEmpty( username ) || StringUtils.isEmpty( password ) )
         {
-            SecureRunData secData = (SecureRunData) map.get( "data" );
+            data.getViewContext().put( "loginMessage", "Both username and password has to
be supplied.");
+            data.setTarget( "Login.vm" );
+            return;
+        }
+
+        // ----------------------------------------------------------------------
+        // Authenticate the user
+        // ----------------------------------------------------------------------
 
-            SessionUser usr = new SessionUser( user.getAccountId(), user.getUsername() );
+        Map tokens = new HashMap();
 
-            usr.setFullName( user.getFullName() );
+        tokens.put( "username", username );
+        tokens.put( "password", password );
 
-            usr.setLoggedIn( true );
+        try
+        {
+            authenticator.authenticate( tokens );
+        }
+        catch ( UnknownEntityException e )
+        {
+            // TODO: Internationalize
+            data.getViewContext().put( "loginMessage", "Unknown user '" + username + "'.");
+            data.setTarget( "Login.vm" );
 
-            secData.setUser( usr );
+            return;
+        }
+        catch ( AuthenticationException e )
+        {
+            // TODO: Internationalize
+            data.getViewContext().put( "loginMessage", "Could not authenticate: " + e.getMessage()
);
+            data.setTarget( "Login.vm" );
 
-            secData.setTarget( "Summary.vm" );
+            return;
         }
-        else
+        catch ( UnauthorizedException e )
         {
-            throw new Exception( "Your login/password is incorrect" );
+            data.getViewContext().put( "loginMessage", "User '" + username + "' is not authorized
.");
+            data.setTarget( "Login.vm" );
+
+            return;
         }
+
+        ContinuumUser user = store.getUserByUsername( username );
+
+        SessionUser usr = new SessionUser( user.getAccountId(), user.getUsername() );
+
+        usr.setFullName( user.getFullName() );
+
+        usr.setLoggedIn( true );
+
+        data.setUser( usr );
+
+        data.setTarget( "Summary.vm" );
     }
 }

Modified: maven/continuum/trunk/continuum-web/src/main/resources/META-INF/plexus/components.xml
URL: http://svn.apache.org/viewcvs/maven/continuum/trunk/continuum-web/src/main/resources/META-INF/plexus/components.xml?rev=366250&r1=366249&r2=366250&view=diff
==============================================================================
--- maven/continuum/trunk/continuum-web/src/main/resources/META-INF/plexus/components.xml
(original)
+++ maven/continuum/trunk/continuum-web/src/main/resources/META-INF/plexus/components.xml
Thu Jan  5 11:24:43 2006
@@ -53,11 +53,21 @@
       </configuration>
     </component>
 
+    <component>
+      <role>org.codehaus.plexus.security.Authenticator</role>
+      <role-hint>built-in-store</role-hint>
+      <implementation>org.apache.maven.continuum.security.ContinuumAuthenticator</implementation>
+      <requirements>
+        <requirement>
+          <role>org.apache.maven.continuum.store.ContinuumStore</role>
+        </requirement>
+      </requirements>
+    </component>
     <!--
-     |
-     | Customized PullTools Service
-     |
-     -->
+    |
+    | Customized PullTools Service
+    |
+    -->
 
     <component>
       <role>org.codehaus.plexus.summit.pull.PullService</role>
@@ -477,6 +487,10 @@
       <requirements>
         <requirement>
           <role>org.apache.maven.continuum.store.ContinuumStore</role>
+        </requirement>
+        <requirement>
+          <role>org.codehaus.plexus.security.Authenticator</role>
+          <role-hint>built-in-store</role-hint>
         </requirement>
       </requirements>
     </component>

Modified: maven/continuum/trunk/continuum-web/src/main/resources/templates/navigations/DefaultTop.vm
URL: http://svn.apache.org/viewcvs/maven/continuum/trunk/continuum-web/src/main/resources/templates/navigations/DefaultTop.vm?rev=366250&r1=366249&r2=366250&view=diff
==============================================================================
--- maven/continuum/trunk/continuum-web/src/main/resources/templates/navigations/DefaultTop.vm
(original)
+++ maven/continuum/trunk/continuum-web/src/main/resources/templates/navigations/DefaultTop.vm
Thu Jan  5 11:24:43 2006
@@ -36,7 +36,7 @@
 
   <div>
     #if ( $data.getUser() )
-      Welcome, <b>$data.user.fullName</b> - <a href="$link?action=logout">Disconnect</a>
+      Welcome, <b>$data.user.fullName</b> - <a href="$link?action=logout">Log
out</a>
     #else
       Welcome, <b>Guest</b> - <a href="$link.setPage('Login.vm')">Login</a>
     #end

Modified: maven/continuum/trunk/continuum-web/src/main/resources/templates/screens/Error.vm
URL: http://svn.apache.org/viewcvs/maven/continuum/trunk/continuum-web/src/main/resources/templates/screens/Error.vm?rev=366250&r1=366249&r2=366250&view=diff
==============================================================================
--- maven/continuum/trunk/continuum-web/src/main/resources/templates/screens/Error.vm (original)
+++ maven/continuum/trunk/continuum-web/src/main/resources/templates/screens/Error.vm Thu
Jan  5 11:24:43 2006
@@ -9,4 +9,3 @@
   </div>
   <pre>$stackTrace</pre>
 </div>
-

Modified: maven/continuum/trunk/continuum-web/src/main/resources/templates/screens/Login.vm
URL: http://svn.apache.org/viewcvs/maven/continuum/trunk/continuum-web/src/main/resources/templates/screens/Login.vm?rev=366250&r1=366249&r2=366250&view=diff
==============================================================================
--- maven/continuum/trunk/continuum-web/src/main/resources/templates/screens/Login.vm (original)
+++ maven/continuum/trunk/continuum-web/src/main/resources/templates/screens/Login.vm Thu
Jan  5 11:24:43 2006
@@ -8,6 +8,11 @@
       <h3>Authentication</h3>
       <div class="axial">
         <table border="1" cellspacing="2" cellpadding="3">
+#if ( $loginMessage )
+          <tr>
+            <td colspan="2"><font color="red">$loginMessage</font></td>
+          </tr>
+#end
           <tr>
             <td>Username :</td>
             <td><input type="text" name="login.username" size="100"></td>

Modified: maven/continuum/trunk/continuum-web/src/main/resources/templates/screens/Summary.vm
URL: http://svn.apache.org/viewcvs/maven/continuum/trunk/continuum-web/src/main/resources/templates/screens/Summary.vm?rev=366250&r1=366249&r2=366250&view=diff
==============================================================================
--- maven/continuum/trunk/continuum-web/src/main/resources/templates/screens/Summary.vm (original)
+++ maven/continuum/trunk/continuum-web/src/main/resources/templates/screens/Summary.vm Thu
Jan  5 11:24:43 2006
@@ -139,4 +139,4 @@
     <td align="right">
     </td>
   </tr>
-</table>
\ No newline at end of file
+</table>



Mime
View raw message