directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From trus...@apache.org
Subject svn commit: r193113 - in /directory/apacheds/branches/db_refactor/core/src/main/java/org/apache/ldap/server: authn/ authz/
Date Thu, 23 Jun 2005 08:47:53 GMT
Author: trustin
Date: Thu Jun 23 01:47:51 2005
New Revision: 193113

URL: http://svn.apache.org/viewcvs?rev=193113&view=rev
Log:
* Removed unused classes.
* Revised JavaDoc
* Renamed LdapPrincipal.getDn() to getJndiName()

Removed:
    directory/apacheds/branches/db_refactor/core/src/main/java/org/apache/ldap/server/authn/AuthenticatorContext.java
    directory/apacheds/branches/db_refactor/core/src/main/java/org/apache/ldap/server/authn/GenericAuthenticatorContext.java
Modified:
    directory/apacheds/branches/db_refactor/core/src/main/java/org/apache/ldap/server/authn/AbstractAuthenticator.java
    directory/apacheds/branches/db_refactor/core/src/main/java/org/apache/ldap/server/authn/AnonymousAuthenticator.java
    directory/apacheds/branches/db_refactor/core/src/main/java/org/apache/ldap/server/authn/AuthenticationService.java
    directory/apacheds/branches/db_refactor/core/src/main/java/org/apache/ldap/server/authn/Authenticator.java
    directory/apacheds/branches/db_refactor/core/src/main/java/org/apache/ldap/server/authn/LdapPrincipal.java
    directory/apacheds/branches/db_refactor/core/src/main/java/org/apache/ldap/server/authn/SimpleAuthenticator.java
    directory/apacheds/branches/db_refactor/core/src/main/java/org/apache/ldap/server/authz/AuthorizationService.java

Modified: directory/apacheds/branches/db_refactor/core/src/main/java/org/apache/ldap/server/authn/AbstractAuthenticator.java
URL: http://svn.apache.org/viewcvs/directory/apacheds/branches/db_refactor/core/src/main/java/org/apache/ldap/server/authn/AbstractAuthenticator.java?rev=193113&r1=193112&r2=193113&view=diff
==============================================================================
--- directory/apacheds/branches/db_refactor/core/src/main/java/org/apache/ldap/server/authn/AbstractAuthenticator.java
(original)
+++ directory/apacheds/branches/db_refactor/core/src/main/java/org/apache/ldap/server/authn/AbstractAuthenticator.java
Thu Jun 23 01:47:51 2005
@@ -18,6 +18,7 @@
 
 
 import javax.naming.NamingException;
+import javax.naming.spi.InitialContextFactory;
 
 import org.apache.ldap.common.name.LdapName;
 import org.apache.ldap.server.configuration.AuthenticatorConfiguration;
@@ -29,6 +30,7 @@
  * Base class for all Authenticators.
  *
  * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ * @version $Rev$, $Date$
  */
 public abstract class AbstractAuthenticator implements Authenticator
 {
@@ -40,9 +42,9 @@
 
 
     /**
-     * Create a new AuthenticationService.
+     * Creates a new instance.
      *
-     * @param type authenticator's type
+     * @param type the type of this authenticator (e.g. <tt>'simple'</tt>, <tt>'none'</tt>...)
      */
     protected AbstractAuthenticator( String type )
     {
@@ -50,20 +52,23 @@
     }
 
 
+    /**
+     * Returns {@link ContextFactoryConfiguration} of {@link InitialContextFactory}
+     * which initialized this authenticator.
+     */
     public ContextFactoryConfiguration getFactoryConfiguration()
     {
         return factoryCfg;
     }
     
+    /**
+     * Returns the configuration of this authenticator.
+     */
     public AuthenticatorConfiguration getConfiguration()
     {
         return cfg;
     }
 
-
-    /**
-     * Returns this authenticator's type.
-     */
     public String getAuthenticatorType()
     {
         return authenticatorType;
@@ -71,8 +76,9 @@
 
 
     /**
-     * Called by the server to indicate to an authenticator that the authenticator
-     * is being placed into service.
+     * Initializes default properties (<tt>factoryConfiguration</tt> and
+     * <tt>configuration</tt>, and calls {@link #doInit()} method.
+     * Please put your initialization code into {@link #doInit()}.
      */
     public final void init( ContextFactoryConfiguration factoryCfg, AuthenticatorConfiguration
cfg ) throws NamingException
     {
@@ -83,32 +89,51 @@
 
