portals-jetspeed-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From tay...@apache.org
Subject svn commit: r1507145 - in /portals/jetspeed-2/portal/trunk/jetspeed-portal-resources/src/main/resources/assembly/alternate/credentials: ./ security-spi-atn.xml security-spi.xml
Date Thu, 25 Jul 2013 22:27:34 GMT
Author: taylor
Date: Thu Jul 25 22:27:34 2013
New Revision: 1507145

URL: http://svn.apache.org/r1507145
Log:
JS2-1286: example usage of configurations necessary for credential migration use case

Added:
    portals/jetspeed-2/portal/trunk/jetspeed-portal-resources/src/main/resources/assembly/alternate/credentials/
    portals/jetspeed-2/portal/trunk/jetspeed-portal-resources/src/main/resources/assembly/alternate/credentials/security-spi-atn.xml
    portals/jetspeed-2/portal/trunk/jetspeed-portal-resources/src/main/resources/assembly/alternate/credentials/security-spi.xml

Added: portals/jetspeed-2/portal/trunk/jetspeed-portal-resources/src/main/resources/assembly/alternate/credentials/security-spi-atn.xml
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/jetspeed-portal-resources/src/main/resources/assembly/alternate/credentials/security-spi-atn.xml?rev=1507145&view=auto
==============================================================================
--- portals/jetspeed-2/portal/trunk/jetspeed-portal-resources/src/main/resources/assembly/alternate/credentials/security-spi-atn.xml
(added)
+++ portals/jetspeed-2/portal/trunk/jetspeed-portal-resources/src/main/resources/assembly/alternate/credentials/security-spi-atn.xml
Thu Jul 25 22:27:34 2013
@@ -0,0 +1,166 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one or more
+  contributor license agreements.  See the NOTICE file distributed with
+  this work for additional information regarding copyright ownership.
+  The ASF licenses this file to You under the Apache License, Version 2.0
+  (the "License"); you may not use this file except in compliance with
+  the License.  You may obtain a copy of the License at
+  
+  http://www.apache.org/licenses/LICENSE-2.0
+  
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+  xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.5.xsd">
+
+  <!-- ************** Security SPI Handlers ************** -->
+
+  <!-- require a non-empty password -->
+  <bean id="org.apache.jetspeed.security.spi.CredentialPasswordValidator"
+    class="org.apache.jetspeed.security.spi.impl.DefaultCredentialPasswordValidator">
+    <meta key="j2:cat" value="default or security" />
+
+    <!-- UNCOMMENT TO TURN ON Regex-based password validation. The pattern below gives:
+      * Must be at least 6 characters
+      * Must contain at least one one lower case letter, one upper case letter, one digit
and one special character
+      * Valid special characters are @#$%^&+=
+      <constructor-arg index="1"><value><![CDATA[^.*(?=.{6,})(?=.*\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[@#$%^&+=]).*$]]></value></constructor-arg>
      
+    -->
+  </bean>
+
+  <!-- MessageDigest encode passwords using SHA-1  DST: the old one
+  <bean id="org.apache.jetspeed.security.spi.CredentialPasswordEncoder"
+    class="org.apache.jetspeed.security.spi.impl.MessageDigestCredentialPasswordEncoder">
+    <meta key="j2:cat" value="default or security" />
+    <constructor-arg index="0">
+      <value>SHA-1</value>
+    </constructor-arg>
+  </bean>
+-->
+
+  <!-- Alternate Password Encoder with Jetspeed-1 algorithm -->
+  <!--
+    <bean id="org.apache.jetspeed.security.spi.CredentialPasswordEncoder" 
+    class="org.apache.jetspeed.security.spi.impl.Jetspeed1CredentialPasswordEncoder">
+    <constructor-arg index="0"><value>SHA</value></constructor-arg>
+    <constructor-arg index="1"><value>base64</value></constructor-arg>
+    </bean>       
+  -->
+  <!--
+    <bean id="org.apache.jetspeed.security.spi.PasswordCredentialProvider"
