Return-Path: 
 <commits-return-9527-apmail-directory-commits-archive=directory.apache.org@directory.apache.org>
Delivered-To: apmail-directory-commits-archive@www.apache.org
Received: (qmail 85246 invoked from network); 17 Jul 2006 21:03:08 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199)
  by minotaur.apache.org with SMTP; 17 Jul 2006 21:03:08 -0000
Received: (qmail 99642 invoked by uid 500); 17 Jul 2006 21:03:08 -0000
Delivered-To: apmail-directory-commits-archive@directory.apache.org
Received: (qmail 99595 invoked by uid 500); 17 Jul 2006 21:03:08 -0000
Mailing-List: contact commits-help@directory.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:commits-help@directory.apache.org>
List-Unsubscribe: <mailto:commits-unsubscribe@directory.apache.org>
List-Post: <mailto:commits@directory.apache.org>
List-Id: <commits.directory.apache.org>
Reply-To: dev@directory.apache.org
Delivered-To: mailing list commits@directory.apache.org
Received: (qmail 99579 invoked by uid 99); 17 Jul 2006 21:03:07 -0000
Received: from asf.osuosl.org (HELO asf.osuosl.org) (140.211.166.49)
    by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 17 Jul 2006 14:03:07 -0700
X-ASF-Spam-Status: No, hits=-9.4 required=10.0
	tests=ALL_TRUSTED,NO_REAL_NAME
X-Spam-Check-By: apache.org
Received-SPF: pass (asf.osuosl.org: local policy)
Received: from [140.211.166.113] (HELO eris.apache.org) (140.211.166.113)
    by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 17 Jul 2006 14:03:06 -0700
Received: by eris.apache.org (Postfix, from userid 65534)
	id A628D1A981A; Mon, 17 Jul 2006 14:02:46 -0700 (PDT)
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: svn commit: r422869 - in /directory/branches/apacheds/optimization:
 core-unit/src/test/java/org/apache/directory/server/core/authn/
 core/src/main/java/org/apache/directory/server/core/authn/
Date: Mon, 17 Jul 2006 21:02:45 -0000
To: commits@directory.apache.org
From: akarasulu@apache.org
X-Mailer: svnmailer-1.0.8
Message-Id: <20060717210246.A628D1A981A@eris.apache.org>
X-Virus-Checked: Checked by ClamAV on apache.org
X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N

Author: akarasulu
Date: Mon Jul 17 14:02:44 2006
New Revision: 422869

URL: http://svn.apache.org/viewvc?rev=422869&view=rev
Log:
Improving invalidation a bit by not being so exact to invalidate.  If any change
happends, move, delete, or modify to an entry then I call invalidate.

Modified:
    directory/branches/apacheds/optimization/core-unit/src/test/java/org/apache/directory/server/core/authn/SimpleAuthenticationITest.java
    directory/branches/apacheds/optimization/core/src/main/java/org/apache/directory/server/core/authn/AbstractAuthenticator.java
    directory/branches/apacheds/optimization/core/src/main/java/org/apache/directory/server/core/authn/AuthenticationService.java
    directory/branches/apacheds/optimization/core/src/main/java/org/apache/directory/server/core/authn/Authenticator.java
    directory/branches/apacheds/optimization/core/src/main/java/org/apache/directory/server/core/authn/SimpleAuthenticator.java

