From c49cb230eb9610e88b54de1a9d7f8ddcb91bea70 Mon Sep 17 00:00:00 2001 From: olivier lamy Date: Wed, 28 Sep 2016 12:44:40 +1000 Subject: [PATCH 1/4] unused imports Signed-off-by: olivier lamy --- .../org/apache/archiva/redback/keys/KeyManagerTestCase.java | 4 ---- 1 file changed, 4 deletions(-) diff --git a/redback-keys/redback-keys-tests/src/main/java/org/apache/archiva/redback/keys/KeyManagerTestCase.java b/redback-keys/redback-keys-tests/src/main/java/org/apache/archiva/redback/keys/KeyManagerTestCase.java index f5e8afe1..1cf154f2 100644 --- a/redback-keys/redback-keys-tests/src/main/java/org/apache/archiva/redback/keys/KeyManagerTestCase.java +++ b/redback-keys/redback-keys-tests/src/main/java/org/apache/archiva/redback/keys/KeyManagerTestCase.java @@ -17,10 +17,6 @@ package org.apache.archiva.redback.keys; */ import junit.framework.TestCase; -import org.apache.archiva.redback.keys.AuthenticationKey; -import org.apache.archiva.redback.keys.KeyManager; -import org.apache.archiva.redback.keys.KeyManagerException; -import org.apache.archiva.redback.keys.KeyNotFoundException; import org.junit.Test; import org.junit.runner.RunWith; import org.springframework.test.context.ContextConfiguration; From c9ca73b94cb294a6d87bbaf75560293744f5e7fe Mon Sep 17 00:00:00 2001 From: Ciprian Ciubotariu Date: Mon, 3 Oct 2016 18:32:52 +0300 Subject: [PATCH 2/4] Use NamingManager instead of LdapCtxFactory Fixes deprecation warnings on LdapCtxFactory --- .../connection/DefaultLdapConnection.java | 20 +++---------------- 1 file changed, 3 insertions(+), 17 deletions(-) diff --git a/redback-common/redback-common-ldap/src/main/java/org/apache/archiva/redback/common/ldap/connection/DefaultLdapConnection.java b/redback-common/redback-common-ldap/src/main/java/org/apache/archiva/redback/common/ldap/connection/DefaultLdapConnection.java index 83f01269..1a6c5555 100644 --- a/redback-common/redback-common-ldap/src/main/java/org/apache/archiva/redback/common/ldap/connection/DefaultLdapConnection.java +++ b/redback-common/redback-common-ldap/src/main/java/org/apache/archiva/redback/common/ldap/connection/DefaultLdapConnection.java @@ -19,7 +19,6 @@ package org.apache.archiva.redback.common.ldap.connection; * under the License. */ -import com.sun.jndi.ldap.LdapCtxFactory; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -32,6 +31,7 @@ import java.util.Collections; import java.util.Hashtable; import java.util.List; import java.util.Properties; +import javax.naming.spi.NamingManager; /** * The configuration for a connection will not change. @@ -43,15 +43,6 @@ public class DefaultLdapConnection implements LdapConnection { - private static LdapCtxFactory ctxFactory;// = new LdapCtxFactory(); - - - static - { - initCtxFactory(); - } - - private Logger log = LoggerFactory.getLogger( getClass() ); private LdapConnectionConfiguration config; @@ -60,11 +51,6 @@ public class DefaultLdapConnection private List baseDnRdns; - private static void initCtxFactory() - { - ctxFactory = new LdapCtxFactory(); - } - public DefaultLdapConnection( LdapConnectionConfiguration config, Rdn subRdn ) throws LdapException { @@ -92,7 +78,7 @@ public class DefaultLdapConnection try { - context = (DirContext) ctxFactory.getInitialContext( e ); + context = (DirContext) NamingManager.getInitialContext( e ); } catch ( NamingException ex ) { @@ -121,7 +107,7 @@ public class DefaultLdapConnection try { - context = (DirContext) ctxFactory.getInitialContext( e ); + context = (DirContext) NamingManager.getInitialContext( e ); } catch ( NamingException ex ) { From 2aa6cdf6c6c89684a04f2f357dabad65c2fb9627 Mon Sep 17 00:00:00 2001 From: Martin Stockhammer Date: Mon, 3 Oct 2016 19:36:13 +0200 Subject: [PATCH 3/4] Adding flag for authenticator to avoid autowiring exceptions Adds a isValid() method to the authenticator to avoid exceptions during