 
     /**
-     * A convenience method which can be overridden so that there's no need to
-     * call super.init( authenticatorConfig ).
+     * Implement your initialization code here.
      */
-    protected abstract void doInit();
-
-    public void destroy()
+    protected void doInit() throws NamingException
     {
     }
 
     /**
-     * Perform the authentication operation and return the authorization id if successfull.
+     * Calls {@link #doDestroy()} method, and clears default properties
+     * (<tt>factoryConfiguration</tt> and <tt>configuration</tt>).
+     * Please put your deinitialization code into {@link #doDestroy()}. 
      */
+    public final void destroy()
+    {
+        try
+        {
+            doDestroy();
+        }
+        finally
+        {
+            this.factoryCfg = null;
+            this.cfg = null;
+        }
+    }
+    
+    /**
+     * Implement your deinitialization code here.
+     */
+    protected void doDestroy()
+    {
+    }
+
     public abstract LdapPrincipal authenticate( ServerContext ctx ) throws NamingException;
 
 
     /**
-     * Allows a means to create an LDAP principal without exposing LdapPrincipal creation
-     * to the rest of the world.
+     * Returns a new {@link LdapPrincipal} instance whose value is the specified
+     * <tt>name</tt>.
      *
-     * @param dn the distinguished name of the X.500 principal
-     * @return the principal for the dn
-     * @throws NamingException if there is a problem parsing the dn
+     * @param name the distinguished name of the X.500 principal
+     * @return the principal for the <tt>name</tt>
+     * @throws NamingException if there is a problem parsing <tt>name</tt>
      */
-    protected LdapPrincipal createLdapPrincipal( String dn ) throws NamingException
+    protected static LdapPrincipal createLdapPrincipal( String name ) throws NamingException
     {
-        LdapName principalDn = new LdapName( dn );
+        LdapName principalDn = new LdapName( name );
         return new LdapPrincipal( principalDn );
     }
 }

Modified: directory/apacheds/branches/db_refactor/core/src/main/java/org/apache/ldap/server/authn/AnonymousAuthenticator.java
URL: http://svn.apache.org/viewcvs/directory/apacheds/branches/db_refactor/core/src/main/java/org/apache/ldap/server/authn/AnonymousAuthenticator.java?rev=193113&r1=193112&r2=193113&view=diff
==============================================================================
--- directory/apacheds/branches/db_refactor/core/src/main/java/org/apache/ldap/server/authn/AnonymousAuthenticator.java
(original)
+++ directory/apacheds/branches/db_refactor/core/src/main/java/org/apache/ldap/server/authn/AnonymousAuthenticator.java
Thu Jun 23 01:47:51 2005
@@ -22,24 +22,24 @@
 import org.apache.ldap.server.jndi.ServerContext;
 
 /**
- * A default implentation of an AuthenticationService for handling anonymous connections.
+ * An {@link Authenticator} that handles anonymous connections
+ * (type <tt>'none'</tt>).
  *
  * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
  */
 public class AnonymousAuthenticator extends AbstractAuthenticator
 {
+    /**
+     * Creates a new instance.
+     */
     public AnonymousAuthenticator()
     {
         super( "none" );
     }
 
-    protected void doInit()
-    {
-    }
-
     /**
-     * This will be called when the authentication is set to "none" on the client.
-     * If server is not configured to allow anonymous connections, it throws an exception.
+     * If the context is not configured to allow anonymous connections,
+     * this method throws a {@link javax.naming.NoPermissionException}.
      */
     public LdapPrincipal authenticate( ServerContext ctx ) throws NamingException
     {

Modified: directory/apacheds/branches/db_refactor/core/src/main/java/org/apache/ldap/server/authn/AuthenticationService.java
URL: http://svn.apache.org/viewcvs/directory/apacheds/branches/db_refactor/core/src/main/java/org/apache/ldap/server/authn/AuthenticationService.java?rev=193113&r1=193112&r2=193113&view=diff
==============================================================================
--- directory/apacheds/branches/db_refactor/core/src/main/java/org/apache/ldap/server/authn/AuthenticationService.java
(original)
+++ directory/apacheds/branches/db_refactor/core/src/main/java/org/apache/ldap/server/authn/AuthenticationService.java
Thu Jun 23 01:47:51 2005
@@ -55,12 +55,6 @@
  */
 public class AuthenticationService implements Interceptor
 {
-    /** short for Context.SECURITY_AUTHENTICATION */
-    private static final String AUTH_TYPE = Context.SECURITY_AUTHENTICATION;
-
-    /** short for Context.SECURITY_CREDENTIALS */
-    private static final String CREDS = Context.SECURITY_CREDENTIALS;
-
     /** authenticators **/
     public Map authenticators = new HashMap();
 
