incubator-sling-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From fmesc...@apache.org
Subject svn commit: r886144 - in /sling/trunk/bundles/jcr/jackrabbit-usermanager/src/main/java/org/apache/sling/jackrabbit/usermanager/impl: post/AbstractUserPostServlet.java post/ChangeUserPasswordServlet.java resource/AuthorizableValueMap.java
Date Wed, 02 Dec 2009 13:56:00 GMT
Author: fmeschbe
Date: Wed Dec  2 13:55:59 2009
New Revision: 886144

URL: http://svn.apache.org/viewvc?rev=886144&view=rev
Log:
SLING-1208 As of Jackrabbit 1.6 the protected properties of the repository reflection of users
and groups are not returned as Authorizable properties any more. Therefore the rep:principalName
property which is checked in the integration test does not exist any longer. Likeweis the
rep:password is not returned any more, so we have to use a (hacky) workaround.

Modified:
    sling/trunk/bundles/jcr/jackrabbit-usermanager/src/main/java/org/apache/sling/jackrabbit/usermanager/impl/post/AbstractUserPostServlet.java
    sling/trunk/bundles/jcr/jackrabbit-usermanager/src/main/java/org/apache/sling/jackrabbit/usermanager/impl/post/ChangeUserPasswordServlet.java
    sling/trunk/bundles/jcr/jackrabbit-usermanager/src/main/java/org/apache/sling/jackrabbit/usermanager/impl/resource/AuthorizableValueMap.java

Modified: sling/trunk/bundles/jcr/jackrabbit-usermanager/src/main/java/org/apache/sling/jackrabbit/usermanager/impl/post/AbstractUserPostServlet.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/jcr/jackrabbit-usermanager/src/main/java/org/apache/sling/jackrabbit/usermanager/impl/post/AbstractUserPostServlet.java?rev=886144&r1=886143&r2=886144&view=diff
==============================================================================
--- sling/trunk/bundles/jcr/jackrabbit-usermanager/src/main/java/org/apache/sling/jackrabbit/usermanager/impl/post/AbstractUserPostServlet.java
(original)
+++ sling/trunk/bundles/jcr/jackrabbit-usermanager/src/main/java/org/apache/sling/jackrabbit/usermanager/impl/post/AbstractUserPostServlet.java
Wed Dec  2 13:55:59 2009
@@ -33,7 +33,7 @@
     /**
      * To be used for the encryption. E.g. for passwords in
      * {@link javax.jcr.SimpleCredentials#getPassword()} SimpleCredentials}
-     * 
+     *
      * @scr.property valueRef="DEFAULT_PASSWORD_DIGEST_ALGORITHM"
      */
     private static final String PROP_PASSWORD_DIGEST_ALGORITHM = "password.digest.algorithm";
@@ -64,17 +64,28 @@
 
     /**
      * Digest the given password using the configured digest algorithm
-     * 
+     *
      * @param pwd the value to digest
      * @return the digested value
      * @throws IllegalArgumentException
      */
     protected String digestPassword(String pwd) throws IllegalArgumentException {
+        return digestPassword(pwd, passwordDigestAlgoritm);
+    }
+
+    /**
+     * Digest the given password using the given digest algorithm
+     *
+     * @param pwd the value to digest
+     * @param digest the digest algorithm to use for digesting
+     * @return the digested value
+     * @throws IllegalArgumentException
+     */
+    protected String digestPassword(String pwd, String digest) throws IllegalArgumentException
{
         try {
             StringBuffer password = new StringBuffer();
-            password.append("{").append(passwordDigestAlgoritm).append("}");
-            password.append(Text.digest(passwordDigestAlgoritm,
-                pwd.getBytes("UTF-8")));
+            password.append("{").append(digest).append("}");
+            password.append(Text.digest(digest, pwd.getBytes("UTF-8")));
             return password.toString();
         } catch (NoSuchAlgorithmException e) {
             throw new IllegalArgumentException(e.toString());

Modified: sling/trunk/bundles/jcr/jackrabbit-usermanager/src/main/java/org/apache/sling/jackrabbit/usermanager/impl/post/ChangeUserPasswordServlet.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/jcr/jackrabbit-usermanager/src/main/java/org/apache/sling/jackrabbit/usermanager/impl/post/ChangeUserPasswordServlet.java?rev=886144&r1=886143&r2=886144&view=diff
==============================================================================
--- sling/trunk/bundles/jcr/jackrabbit-usermanager/src/main/java/org/apache/sling/jackrabbit/usermanager/impl/post/ChangeUserPasswordServlet.java
(original)
+++ sling/trunk/bundles/jcr/jackrabbit-usermanager/src/main/java/org/apache/sling/jackrabbit/usermanager/impl/post/ChangeUserPasswordServlet.java
Wed Dec  2 13:55:59 2009
@@ -16,12 +16,13 @@
  */
 package org.apache.sling.jackrabbit.usermanager.impl.post;
 
+import java.lang.reflect.Method;
 import java.util.List;
 
+import javax.jcr.Credentials;
 import javax.jcr.RepositoryException;
 import javax.jcr.Session;
-import javax.jcr.Value;
-
+import javax.jcr.SimpleCredentials;
 import org.apache.jackrabbit.api.security.user.Authorizable;
 import org.apache.jackrabbit.api.security.user.User;
 import org.apache.sling.api.SlingHttpServletRequest;
@@ -125,17 +126,10 @@
                 "New Password does not match the confirmation password");
         }
 
