directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From akaras...@apache.org
Subject svn commit: r422869 - in /directory/branches/apacheds/optimization: core-unit/src/test/java/org/apache/directory/server/core/authn/ core/src/main/java/org/apache/directory/server/core/authn/
Date Mon, 17 Jul 2006 21:02:45 GMT
Author: akarasulu
Date: Mon Jul 17 14:02:44 2006
New Revision: 422869

URL: http://svn.apache.org/viewvc?rev=422869&view=rev
Log:
Improving invalidation a bit by not being so exact to invalidate.  If any change
happends, move, delete, or modify to an entry then I call invalidate.

Modified:
    directory/branches/apacheds/optimization/core-unit/src/test/java/org/apache/directory/server/core/authn/SimpleAuthenticationITest.java
    directory/branches/apacheds/optimization/core/src/main/java/org/apache/directory/server/core/authn/AbstractAuthenticator.java
    directory/branches/apacheds/optimization/core/src/main/java/org/apache/directory/server/core/authn/AuthenticationService.java
    directory/branches/apacheds/optimization/core/src/main/java/org/apache/directory/server/core/authn/Authenticator.java
    directory/branches/apacheds/optimization/core/src/main/java/org/apache/directory/server/core/authn/SimpleAuthenticator.java

Modified: directory/branches/apacheds/optimization/core-unit/src/test/java/org/apache/directory/server/core/authn/SimpleAuthenticationITest.java
URL: http://svn.apache.org/viewvc/directory/branches/apacheds/optimization/core-unit/src/test/java/org/apache/directory/server/core/authn/SimpleAuthenticationITest.java?rev=422869&r1=422868&r2=422869&view=diff
==============================================================================
--- directory/branches/apacheds/optimization/core-unit/src/test/java/org/apache/directory/server/core/authn/SimpleAuthenticationITest.java
(original)
+++ directory/branches/apacheds/optimization/core-unit/src/test/java/org/apache/directory/server/core/authn/SimpleAuthenticationITest.java
Mon Jul 17 14:02:44 2006
@@ -386,81 +386,4 @@
         assertTrue( attrs.get( "facsimiletelephonenumber" ).contains( "+1 408 555 9751" )
);
         assertTrue( attrs.get( "roomnumber" ).contains( "4612" ) );
     }
-
-
-    public void test12InvalidateCredentialCacheWithOID() throws NamingException
-    {
-        Hashtable env = new Hashtable( configuration.toJndiEnvironment() );
-        env.put( Context.PROVIDER_URL, "ou=system" );
-        env.put( Context.SECURITY_PRINCIPAL, "uid=akarasulu,ou=users,ou=system" );
-        env.put( Context.SECURITY_CREDENTIALS, "test" );
-        env.put( Context.SECURITY_AUTHENTICATION, "simple" );
-        env.put( Context.INITIAL_CONTEXT_FACTORY, "org.apache.directory.server.core.jndi.CoreContextFactory"
);
-        InitialDirContext ic = new InitialDirContext( env );
-        Attributes attrs = ic.getAttributes( "uid=akarasulu,ou=users" );
-        Attribute ou = attrs.get( "ou" );
-        assertTrue( ou.contains( "Engineering" ) );
-        assertTrue( ou.contains( "People" ) );
-
-        Attribute objectClass = attrs.get( "objectClass" );
-        assertTrue( objectClass.contains( "top" ) );
-        assertTrue( objectClass.contains( "person" ) );
-        assertTrue( objectClass.contains( "organizationalPerson" ) );
-        assertTrue( objectClass.contains( "inetOrgPerson" ) );
-
-        assertTrue( attrs.get( "telephonenumber" ).contains( "+1 408 555 4798" ) );
-        assertTrue( attrs.get( "uid" ).contains( "akarasulu" ) );
-        assertTrue( attrs.get( "givenname" ).contains( "Alex" ) );