Modified: directory/branches/apacheds/optimization/core-unit/src/test/java/org/apache/directory/server/core/authn/SimpleAuthenticationITest.java
URL: http://svn.apache.org/viewvc/directory/branches/apacheds/optimization/core-unit/src/test/java/org/apache/directory/server/core/authn/SimpleAuthenticationITest.java?rev=422869&r1=422868&r2=422869&view=diff
==============================================================================
--- directory/branches/apacheds/optimization/core-unit/src/test/java/org/apache/directory/server/core/authn/SimpleAuthenticationITest.java (original)
+++ directory/branches/apacheds/optimization/core-unit/src/test/java/org/apache/directory/server/core/authn/SimpleAuthenticationITest.java Mon Jul 17 14:02:44 2006
@@ -386,81 +386,4 @@
         assertTrue( attrs.get( "facsimiletelephonenumber" ).contains( "+1 408 555 9751" ) );
         assertTrue( attrs.get( "roomnumber" ).contains( "4612" ) );
     }
-
-
-    public void test12InvalidateCredentialCacheWithOID() throws NamingException
-    {
-        Hashtable env = new Hashtable( configuration.toJndiEnvironment() );
-        env.put( Context.PROVIDER_URL, "ou=system" );
-        env.put( Context.SECURITY_PRINCIPAL, "uid=akarasulu,ou=users,ou=system" );
-        env.put( Context.SECURITY_CREDENTIALS, "test" );
-        env.put( Context.SECURITY_AUTHENTICATION, "simple" );
-        env.put( Context.INITIAL_CONTEXT_FACTORY, "org.apache.directory.server.core.jndi.CoreContextFactory" );
-        InitialDirContext ic = new InitialDirContext( env );
-        Attributes attrs = ic.getAttributes( "uid=akarasulu,ou=users" );
-        Attribute ou = attrs.get( "ou" );
-        assertTrue( ou.contains( "Engineering" ) );
-        assertTrue( ou.contains( "People" ) );
-
-        Attribute objectClass = attrs.get( "objectClass" );
-        assertTrue( objectClass.contains( "top" ) );
-        assertTrue( objectClass.contains( "person" ) );
-        assertTrue( objectClass.contains( "organizationalPerson" ) );
-        assertTrue( objectClass.contains( "inetOrgPerson" ) );
-
-        assertTrue( attrs.get( "telephonenumber" ).contains( "+1 408 555 4798" ) );
-        assertTrue( attrs.get( "uid" ).contains( "akarasulu" ) );
-        assertTrue( attrs.get( "givenname" ).contains( "Alex" ) );
-        assertTrue( attrs.get( "mail" ).contains( "akarasulu@apache.org" ) );
-        assertTrue( attrs.get( "l" ).contains( "Bogusville" ) );
-        assertTrue( attrs.get( "sn" ).contains( "Karasulu" ) );
-        assertTrue( attrs.get( "cn" ).contains( "Alex Karasulu" ) );
-        assertTrue( attrs.get( "facsimiletelephonenumber" ).contains( "+1 408 555 9751" ) );
-        assertTrue( attrs.get( "roomnumber" ).contains( "4612" ) );
-        
-        // now modify the password for akarasulu
-        LockableAttributeImpl userPasswordAttribute = new LockableAttributeImpl( "2.5.4.35", "newpwd" );
-        ic.modifyAttributes( "uid=akarasulu,ou=users", new ModificationItem[] { 
-            new ModificationItem( DirContext.REPLACE_ATTRIBUTE, userPasswordAttribute ) } );
-        
-        // close and try with old password (should fail)
-        ic.close();
-        env.put( Context.SECURITY_CREDENTIALS, "test" );
-        try
-        {
-            ic = new InitialDirContext( env );
-            fail( "Authentication with old password should fail" );
-        }
-        catch ( NamingException e )
-        {
-            // we should fail 
-        }
-
-        // close and try again now with new password (should fail)
-        ic.close();
-        env.put( Context.SECURITY_CREDENTIALS, "newpwd" );
-        ic = new InitialDirContext( env );
-        attrs = ic.getAttributes( "uid=akarasulu,ou=users" );
-        ou = attrs.get( "ou" );
-        assertTrue( ou.contains( "Engineering" ) );
-        assertTrue( ou.contains( "People" ) );
-
-        objectClass = attrs.get( "objectClass" );
-        assertTrue( objectClass.contains( "top" ) );
-        assertTrue( objectClass.contains( "person" ) );
-        assertTrue( objectClass.contains( "organizationalPerson" ) );
-        assertTrue( objectClass.contains( "inetOrgPerson" ) );
-
-        assertTrue( attrs.get( "telephonenumber" ).contains( "+1 408 555 4798" ) );
-        assertTrue( attrs.get( "uid" ).contains( "akarasulu" ) );
-        assertTrue( attrs.get( "givenname" ).contains( "Alex" ) );
-        assertTrue( attrs.get( "mail" ).contains( "akarasulu@apache.org" ) );
-        assertTrue( attrs.get( "l" ).contains( "Bogusville" ) );
-        assertTrue( attrs.get( "sn" ).contains( "Karasulu" ) );
-        assertTrue( attrs.get( "cn" ).contains( "Alex Karasulu" ) );
-        assertTrue( attrs.get( "facsimiletelephonenumber" ).contains( "+1 408 555 9751" ) );
-        assertTrue( attrs.get( "roomnumber" ).contains( "4612" ) );
-    }
-
-
 }

