incubator-sling-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From fmesc...@apache.org
Subject svn commit: r742157 - in /incubator/sling/trunk/extensions/openidauth: ./ src/main/java/org/apache/sling/openidauth/ src/main/java/org/apache/sling/openidauth/impl/ src/main/resources/OSGI-INF/metatype/ src/main/resources/SLING-INF/content/apps/openid/...
Date Sun, 08 Feb 2009 20:24:50 GMT
Author: fmeschbe
Date: Sun Feb  8 20:24:50 2009
New Revision: 742157

URL: http://svn.apache.org/viewvc?rev=742157&view=rev
Log:
SLING-839 Apply patch by Rory Douglas (thanks)

Added:
    incubator/sling/trunk/extensions/openidauth/src/main/java/org/apache/sling/openidauth/impl/OpenIDAuthenticationPlugin.java
  (with props)
    incubator/sling/trunk/extensions/openidauth/src/main/java/org/apache/sling/openidauth/impl/OpenIDPrincipal.java
  (with props)
Modified:
    incubator/sling/trunk/extensions/openidauth/pom.xml
    incubator/sling/trunk/extensions/openidauth/src/main/java/org/apache/sling/openidauth/OpenIDUserUtil.java
    incubator/sling/trunk/extensions/openidauth/src/main/java/org/apache/sling/openidauth/impl/OpenIDAuthenticationHandler.java
    incubator/sling/trunk/extensions/openidauth/src/main/resources/OSGI-INF/metatype/metatype.properties
    incubator/sling/trunk/extensions/openidauth/src/main/resources/SLING-INF/content/apps/openid/auth/login/html.jsp

Modified: incubator/sling/trunk/extensions/openidauth/pom.xml
URL: http://svn.apache.org/viewvc/incubator/sling/trunk/extensions/openidauth/pom.xml?rev=742157&r1=742156&r2=742157&view=diff
==============================================================================
--- incubator/sling/trunk/extensions/openidauth/pom.xml (original)
+++ incubator/sling/trunk/extensions/openidauth/pom.xml Sun Feb  8 20:24:50 2009
@@ -157,5 +157,10 @@
 	    	<artifactId>jetty-util</artifactId>
 	    	<version>7.0.0.pre5</version>
 	    </dependency>
+	    <dependency>
+	    	<groupId>org.apache.sling</groupId>
+	    	<artifactId>org.apache.sling.jcr.jackrabbit.server</artifactId>
+	    	<version>2.0.3-incubator-SNAPSHOT</version>
+	    </dependency>
     </dependencies>
 </project>

Modified: incubator/sling/trunk/extensions/openidauth/src/main/java/org/apache/sling/openidauth/OpenIDUserUtil.java
URL: http://svn.apache.org/viewvc/incubator/sling/trunk/extensions/openidauth/src/main/java/org/apache/sling/openidauth/OpenIDUserUtil.java?rev=742157&r1=742156&r2=742157&view=diff
==============================================================================
--- incubator/sling/trunk/extensions/openidauth/src/main/java/org/apache/sling/openidauth/OpenIDUserUtil.java
(original)
+++ incubator/sling/trunk/extensions/openidauth/src/main/java/org/apache/sling/openidauth/OpenIDUserUtil.java
Sun Feb  8 20:24:50 2009
@@ -19,7 +19,7 @@
 package org.apache.sling.openidauth;
 
 public class OpenIDUserUtil {
-	public static String getPrinicpalName(String openIdIdentifier) {
+	public static String getPrincipalName(String openIdIdentifier) {
 		if(openIdIdentifier.endsWith("/")) {
 			openIdIdentifier = openIdIdentifier.substring(0,openIdIdentifier.length()-1);
 		}

Modified: incubator/sling/trunk/extensions/openidauth/src/main/java/org/apache/sling/openidauth/impl/OpenIDAuthenticationHandler.java
URL: http://svn.apache.org/viewvc/incubator/sling/trunk/extensions/openidauth/src/main/java/org/apache/sling/openidauth/impl/OpenIDAuthenticationHandler.java?rev=742157&r1=742156&r2=742157&view=diff
==============================================================================
--- incubator/sling/trunk/extensions/openidauth/src/main/java/org/apache/sling/openidauth/impl/OpenIDAuthenticationHandler.java
(original)
+++ incubator/sling/trunk/extensions/openidauth/src/main/java/org/apache/sling/openidauth/impl/OpenIDAuthenticationHandler.java
Sun Feb  8 20:24:50 2009
@@ -19,16 +19,25 @@
 package org.apache.sling.openidauth.impl;
 
 import java.io.IOException;
+import java.security.Principal;
+import java.util.Map;
 import java.util.Properties;
 
