sling-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cziege...@apache.org
Subject svn commit: r1622267 - in /sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core: impl/SlingAuthenticator.java spi/AuthenticationHandler.java spi/package-info.java
Date Wed, 03 Sep 2014 14:19:24 GMT
Author: cziegeler
Date: Wed Sep  3 14:19:23 2014
New Revision: 1622267

URL: http://svn.apache.org/r1622267
Log:
SLING-3905 : Support Password Expired In Sling Authenticator. Apply slightly modified patch
from Dominique Jäggi

Modified:
    sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/impl/SlingAuthenticator.java
    sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/spi/AuthenticationHandler.java
    sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/spi/package-info.java

Modified: sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/impl/SlingAuthenticator.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/impl/SlingAuthenticator.java?rev=1622267&r1=1622266&r2=1622267&view=diff
==============================================================================
--- sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/impl/SlingAuthenticator.java
(original)
+++ sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/impl/SlingAuthenticator.java
Wed Sep  3 14:19:23 2014
@@ -27,6 +27,7 @@ import java.util.LinkedHashMap;
 import java.util.List;
 import java.util.Map;
 
+import javax.security.auth.login.CredentialExpiredException;
 import javax.servlet.ServletRequest;
 import javax.servlet.ServletRequestEvent;
 import javax.servlet.ServletRequestListener;
@@ -439,6 +440,7 @@ public class SlingAuthenticator implemen
         if (process && expectAuthenticationHandler(request)) {
             log.warn("handleSecurity: AuthenticationHandler did not block request; access
denied");
             request.removeAttribute(AuthenticationHandler.FAILURE_REASON);
+            request.removeAttribute(AuthenticationHandler.FAILURE_REASON_CODE);
             AuthUtil.sendInvalid(request, response);
             return false;
         }
@@ -938,11 +940,21 @@ public class SlingAuthenticator implemen
             // if no handler can request authentication information.
             log.info("handleLoginFailure: Unable to authenticate {}: {}", user,
                 reason.getMessage());
-            log.debug("handleLoginFailure", reason);
 
-            // preset a reason for the login failure (if not done already)
-            ensureAttribute(request, AuthenticationHandler.FAILURE_REASON,
-                "User name and password do not match");
+            if (reason.getCause() instanceof CredentialExpiredException) {
+                // force failure attribute to be set so handlers can
+                // react to this special circumstance
+                request.setAttribute(AuthenticationHandler.FAILURE_REASON_CODE,
+                        AuthenticationHandler.FAILURE_REASON_CODES.PASSWORD_EXPIRED);
+                ensureAttribute(request, AuthenticationHandler.FAILURE_REASON,
+                        "Password expired");
+            } else {
+                // preset a reason for the login failure (if not done already)
+                request.setAttribute(AuthenticationHandler.FAILURE_REASON_CODE,
+                        AuthenticationHandler.FAILURE_REASON_CODES.INVALID_LOGIN);
+                ensureAttribute(request, AuthenticationHandler.FAILURE_REASON,
+                        "User name and password do not match");
+            }
 
             doLogin(request, response);
 

Modified: sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/spi/AuthenticationHandler.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/spi/AuthenticationHandler.java?rev=1622267&r1=1622266&r2=1622267&view=diff
==============================================================================
--- sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/spi/AuthenticationHandler.java
(original)
+++ sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/spi/AuthenticationHandler.java
Wed Sep  3 14:19:23 2014
@@ -94,6 +94,40 @@ public interface AuthenticationHandler {
     static final String FAILURE_REASON = "j_reason";
 
     /**
+     * Name of the request attribute which may be set by the
+     * {@link #extractCredentials(HttpServletRequest, HttpServletResponse)}
+     * method if {@link AuthenticationInfo#FAIL_AUTH} is returned.
+     * <p>
+     * This result may be used by authentication handlers to inform the user of
+     * more detailed failure reasons, e.g. "password_expired".
+     *
+     * @see #extractCredentials(HttpServletRequest, HttpServletResponse)
+     * @since 1.1.0
+     */
+    static final String FAILURE_REASON_CODE = "j_reason_code";
+
+    /**
+     * This enum indicates the supported detailed login failure reason codes:
+     * <ul>
+     *     <li><code>invalid_login</code>:</li> indicates username/password
mismatch.
+     *     <li><code>password_expired</code>:</li> indicates password
has expired or was never set and
+     *     change initial password is enabled
+     *     <li><code>unknown</code>:</li> an unknown reason for the
login failure was encountered.
+     * </ul>
+     * @since 1.1.0
+     */
+    static enum FAILURE_REASON_CODES {
+        INVALID_LOGIN,
+        PASSWORD_EXPIRED,
+        UNKNOWN;
+
+        @Override
+        public String toString() {
+            return super.toString().toLowerCase();
+        }
+    }
+
+    /**
      * Extracts credential data from the request if at all contained.
      * <p>
      * The method returns any of the following values :

Modified: sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/spi/package-info.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/spi/package-info.java?rev=1622267&r1=1622266&r2=1622267&view=diff
==============================================================================
--- sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/spi/package-info.java
(original)
+++ sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/spi/package-info.java
Wed Sep  3 14:19:23 2014
@@ -26,9 +26,9 @@
  * being an abstract base implementation from which concrete
  * implementations may inherit.
  *
- * @version 1.0.4
+ * @version 1.1.0
  */
-@Version("1.0.4")
+@Version("1.1.0")
 package org.apache.sling.auth.core.spi;
 
 import aQute.bnd.annotation.Version;



Mime
View raw message