jackrabbit-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From fmesc...@apache.org
Subject svn commit: r904027 - in /jackrabbit/sandbox/jackrabbit2-bundle/jackrabbit-core/src/main/java/org/apache/jackrabbit/core: api/security/ osgi/ osgi/security/
Date Thu, 28 Jan 2010 10:25:54 GMT
Author: fmeschbe
Date: Thu Jan 28 10:25:54 2010
New Revision: 904027

URL: http://svn.apache.org/viewvc?rev=904027&view=rev
Log:
Introduce a LoginModulePluginFactory to be able to create new plugin instances for each login
request. Previously only a single service instance has been used for all requests and thus
would prevent actualy state keeping during the login process. To this avail the lifecycle
methods init, abort, and commit from the LoginModule interface have been added.

Added:
    jackrabbit/sandbox/jackrabbit2-bundle/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/api/security/DefaultLoginModulePlugin.java
      - copied, changed from r902734, jackrabbit/sandbox/jackrabbit2-bundle/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/api/security/AbstractLoginModulePlugin.java
    jackrabbit/sandbox/jackrabbit2-bundle/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/api/security/LoginModulePluginFactory.java
  (with props)
Removed:
    jackrabbit/sandbox/jackrabbit2-bundle/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/api/security/AbstractLoginModulePlugin.java
Modified:
    jackrabbit/sandbox/jackrabbit2-bundle/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/api/security/LoginModulePlugin.java
    jackrabbit/sandbox/jackrabbit2-bundle/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/osgi/Activator.java
    jackrabbit/sandbox/jackrabbit2-bundle/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/osgi/security/PluggableDefaultLoginModule.java

Copied: jackrabbit/sandbox/jackrabbit2-bundle/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/api/security/DefaultLoginModulePlugin.java
(from r902734, jackrabbit/sandbox/jackrabbit2-bundle/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/api/security/AbstractLoginModulePlugin.java)
URL: http://svn.apache.org/viewvc/jackrabbit/sandbox/jackrabbit2-bundle/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/api/security/DefaultLoginModulePlugin.java?p2=jackrabbit/sandbox/jackrabbit2-bundle/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/api/security/DefaultLoginModulePlugin.java&p1=jackrabbit/sandbox/jackrabbit2-bundle/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/api/security/AbstractLoginModulePlugin.java&r1=902734&r2=904027&rev=904027&view=diff
==============================================================================
--- jackrabbit/sandbox/jackrabbit2-bundle/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/api/security/AbstractLoginModulePlugin.java
(original)
+++ jackrabbit/sandbox/jackrabbit2-bundle/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/api/security/DefaultLoginModulePlugin.java
Thu Jan 28 10:25:54 2010
@@ -19,23 +19,51 @@
 package org.apache.jackrabbit.core.api.security;
 
 import java.security.Principal;
+import java.util.Map;
 import java.util.Set;
 
 import javax.jcr.Credentials;
 import javax.jcr.RepositoryException;
+import javax.jcr.Session;
+import javax.security.auth.callback.CallbackHandler;
 import javax.security.auth.login.FailedLoginException;
+import javax.security.auth.login.LoginException;
 
 /**
- * The <code>AbstractLoginModulePlugin</code> class is a default implementation
- * of the {@link LoginModulePlugin} interface providing a some default
- * implementations. Extensions of this class still have to implement the core
- * methods of the interface, namely
- * {@link LoginModulePlugin#canHandle(Credentials)} and
- * {@link LoginModulePlugin#authenticate(Principal, Credentials)}.
+ * The <code>DefaultLoginModulePlugin</code> class provides a default
+ * implementation of the {@link LoginModulePlugin} interface. It may be used as
+ * the basis of a custom {@link LoginModulePlugin} implementation, which only
+ * provides partial speciality.
  *
  * @see LoginModulePlugin
  */
-public abstract class AbstractLoginModulePlugin implements LoginModulePlugin {
+public class DefaultLoginModulePlugin implements LoginModulePlugin {
+
+    /**
+     * The default implementation does nothing in this method.
+     */
+    @SuppressWarnings("unused")
+    public void init(CallbackHandler callbackHandler, Session session,
+            Map<?, ?> options) throws LoginException {
+    }
+
+    /**
+     * The default implementation does nothing in this method and always returns
+     * <code>true</code>.
+     */
+    @SuppressWarnings("unused")
+    public boolean commit() throws LoginException {
+        return true;
+    }
+
+    /**
+     * The default implementation does nothing in this method and always returns
+     * <code>true</code>.
+     */
+    @SuppressWarnings("unused")
+    public boolean abort() throws LoginException {
+        return true;
+    }
 