 import javax.jcr.Credentials;
+import javax.jcr.RepositoryException;
+import javax.jcr.Session;
 import javax.jcr.SimpleCredentials;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.login.FailedLoginException;
+import javax.security.auth.login.LoginException;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
 import org.apache.sling.commons.osgi.OsgiUtil;
 import org.apache.sling.engine.auth.AuthenticationHandler;
 import org.apache.sling.engine.auth.AuthenticationInfo;
+import org.apache.sling.jcr.jackrabbit.server.security.AuthenticationPlugin;
+import org.apache.sling.jcr.jackrabbit.server.security.LoginModulePlugin;
 import org.apache.sling.openidauth.OpenIDConstants;
 import org.apache.sling.openidauth.OpenIDUserUtil;
 import org.apache.sling.openidauth.OpenIDConstants.OpenIDFailure;
@@ -50,11 +59,11 @@
  *                description="%auth.openid.description"
  * @scr.property name="service.description" value="Apache Sling OpenID Authentication Handler"
  * @scr.property name="service.vendor" value="The Apache Software Foundation"
- * @scr.property nameRef="AuthenticationHandler.PATH_PROPERTY" values.0="/" 
+ * @scr.property nameRef="AuthenticationHandler.PATH_PROPERTY" values.0="/"
  * @scr.service
  */
 public class OpenIDAuthenticationHandler implements
-        AuthenticationHandler {
+        AuthenticationHandler, LoginModulePlugin {
 
     /** default log */
     private final Logger log = LoggerFactory.getLogger(getClass());
@@ -174,7 +183,6 @@
     static final String SLASH = "/";
     
     private ComponentContext context;
-    private String openIdUserPassword;
     
     private String loginForm;
     private String authSuccessUrl;
@@ -269,11 +277,21 @@
         // if the response is already committed, we have a problem !!
         if (!response.isCommitted()) {
         	
+        	// If we're here & we have a valid authenticated user
+        	// probably we failed the repository login (no repo user
+        	// configured for the authenticated principal)
+        	OpenIdUser user = (OpenIdUser)request.getAttribute(OpenIDConstants.OPEN_ID_USER_ATTRIBUTE);
+        	if(user != null && user.isAuthenticated()) {
+        		request.getSession().setAttribute(
+        				OpenIDConstants.OPENID_FAILURE_REASON_ATTRIBUTE, 
+        				OpenIDConstants.OpenIDFailure.REPOSITORY);
+        	}
+
         	// requestAuthentication is only called after a failed authentication
         	// so it makes sense to remove any existing login
-        	// original URL is set only if it doesn't already exist
         	relyingParty.invalidate(request, response);
-        	
+
+        	// original URL is set only if it doesn't already exist        	
         	if(request.getSession().getAttribute(OpenIDConstants.ORIGINAL_URL_ATTRIBUTE) ==
null) {
         		String originalUrl = request.getRequestURI() +
         			(request.getQueryString() != null ? "?" + request.getQueryString() : "");
@@ -328,10 +346,6 @@
     protected void activate(ComponentContext componentContext) {
     	context = componentContext;
     	
-    	openIdUserPassword = OsgiUtil.toString(
-         		context.getProperties().get(PROP_OPENID_USERS_PASSWORD), 
-         		DEFAULT_OPENID_USERS_PASSWORD);
-    	
     	loginForm = OsgiUtil.toString(
          		context.getProperties().get(PROP_LOGIN_FORM), 
          		DEFAULT_LOGIN_FORM);
@@ -478,7 +492,7 @@
 	            if(user.isAuthenticated()) {
 	                // user already authenticated
 	                request.setAttribute(OpenIdUser.ATTR_NAME, user);
-	                return getAuthInfoFromIdentifier(user.getIdentity());
+	                return getAuthInfoFromUser(user);
 	            } else if(user.isAssociated()) {
 	            	if(RelyingParty.isAuthResponse(request)) {
 		            	if(relyingParty.verifyAuth(user, request, response)) {
@@ -558,11 +572,49 @@
 		return attr;
     }
     
-    private AuthenticationInfo getAuthInfoFromIdentifier(String id) {
-    	String jcrId = OpenIDUserUtil.getPrinicpalName(id);
+    private AuthenticationInfo getAuthInfoFromUser(OpenIdUser user) {
+    	String jcrId = OpenIDUserUtil.getPrincipalName(user.getIdentity());
 
-    	Credentials creds = new SimpleCredentials(jcrId,openIdUserPassword.toCharArray());
+    	SimpleCredentials creds = new SimpleCredentials(jcrId,new char[0]);
+    	creds.setAttribute(getClass().getName(), user);
         return new AuthenticationInfo(OpenIDConstants.OPEN_ID_AUTH_TYPE, creds);
     }
 
