Merge branch 'master' into jpa
This commit is contained in:
Martin Stockhammer
commit
a2441c5e41
|
|
@ -41,7 +41,7 @@ import java.util.Map;
|
|||
/**
|
||||
* DefaultAuthenticationManager: the goal of the authentication manager is to act as a conduit for
|
||||
* authentication requests into different authentication schemes
|
||||
*
|
||||
* <p>
|
||||
* For example, the default implementation can be configured with any number of authenticators and will
|
||||
* sequentially try them for an authenticated result. This allows you to have the standard user/pass
|
||||
* auth procedure followed by authentication based on a known key for 'remember me' type functionality.
|
||||
|
|
@ -50,10 +50,9 @@ import java.util.Map;
|
|||
*/
|
||||
@Service("authenticationManager")
|
||||
public class DefaultAuthenticationManager
|
||||
implements AuthenticationManager
|
||||
{
|
||||
implements AuthenticationManager {
|
||||
|
||||
private Logger log = LoggerFactory.getLogger( getClass() );
|
||||
private Logger log = LoggerFactory.getLogger(getClass());
|
||||
|
||||
private List<Authenticator> authenticators;
|
||||
|
||||
|
|
@ -61,113 +60,96 @@ public class DefaultAuthenticationManager
|
|||
private ApplicationContext applicationContext;
|
||||
|
||||
@Inject
|
||||
@Named( value = "userManager#default" )
|
||||
@Named(value = "userManager#default")
|
||||
private UserManager userManager;
|
||||
|
||||
@SuppressWarnings( "unchecked" )
|
||||
@SuppressWarnings("unchecked")
|
||||
@PostConstruct
|
||||
public void initialize()
|
||||
{
|
||||
public void initialize() {
|
||||
this.authenticators =
|
||||
new ArrayList<Authenticator>( applicationContext.getBeansOfType( Authenticator.class ).values() );
|
||||
new ArrayList<Authenticator>(applicationContext.getBeansOfType(Authenticator.class).values());
|
||||
}
|
||||
|
||||
|
||||
public String getId()
|
||||
{
|
||||
public String getId() {
|
||||
return "Default Authentication Manager - " + this.getClass().getName() + " : managed authenticators - " +
|
||||
knownAuthenticators();
|
||||
knownAuthenticators();
|
||||
}
|
||||
|
||||
public AuthenticationResult authenticate( AuthenticationDataSource source )
|
||||
throws AccountLockedException, AuthenticationException, MustChangePasswordException
|
||||
{
|
||||
if ( authenticators == null || authenticators.size() == 0 )
|
||||
{
|
||||
return ( new AuthenticationResult( false, null, new AuthenticationException(
|
||||
"no valid authenticators, can't authenticate" ) ) );
|
||||
public AuthenticationResult authenticate(AuthenticationDataSource source)
|
||||
throws AccountLockedException, AuthenticationException, MustChangePasswordException {
|
||||
if (authenticators == null || authenticators.size() == 0) {
|
||||
return (new AuthenticationResult(false, null, new AuthenticationException(
|
||||
"no valid authenticators, can't authenticate")));
|
||||
}
|
||||
|
||||
// put AuthenticationResult exceptions in a map
|
||||
List<AuthenticationFailureCause> authnResultErrors = new ArrayList<AuthenticationFailureCause>();
|
||||
for ( Authenticator authenticator : authenticators )
|
||||
{
|
||||
if ( authenticator.isValid() && authenticator.supportsDataSource( source ) )
|
||||
{
|
||||
AuthenticationResult authResult = authenticator.authenticate( source );
|
||||
List<AuthenticationFailureCause> authenticationFailureCauses =
|
||||
authResult.getAuthenticationFailureCauses();
|
||||
for (Authenticator authenticator : authenticators) {
|
||||
if (authenticator.isValid()) {
|
||||
if (authenticator.supportsDataSource(source)) {
|
||||
AuthenticationResult authResult = authenticator.authenticate(source);
|
||||
List<AuthenticationFailureCause> authenticationFailureCauses =
|
||||
authResult.getAuthenticationFailureCauses();
|
||||
|
||||
if ( authResult.isAuthenticated() )
|
||||
{
|
||||
//olamy: as we can chain various user managers with Archiva
|
||||
// user manager authenticator can lock accounts in the following case :
|
||||
// 2 user managers: ldap and jdo.
|
||||
// ldap correctly find the user but cannot compare hashed password
|
||||
// jdo reject password so increase loginAttemptCount
|
||||
// now ldap bind authenticator work but loginAttemptCount has been increased.