     /**
      * The default implementation does not provide the user ID and relies on the
@@ -55,11 +83,24 @@
     }
 
     /**
-     * Adds no principals to the set
+     * The default implementation does not authenticate the principal and relies
+     * on the <code>DefaultLoginModule</code> to authenticate the principal with
+     * the credentials.
+     */
+    public boolean authenticate(Principal principal, Credentials credentials) {
+        return false;
+    }
+
+    /**
+     * The default implementation adds no principals to the set
      */
     public void addPrincipals(Set<Principal> principals) {
     }
 
+    /**
+     * The default implementation always returns
+     * {@link LoginModulePlugin#IMPERSONATION_DEFAULT}.
+     */
     @SuppressWarnings("unused")
     public int impersonate(Principal principal, Credentials credentials)
             throws RepositoryException, FailedLoginException {

Modified: jackrabbit/sandbox/jackrabbit2-bundle/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/api/security/LoginModulePlugin.java
URL: http://svn.apache.org/viewvc/jackrabbit/sandbox/jackrabbit2-bundle/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/api/security/LoginModulePlugin.java?rev=904027&r1=904026&r2=904027&view=diff
==============================================================================
--- jackrabbit/sandbox/jackrabbit2-bundle/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/api/security/LoginModulePlugin.java
(original)
+++ jackrabbit/sandbox/jackrabbit2-bundle/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/api/security/LoginModulePlugin.java
Thu Jan 28 10:25:54 2010
@@ -17,25 +17,23 @@
 package org.apache.jackrabbit.core.api.security;
 
 import java.security.Principal;
+import java.util.Map;
 import java.util.Set;
 
 import javax.jcr.Credentials;
 import javax.jcr.RepositoryException;
+import javax.jcr.Session;
+import javax.security.auth.callback.CallbackHandler;
 import javax.security.auth.login.FailedLoginException;
+import javax.security.auth.login.LoginException;
 
 /**
- * The <code>LoginModulePlugin</code> interface defines the OSGi service API
for
- * dynamic login module providers.
- * <p>
- * To use this plugin functionality the
- * <code>org.apache.jackrabbit.core.security.pluggable.PluggableDefaultLoginModule</code>
- * must be configued in the repository. Whenever a login process is initiated
- * the <code>PluggableDefaultLoginModule</code> calls the
- * {@link #canHandle(Credentials)} method of each registered
- * <code>LoginModulePlugin</code>. The first plugin returning <code>true</code>
- * is then used to handle all login related questions.
+ * The <code>LoginModulePlugin</code> interface defines the API to be
+ * implemented by a pluggable login module. Instances of this interface are
+ * returned by the {@link LoginModulePluginFactory#create(Credentials)} method.
  *
- * @see AbstractLoginModulePlugin
+ * @see DefaultLoginModulePlugin
+ * @see LoginModulePluginFactory
  */
 public interface LoginModulePlugin {
 
@@ -60,14 +58,34 @@
     static final int IMPERSONATION_FAILED = 2;
 
     /**
-     * Returns <code>true</code> if this plugin can process the given
-     * <code>credentials</code> object.
+     * Sets up the sate of this login module. If the instance throws any
+     * <code>Exception</code> during setup it will be ignored for the login
+     * processing.
+     */
+    void init(CallbackHandler callbackHandler, Session session,
+            Map<?, ?> options) throws LoginException;
+
+    /**
+     * Informs the plugin that the overall login process has succeeded and
+     * should now be finalized. This allows the implementation to cleanup any
+     * state which has been created during the login process.
      * <p>
-     * If no <code>LoginModulePlugin</code> can handle the credentials, the
-     * <code>DefaultLoginModule</code> is handling the complete authentication
-     * process and no plugin will be asked any more.
+     * Regardless of the outcome of this method, the <code>commit</code> method
+     * of the <code>DefaultLoginModule</code> is always called. The result of
+     * the overall commit process is the worst result of both methods.
      */
-    abstract boolean canHandle(Credentials credentials);
+    boolean commit() throws LoginException;
+
+    /**
+     * Informs the plugin that the overall login process has failed and should
+     * not be finalized. This allows the implementation to cleanup any state
+     * which has been created during the login process.
+     * <p>
+     * Regardless of the outcome of this method, the <code>abort</code> method
+     * of the <code>DefaultLoginModule</code> is always called. The result of
+     * the overall abort process is the worst result of both methods.
+     */
+    boolean abort() throws LoginException;
 