+	public boolean canHandle(Credentials credentials) {
+		if(credentials != null && credentials instanceof SimpleCredentials) {
+			SimpleCredentials sc = (SimpleCredentials)credentials;
+			OpenIdUser user = (OpenIdUser)sc.getAttribute(getClass().getName());
+			if(user != null) {
+				return user.isAssociated();
+			}
+		}
+		return false;
+	}
+
+	public void doInit(CallbackHandler callbackHandler, Session session,
+			Map options) throws LoginException {
+		return;
+	}
+
+	public AuthenticationPlugin getAuthentication(Principal principal,
+			Credentials creds) throws RepositoryException {
+		return new OpenIDAuthenticationPlugin(principal);
+	}
+
+	public Principal getPrincipal(Credentials credentials) {
+		if(credentials != null && credentials instanceof SimpleCredentials) {
+			SimpleCredentials sc = (SimpleCredentials)credentials;
+			OpenIdUser user = (OpenIdUser)sc.getAttribute(getClass().getName());
+			if(user != null) {
+				return new OpenIDPrincipal(user);
+			}
+		}
+		return null;
+	}
+
+	public int impersonate(Principal principal, Credentials credentials)
+			throws RepositoryException, FailedLoginException {
+		return LoginModulePlugin.IMPERSONATION_DEFAULT;
+	}
+
 }
\ No newline at end of file

Added: incubator/sling/trunk/extensions/openidauth/src/main/java/org/apache/sling/openidauth/impl/OpenIDAuthenticationPlugin.java
URL: http://svn.apache.org/viewvc/incubator/sling/trunk/extensions/openidauth/src/main/java/org/apache/sling/openidauth/impl/OpenIDAuthenticationPlugin.java?rev=742157&view=auto
==============================================================================
--- incubator/sling/trunk/extensions/openidauth/src/main/java/org/apache/sling/openidauth/impl/OpenIDAuthenticationPlugin.java
(added)
+++ incubator/sling/trunk/extensions/openidauth/src/main/java/org/apache/sling/openidauth/impl/OpenIDAuthenticationPlugin.java
Sun Feb  8 20:24:50 2009
@@ -0,0 +1,55 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.sling.openidauth.impl;
+
+import java.security.Principal;
+
+import javax.jcr.Credentials;
+import javax.jcr.RepositoryException;
+import javax.jcr.SimpleCredentials;
+
+import org.apache.sling.jcr.jackrabbit.server.security.AuthenticationPlugin;
+import org.apache.sling.openidauth.OpenIDUserUtil;
+
+import com.dyuproject.openid.OpenIdUser;
+
+public class OpenIDAuthenticationPlugin implements AuthenticationPlugin {
+
+	private Principal principal;
+	
+	public OpenIDAuthenticationPlugin(Principal p) {
+		this.principal = p;
+	}
+	
+	public boolean authenticate(Credentials credentials)
+			throws RepositoryException {
+		if(credentials instanceof SimpleCredentials) {
+			OpenIdUser user = (OpenIdUser)((SimpleCredentials)credentials)
+				.getAttribute(OpenIDAuthenticationHandler.class.getName());
+			if(user != null) {
+				return principal.getName().equals(
+						OpenIDUserUtil.getPrincipalName(
+								user.getIdentity())) && 
+						user.isAuthenticated();
+			}
+		}
+		throw new RepositoryException("Can't authenticate credentials of type: " + credentials.getClass());
+	}
+
+}

Propchange: incubator/sling/trunk/extensions/openidauth/src/main/java/org/apache/sling/openidauth/impl/OpenIDAuthenticationPlugin.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: incubator/sling/trunk/extensions/openidauth/src/main/java/org/apache/sling/openidauth/impl/OpenIDAuthenticationPlugin.java
------------------------------------------------------------------------------
    svn:keywords = Author Date Id Revision Rev Url