@@ -73,6 +67,9 @@
     {
     }
 
+    /**
+     * Registers and initializes all {@link Authenticator}s to this service.
+     */
     public void init( ContextFactoryConfiguration factoryCfg, InterceptorConfiguration cfg
) throws NamingException
     {
         this.factoryCfg = factoryCfg;
@@ -94,6 +91,9 @@
         }
     }
     
+    /**
+     * Deinitializes and deregisters all {@link Authenticator}s from this service.
+     */
     public void destroy()
     {
         Iterator i = new ArrayList( authenticators.values() ).iterator();
@@ -110,9 +110,8 @@
     }
 
     /**
-     * Registers an AuthenticationService with the AuthenticationService.  Called by each
-     * AuthenticationService implementation after it has started to register for
-     * authentication operation calls.
+     * Initializes the specified {@link Authenticator} and registers it to
+     * this service.
      */
     private void register( AuthenticatorConfiguration cfg ) throws NamingException
     {
@@ -129,13 +128,8 @@
     }
 
     /**
-     * Unregisters an AuthenticationService with the AuthenticationService.  Called for each
-     * registered AuthenticationService right before it is to be stopped.  This prevents
-     * protocol server calls from reaching the Backend and effectively puts
-     * the ContextPartition's naming context offline.
-     *
-     * @param authenticator AuthenticationService component to unregister with this
-     * AuthenticationService.
+     * Deinitializes the specified {@link Authenticator} and deregisters it from
+     * this service.
      */
     private void unregister( Authenticator authenticator )
     {
@@ -159,14 +153,21 @@
     }
 
     /**
-     * Gets the authenticators with a specific type.
-     *
-     * @param type the authentication type
-     * @return the authenticators with the specified type
+     * Returns the list of {@link Authenticator}s with the specified type.
+     * 
+     * @return <tt>null</tt> if no authenticator is found.
      */
     private Collection getAuthenticators( String type )
     {
-        return ( Collection ) authenticators.get( type );
+        Collection result = ( Collection ) authenticators.get( type );
+        if( result != null && result.size() > 0 )
+        {
+            return result;
+        }
+        else
+        {
+            return null;
+        }
     }
     
 
@@ -298,18 +299,18 @@
 
         if ( ctx.getPrincipal() != null )
         {
-            if ( ctx.getEnvironment().containsKey( CREDS ) )
+            if ( ctx.getEnvironment().containsKey( Context.SECURITY_CREDENTIALS ) )
             {
-                ctx.removeFromEnvironment( CREDS );
+                ctx.removeFromEnvironment( Context.SECURITY_CREDENTIALS );
             }
             return;
         }
 
-        String authList = ( String ) ctx.getEnvironment().get( AUTH_TYPE );
+        String authList = ( String ) ctx.getEnvironment().get( Context.SECURITY_AUTHENTICATION
);
 
         if ( authList == null )
         {
-            if ( ctx.getEnvironment().containsKey( CREDS ) )
+            if ( ctx.getEnvironment().containsKey( Context.SECURITY_CREDENTIALS ) )
             {
                 // authentication type is simple here
 
@@ -368,7 +369,7 @@
 
                 // remove creds so there is no security risk
 
-                ctx.removeFromEnvironment( CREDS );
+                ctx.removeFromEnvironment( Context.SECURITY_CREDENTIALS );
                 return;
             }
             catch ( LdapAuthenticationException e )
@@ -382,6 +383,8 @@
 
 
     /**
+     * FIXME This doesn't secure anything actually.
+     * 
      * Created this wrapper to pass to ctx.setPrincipal() which is public for added
      * security.  This adds more security because an instance of this class is not
      * easily accessible whereas LdapPrincipals can be accessed easily from a context

