portals-jetspeed-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From dlest...@apache.org
Subject svn commit: r225568 - in /portals/jetspeed-2/trunk/components/security/xdocs: config.xml credentials.xml images/credential-handler-c.gif images/principals-credentials-schema.gif navigation.xml permission.xml
Date Wed, 27 Jul 2005 18:41:52 GMT
Author: dlestrat
Date: Wed Jul 27 11:41:47 2005
New Revision: 225568

URL: http://svn.apache.org/viewcvs?rev=225568&view=rev
Log:
More security documentation.

Added:
    portals/jetspeed-2/trunk/components/security/xdocs/credentials.xml
    portals/jetspeed-2/trunk/components/security/xdocs/images/credential-handler-c.gif   (with
props)
    portals/jetspeed-2/trunk/components/security/xdocs/images/principals-credentials-schema.gif
  (with props)
Modified:
    portals/jetspeed-2/trunk/components/security/xdocs/config.xml
    portals/jetspeed-2/trunk/components/security/xdocs/navigation.xml
    portals/jetspeed-2/trunk/components/security/xdocs/permission.xml

Modified: portals/jetspeed-2/trunk/components/security/xdocs/config.xml
URL: http://svn.apache.org/viewcvs/portals/jetspeed-2/trunk/components/security/xdocs/config.xml?rev=225568&r1=225567&r2=225568&view=diff
==============================================================================
--- portals/jetspeed-2/trunk/components/security/xdocs/config.xml (original)
+++ portals/jetspeed-2/trunk/components/security/xdocs/config.xml Wed Jul 27 11:41:47 2005
@@ -126,6 +126,38 @@
   		<td>The <i>UserSecurityHandler</i> encapuslated all the operations
around the user principals.</td> 
   	</tr>
 </table>
+<p>
+    A sample <code>CredentialHandler</code> configuration could be:
+    <source><![CDATA[
+<bean id="org.apache.jetspeed.security.spi.CredentialPasswordValidator" 
+ class="org.apache.jetspeed.security.spi.impl.DefaultCredentialPasswordValidator"/>
+
+<bean id="org.apache.jetspeed.security.spi.CredentialPasswordEncoder" 
+      class="org.apache.jetspeed.security.spi.impl.MessageDigestCredentialPasswordEncoder">
+   <constructor-arg index="0"><value>SHA-1</value></constructor-arg>
      
+</bean>       
+
+<bean id="org.apache.jetspeed.security.spi.PasswordCredentialProvider" 
+ class="org.apache.jetspeed.security.spi.impl.DefaultPasswordCredentialProvider">
+   <constructor-arg index="0">
+      <ref bean="org.apache.jetspeed.security.spi.CredentialPasswordValidator"/>
+   </constructor-arg>       
+   <constructor-arg index="1">
+      <ref bean="org.apache.jetspeed.security.spi.CredentialPasswordEncoder"/>
+   </constructor-arg>       
+</bean>       
+
+<bean id="org.apache.jetspeed.security.spi.InternalPasswordCredentialInterceptor" 
+ class="org.apache.jetspeed.security.spi.impl.InternalPasswordCredentialHistoryHandlingInterceptor">
+   <!-- maxNumberOfAuthenticationFailures -->
+   <constructor-arg index="0"><value>3</value></constructor-arg>
 
+   <!-- maxLifeSpanInDays -->     
+   <constructor-arg index="1"><value>60</value></constructor-arg>
      
+   <!-- historySize -->     
+   <constructor-arg index="2"><value>3</value></constructor-arg>
      
+</bean>]]>
+    </source>
+</p>
 </subsection>
 <subsection name="security-spi-atz.xml">
 <p>