Added: incubator/sling/trunk/extensions/openidauth/src/main/java/org/apache/sling/openidauth/impl/OpenIDPrincipal.java
URL: http://svn.apache.org/viewvc/incubator/sling/trunk/extensions/openidauth/src/main/java/org/apache/sling/openidauth/impl/OpenIDPrincipal.java?rev=742157&view=auto
==============================================================================
--- incubator/sling/trunk/extensions/openidauth/src/main/java/org/apache/sling/openidauth/impl/OpenIDPrincipal.java
(added)
+++ incubator/sling/trunk/extensions/openidauth/src/main/java/org/apache/sling/openidauth/impl/OpenIDPrincipal.java
Sun Feb  8 20:24:50 2009
@@ -0,0 +1,44 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.sling.openidauth.impl;
+
+import java.security.Principal;
+
+import org.apache.sling.openidauth.OpenIDUserUtil;
+
+import com.dyuproject.openid.OpenIdUser;
+
+public class OpenIDPrincipal implements Principal {
+
+	private String name;
+	private OpenIdUser user;
+	
+	public OpenIDPrincipal(OpenIdUser user) {
+		this.user = user;
+		this.name = this.user != null ? OpenIDUserUtil.getPrincipalName(user.getIdentity()) : "";
+	}
+	
+	public String getName() {
+		return name;
+	}
+
+	public OpenIdUser getUser() {
+		return user;
+	}
+}

Propchange: incubator/sling/trunk/extensions/openidauth/src/main/java/org/apache/sling/openidauth/impl/OpenIDPrincipal.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: incubator/sling/trunk/extensions/openidauth/src/main/java/org/apache/sling/openidauth/impl/OpenIDPrincipal.java
------------------------------------------------------------------------------
    svn:keywords = Author Date Id Revision Rev Url

Modified: incubator/sling/trunk/extensions/openidauth/src/main/resources/OSGI-INF/metatype/metatype.properties
URL: http://svn.apache.org/viewvc/incubator/sling/trunk/extensions/openidauth/src/main/resources/OSGI-INF/metatype/metatype.properties?rev=742157&r1=742156&r2=742157&view=diff
==============================================================================
--- incubator/sling/trunk/extensions/openidauth/src/main/resources/OSGI-INF/metatype/metatype.properties
(original)
+++ incubator/sling/trunk/extensions/openidauth/src/main/resources/OSGI-INF/metatype/metatype.properties
Sun Feb  8 20:24:50 2009
@@ -38,12 +38,6 @@
 path is configured, it is regarded as inactive. If the handler should be \
 used for all requests, the path should be '/'.
 
-auth.priority.name = Authentication priority
-auth.priority.description = This handler's priority for attempting to authenticate a request
-
-request.auth.priority.name = Authentication Challenge priority
-request.auth.priority.description = This handler's priority for issuing an authentication
challenge
-
 openid.use.cookie.name = Use cookie 
 openid.use.cookie.description = Use a cookie to persist the authentication.  If this is \
 false, uses an HTTP session attribute.
@@ -113,13 +107,6 @@
 are sent to the Provider as form parameters.  If this is empty, the URLs are generated \
 using the hostname found in the original request.
 
-openid.users.password.name = OpenID users repository password 
-openid.users.password.description = The password for an OpenID user repository \
-login.  Since OpenID Providers do not share the user's password with \
-the Relaying Party, all OpenID-authenticated users must use a configured \
-repository password.  This pasword is currently stored in the bundle config \
-so is as secure the repository admin password (!).
-
 openid.anon.auth.resources.name = Access auth resources anonymously
 openid.anon.auth.resources.description = Causes the authenticator to authenticate the \
 request as the anonymous user for the local login, auth failure & logout pages. \

Modified: incubator/sling/trunk/extensions/openidauth/src/main/resources/SLING-INF/content/apps/openid/auth/login/html.jsp
URL: http://svn.apache.org/viewvc/incubator/sling/trunk/extensions/openidauth/src/main/resources/SLING-INF/content/apps/openid/auth/login/html.jsp?rev=742157&r1=742156&r2=742157&view=diff
==============================================================================
--- incubator/sling/trunk/extensions/openidauth/src/main/resources/SLING-INF/content/apps/openid/auth/login/html.jsp
(original)
+++ incubator/sling/trunk/extensions/openidauth/src/main/resources/SLING-INF/content/apps/openid/auth/login/html.jsp
Sun Feb  8 20:24:50 2009
@@ -29,6 +29,8 @@
 		failureMessage = "Unable to find OpenID provider";
 	} else if (failureReason == OpenIDConstants.OpenIDFailure.ASSOCIATION) {
 		failureMessage = "Unable to associate with OpenID provider";
+	} else if (failureReason == OpenIDConstants.OpenIDFailure.REPOSITORY) {
+		failureMessage = "No matching repository user found";
 	} else if (failureReason != null) {
 		failureMessage = "Unknown login error";
 	}
@@ -105,7 +107,8 @@
 			<div class="login-status">
 				<% if (failureReason != null) { %>
 					<div class="error"><%= failureMessage %></div>
-				<% } else if(currentLogin != null) { %>
+				<% } %>
+				<% if(currentLogin != null) { %>
 	            		Currently logged in as: 
 	            		<span class="username"><%= currentLogin %></span>
 	            <% } %>



Mime
View raw message