+    class="org.apache.jetspeed.security.spi.impl.DefaultPasswordCredentialProvider">
+    <meta key="j2:cat" value="default or security" />
+    <constructor-arg index="0">
+    <ref bean="org.apache.jetspeed.security.spi.CredentialPasswordValidator" />
+    </constructor-arg>
+    <constructor-arg index="1">
+    <ref bean="org.apache.jetspeed.security.spi.CredentialPasswordEncoder" />
+    </constructor-arg>
+    </bean>-->
+
+  <!-- A Two-way encoding password service which also implements CredentialPasswordEncoder
+    this Service can be used instead of for example the default provided MessageDigestCredentialPasswordEncoder
+    <bean id="org.apache.jetspeed.security.PasswordEncodingService"
+    name="org.apache.jetspeed.security.spi.CredentialPasswordEncoder"
+    class="org.apache.jetspeed.security.spi.impl.PBEPasswordService">
+    <constructor-arg index="0">
+    <!- secret PBE key password ->
+    <value>********</value>
+    </constructor-arg>       
+    </bean>       
+  -->
+
+  <!-- A Two-way encoding password service which also implements CredentialPasswordEncoder
+    Furthermore, this extension of the PBEPasswordService supports lazy upgrading from an
old CredentialPasswordEncoder
+    like the default provided MessageDigestCredentialPasswordEncoder
+    -->
+    <bean id="org.apache.jetspeed.security.PasswordEncodingService"
+    name="org.apache.jetspeed.security.CredentialPasswordEncoder,org.apache.jetspeed.security.spi.CredentialPasswordEncoder"
+    class="org.apache.jetspeed.security.spi.impl.AlgorithmUpgradePBEPasswordService">
+    <constructor-arg index="0">
+    <!-- secret PBE key password -->
+    <value>secret</value>
+    </constructor-arg>
+    <constructor-arg index="1">
+    <!-- old MessageDigestCredentialPasswordEncoder to be upgrading from, using SHA-1
-->
+    <bean class="org.apache.jetspeed.security.spi.impl.MessageDigestCredentialPasswordEncoder">
+        <constructor-arg index="0"><value>SHA-1</value></constructor-arg>
+    </bean>       
+    </constructor-arg>
+    <constructor-arg index="2">
+    <!-- startPBEPasswordEncodingService: date before which old encoded passwords need
to be recoded (on authentication)
+    (SimpleDateFormat) format: yyyy-MM-dd HH:mm:ss
+    -->
+    <value>2013-07-13 12:50:00</value>
+    </constructor-arg>
+    </bean>
+  
+
+  <!-- allow multiple InternalPasswordCredentialInterceptors to be used for DefaultCredentialHandler
-->
+  <!--
+    <bean id="org.apache.jetspeed.security.spi.InternalPasswordCredentialInterceptor"
+    class="org.apache.jetspeed.security.spi.impl.InternalPasswordCredentialInterceptorsProxy">
+    <meta key="j2:cat" value="default or security" />
+    <constructor-arg index="0">
+    <list>
+    
+    <bean class="org.apache.jetspeed.security.spi.impl.ValidatePasswordOnLoadInterceptor"
/>
+    
+    
+    <bean class="org.apache.jetspeed.security.spi.impl.EncodePasswordOnFirstLoadInterceptor"
/>
+    </list>
+    </constructor-arg>
+    </bean>-->
+
+  <!-- Security SPI: CredentialHandler -->
+  <!--
+    <bean id="org.apache.jetspeed.security.spi.CredentialHandler"
+    class="org.apache.jetspeed.security.spi.impl.DefaultCredentialHandler">
+    <meta key="j2:cat" value="default or security" />
+    <constructor-arg index="0">
+    <ref bean="org.apache.jetspeed.security.spi.SecurityAccess" />
+    </constructor-arg>
+    <constructor-arg index="1">
+    <ref bean="org.apache.jetspeed.security.spi.PasswordCredentialProvider" />
+    </constructor-arg>
+    <constructor-arg index="2">
+    <ref bean="org.apache.jetspeed.security.spi.InternalPasswordCredentialInterceptor"
/>
+    </constructor-arg>
+    </bean>
+    
+  -->
+  <!-- Security SPI: UserSecurityHandler -->
+  <!-- The DefaultUSerSecurityHandler uses the raw SecurityAccessImpl so that it
+    may demarcate its own transactions -->
+  <!--<bean id="org.apache.jetspeed.security.spi.UserSecurityHandlerImpl"