Added: portals/jetspeed-2/trunk/components/security/xdocs/credentials.xml
URL: http://svn.apache.org/viewcvs/portals/jetspeed-2/trunk/components/security/xdocs/credentials.xml?rev=225568&view=auto
==============================================================================
--- portals/jetspeed-2/trunk/components/security/xdocs/credentials.xml (added)
+++ portals/jetspeed-2/trunk/components/security/xdocs/credentials.xml Wed Jul 27 11:41:47
2005
@@ -0,0 +1,78 @@
+<document>
+    <properties>
+        <title>Jetspeed 2 Security - Credentials Management</title>
+        <authors>
+            <person name="David Le Strat" email="dlestrat@apache.org" />
+        </authors>
+    </properties>
+    <body>
+        <section name="Credentials Management Overview">
+            <p>
+                Jetspeed
+                <code>DefaultCredentialHandler</code>
+                provides the following features:
+            </p>
+            <ol>
+                <li>
+                    Provides the ability to store password in a encoded fashion. The initial
implementation uses
+                    <code>SHA-1</code> and <code>Base64</code> as
a default encoding.  The default 
+                    <code>MessageDisgetCredentialPasswordEncoder</code> implements
<code>CredentialPasswordEncoder</code>
+                    and uses <a href="http://java.sun.com/j2se/1.4.2/docs/api/java/security/MessageDigest.html">MessageDigest</a>
+                    hash algorithms for password encryption.
+                </li>
+                <li>Provides the ability to specify a minimum length and a minimum
number of numeric characters in a password</li>
+                <li>
+                    Keeps an history (queue) of previously used password and preventing a
user to reuse a password that is currently stored in the user's
+                    password history (queue). The queue size is configurale.
+                </li>
+                <li>Automatically expires a user's password after a configurable time.</li>
+                <li>Warns users that their password is about to expire. Notification
time period is configurable.</li>
+                <li>Locks a user account when the current password is expired.</li>
+                <li>Forces a user to change his/her password on first use.</li>
+                <li>Disable a user's password after a certain number of unsuccessful
authentication attempts.</li>
+            </ol>
+        </section>
+        <section name="DefaultCredentialHandler Implementation">
+            <p>
+                The class diagram below describes the components used for the
+                <code>DefaultCredentialHandler</code>
+                implementation.
+            </p>
+            <p align="center">
+                <img src="images/credential-handler-c.gif" border="0" />
+            </p>
+            <table>
+                <tr>
+                    <th>Bean</th>
+                    <th>Description</th>
+                </tr>
+                <tr>
+                    <td><code>DefaultCredentialHandler</code></td>
+                    <td>Encapsulates the operations involving manipulation of credentials.</td>
+                </tr>
+                <tr>
+                    <td>PasswordCredentialProvider</td>
+                    <td>Provides the encoding and validation rules for passwords through
the <code>CredentialPasswordEncoder</code>
+                    which encapsulates the encoding and <code>CredentialPasswordValidator</code>
which encapsulates
+                    the password validation rules.</td>
+                </tr>
+                <tr>
+                    <td>InternalPasswordCredentialInterceptor</td>
+                    <td>Provide credential lifecycle management.  Manages parameters
such as maximum number of authentication failures,
+                    maximum life span of a credential in days and how much history to retain
for a given credential.</td>
+                </tr>
+            </table>
+            <p>
+                The OJB mappings for the default credentials implementation are described
in 
+                <code>security_repository.xml</code>:
+                <ul>
+                    <li><code>InternalCredential</code>: Maps to the SECURITY_CREDENTIAL
table.</li>
+                </ul>
+                The following database schema is used to stored credentials and their associations
to principals.
+            </p>
+            <p align="center">
+                <img src="images/principals-credentials-schema.gif" border="0" />
+            </p>
+        </section>
+    </body>
+</document>
\ No newline at end of file

Added: portals/jetspeed-2/trunk/components/security/xdocs/images/credential-handler-c.gif
URL: http://svn.apache.org/viewcvs/portals/jetspeed-2/trunk/components/security/xdocs/images/credential-handler-c.gif?rev=225568&view=auto
==============================================================================
Binary file - no diff available.

Propchange: portals/jetspeed-2/trunk/components/security/xdocs/images/credential-handler-c.gif
------------------------------------------------------------------------------
    svn:mime-type = application/octet-stream

Added: portals/jetspeed-2/trunk/components/security/xdocs/images/principals-credentials-schema.gif
URL: http://svn.apache.org/viewcvs/portals/jetspeed-2/trunk/components/security/xdocs/images/principals-credentials-schema.gif?rev=225568&view=auto
==============================================================================
Binary file - no diff available.

Propchange: portals/jetspeed-2/trunk/components/security/xdocs/images/principals-credentials-schema.gif
------------------------------------------------------------------------------
    svn:mime-type = application/octet-stream

Modified: portals/jetspeed-2/trunk/components/security/xdocs/navigation.xml
URL: http://svn.apache.org/viewcvs/portals/jetspeed-2/trunk/components/security/xdocs/navigation.xml?rev=225568&r1=225567&r2=225568&view=diff
==============================================================================
--- portals/jetspeed-2/trunk/components/security/xdocs/navigation.xml (original)
+++ portals/jetspeed-2/trunk/components/security/xdocs/navigation.xml Wed Jul 27 11:41:47
2005
@@ -25,6 +25,7 @@
             <item name="Authentication" href="atn.html">
                 <item name="Login Module" href="login-module.html" />
                 <item name="Authentication SPI" href="atn-spi.html"/>
+                <item name="Credentials Management" href="credentials.html"/>
             </item>
             <item name="Authorization" href="atz.html">
                 <item name="JAAS Authorization" href="atz-jaas.html"/>

Modified: portals/jetspeed-2/trunk/components/security/xdocs/permission.xml
URL: http://svn.apache.org/viewcvs/portals/jetspeed-2/trunk/components/security/xdocs/permission.xml?rev=225568&r1=225567&r2=225568&view=diff
==============================================================================
--- portals/jetspeed-2/trunk/components/security/xdocs/permission.xml (original)
+++ portals/jetspeed-2/trunk/components/security/xdocs/permission.xml Wed Jul 27 11:41:47
2005
@@ -49,8 +49,8 @@
             <p>
             The OJB mappings for the security component are described in <code>security_repository.xml</code>:
             <ul>
-            <li><code>InternalPrincipal</code>: Map to the <code>SECURITY_PRINCIPAL</code>
table.</li>
-            <li><code>InternalPermission</code>: Map to the <code>SECURITY_PERMISSION</code>
table.</li>
+            <li><code>InternalPrincipal</code>: Maps to the <code>SECURITY_PRINCIPAL</code>
table.</li>
+            <li><code>InternalPermission</code>: Maps to the <code>SECURITY_PERMISSION</code>
table.</li>
             <li>Associations between <code>InternalPrincipal</code> and
<code>InternalPermission</code> are
             maintained through the indirection table <code>PRINCIPAL_PERMISSION</code>.</li>
             </ul>



---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org


Mime
View raw message