Modified: directory/apacheds/branches/db_refactor/core/src/main/java/org/apache/ldap/server/authn/Authenticator.java
URL: http://svn.apache.org/viewcvs/directory/apacheds/branches/db_refactor/core/src/main/java/org/apache/ldap/server/authn/Authenticator.java?rev=193113&r1=193112&r2=193113&view=diff
==============================================================================
--- directory/apacheds/branches/db_refactor/core/src/main/java/org/apache/ldap/server/authn/Authenticator.java
(original)
+++ directory/apacheds/branches/db_refactor/core/src/main/java/org/apache/ldap/server/authn/Authenticator.java
Thu Jun 23 01:47:51 2005
@@ -17,41 +17,53 @@
 package org.apache.ldap.server.authn;
 
 
+import javax.naming.Context;
 import javax.naming.NamingException;
 
 import org.apache.ldap.server.configuration.AuthenticatorConfiguration;
 import org.apache.ldap.server.jndi.ContextFactoryConfiguration;
 import org.apache.ldap.server.jndi.ServerContext;
+import org.apache.ldap.server.partition.ContextPartitionNexus;
 
 
 /**
- * Defines methods that all Authenticators must implement.
+ * Authenticates users who access {@link ContextPartitionNexus}.
+ * <p>
+ * {@link Authenticator}s are registered to and configured by
+ * {@link AuthenticationService} interceptor.
+ * <p>
+ * {@link AuthenticationService} authenticates users by calling
+ * {@link #authenticate(ServerContext)}, and then {@link Authenticator}
+ * checks JNDI {@link Context} environment properties
+ * ({@link Context#SECURITY_PRINCIPAL} and {@link Context#SECURITY_CREDENTIALS})
+ * of current {@link Context}.
  *
- * <p>An AuthenticationService is a program that performs client authentication based
on the authentication
- * method/type that the client specifies in the JNDI properties.
- *
- * <p>To implement this interface, you can write an authenticator that extends org.apache.ldap.server.authn.AbstractAuthenticator.
- *
- * @see org.apache.ldap.server.authn.AbstractAuthenticator
+ * @see AbstractAuthenticator
  * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
  * @version $Rev$
  */
 public interface Authenticator
 {
+    /**
+     * Returns the type of this authenticator (e.g. <tt>'simple'</tt>,
+     * <tt>'none'</tt>,...).
+     */
     public String getAuthenticatorType();
     
     /**
-     * Called by the authenticator container to indicate that the authenticator is being
placed into service.
+     * Called by {@link AuthenticationService} to indicate that this
+     * authenticator is being placed into service.
      */
     public void init( ContextFactoryConfiguration factoryCfg, AuthenticatorConfiguration
cfg ) throws NamingException;
     
     /**
-     * Called by the authenticator container to indicate that the authenticator is being
removed from service.
+     * Called by {@link AuthenticationService} to indicate that this
+     * authenticator is being removed from service.
      */
     public void destroy();
 
     /**
-     * Perform the authentication operation and return the authorization id if successfull.
+     * Performs authentication and returns the principal if succeeded.
      */
     public LdapPrincipal authenticate( ServerContext ctx ) throws NamingException;
 }

Modified: directory/apacheds/branches/db_refactor/core/src/main/java/org/apache/ldap/server/authn/LdapPrincipal.java
URL: http://svn.apache.org/viewcvs/directory/apacheds/branches/db_refactor/core/src/main/java/org/apache/ldap/server/authn/LdapPrincipal.java?rev=193113&r1=193112&r2=193113&view=diff
==============================================================================
--- directory/apacheds/branches/db_refactor/core/src/main/java/org/apache/ldap/server/authn/LdapPrincipal.java
(original)
+++ directory/apacheds/branches/db_refactor/core/src/main/java/org/apache/ldap/server/authn/LdapPrincipal.java
Thu Jun 23 01:47:51 2005
@@ -67,23 +67,29 @@
 
     /**
      * Gets a cloned copy of the normalized distinguished name of this
-     * principal as a JNDI Name.  It must be cloned to protect this Principal
-     * from alteration.
+     * principal as a JNDI {@link Name}.
      *
-     * @return the normalized distinguished name of the principal as a JNDI Name
+     * @return the normalized distinguished name of the principal as a JNDI {@link Name}
      */
-    public Name getDn()
+    public Name getJndiName()
     {
         return ( Name ) name.clone();
     }
 
 
     /**
-     * Gets the normalized distinguished name of the principal as a String.
-     *
-     * @see Principal#getName()
+     * Returns the normalized distinguished name of the principal as a String.
      */
     public String getName()
+    {
+        return name.toString();
+    }
+    
+    /**
+     * Returns string representation of the normalized distinguished name
+     * of this principal.
+     */
+    public String toString()
     {
         return name.toString();
     }