+    class="org.apache.jetspeed.security.spi.impl.DefaultUserSecurityHandler">
+    <meta key="j2:cat" value="default or security" />
+    <constructor-arg>
+    <ref bean="org.apache.jetspeed.security.spi.SecurityAccess" />
+    </constructor-arg>
+    </bean>
+    
+    <bean id="org.apache.jetspeed.security.spi.UserSecurityHandler" parent="baseTransactionProxy"
+    name="userSecurityHandler">
+    <meta key="j2:cat" value="default or security" />
+    <property name="proxyInterfaces">
+    <value>org.apache.jetspeed.security.spi.UserSecurityHandler</value>
+    </property>
+    <property name="target">
+    <ref bean="org.apache.jetspeed.security.spi.UserSecurityHandlerImpl" />
+    </property>
+    <property name="transactionAttributes">
+    <props>				
+    <prop key="add*">PROPAGATION_REQUIRED</prop>
+    <prop key="update*">PROPAGATION_REQUIRED</prop>
+    <prop key="remove*">PROPAGATION_REQUIRED</prop>
+    <prop key="*">PROPAGATION_SUPPORTS</prop>
+    </props>
+    </property>
+    </bean>-->
+</beans>

Added: portals/jetspeed-2/portal/trunk/jetspeed-portal-resources/src/main/resources/assembly/alternate/credentials/security-spi.xml
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/jetspeed-portal-resources/src/main/resources/assembly/alternate/credentials/security-spi.xml?rev=1507145&view=auto
==============================================================================
--- portals/jetspeed-2/portal/trunk/jetspeed-portal-resources/src/main/resources/assembly/alternate/credentials/security-spi.xml
(added)
+++ portals/jetspeed-2/portal/trunk/jetspeed-portal-resources/src/main/resources/assembly/alternate/credentials/security-spi.xml
Thu Jul 25 22:27:34 2013
@@ -0,0 +1,197 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one or more
+  contributor license agreements.  See the NOTICE file distributed with
+  this work for additional information regarding copyright ownership.
+  The ASF licenses this file to You under the Apache License, Version 2.0
+  (the "License"); you may not use this file except in compliance with
+  the License.  You may obtain a copy of the License at
+  
+  http://www.apache.org/licenses/LICENSE-2.0
+  
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+  xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.5.xsd">
+
+  <!-- ************** Security SPI Handlers ************** -->
+  <!-- Security SPI: CommonQueries -->
+
+  <bean id="org.apache.jetspeed.security.spi.impl.JetspeedPrincipalLookupManagerFactory"
class="org.apache.jetspeed.security.spi.impl.JetspeedPrincipalLookupManagerFactory">
+    <meta key="j2:cat" value="default or security" />
+    <property name="mappings">
+     <map>
+       <entry key="default"><ref bean="org.apache.jetspeed.security.spi.impl.JetspeedPrincipalLookupManagerDefault"/></entry>
+       <entry key="mysql"><ref bean="org.apache.jetspeed.security.spi.impl.JetspeedPrincipalLookupManagerMySql"/></entry>
+     </map>
+   </property>
+  </bean>
+  
+  <bean id="org.apache.jetspeed.security.spi.impl.JetspeedPrincipalLookupManagerDefault"
class="org.apache.jetspeed.security.spi.impl.JetspeedPrincipalLookupManagerDefault" />
+  <bean id="org.apache.jetspeed.security.spi.impl.JetspeedPrincipalLookupManagerMySql"
class="org.apache.jetspeed.security.spi.impl.JetspeedPrincipalLookupManagerMySql" />
+
+  <bean id="org.apache.jetspeed.security.spi.impl.JetspeedSecurityPersistenceManager"
+    class="org.apache.jetspeed.security.spi.impl.JetspeedSecurityPersistenceManager" init-method="init">
+    <meta key="j2:cat" value="default or security" />
+    <constructor-arg index="0">
+      <value>JETSPEED-INF/ojb/security_repository.xml</value>
+    </constructor-arg>
+    <constructor-arg index="1">
+      <ref bean="org.apache.jetspeed.security.spi.impl.JetspeedPrincipalLookupManagerFactory"/>
+    </constructor-arg>
+  </bean>
+  