-        assertTrue( attrs.get( "mail" ).contains( "akarasulu@apache.org" ) );
-        assertTrue( attrs.get( "l" ).contains( "Bogusville" ) );
-        assertTrue( attrs.get( "sn" ).contains( "Karasulu" ) );
-        assertTrue( attrs.get( "cn" ).contains( "Alex Karasulu" ) );
-        assertTrue( attrs.get( "facsimiletelephonenumber" ).contains( "+1 408 555 9751" )
);
-        assertTrue( attrs.get( "roomnumber" ).contains( "4612" ) );
-        
-        // now modify the password for akarasulu
-        LockableAttributeImpl userPasswordAttribute = new LockableAttributeImpl( "2.5.4.35",
"newpwd" );
-        ic.modifyAttributes( "uid=akarasulu,ou=users", new ModificationItem[] { 
-            new ModificationItem( DirContext.REPLACE_ATTRIBUTE, userPasswordAttribute ) }
);
-        
-        // close and try with old password (should fail)
-        ic.close();
-        env.put( Context.SECURITY_CREDENTIALS, "test" );
-        try
-        {
-            ic = new InitialDirContext( env );
-            fail( "Authentication with old password should fail" );
-        }
-        catch ( NamingException e )
-        {
-            // we should fail 
-        }
-
-        // close and try again now with new password (should fail)
-        ic.close();
-        env.put( Context.SECURITY_CREDENTIALS, "newpwd" );
-        ic = new InitialDirContext( env );
-        attrs = ic.getAttributes( "uid=akarasulu,ou=users" );
-        ou = attrs.get( "ou" );
-        assertTrue( ou.contains( "Engineering" ) );
-        assertTrue( ou.contains( "People" ) );
-
-        objectClass = attrs.get( "objectClass" );
-        assertTrue( objectClass.contains( "top" ) );
-        assertTrue( objectClass.contains( "person" ) );
-        assertTrue( objectClass.contains( "organizationalPerson" ) );
-        assertTrue( objectClass.contains( "inetOrgPerson" ) );
-
-        assertTrue( attrs.get( "telephonenumber" ).contains( "+1 408 555 4798" ) );
-        assertTrue( attrs.get( "uid" ).contains( "akarasulu" ) );
-        assertTrue( attrs.get( "givenname" ).contains( "Alex" ) );
-        assertTrue( attrs.get( "mail" ).contains( "akarasulu@apache.org" ) );
-        assertTrue( attrs.get( "l" ).contains( "Bogusville" ) );
-        assertTrue( attrs.get( "sn" ).contains( "Karasulu" ) );
-        assertTrue( attrs.get( "cn" ).contains( "Alex Karasulu" ) );
-        assertTrue( attrs.get( "facsimiletelephonenumber" ).contains( "+1 408 555 9751" )
);
-        assertTrue( attrs.get( "roomnumber" ).contains( "4612" ) );
-    }
-
-
 }

Modified: directory/branches/apacheds/optimization/core/src/main/java/org/apache/directory/server/core/authn/AbstractAuthenticator.java
URL: http://svn.apache.org/viewvc/directory/branches/apacheds/optimization/core/src/main/java/org/apache/directory/server/core/authn/AbstractAuthenticator.java?rev=422869&r1=422868&r2=422869&view=diff
==============================================================================
--- directory/branches/apacheds/optimization/core/src/main/java/org/apache/directory/server/core/authn/AbstractAuthenticator.java
(original)
+++ directory/branches/apacheds/optimization/core/src/main/java/org/apache/directory/server/core/authn/AbstractAuthenticator.java
Mon Jul 17 14:02:44 2006
@@ -133,7 +133,7 @@
     /**
      * Does nothing leaving it so subclasses can override.
      */
-    public void passwordChanged( LdapDN bindDn, byte[] userPassword )
+    public void invalidateCache( LdapDN bindDn )
     {
     }
     