Modified: directory/branches/apacheds/optimization/core/src/main/java/org/apache/directory/server/core/authn/AbstractAuthenticator.java
URL: http://svn.apache.org/viewvc/directory/branches/apacheds/optimization/core/src/main/java/org/apache/directory/server/core/authn/AbstractAuthenticator.java?rev=422869&r1=422868&r2=422869&view=diff
==============================================================================
--- directory/branches/apacheds/optimization/core/src/main/java/org/apache/directory/server/core/authn/AbstractAuthenticator.java (original)
+++ directory/branches/apacheds/optimization/core/src/main/java/org/apache/directory/server/core/authn/AbstractAuthenticator.java Mon Jul 17 14:02:44 2006
@@ -133,7 +133,7 @@
     /**
      * Does nothing leaving it so subclasses can override.
      */
-    public void passwordChanged( LdapDN bindDn, byte[] userPassword )
+    public void invalidateCache( LdapDN bindDn )
     {
     }
     

Modified: directory/branches/apacheds/optimization/core/src/main/java/org/apache/directory/server/core/authn/AuthenticationService.java
URL: http://svn.apache.org/viewvc/directory/branches/apacheds/optimization/core/src/main/java/org/apache/directory/server/core/authn/AuthenticationService.java?rev=422869&r1=422868&r2=422869&view=diff
==============================================================================
--- directory/branches/apacheds/optimization/core/src/main/java/org/apache/directory/server/core/authn/AuthenticationService.java (original)
+++ directory/branches/apacheds/optimization/core/src/main/java/org/apache/directory/server/core/authn/AuthenticationService.java Mon Jul 17 14:02:44 2006
@@ -27,7 +27,6 @@
 import javax.naming.Context;
 import javax.naming.NamingEnumeration;
 import javax.naming.NamingException;
-import javax.naming.directory.Attribute;
 import javax.naming.directory.Attributes;
 import javax.naming.directory.ModificationItem;
 import javax.naming.directory.SearchControls;
@@ -43,9 +42,7 @@
 import org.apache.directory.server.core.jndi.ServerContext;
 import org.apache.directory.shared.ldap.exception.LdapAuthenticationException;
 import org.apache.directory.shared.ldap.filter.ExprNode;
-import org.apache.directory.shared.ldap.schema.AttributeType;
 import org.apache.directory.shared.ldap.util.AttributeUtils;
-import org.apache.directory.shared.ldap.util.StringTools;
 import org.apache.directory.shared.ldap.name.LdapDN;
 
 import org.slf4j.Logger;
@@ -68,7 +65,6 @@
     public Map authenticators = new HashMap();
 
     private DirectoryServiceConfiguration factoryCfg;
-    private AttributeType userPasswordAttributeType;
 
     /**
      * Creates an authentication service interceptor.
@@ -84,8 +80,6 @@
     public void init( DirectoryServiceConfiguration factoryCfg, InterceptorConfiguration cfg ) throws NamingException
     {
         this.factoryCfg = factoryCfg;
-        this.userPasswordAttributeType = factoryCfg.getGlobalRegistries()
-            .getAttributeTypeRegistry().lookup( "userPassword" );
 
         // Register all authenticators
         Iterator i = factoryCfg.getStartupConfiguration().getAuthenticatorConfigurations().iterator();
@@ -209,6 +203,7 @@
 
         checkAuthenticated();
         next.delete( name );
+        invalidateAuthenticatorCaches( name );
     }
 
 
@@ -320,6 +315,24 @@
     }
 
 
+    private void invalidateAuthenticatorCaches( LdapDN principalDn )
+    {
+        for ( Iterator jj = this.authenticators.keySet().iterator(); jj.hasNext(); /**/ )
+        {
+            String authMech = ( String ) jj.next();
+            
+            Collection authenticators = getAuthenticators( authMech );
+            
+            // try each authenticator
+            for ( Iterator ii = authenticators.iterator(); ii.hasNext(); /**/ )
+            {
+                Authenticator authenticator = ( Authenticator ) ii.next();
+                authenticator.invalidateCache( getPrincipal().getJndiName() );
+            }
+        }
+    }
+    
+    
     public void modify( NextInterceptor next, LdapDN name, int modOp, Attributes mods ) throws NamingException
     {
         if ( log.isDebugEnabled() )
@@ -329,40 +342,10 @@
 
         checkAuthenticated();
         next.modify( name, modOp, mods );
-        
-        Attribute userPasswordAttribute = AttributeUtils.getAttribute( mods, userPasswordAttributeType ); 
-        if ( userPasswordAttribute != null )
-        {
-            notifyUserPasswordChanged( userPasswordAttribute );
-        }
+        invalidateAuthenticatorCaches( name );
     }
 