     /**
      * Returns the user ID encoded in the given credentials or <code>null</code>
@@ -76,10 +94,6 @@
      * This method is generally called by the <code>DefaultLoginModule</code>
if
      * the {@link #getPrincipal(Credentials)} method returns <code>null</code>.
      * <p>
-     * It is expected that this method only returns a non-<code>null</code>
-     * value if the {@link #canHandle(Credentials)} method returns
-     * <code>true</code>.
-     * <p>
      * If <code>null</code> is returned the user ID is expected to be provided
      * by the <code>AbstractLoginModule.getUserId(Credentials)</code> method.
      */
@@ -90,6 +104,10 @@
      * <p>
      * If <code>null</code> is returned the Principal will be provided by the
      * <code>DefaultLoginModule.getPrincipal</code> method.
+     * <p>
+     * Generally this method should return <code>null</code> unless the login
+     * module has a way of providing a Principal which may be used as the basis
+     * for authentication decisions in the repository.
      *
      * @return an instance of the Principal associated with these Credentials or
      *         <code>null</code>
@@ -106,30 +124,22 @@
 
     /**
      * Validate the credentials to identify the given principal. If the
-     * credentials identify the principal this method simply returns. If the
-     * credentials don't identify the principal the method throws a
-     * {@link FailedLoginException}.
-     * <p>
-     * This method is only called if the {@link #canHandle(Credentials)} returns
-     * <code>true</code>.
+     * credentials identify the principal this method returns <code>true</code>.
+     * If the credentials don't identify the principal the method returns
+     * <code>false</code> in which case the the <code>authenticate</code>
method
+     * of the <code>DefaultLoginModule</code> is called.
      *
-     * @throws FailedLoginException If the credentials to not identify the
-     *             principal.
+     * @return <code>true</code> if the credentials identify the principal.
+     *         Otherwise <code>false</code> to indicate the plugin cannot
+     *         identify the principal from the credentials.
      */
-    void authenticate(Principal principal, Credentials credentials)
-            throws FailedLoginException;
+    boolean authenticate(Principal principal, Credentials credentials);
 
     /**
      * Returns a code indicating either the status of the impersonation attempt,
      * or {@link #IMPERSONATION_DEFAULT} if the impersonation should be handled
-     * by
-     * {@link org.apache.jackrabbit.core.security.authentication.DefaultLoginModule#impersonate}
-     * .
-     * <p>
-     * This method is only called if the {@link #canHandle(Credentials)} returns
-     * <code>true</code>.
+     * by the <code>DefaultLoginModule.impersonate</code> method.
      *
-     * @see org.apache.jackrabbit.core.security.authentication.DefaultLoginModule#impersonate
      * @return one of {@link #IMPERSONATION_DEFAULT},
      *         {@link #IMPERSONATION_SUCCESS} or {@link #IMPERSONATION_FAILED}
      */