+  <bean id="org.apache.jetspeed.security.spi.JetspeedSecurityPersistenceManager" parent="baseTransactionProxy">
+    <meta key="j2:cat" value="default or security" />
+    <property name="proxyInterfaces">
+      <value>
+        org.apache.jetspeed.security.spi.JetspeedPermissionAccessManager,
+        org.apache.jetspeed.security.spi.JetspeedPermissionStorageManager,
+        org.apache.jetspeed.security.spi.JetspeedPrincipalAccessManager,
+        org.apache.jetspeed.security.spi.JetspeedPrincipalAssociationStorageManager,
+        org.apache.jetspeed.security.spi.JetspeedPrincipalStorageManager,
+        org.apache.jetspeed.security.spi.UserPasswordCredentialAccessManager,
+        org.apache.jetspeed.security.spi.UserPasswordCredentialStorageManager,        
+        org.apache.jetspeed.security.spi.SecurityDomainStorageManager,        
+        org.apache.jetspeed.security.spi.SecurityDomainAccessManager,
+        org.apache.jetspeed.security.spi.JetspeedDomainPrincipalAccessManager
+      </value>
+    </property>
+    <property name="target">
+      <ref bean="org.apache.jetspeed.security.spi.impl.JetspeedSecurityPersistenceManager"
/>
+    </property>
+    <property name="transactionAttributes">
+      <props>
+        <prop key="add*">PROPAGATION_REQUIRED</prop>
+        <prop key="update*">PROPAGATION_REQUIRED</prop>
+        <prop key="grant*">PROPAGATION_REQUIRED</prop>
+        <prop key="remove*">PROPAGATION_REQUIRED</prop>
+        <prop key="revoke*">PROPAGATION_REQUIRED</prop>
+        <prop key="store*">PROPAGATION_REQUIRED</prop>
+        <prop key="getPasswordCredential*">PROPAGATION_REQUIRED</prop>
+        <prop key="*">PROPAGATION_SUPPORTS</prop>
+      </props>
+    </property>
+  </bean>
+
+  <bean class="org.springframework.beans.factory.config.BeanReferenceFactoryBean">
+    <meta key="j2:cat" value="dbSecurity" />
+    <meta key="j2:alias" value="org.apache.jetspeed.security.spi.JetspeedPrincipalStorageManager"
/>
+    <property name="targetBeanName" value="org.apache.jetspeed.security.spi.JetspeedSecurityPersistenceManager"
/>
+  </bean>
+  
+  <bean class="org.springframework.beans.factory.config.BeanReferenceFactoryBean">
+    <meta key="j2:cat" value="dbSecurity" />
+    <meta key="j2:alias" value="org.apache.jetspeed.security.spi.JetspeedPrincipalAssociationStorageManager"
/>
+    <property name="targetBeanName" value="org.apache.jetspeed.security.spi.JetspeedSecurityPersistenceManager"
/>
+  </bean>
+  
+  <bean class="org.springframework.beans.factory.config.BeanReferenceFactoryBean">
+    <meta key="j2:cat" value="dbSecurity" />
+    <meta key="j2:alias" value="org.apache.jetspeed.security.spi.JetspeedPermissionStorageManager"
/>
+    <property name="targetBeanName" value="org.apache.jetspeed.security.spi.JetspeedSecurityPersistenceManager"
/>
+  </bean>
+  
+  <bean class="org.springframework.beans.factory.config.BeanReferenceFactoryBean">
+    <meta key="j2:cat" value="dbSecurity" />
+    <meta key="j2:alias" value="org.apache.jetspeed.security.spi.UserPasswordCredentialStorageManager"
/>
+    <property name="targetBeanName" value="org.apache.jetspeed.security.spi.JetspeedSecurityPersistenceManager"
/>
+  </bean>
+
+  <bean class="org.springframework.beans.factory.config.BeanReferenceFactoryBean">
+    <meta key="j2:cat" value="dbSecurity or ldapSecurity" />
+    <meta key="j2:alias" value="org.apache.jetspeed.security.spi.SecurityDomainStorageManager"
/>
+    <property name="targetBeanName" value="org.apache.jetspeed.security.spi.JetspeedSecurityPersistenceManager"
/>
+  </bean>
+  
+  <bean class="org.springframework.beans.factory.config.BeanReferenceFactoryBean">
+    <meta key="j2:cat" value="dbSecurity or ldapSecurity" />
+    <meta key="j2:alias" value="org.apache.jetspeed.security.spi.SecurityDomainAccessManager"
/>
+    <property name="targetBeanName" value="org.apache.jetspeed.security.spi.JetspeedSecurityPersistenceManager"