     
-    private byte[] notifyUserPasswordChanged( Attribute userPasswordAttribute ) throws NamingException
-    {
-        byte[] passwordBytes = null;
-        Object password = userPasswordAttribute.get();
-        if ( password instanceof byte[] )
-        {
-            passwordBytes = ( byte[] ) password;
-        }
-        else
-        {
-            passwordBytes = StringTools.getBytesUtf8( ( String ) password );
-        }
-        
-        Collection authenticators = getAuthenticators( "simple" );
-        // try each authenticators
-        for ( Iterator i = authenticators.iterator(); i.hasNext(); )
-        {
-            Authenticator authenticator = ( Authenticator ) i.next();
-            authenticator.passwordChanged( getPrincipal().getJndiName(), passwordBytes );
-        }
-
-        return passwordBytes;
-    }
-    
-
     public void modify( NextInterceptor next, LdapDN name, ModificationItem[] mods ) throws NamingException
     {
         if ( log.isDebugEnabled() )
@@ -372,12 +355,7 @@
 
         checkAuthenticated();
         next.modify( name, mods );
-
-        Attribute userPasswordAttribute = AttributeUtils.getAttribute( mods, userPasswordAttributeType ); 
-        if ( userPasswordAttribute != null )
-        {
-            notifyUserPasswordChanged( userPasswordAttribute );
-        }
+        invalidateAuthenticatorCaches( name );
     }
 
 
@@ -391,6 +369,7 @@
 
         checkAuthenticated();
         next.modifyRn( name, newRn, deleteOldRn );
+        invalidateAuthenticatorCaches( name );
     }
 
 
@@ -405,6 +384,7 @@
 
         checkAuthenticated();
         next.move( oriChildName, newParentName, newRn, deleteOldRn );
+        invalidateAuthenticatorCaches( oriChildName );
     }
 
 
@@ -417,6 +397,7 @@
 
         checkAuthenticated();
         next.move( oriChildName, newParentName );
+        invalidateAuthenticatorCaches( oriChildName );
     }
 
 

Modified: directory/branches/apacheds/optimization/core/src/main/java/org/apache/directory/server/core/authn/Authenticator.java
URL: http://svn.apache.org/viewvc/directory/branches/apacheds/optimization/core/src/main/java/org/apache/directory/server/core/authn/Authenticator.java?rev=422869&r1=422868&r2=422869&view=diff
==============================================================================
--- directory/branches/apacheds/optimization/core/src/main/java/org/apache/directory/server/core/authn/Authenticator.java (original)
+++ directory/branches/apacheds/optimization/core/src/main/java/org/apache/directory/server/core/authn/Authenticator.java Mon Jul 17 14:02:44 2006
@@ -68,12 +68,12 @@
     /**
      * Callback used to respond to password changes by invalidating a password
      * cache if implemented.  This is an additional feature of an authenticator
-     * which need not be implemented: empty implementation is sufficient.
+     * which need not be implemented: empty implementation is sufficient.  This
+     * is called on every del, modify, and modifyRdn operation.
      * 
      * @param bindDn the already normalized distinguished name of the bind principal
-     * @param userPassword the new password for the bind principal
      */
-    public void passwordChanged( LdapDN bindDn, byte[] userPassword );
+    public void invalidateCache( LdapDN bindDn );
 
     /**
      * Performs authentication and returns the principal if succeeded.

Modified: directory/branches/apacheds/optimization/core/src/main/java/org/apache/directory/server/core/authn/SimpleAuthenticator.java
URL: http://svn.apache.org/viewvc/directory/branches/apacheds/optimization/core/src/main/java/org/apache/directory/server/core/authn/SimpleAuthenticator.java?rev=422869&r1=422868&r2=422869&view=diff
==============================================================================
--- directory/branches/apacheds/optimization/core/src/main/java/org/apache/directory/server/core/authn/SimpleAuthenticator.java (original)
+++ directory/branches/apacheds/optimization/core/src/main/java/org/apache/directory/server/core/authn/SimpleAuthenticator.java Mon Jul 17 14:02:44 2006
@@ -345,8 +345,8 @@
     }
 
 
-    public void passwordChanged( LdapDN bindDn, byte[] userPassword )
+    public void invalidateCache( LdapDN bindDn )
     {
-        credentialCache.put( bindDn.getNormName(), userPassword );
+        credentialCache.remove( bindDn.getNormName() );
     }
 }