Added: jackrabbit/sandbox/jackrabbit2-bundle/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/api/security/LoginModulePluginFactory.java
URL: http://svn.apache.org/viewvc/jackrabbit/sandbox/jackrabbit2-bundle/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/api/security/LoginModulePluginFactory.java?rev=904027&view=auto
==============================================================================
--- jackrabbit/sandbox/jackrabbit2-bundle/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/api/security/LoginModulePluginFactory.java
(added)
+++ jackrabbit/sandbox/jackrabbit2-bundle/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/api/security/LoginModulePluginFactory.java
Thu Jan 28 10:25:54 2010
@@ -0,0 +1,55 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.core.api.security;
+
+import javax.jcr.Credentials;
+
+/**
+ * The <code>LoginModulePluginFactory</code> interface defines the OSGi service
+ * API for dynamic login module providers.
+ * <p>
+ * To use this plugin functionality the
+ * <code>org.apache.jackrabbit.core.osgi.security.PluggableDefaultLoginModule</code>
+ * must be configued in the repository. Whenever a login process is initiated
+ * the <code>PluggableDefaultLoginModule</code> calls the
+ * {@link #create(Credentials)} method of each registered
+ * <code>LoginModulePluginFactory</code>. The first plugin returning a
+ * {@link LoginModulePlugin} instance which can be
+ * {@link LoginModulePlugin#init(javax.security.auth.callback.CallbackHandler, javax.jcr.Session,
java.util.Map)
+ * initialized} without throwing an execption is then used to handle all login
+ * related questions.
+ *
+ * @see LoginModulePlugin
+ */
+public interface LoginModulePluginFactory {
+
+    /**
+     * The name of the service under which to register the module factory.
+     */
+    String SERVICE_NAME = "org.apache.jackrabbit.core.api.security.LoginModulePluginFactory";
+
+    /**
+     * Returns a login module is capable of handling the login request for the
+     * given <code>Credentials</code> instance or <code>null</code>
if this
+     * factory does not support the credentials.
+     *
+     * @param credentials The <code>Credentials</code> intended to be handled
by
+     *            the {@link LoginModulePlugin}.
+     */
+    LoginModulePlugin create(final Credentials credentials);
+
+}

Propchange: jackrabbit/sandbox/jackrabbit2-bundle/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/api/security/LoginModulePluginFactory.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: jackrabbit/sandbox/jackrabbit2-bundle/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/api/security/LoginModulePluginFactory.java
------------------------------------------------------------------------------
    svn:keywords = Author Date Id Revision Rev Url

Modified: jackrabbit/sandbox/jackrabbit2-bundle/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/osgi/Activator.java
URL: http://svn.apache.org/viewvc/jackrabbit/sandbox/jackrabbit2-bundle/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/osgi/Activator.java?rev=904027&r1=904026&r2=904027&view=diff
==============================================================================
--- jackrabbit/sandbox/jackrabbit2-bundle/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/osgi/Activator.java
(original)
+++ jackrabbit/sandbox/jackrabbit2-bundle/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/osgi/Activator.java
Thu Jan 28 10:25:54 2010
@@ -20,7 +20,7 @@
 import java.io.IOException;
 import java.util.Hashtable;
 
-import org.apache.jackrabbit.core.api.security.LoginModulePlugin;
+import org.apache.jackrabbit.core.api.security.LoginModulePluginFactory;
 import org.osgi.framework.BundleActivator;
 import org.osgi.framework.BundleContext;
 import org.osgi.framework.Constants;
@@ -70,10 +70,10 @@
     private static int lastTrackingCount = -1;
 
     // the cache of login module services
-    private static LoginModulePlugin[] moduleCache;
+    private static LoginModulePluginFactory[] moduleCache;
 
     // empty list of login modules if there are none registered
-    private static LoginModulePlugin[] EMPTY = new LoginModulePlugin[0];
+    private static LoginModulePluginFactory[] EMPTY = new LoginModulePluginFactory[0];
 
     // the name of the default sling context
     private String slingContext;
@@ -166,7 +166,7 @@
      * no {@link LoginModulePlugin} services registered, this method returns an
      * empty array. <code>null</code> is never returned from this method.
      */
-    public static LoginModulePlugin[] getLoginModules() {
+    public static LoginModulePluginFactory[] getLoginModules() {
         // fast track cache (cache first, since loginModuleTracker is only
         // non-null if moduleCache is non-null)
         if (moduleCache != null
@@ -178,7 +178,7 @@
         // tracker may be null if moduleCache is null
         if (loginModuleTracker == null) {
             loginModuleTracker = new ServiceTracker(getBundleContext(),
-                LoginModulePlugin.class.getName(), null);
+                LoginModulePluginFactory.SERVICE_NAME, null);
             loginModuleTracker.open();
         }
 
@@ -188,7 +188,7 @@
             if (services == null || services.length == 0) {
                 moduleCache = EMPTY;
             } else {
-                moduleCache = new LoginModulePlugin[services.length];
+                moduleCache = new LoginModulePluginFactory[services.length];
                 System.arraycopy(services, 0, moduleCache, 0, services.length);
             }
             lastTrackingCount = loginModuleTracker.getTrackingCount();