|
||||
// so we restore here loginAttemptCount to 0 if in authenticationFailureCauses
|
||||
if (authResult.isAuthenticated()) {
|
||||
//olamy: as we can chain various user managers with Archiva
|
||||
// user manager authenticator can lock accounts in the following case :
|
||||
// 2 user managers: ldap and jdo.
|
||||
// ldap correctly find the user but cannot compare hashed password
|
||||
// jdo reject password so increase loginAttemptCount
|
||||
// now ldap bind authenticator work but loginAttemptCount has been increased.
|
||||
// so we restore here loginAttemptCount to 0 if in authenticationFailureCauses
|
||||
|
||||
for ( AuthenticationFailureCause authenticationFailureCause : authenticationFailureCauses )
|
||||
{
|
||||
User user = authenticationFailureCause.getUser();
|
||||
if ( user != null )
|
||||
{
|
||||
if ( user.getCountFailedLoginAttempts() > 0 )
|
||||
{
|
||||
user.setCountFailedLoginAttempts( 0 );
|
||||
if ( !userManager.isReadOnly() )
|
||||
{
|
||||
try
|
||||
{
|
||||
userManager.updateUser( user );
|
||||
}
|
||||
catch ( UserManagerException e )
|
||||
{
|
||||
log.debug( e.getMessage(), e );
|
||||
log.warn( "skip error updating user: {}", e.getMessage() );
|
||||
for (AuthenticationFailureCause authenticationFailureCause : authenticationFailureCauses) {
|
||||
User user = authenticationFailureCause.getUser();
|
||||
if (user != null) {
|
||||
if (user.getCountFailedLoginAttempts() > 0) {
|
||||
user.setCountFailedLoginAttempts(0);
|
||||
if (!userManager.isReadOnly()) {
|
||||
try {
|
||||
userManager.updateUser(user);
|
||||
} catch (UserManagerException e) {
|
||||
log.debug(e.getMessage(), e);
|
||||
log.warn("skip error updating user: {}", e.getMessage());
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
return authResult;
|
||||
}
|
||||
return authResult;
|
||||
}
|
||||
|
||||
if ( authenticationFailureCauses != null )
|
||||
{
|
||||
authnResultErrors.addAll( authenticationFailureCauses );
|
||||
}
|
||||
else
|
||||
{
|
||||
if ( authResult.getException() != null )
|
||||
{
|
||||
authnResultErrors.add(
|
||||
new AuthenticationFailureCause( AuthenticationConstants.AUTHN_RUNTIME_EXCEPTION,
|
||||
authResult.getException().getMessage() ) );
|
||||
if (authenticationFailureCauses != null) {
|
||||
authnResultErrors.addAll(authenticationFailureCauses);
|
||||
} else {
|
||||
if (authResult.getException() != null) {
|
||||
authnResultErrors.add(
|
||||
new AuthenticationFailureCause(AuthenticationConstants.AUTHN_RUNTIME_EXCEPTION,
|
||||
authResult.getException().getMessage()));
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
|
||||
|
||||
} else {
|
||||
log.warn("Invalid authenticator found: " + authenticator.getId());
|
||||
}
|
||||
}
|
||||
|
||||
return ( new AuthenticationResult( false, null, new AuthenticationException(
|
||||
"authentication failed on authenticators: " + knownAuthenticators() ), authnResultErrors ) );
|
||||
return (new AuthenticationResult(false, null, new AuthenticationException(
|
||||
"authentication failed on authenticators: " + knownAuthenticators()), authnResultErrors));
|
||||
}
|
||||
|
||||
public List<Authenticator> getAuthenticators()
|
||||
{
|
||||
public List<Authenticator> getAuthenticators() {
|
||||
return authenticators;
|
||||
}
|
||||
|
||||
private String knownAuthenticators()
|
||||
{
|
||||
private String knownAuthenticators() {
|
||||
StringBuilder strbuf = new StringBuilder();
|
||||
|
||||
for ( Authenticator authenticator : authenticators )
|
||||
{
|
||||
strbuf.append( '(' ).append( authenticator.getId() ).append( ") " );
|
||||
for (Authenticator authenticator : authenticators) {
|
||||
strbuf.append('(').append(authenticator.getId()).append(") ");
|
||||
}
|
||||
|
||||
return strbuf.toString();
|
||||
|
|
|
|||
|
|
@ -40,6 +40,7 @@ import org.slf4j.Logger;
|
|||
import org.slf4j.LoggerFactory;
|
||||
import org.springframework.stereotype.Service;
|
||||
|
||||
import javax.annotation.PostConstruct;
|
||||
import javax.inject.Inject;
|
||||
import javax.inject.Named;
|
||||
import java.util.ArrayList;
|
||||
|
|
@ -69,6 +70,11 @@ public class UserManagerAuthenticator
|
|||
return "UserManagerAuthenticator";
|
||||
}
|
||||
|
||||
@PostConstruct
|
||||
private void init() {
|
||||
super.valid = true;
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* @throws org.apache.archiva.redback.policy.AccountLockedException
|
||||
|
|
|
|||
|
|
@ -19,7 +19,6 @@ package org.apache.archiva.redback.common.ldap.connection;
|
|||
* under the License.