Modified: directory/branches/apacheds/optimization/core/src/main/java/org/apache/directory/server/core/authn/AuthenticationService.java
URL: http://svn.apache.org/viewvc/directory/branches/apacheds/optimization/core/src/main/java/org/apache/directory/server/core/authn/AuthenticationService.java?rev=422869&r1=422868&r2=422869&view=diff
==============================================================================
--- directory/branches/apacheds/optimization/core/src/main/java/org/apache/directory/server/core/authn/AuthenticationService.java
(original)
+++ directory/branches/apacheds/optimization/core/src/main/java/org/apache/directory/server/core/authn/AuthenticationService.java
Mon Jul 17 14:02:44 2006
@@ -27,7 +27,6 @@
 import javax.naming.Context;
 import javax.naming.NamingEnumeration;
 import javax.naming.NamingException;
-import javax.naming.directory.Attribute;
 import javax.naming.directory.Attributes;
 import javax.naming.directory.ModificationItem;
 import javax.naming.directory.SearchControls;
@@ -43,9 +42,7 @@
 import org.apache.directory.server.core.jndi.ServerContext;
 import org.apache.directory.shared.ldap.exception.LdapAuthenticationException;
 import org.apache.directory.shared.ldap.filter.ExprNode;
-import org.apache.directory.shared.ldap.schema.AttributeType;
 import org.apache.directory.shared.ldap.util.AttributeUtils;
-import org.apache.directory.shared.ldap.util.StringTools;
 import org.apache.directory.shared.ldap.name.LdapDN;
 
 import org.slf4j.Logger;
@@ -68,7 +65,6 @@
     public Map authenticators = new HashMap();
 
     private DirectoryServiceConfiguration factoryCfg;
-    private AttributeType userPasswordAttributeType;
 
     /**
      * Creates an authentication service interceptor.
@@ -84,8 +80,6 @@
     public void init( DirectoryServiceConfiguration factoryCfg, InterceptorConfiguration
cfg ) throws NamingException
     {
         this.factoryCfg = factoryCfg;
-        this.userPasswordAttributeType = factoryCfg.getGlobalRegistries()
-            .getAttributeTypeRegistry().lookup( "userPassword" );
 
         // Register all authenticators
         Iterator i = factoryCfg.getStartupConfiguration().getAuthenticatorConfigurations().iterator();
@@ -209,6 +203,7 @@
 
         checkAuthenticated();
         next.delete( name );
+        invalidateAuthenticatorCaches( name );
     }
 
 
@@ -320,6 +315,24 @@
     }
 
 
+    private void invalidateAuthenticatorCaches( LdapDN principalDn )
+    {
+        for ( Iterator jj = this.authenticators.keySet().iterator(); jj.hasNext(); /**/ )
+        {
+            String authMech = ( String ) jj.next();
+            
+            Collection authenticators = getAuthenticators( authMech );
+            
+            // try each authenticator
+            for ( Iterator ii = authenticators.iterator(); ii.hasNext(); /**/ )
+            {
+                Authenticator authenticator = ( Authenticator ) ii.next();
+                authenticator.invalidateCache( getPrincipal().getJndiName() );
+            }
+        }
+    }
+    
+    
     public void modify( NextInterceptor next, LdapDN name, int modOp, Attributes mods ) throws
NamingException
     {
         if ( log.isDebugEnabled() )
@@ -329,40 +342,10 @@
 
         checkAuthenticated();
         next.modify( name, modOp, mods );
-        
-        Attribute userPasswordAttribute = AttributeUtils.getAttribute( mods, userPasswordAttributeType
); 
-        if ( userPasswordAttribute != null )
-        {
-            notifyUserPasswordChanged( userPasswordAttribute );
-        }
+        invalidateAuthenticatorCaches( name );
     }
 