Modified: jackrabbit/sandbox/jackrabbit2-bundle/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/osgi/security/PluggableDefaultLoginModule.java
URL: http://svn.apache.org/viewvc/jackrabbit/sandbox/jackrabbit2-bundle/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/osgi/security/PluggableDefaultLoginModule.java?rev=904027&r1=904026&r2=904027&view=diff
==============================================================================
--- jackrabbit/sandbox/jackrabbit2-bundle/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/osgi/security/PluggableDefaultLoginModule.java
(original)
+++ jackrabbit/sandbox/jackrabbit2-bundle/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/osgi/security/PluggableDefaultLoginModule.java
Thu Jan 28 10:25:54 2010
@@ -17,13 +17,19 @@
 package org.apache.jackrabbit.core.osgi.security;
 
 import java.security.Principal;
+import java.util.Map;
 import java.util.Set;
 
 import javax.jcr.Credentials;
 import javax.jcr.RepositoryException;
+import javax.jcr.Session;
+import javax.security.auth.callback.CallbackHandler;
 import javax.security.auth.login.FailedLoginException;
+import javax.security.auth.login.LoginException;
 
+import org.apache.jackrabbit.core.api.security.DefaultLoginModulePlugin;
 import org.apache.jackrabbit.core.api.security.LoginModulePlugin;
+import org.apache.jackrabbit.core.api.security.LoginModulePluginFactory;
 import org.apache.jackrabbit.core.osgi.Activator;
 import org.apache.jackrabbit.core.security.authentication.DefaultLoginModule;
 
@@ -35,9 +41,9 @@
  * login module falls back to the {@link DefaultLoginModule} implementation.
  * <p>
  * To use this login module, the Jackrabbit Core Bundle must be deployed in an
- * OSGi framework and this <code>PluggableDefaultLoginModule</code> must
- * be configured in the <code>&lt;LoginModule&gt;</code> element of the
- * repository configuration.
+ * OSGi framework and this <code>PluggableDefaultLoginModule</code> must be
+ * configured in the <code>&lt;LoginModule&gt;</code> element of the
repository
+ * configuration.
  *
  * @see LoginModulePlugin
  * @see org.apache.jackrabbit.core.api.security.AbstractLoginModulePlugin
@@ -46,6 +52,12 @@
 public class PluggableDefaultLoginModule extends DefaultLoginModule {
 
     /**
+     * The NULL_PLUGIN is a plain default login module, which completely relies
+     * on the <code>DefaultLoginModule</code> to handle authentication.
+     */
+    private static final LoginModulePlugin NULL_PLUGIN = new DefaultLoginModulePlugin();
+
+    /**
      * The {@link LoginModulePlugin} used for this login process.
      * <p>
      * This is set on demand by the {@link #getActivePlugin(Credentials)} method
@@ -53,6 +65,103 @@
      */
     private LoginModulePlugin activePlugin;
 
