jackrabbit-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ang...@apache.org
Subject svn commit: r653795 - in /jackrabbit/trunk: jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/ jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/ jackrabbit-core/src/main/resources/org/apache/jackrabbit/core/node...
Date Tue, 06 May 2008 14:50:33 GMT
Author: angela
Date: Tue May  6 07:50:32 2008
New Revision: 653795

URL: http://svn.apache.org/viewvc?rev=653795&view=rev
Log:
JCR-1104 : JSR 283 support (security work in progress)

- user API: add changePw method to the User.java
- adjust impl and change password to be a protected property

Modified:
    jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/User.java
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/AuthorizableImpl.java
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/UserImpl.java
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/UserManagerImpl.java
    jackrabbit/trunk/jackrabbit-core/src/main/resources/org/apache/jackrabbit/core/nodetype/builtin_nodetypes.cnd
    jackrabbit/trunk/jackrabbit-core/src/main/resources/org/apache/jackrabbit/core/nodetype/builtin_nodetypes.xml
    jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/api/security/user/UserTest.java
    jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/AuthorizableImplTest.java
    jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/UserImplTest.java

Modified: jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/User.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/User.java?rev=653795&r1=653794&r2=653795&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/User.java
(original)
+++ jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/User.java
Tue May  6 07:50:32 2008
@@ -44,4 +44,11 @@
      */
     Impersonation getImpersonation() throws RepositoryException;
 
+    /**
+     * Change the password of this user.
+     *
+     * @param password The new password.
+     * @throws RepositoryException
+     */
+    void changePassword(String password) throws RepositoryException;
 }

Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/AuthorizableImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/AuthorizableImpl.java?rev=653795&r1=653794&r2=653795&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/AuthorizableImpl.java
(original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/AuthorizableImpl.java
Tue May  6 07:50:32 2008
@@ -361,6 +361,7 @@
      * <li>rep:referees</li>
      * <li>rep:groups</li>
      * <li>rep:impersonators</li>
+     * <li>rep:password</li>
      * </ul>
      * Those properties are 'protected' in their property definition. This
      * method is a simple utility in order to save the extra effort to modify
@@ -374,7 +375,7 @@
         Name pName = getSession().getQName(propertyName);
          if (P_PRINCIPAL_NAME.equals(pName) || P_USERID.equals(pName)
                  || P_REFEREES.equals(pName) || P_GROUPS.equals(pName)
-                 || P_IMPERSONATORS.equals(pName)) {
+                 || P_IMPERSONATORS.equals(pName) || P_PASSWORD.equals(pName)) {
              return true;
          } else {
              return false;

Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/UserImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/UserImpl.java?rev=653795&r1=653794&r2=653795&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/UserImpl.java
(original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/UserImpl.java
Tue May  6 07:50:32 2008
@@ -26,6 +26,7 @@
 
 import javax.jcr.Credentials;
 import javax.jcr.RepositoryException;
+import javax.jcr.Value;
 import java.io.UnsupportedEncodingException;
 import java.security.NoSuchAlgorithmException;
 import java.security.Principal;
@@ -63,6 +64,23 @@
         return new UserImpl(node, userManager);
     }
 
+    /**
+     * 
+     * @param password
+     * @return
+     * @throws RepositoryException
+     */
+    static String buildPasswordValue(String password) throws RepositoryException {
+        try {
+            CryptedSimpleCredentials creds = new CryptedSimpleCredentials("_", password);
+            return creds.getPassword();
+        } catch (NoSuchAlgorithmException e) {
+            throw new RepositoryException(e);
+        } catch (UnsupportedEncodingException e) {
+            throw new RepositoryException(e);
+        }
+    }
+
     //-------------------------------------------------------< Authorizable >---
     /**
      * @see Authorizable#getID()
@@ -123,4 +141,15 @@
         }
         return impersonation;
     }
+
+    /**
+     * @see User#changePassword(String)
+     */
+    public void changePassword(String password) throws RepositoryException {
+        if (password == null) {
+            throw new IllegalArgumentException("The password may never be null.");
+        }
+        Value v = getSession().getValueFactory().createValue(buildPasswordValue(password));
+        userManager.setProtectedProperty(getNode(), P_PASSWORD, v);
+    }
 }

Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/UserManagerImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/UserManagerImpl.java?rev=653795&r1=653794&r2=653795&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/UserManagerImpl.java
(original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/UserManagerImpl.java
Tue May  6 07:50:32 2008
@@ -25,7 +25,6 @@
 import org.apache.jackrabbit.core.NodeImpl;
 import org.apache.jackrabbit.core.SecurityItemModifier;
 import org.apache.jackrabbit.core.SessionImpl;
-import org.apache.jackrabbit.core.security.authentication.CryptedSimpleCredentials;
 import org.apache.jackrabbit.core.security.principal.ItemBasedPrincipal;
 import org.apache.jackrabbit.core.security.principal.PrincipalImpl;
 import org.apache.jackrabbit.spi.Name;
@@ -44,8 +43,6 @@
 import javax.jcr.lock.LockException;
 import javax.jcr.nodetype.ConstraintViolationException;
 import javax.jcr.version.VersionException;
-import java.io.UnsupportedEncodingException;
-import java.security.NoSuchAlgorithmException;
 import java.security.Principal;
 import java.util.HashSet;
 import java.util.Iterator;
@@ -192,9 +189,8 @@
             Name nodeName = session.getQName(Text.escapeIllegalJcrChars(userID));
             NodeImpl userNode = addSecurityNode(parent, nodeName, NT_REP_USER);
 
-            CryptedSimpleCredentials creds = new CryptedSimpleCredentials(userID, password);
-            setSecurityProperty(userNode, P_USERID, getValue(creds.getUserID()));
-            setSecurityProperty(userNode, P_PASSWORD, getValue(creds.getPassword()));
+            setSecurityProperty(userNode, P_USERID, getValue(userID));
+            setSecurityProperty(userNode, P_PASSWORD, getValue(UserImpl.buildPasswordValue(password)));
             setSecurityProperty(userNode, P_PRINCIPAL_NAME, getValue(principal.getName()));
             parent.save();
 
@@ -207,10 +203,6 @@
                 log.debug("Failed to create new User, reverting changes.");
             }
             throw e;
-        } catch (NoSuchAlgorithmException e) {
-            throw new RepositoryException(e);
-        } catch (UnsupportedEncodingException e) {
-            throw new RepositoryException(e);
         }
     }
 
@@ -313,6 +305,11 @@
         return res.hasNext();
     }
 
+    void setProtectedProperty(NodeImpl node, Name propName, Value value) throws RepositoryException,
LockException, ConstraintViolationException, ItemExistsException, VersionException {
+        setSecurityProperty(node, propName, value);
+        node.save();
+    }
+
     void setProtectedProperty(NodeImpl node, Name propName, Value[] values) throws RepositoryException,
LockException, ConstraintViolationException, ItemExistsException, VersionException {
         setSecurityProperty(node, propName, values);
         node.save();

Modified: jackrabbit/trunk/jackrabbit-core/src/main/resources/org/apache/jackrabbit/core/nodetype/builtin_nodetypes.cnd
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/resources/org/apache/jackrabbit/core/nodetype/builtin_nodetypes.cnd?rev=653795&r1=653794&r2=653795&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/resources/org/apache/jackrabbit/core/nodetype/builtin_nodetypes.cnd
(original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/resources/org/apache/jackrabbit/core/nodetype/builtin_nodetypes.cnd
Tue May  6 07:50:32 2008
@@ -215,7 +215,7 @@
 
 [rep:User] > rep:Authorizable, rep:Impersonatable
   - rep:userId (string) protected mandatory
-  - rep:password (string) mandatory
+  - rep:password (string) protected mandatory
 
 [rep:Group] > rep:Authorizable
 

Modified: jackrabbit/trunk/jackrabbit-core/src/main/resources/org/apache/jackrabbit/core/nodetype/builtin_nodetypes.xml
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/resources/org/apache/jackrabbit/core/nodetype/builtin_nodetypes.xml?rev=653795&r1=653794&r2=653795&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/resources/org/apache/jackrabbit/core/nodetype/builtin_nodetypes.xml
(original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/resources/org/apache/jackrabbit/core/nodetype/builtin_nodetypes.xml
Tue May  6 07:50:32 2008
@@ -495,7 +495,7 @@
             <supertype>rep:Impersonatable</supertype>
         </supertypes>
         <propertyDefinition name="rep:userId" requiredType="String" autoCreated="false"
mandatory="true" onParentVersion="COPY" protected="true" multiple="false" />
-        <propertyDefinition name="rep:password" requiredType="String" autoCreated="false"
mandatory="true" onParentVersion="COPY" protected="false" multiple="false" />
+        <propertyDefinition name="rep:password" requiredType="String" autoCreated="false"
mandatory="true" onParentVersion="COPY" protected="true" multiple="false" />
     </nodeType>
 