Modified: directory/apacheds/branches/db_refactor/core/src/main/java/org/apache/ldap/server/authn/SimpleAuthenticator.java
URL: http://svn.apache.org/viewcvs/directory/apacheds/branches/db_refactor/core/src/main/java/org/apache/ldap/server/authn/SimpleAuthenticator.java?rev=193113&r1=193112&r2=193113&view=diff
==============================================================================
--- directory/apacheds/branches/db_refactor/core/src/main/java/org/apache/ldap/server/authn/SimpleAuthenticator.java
(original)
+++ directory/apacheds/branches/db_refactor/core/src/main/java/org/apache/ldap/server/authn/SimpleAuthenticator.java
Thu Jun 23 01:47:51 2005
@@ -31,30 +31,25 @@
 
 
 /**
- * A simple AuthenticationService that just authenticates clear text passwords
- * contained within the <code>userPassword</code> attribute.
+ * A simple {@link Authenticator} that authenticates clear text passwords
+ * contained within the <code>userPassword</code> attribute in DIT.
  *
  * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
  */
 public class SimpleAuthenticator extends AbstractAuthenticator
 {
     /**
-     * Creates a simple authenticator for clear text passwords in
-     * userPassword attributes.
+     * Creates a new instance.
      */
     public SimpleAuthenticator( )
     {
         super( "simple" );
     }
 
-    protected void doInit()
-    {
-    }
-    
     /**
-     * Uses the userPassword field of the user to authenticate.
-     *
-     * @see org.apache.ldap.server.authn.Authenticator#authenticate(org.apache.ldap.server.jndi.ServerContext)
+     * Looks up <tt>userPassword</tt> attribute of the entry whose name is
+     * the value of {@link Context#SECURITY_PRINCIPAL} environment variable,
+     * and authenticates a user with the plain-text password.
      */
     public LdapPrincipal authenticate( ServerContext ctx ) throws NamingException
     {

Modified: directory/apacheds/branches/db_refactor/core/src/main/java/org/apache/ldap/server/authz/AuthorizationService.java
URL: http://svn.apache.org/viewcvs/directory/apacheds/branches/db_refactor/core/src/main/java/org/apache/ldap/server/authz/AuthorizationService.java?rev=193113&r1=193112&r2=193113&view=diff
==============================================================================
--- directory/apacheds/branches/db_refactor/core/src/main/java/org/apache/ldap/server/authz/AuthorizationService.java
(original)
+++ directory/apacheds/branches/db_refactor/core/src/main/java/org/apache/ldap/server/authz/AuthorizationService.java
Thu Jun 23 01:47:51 2005
@@ -103,7 +103,7 @@
 
     public void delete( NextInterceptor nextInterceptor, Name name ) throws NamingException
     {
-        Name principalDn = getPrincipal().getDn();
+        Name principalDn = getPrincipal().getJndiName();
 
         if ( name.toString().equals( "" ) )
         {
@@ -186,7 +186,7 @@
 
     private void protectModifyAlterations( Name dn ) throws LdapNoPermissionException
     {
-        Name principalDn = getPrincipal().getDn();
+        Name principalDn = getPrincipal().getJndiName();
 
         if ( dn.toString().equals( "" ) )
         {
@@ -259,7 +259,7 @@
 
     private void protectDnAlterations( Name dn ) throws LdapNoPermissionException
     {
-        Name principalDn = getPrincipal().getDn();
+        Name principalDn = getPrincipal().getJndiName();
 
         if ( dn.toString().equals( "" ) )
         {
@@ -325,7 +325,7 @@
     {
         LdapContext ctx =
             ( LdapContext ) InvocationStack.getInstance().peek().getTarget();
-        Name principalDn = ( ( ServerContext ) ctx ).getPrincipal().getDn();
+        Name principalDn = ( ( ServerContext ) ctx ).getPrincipal().getJndiName();
 
         if ( !principalDn.equals( ADMIN_DN ) )
         {
@@ -428,7 +428,7 @@
             dn = dnParser.parse( result.getName() );
         }
 
-        Name principalDn = ( ( ServerContext ) ctx ).getPrincipal().getDn();
+        Name principalDn = ( ( ServerContext ) ctx ).getPrincipal().getJndiName();
         if ( !principalDn.equals( ADMIN_DN ) )
         {
             if ( dn.size() > 2 )



Mime
View raw message