+    @SuppressWarnings("unchecked")
+    @Override
+    protected void doInit(CallbackHandler callbackHandler, Session session,
+            Map options) throws LoginException {
+        super.doInit(callbackHandler, session, options);
+
+        final Credentials credentials = getCredentials();
+        if (credentials != null) {
+            LoginModulePluginFactory[] modules = Activator.getLoginModules();
+            for (LoginModulePluginFactory loginModulePluginFactory : modules) {
+                LoginModulePlugin plugin = loginModulePluginFactory.create(credentials);
+                if (plugin != null) {
+                    try {
+                        plugin.init(callbackHandler, session, options);
+                        activePlugin = plugin;
+                        break;
+                    } catch (LoginException le) {
+                        // TODO: log
+                    }
+                }
+            }
+        }
+
+        // if no custom plugin is provided, use a default instance
+        if (activePlugin == null) {
+            activePlugin = NULL_PLUGIN;
+        }
+    }
+
+    @Override
+    public boolean commit() throws LoginException {
+
+        Exception failure = null;
+        boolean result = false;
+
+        try {
+            result = activePlugin.commit();
+        } catch (Exception e) {
+            failure = e;
+        } finally {
+            activePlugin = null;
+        }
+
+        try {
+            // only true if both are true (order is important here!)
+            result = super.commit() && result;
+        } catch (Exception e) {
+            if (failure == null) {
+                failure = e;
+            }
+        }
+
+        if (failure != null) {
+            if (failure instanceof RuntimeException) {
+                throw (RuntimeException) failure;
+            }
+
+            throw (LoginException) failure;
+        }
+
+        return result;
+    }
+
+    @Override
+    public boolean abort() throws LoginException {
+
+        Exception failure = null;
+        boolean result = false;
+
+        try {
+            result = activePlugin.abort();
+        } catch (Exception e) {
+            failure = e;
+        } finally {
+            activePlugin = null;
+        }
+
+        try {
+            // only true if both are true (order is important here!)
+            result = super.abort() && result;
+        } catch (Exception e) {
+            if (failure == null) {
+                failure = e;
+            }
+        }
+
+        if (failure != null) {
+            if (failure instanceof RuntimeException) {
+                throw (RuntimeException) failure;
+            }
+
+            throw (LoginException) failure;
+        }
+
+        return result;
+    }
+
     /**
      * Overwrites the <code>AbstractLoginModule</code> implementation to check
      * whether one of the plugins can provide the user ID for the given
@@ -60,12 +169,9 @@
      */
     @Override
     protected String getUserID(Credentials creds) {
-        final LoginModulePlugin plugin = getActivePlugin(creds);
-        if (plugin != null) {
-            final String userId = plugin.getUserId(creds);
-            if (userId != null) {
-                return userId;
-            }
+        final String userId = activePlugin.getUserId(creds);
+        if (userId != null) {
+            return userId;
         }
 
         return super.getUserID(creds);
@@ -78,12 +184,9 @@
      */
     @Override
     protected Principal getPrincipal(Credentials creds) {
-        final LoginModulePlugin plugin = getActivePlugin(creds);
-        if (plugin != null) {
-            final Principal p = plugin.getPrincipal(creds);
-            if (p != null) {
-                return p;
-            }
+        final Principal p = activePlugin.getPrincipal(creds);
+        if (p != null) {
+            return p;
         }
 
         return super.getPrincipal(creds);
@@ -97,10 +200,7 @@
     @Override
     protected Set<Principal> getPrincipals() {
         final Set<Principal> principals = super.getPrincipals();
-        final LoginModulePlugin plugin = getActivePlugin(null);
-        if (plugin != null) {
-            plugin.addPrincipals(principals);
-        }
+        activePlugin.addPrincipals(principals);
         return principals;
     }
 
@@ -114,9 +214,7 @@
     @Override
     protected boolean authenticate(Principal principal, Credentials credentials)
             throws FailedLoginException, RepositoryException {
-        final LoginModulePlugin plugin = getActivePlugin(credentials);
-        if (plugin != null) {
-            plugin.authenticate(principal, credentials);
+        if (activePlugin.authenticate(principal, credentials)) {
             return true;
         }
 
@@ -136,34 +234,11 @@
     protected boolean impersonate(Principal principal, Credentials creds)
             throws RepositoryException, FailedLoginException {
 
-        final LoginModulePlugin plugin = getActivePlugin(creds);
-        if (plugin != null) {
-            final int result = plugin.impersonate(principal, creds);
-            if (result != LoginModulePlugin.IMPERSONATION_DEFAULT) {
-                return result == LoginModulePlugin.IMPERSONATION_SUCCESS;
-            }
+        final int result = activePlugin.impersonate(principal, creds);
+        if (result != LoginModulePlugin.IMPERSONATION_DEFAULT) {
+            return result == LoginModulePlugin.IMPERSONATION_SUCCESS;
         }
 
         return super.impersonate(principal, creds);
     }
-
-    /**
-     * Returns the {@link LoginModulePlugin} handling the given credentials or
-     * <code>null</code> if no plugin is able to handle the credentials.
-     *
-     * @param creds
-     * @return
-     */
-    private LoginModulePlugin getActivePlugin(Credentials creds) {
-        if (activePlugin == null && creds != null) {
-            LoginModulePlugin[] modules = Activator.getLoginModules();
-            for (int i = 0; i < modules.length; i++) {
-                if (modules[i].canHandle(creds)) {
-                    activePlugin = modules[i];
-                    break;
-                }
-            }
-        }
-        return activePlugin;
-    }
 }



Mime
View raw message