/>
+  </bean>
+  
+  <bean id="org.apache.jetspeed.security.spi.impl.UserPasswordCredentialManagerImpl"
+    class="org.apache.jetspeed.security.spi.impl.UserPasswordCredentialManagerImpl">
+    <meta key="j2:cat" value="dbSecurity" />
+    <constructor-arg index="0" ref="org.apache.jetspeed.security.spi.JetspeedSecurityPersistenceManager"
/>
+    <constructor-arg index="1" ref="org.apache.jetspeed.security.spi.JetspeedSecurityPersistenceManager"
/>
+    <constructor-arg index="2" ref="org.apache.jetspeed.security.spi.UserPasswordCredentialPolicyManager"
/>
+  </bean>
+
+  <bean id="org.apache.jetspeed.security.spi.UserPasswordCredentialManager" parent="baseTransactionProxy">
+    <meta key="j2:cat" value="dbSecurity" />
+    <property name="proxyInterfaces">
+      <value>org.apache.jetspeed.security.spi.UserPasswordCredentialManager</value>
+    </property>
+    <property name="target">
+      <ref bean="org.apache.jetspeed.security.spi.impl.UserPasswordCredentialManagerImpl"
/>
+    </property>
+    <property name="transactionAttributes">
+      <props>
+        <prop key="*">PROPAGATION_REQUIRED</prop>
+      </props>
+    </property>
+  </bean>
+  
+  <bean id="org.apache.jetspeed.security.spi.impl.UserPasswordCredentialPolicyManagerImpl"
+    class="org.apache.jetspeed.security.spi.impl.UserPasswordCredentialPolicyManagerImpl">
+    <meta key="j2:cat" value="default or security" />
+    <constructor-arg index="0" ref="org.apache.jetspeed.security.CredentialPasswordEncoder"
/>
+    <constructor-arg index="1" ref="org.apache.jetspeed.security.CredentialPasswordValidator"
/>
+    <constructor-arg index="2">
+      <list>
+        <!-- enforce an invalid preset password value in the persisent store is required
to be changed -->
+        <bean class="org.apache.jetspeed.security.spi.impl.ValidatePasswordOnLoadInterceptor"
/>
+        <!-- ensure preset cleartext passwords in the persistent store  will be encoded
on first use -->
+        <bean class="org.apache.jetspeed.security.spi.impl.EncodePasswordOnFirstLoadInterceptor"
/>
+      </list>
+    </constructor-arg>
+  </bean>
+
+  <bean id="org.apache.jetspeed.security.spi.UserPasswordCredentialPolicyManager" parent="baseTransactionProxy">
+    <meta key="j2:cat" value="default or security" />
+    <property name="proxyInterfaces">
+      <value>org.apache.jetspeed.security.spi.UserPasswordCredentialPolicyManager</value>
+    </property>
+    <property name="target">
+      <ref bean="org.apache.jetspeed.security.spi.impl.UserPasswordCredentialPolicyManagerImpl"
/>
+    </property>
+    <property name="transactionAttributes">
+      <props>
+        <prop key="authenticate*">PROPAGATION_REQUIRED</prop>
+        <prop key="on*">PROPAGATION_REQUIRED</prop>
+      </props>
+    </property>
+  </bean>
+  
+  <!--
+  <bean id="org.apache.jetspeed.security.CredentialPasswordEncoder"
+    class="org.apache.jetspeed.security.spi.impl.MessageDigestCredentialPasswordEncoder">
+    <meta key="j2:cat" value="default or security" />
+    <constructor-arg index="0">
+      <value>SHA-1</value>
+    </constructor-arg>
+  </bean>
+-->
+
+  <bean id="org.apache.jetspeed.security.CredentialPasswordValidator"
+    class="org.apache.jetspeed.security.spi.impl.DefaultCredentialPasswordValidator">
+    <meta key="j2:cat" value="default or security" />
+  </bean>
+
+  <bean id="org.apache.jetspeed.security.spi.AuthorizationProvider"
+    class="org.apache.jetspeed.security.impl.AuthorizationProviderImpl">
+    <meta key="j2:cat" value="default or security or AuthorizationProvider" />
+    <constructor-arg index="0">
+      <ref bean="org.apache.jetspeed.security.impl.RdbmsPolicy" />
+    </constructor-arg>
+    <constructor-arg index="1">
+      <value>true</value>
+    </constructor-arg>
+  </bean>
+
+</beans>



---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org


Mime
View raw message