-        try {
-            String digestedOldPwd = digestPassword(oldPwd);
-            Value[] pwdProperty = ((User) authorizable).getProperty("rep:password");
-            if (pwdProperty != null && pwdProperty.length > 0) {
-                String repPasswordValue = pwdProperty[0].getString();
-                if (!digestedOldPwd.equals(repPasswordValue)) {
-                    // submitted oldPwd value is not correct.
-                    throw new RepositoryException("Old Password does not match");
-                }
-            }
+        // verify old password
+        checkPassword(authorizable, oldPwd);
 
+        try {
             ((User) authorizable).changePassword(digestPassword(newPwd));
 
             changes.add(Modification.onModified(resource.getPath()
@@ -144,4 +138,33 @@
             throw new RepositoryException("Failed to change user password.", re);
         }
     }
+
+    private void checkPassword(Authorizable authorizable, String oldPassword)
+            throws RepositoryException {
+        Credentials oldCreds = ((User) authorizable).getCredentials();
+        if (oldCreds instanceof SimpleCredentials) {
+            char[] oldCredsPwd = ((SimpleCredentials) oldCreds).getPassword();
+            if (oldPassword.equals(String.valueOf(oldCredsPwd))) {
+                return;
+            }
+        } else {
+            try {
+                // CryptSimpleCredentials.matches(SimpleCredentials credentials)
+                Class<?> oldCredsClass = oldCreds.getClass();
+                Method matcher = oldCredsClass.getMethod("matches",
+                    SimpleCredentials.class);
+                SimpleCredentials newCreds = new SimpleCredentials(
+                    authorizable.getPrincipal().getName(),
+                    oldPassword.toCharArray());
+                boolean match = (Boolean) matcher.invoke(oldCreds, newCreds);
+                if (match) {
+                    return;
+                }
+            } catch (Throwable t) {
+                // failure here, fall back to password check failure below
+            }
+        }
+
+        throw new RepositoryException("Old Password does not match");
+    }
 }

Modified: sling/trunk/bundles/jcr/jackrabbit-usermanager/src/main/java/org/apache/sling/jackrabbit/usermanager/impl/resource/AuthorizableValueMap.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/jcr/jackrabbit-usermanager/src/main/java/org/apache/sling/jackrabbit/usermanager/impl/resource/AuthorizableValueMap.java?rev=886144&r1=886143&r2=886144&view=diff
==============================================================================
--- sling/trunk/bundles/jcr/jackrabbit-usermanager/src/main/java/org/apache/sling/jackrabbit/usermanager/impl/resource/AuthorizableValueMap.java
(original)
+++ sling/trunk/bundles/jcr/jackrabbit-usermanager/src/main/java/org/apache/sling/jackrabbit/usermanager/impl/resource/AuthorizableValueMap.java
Wed Dec  2 13:55:59 2009
@@ -18,11 +18,9 @@
 
 import java.lang.reflect.Array;
 import java.util.ArrayList;
-import java.util.Arrays;
 import java.util.Calendar;
 import java.util.Collection;
 import java.util.Date;
-import java.util.HashSet;
 import java.util.Iterator;
 import java.util.LinkedHashMap;
 import java.util.List;
@@ -46,8 +44,13 @@
 public class AuthorizableValueMap implements ValueMap {
     private Logger logger = LoggerFactory.getLogger(AuthorizableValueMap.class);
 
-    private Set<String> hiddenProperties = new HashSet<String>(
-        Arrays.asList(new String[] { "rep:password", "jcr:uuid" }));
+    /**
+     * Principal Name property of the Authorizable. This has been returned
+     * before Jackrabbit 1.6 as part of the Authorizable properties but is
+     * now removed from the set. We add this to the properties again to be
+     * able to convey this data to the request.
+     */
+    private static final String REP_PRINCIPAL_NAME = "rep:principalName";
 
     private boolean fullyRead;
 
@@ -138,14 +141,18 @@
             return null;
         }
 
-        if (hiddenProperties.contains(key)) {
-            return null;
-        }
-
         try {
-            if (authorizable.hasProperty(key)) {
-                Value[] property = authorizable.getProperty(key);
-                Object value = valuesToJavaObject(property);
+            final Object value;
+            if (REP_PRINCIPAL_NAME.equals(key)) {
+                value = authorizable.getPrincipal().getName();
+            } else  if (authorizable.hasProperty(key)) {
+                final Value[] property = authorizable.getProperty(key);
+                value = valuesToJavaObject(property);
+            } else {
+                value = null;
+            }
+
+            if (value != null) {
                 cache.put(key, value);
                 return value;
             }
@@ -179,17 +186,19 @@
                 Iterator pi = authorizable.getPropertyNames();
                 while (pi.hasNext()) {
                     String key = (String) pi.next();
-
-                    if (hiddenProperties.contains(key)) {
-                        continue; // skip it.
-                    }
-
                     if (!cache.containsKey(key)) {
                         Value[] property = authorizable.getProperty(key);
                         Object value = valuesToJavaObject(property);
                         cache.put(key, value);
                     }
                 }
+
+                // add principal name
+                if (!cache.containsKey(REP_PRINCIPAL_NAME)) {
+                    cache.put(REP_PRINCIPAL_NAME,
+                        authorizable.getPrincipal().getName());
+                }
+
                 fullyRead = true;
             } catch (RepositoryException re) {
                 // TODO: log !!



Mime
View raw message