     <nodeType name="rep:Group" isMixin="false" hasOrderableChildNodes="false" primaryItemName="">

Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/api/security/user/UserTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/api/security/user/UserTest.java?rev=653795&r1=653794&r2=653795&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/api/security/user/UserTest.java
(original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/api/security/user/UserTest.java
Tue May  6 07:50:32 2008
@@ -22,6 +22,9 @@
 
 import javax.jcr.RepositoryException;
 import javax.jcr.Credentials;
+import javax.jcr.SimpleCredentials;
+import javax.jcr.Session;
+import javax.jcr.LoginException;
 
 /**
  * <code>UserTest</code>...
@@ -50,4 +53,43 @@
         Credentials creds = user.getCredentials();
         assertTrue(creds != null);
     }
+
+    public void testChangePassword() throws RepositoryException, NotExecutableException {
+        String oldPw = helper.getProperty("javax.jcr.tck.superuser.pwd");
+        if (oldPw == null) {
+            // missing property
+            throw new NotExecutableException();
+        }
+
+        User user = getTestUser(superuser);
+        try {
+            user.changePassword("pw");
+            // make sure the user can login with the new pw
+            Session s = helper.getRepository().login(new SimpleCredentials(user.getID(),
"pw".toCharArray()));
+            s.logout();
+        } finally {
+            user.changePassword(oldPw);
+        }
+    }
+
+    public void testChangePassword2() throws RepositoryException, NotExecutableException
{
+        String oldPw = helper.getProperty("javax.jcr.tck.superuser.pwd");
+        if (oldPw == null) {
+            // missing property
+            throw new NotExecutableException();
+        }
+
+        User user = getTestUser(superuser);
+        try {
+            user.changePassword("pw");
+
+            Session s = helper.getRepository().login(new SimpleCredentials(user.getID(),
oldPw.toCharArray()));
+            s.logout();
+            fail("superuser pw has changed. login must fail.");
+        } catch (LoginException e) {
+            // success
+        } finally {
+            user.changePassword(oldPw);
+        }
+    }
 }

Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/AuthorizableImplTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/AuthorizableImplTest.java?rev=653795&r1=653794&r2=653795&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/AuthorizableImplTest.java
(original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/AuthorizableImplTest.java
Tue May  6 07:50:32 2008
@@ -52,6 +52,7 @@
         if (superuser instanceof SessionImpl) {
             NameResolver resolver = ((SessionImpl) superuser).getNamePathResolver();
             protectedUserProps.add(resolver.getJCRName(UserConstants.P_USERID));
+            protectedUserProps.add(resolver.getJCRName(UserConstants.P_PASSWORD));
             protectedUserProps.add(resolver.getJCRName(UserConstants.P_GROUPS));
             protectedUserProps.add(resolver.getJCRName(UserConstants.P_IMPERSONATORS));
             protectedUserProps.add(resolver.getJCRName(UserConstants.P_PRINCIPAL_NAME));

Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/UserImplTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/UserImplTest.java?rev=653795&r1=653794&r2=653795&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/UserImplTest.java
(original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/UserImplTest.java
Tue May  6 07:50:32 2008
@@ -31,6 +31,8 @@
 import javax.jcr.Session;
 import javax.jcr.SimpleCredentials;
 import java.security.Principal;
+import java.security.NoSuchAlgorithmException;
+import java.io.UnsupportedEncodingException;
 
 /**
  * <code>UserImplTest</code>...
@@ -81,7 +83,6 @@
 
     public void testUserCanModifyItsOwnProperties() throws RepositoryException {
         User u = (User) uMgr.getAuthorizable(uID);
-
         if (u == null) {
             fail("User " +uID+ "hast not been removed and must be visible to the Session
created with its credentials.");
         }
@@ -92,4 +93,22 @@
         u.removeProperty("Email");
         assertNull(u.getProperty("Email"));
     }
+
+    public void testChangePassword() throws RepositoryException, NotExecutableException,
NoSuchAlgorithmException, UnsupportedEncodingException {
+        String oldPw = helper.getProperty("javax.jcr.tck.superuser.pwd");
+        if (oldPw == null) {
+            // missing property
+            throw new NotExecutableException();
+        }
+
+        User user = getTestUser(superuser);
+        try {
+            user.changePassword("pw");
+
+            SimpleCredentials creds = new SimpleCredentials(user.getID(), "pw".toCharArray());
+            assertTrue(((CryptedSimpleCredentials) user.getCredentials()).matches(creds));
+        } finally {
+            user.changePassword(oldPw);
+        }
+    }
 }



Mime
View raw message