|
||||
*/
|
||||
|
||||
import com.sun.jndi.ldap.LdapCtxFactory;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
|
||||
|
|
@ -32,6 +31,7 @@ import java.util.Collections;
|
|||
import java.util.Hashtable;
|
||||
import java.util.List;
|
||||
import java.util.Properties;
|
||||
import javax.naming.spi.NamingManager;
|
||||
|
||||
/**
|
||||
* The configuration for a connection will not change.
|
||||
|
|
@ -43,15 +43,6 @@ public class DefaultLdapConnection
|
|||
implements LdapConnection
|
||||
{
|
||||
|
||||
private static LdapCtxFactory ctxFactory;// = new LdapCtxFactory();
|
||||
|
||||
|
||||
static
|
||||
{
|
||||
initCtxFactory();
|
||||
}
|
||||
|
||||
|
||||
private Logger log = LoggerFactory.getLogger( getClass() );
|
||||
|
||||
private LdapConnectionConfiguration config;
|
||||
|
|
@ -60,11 +51,6 @@ public class DefaultLdapConnection
|
|||
|
||||
private List<Rdn> baseDnRdns;
|
||||
|
||||
private static void initCtxFactory()
|
||||
{
|
||||
ctxFactory = new LdapCtxFactory();
|
||||
}
|
||||
|
||||
public DefaultLdapConnection( LdapConnectionConfiguration config, Rdn subRdn )
|
||||
throws LdapException
|
||||
{
|
||||
|
|
@ -92,7 +78,7 @@ public class DefaultLdapConnection
|
|||
|
||||
try
|
||||
{
|
||||
context = (DirContext) ctxFactory.getInitialContext( e );
|
||||
context = (DirContext) NamingManager.getInitialContext( e );
|
||||
}
|
||||
catch ( NamingException ex )
|
||||
{
|
||||
|
|
@ -121,7 +107,7 @@ public class DefaultLdapConnection
|
|||
|
||||
try
|
||||
{
|
||||
context = (DirContext) ctxFactory.getInitialContext( e );
|
||||
context = (DirContext) NamingManager.getInitialContext( e );
|
||||
}
|
||||
catch ( NamingException ex )
|
||||
{
|
||||
|
|
|
|||
|
|
@ -39,6 +39,7 @@ import org.slf4j.Logger;
|
|||
import org.slf4j.LoggerFactory;
|
||||
import org.springframework.stereotype.Service;
|
||||
|
||||
import javax.annotation.PostConstruct;
|
||||
import javax.annotation.Resource;
|
||||
|
||||
/**
|
||||
|
|
@ -59,6 +60,11 @@ public class KeyStoreAuthenticator
|
|||
@Resource(name = "userManager#default")
|
||||
private UserManager userManager;
|
||||
|
||||
@PostConstruct
|
||||
private void init() {
|
||||
super.valid=true;
|
||||
}
|
||||
|
||||
public String getId()
|
||||
{
|
||||
return getClass().getName();
|
||||
|
|
|
|||
|
|
@ -17,10 +17,6 @@ package org.apache.archiva.redback.keys;
|
|||
*/
|
||||
|
||||
import junit.framework.TestCase;
|
||||
import org.apache.archiva.redback.keys.AuthenticationKey;
|
||||
import org.apache.archiva.redback.keys.KeyManager;
|
||||
import org.apache.archiva.redback.keys.KeyManagerException;
|
||||
import org.apache.archiva.redback.keys.KeyNotFoundException;
|
||||
import org.junit.Test;
|
||||
import org.junit.runner.RunWith;
|
||||
import org.springframework.test.context.ContextConfiguration;
|
||||
|
|
|
|||
Loading…
Reference in New Issue