     
-    private byte[] notifyUserPasswordChanged( Attribute userPasswordAttribute ) throws NamingException
-    {
-        byte[] passwordBytes = null;
-        Object password = userPasswordAttribute.get();
-        if ( password instanceof byte[] )
-        {
-            passwordBytes = ( byte[] ) password;
-        }
-        else
-        {
-            passwordBytes = StringTools.getBytesUtf8( ( String ) password );
-        }
-        
-        Collection authenticators = getAuthenticators( "simple" );
-        // try each authenticators
-        for ( Iterator i = authenticators.iterator(); i.hasNext(); )
-        {
-            Authenticator authenticator = ( Authenticator ) i.next();
-            authenticator.passwordChanged( getPrincipal().getJndiName(), passwordBytes );
-        }
-
-        return passwordBytes;
-    }
-    
-
     public void modify( NextInterceptor next, LdapDN name, ModificationItem[] mods ) throws
NamingException
     {
         if ( log.isDebugEnabled() )
@@ -372,12 +355,7 @@
 
         checkAuthenticated();
         next.modify( name, mods );
-
-        Attribute userPasswordAttribute = AttributeUtils.getAttribute( mods, userPasswordAttributeType
); 
-        if ( userPasswordAttribute != null )
-        {
-            notifyUserPasswordChanged( userPasswordAttribute );
-        }
+        invalidateAuthenticatorCaches( name );
     }
 
 
@@ -391,6 +369,7 @@
 
         checkAuthenticated();
         next.modifyRn( name, newRn, deleteOldRn );
+        invalidateAuthenticatorCaches( name );
     }
 
 
@@ -405,6 +384,7 @@
 
         checkAuthenticated();
         next.move( oriChildName, newParentName, newRn, deleteOldRn );
+        invalidateAuthenticatorCaches( oriChildName );
     }
 
 
@@ -417,6 +397,7 @@
 
         checkAuthenticated();
         next.move( oriChildName, newParentName );
+        invalidateAuthenticatorCaches( oriChildName );
     }
 
 

Modified: directory/branches/apacheds/optimization/core/src/main/java/org/apache/directory/server/core/authn/Authenticator.java
URL: http://svn.apache.org/viewvc/directory/branches/apacheds/optimization/core/src/main/java/org/apache/directory/server/core/authn/Authenticator.java?rev=422869&r1=422868&r2=422869&view=diff
==============================================================================
--- directory/branches/apacheds/optimization/core/src/main/java/org/apache/directory/server/core/authn/Authenticator.java
(original)
+++ directory/branches/apacheds/optimization/core/src/main/java/org/apache/directory/server/core/authn/Authenticator.java
Mon Jul 17 14:02:44 2006
@@ -68,12 +68,12 @@
     /**
      * Callback used to respond to password changes by invalidating a password
      * cache if implemented.  This is an additional feature of an authenticator
-     * which need not be implemented: empty implementation is sufficient.
+     * which need not be implemented: empty implementation is sufficient.  This
+     * is called on every del, modify, and modifyRdn operation.
      * 
      * @param bindDn the already normalized distinguished name of the bind principal
-     * @param userPassword the new password for the bind principal
      */
-    public void passwordChanged( LdapDN bindDn, byte[] userPassword );
+    public void invalidateCache( LdapDN bindDn );
 
     /**
      * Performs authentication and returns the principal if succeeded.

Modified: directory/branches/apacheds/optimization/core/src/main/java/org/apache/directory/server/core/authn/SimpleAuthenticator.java
URL: http://svn.apache.org/viewvc/directory/branches/apacheds/optimization/core/src/main/java/org/apache/directory/server/core/authn/SimpleAuthenticator.java?rev=422869&r1=422868&r2=422869&view=diff
==============================================================================
--- directory/branches/apacheds/optimization/core/src/main/java/org/apache/directory/server/core/authn/SimpleAuthenticator.java
(original)
+++ directory/branches/apacheds/optimization/core/src/main/java/org/apache/directory/server/core/authn/SimpleAuthenticator.java
Mon Jul 17 14:02:44 2006
@@ -345,8 +345,8 @@
     }
 
 
-    public void passwordChanged( LdapDN bindDn, byte[] userPassword )
+    public void invalidateCache( LdapDN bindDn )
     {
-        credentialCache.put( bindDn.getNormName(), userPassword );
+        credentialCache.remove( bindDn.getNormName() );
     }
 }



Mime
View raw message