initialization. --- .../authentication/AbstractAuthenticator.java | 8 +++++++- .../redback/authentication/Authenticator.java | 2 ++ .../DefaultAuthenticationManager.java | 2 +- .../authentication/ldap/LdapBindAuthenticator.java | 5 +++++ .../ConfigurableLdapConnectionFactory.java | 13 ++++++++++++- .../ldap/connection/LdapConnectionFactory.java | 2 ++ 6 files changed, 29 insertions(+), 3 deletions(-) diff --git a/redback-authentication/redback-authentication-api/src/main/java/org/apache/archiva/redback/authentication/AbstractAuthenticator.java b/redback-authentication/redback-authentication-api/src/main/java/org/apache/archiva/redback/authentication/AbstractAuthenticator.java index 1c80bc3c..80d1918f 100644 --- a/redback-authentication/redback-authentication-api/src/main/java/org/apache/archiva/redback/authentication/AbstractAuthenticator.java +++ b/redback-authentication/redback-authentication-api/src/main/java/org/apache/archiva/redback/authentication/AbstractAuthenticator.java @@ -24,9 +24,15 @@ package org.apache.archiva.redback.authentication; public abstract class AbstractAuthenticator implements Authenticator { + protected boolean valid = false; + public void initialize() throws AuthenticationException { - // no op + valid = true; + } + + public boolean isValid() { + return valid; } } diff --git a/redback-authentication/redback-authentication-api/src/main/java/org/apache/archiva/redback/authentication/Authenticator.java b/redback-authentication/redback-authentication-api/src/main/java/org/apache/archiva/redback/authentication/Authenticator.java index 6efe11ca..ce997573 100644 --- a/redback-authentication/redback-authentication-api/src/main/java/org/apache/archiva/redback/authentication/Authenticator.java +++ b/redback-authentication/redback-authentication-api/src/main/java/org/apache/archiva/redback/authentication/Authenticator.java @@ -38,4 +38,6 @@ public interface Authenticator throws AccountLockedException, AuthenticationException, MustChangePasswordException; void initialize() throws AuthenticationException; + + boolean isValid(); } diff --git a/redback-authentication/redback-authentication-api/src/main/java/org/apache/archiva/redback/authentication/DefaultAuthenticationManager.java b/redback-authentication/redback-authentication-api/src/main/java/org/apache/archiva/redback/authentication/DefaultAuthenticationManager.java index d5342bff..bda32762 100644 --- a/redback-authentication/redback-authentication-api/src/main/java/org/apache/archiva/redback/authentication/DefaultAuthenticationManager.java +++ b/redback-authentication/redback-authentication-api/src/main/java/org/apache/archiva/redback/authentication/DefaultAuthenticationManager.java @@ -92,7 +92,7 @@ public class DefaultAuthenticationManager List authnResultErrors = new ArrayList(); for ( Authenticator authenticator : authenticators ) { - if ( authenticator.supportsDataSource( source ) ) + if ( authenticator.isValid() && authenticator.supportsDataSource( source ) ) { AuthenticationResult authResult = authenticator.authenticate( source ); List authenticationFailureCauses = diff --git a/redback-authentication/redback-authentication-providers/redback-authentication-ldap/src/main/java/org/apache/archiva/redback/authentication/ldap/LdapBindAuthenticator.java b/redback-authentication/redback-authentication-providers/redback-authentication-ldap/src/main/java/org/apache/archiva/redback/authentication/ldap/LdapBindAuthenticator.java index 648b2f9b..fedae347 100644 --- a/redback-authentication/redback-authentication-providers/redback-authentication-ldap/src/main/java/org/apache/archiva/redback/authentication/ldap/LdapBindAuthenticator.java +++ b/redback-authentication/redback-authentication-providers/redback-authentication-ldap/src/main/java/org/apache/archiva/redback/authentication/ldap/LdapBindAuthenticator.java @@ -208,4 +208,9 @@ public class LdapBindAuthenticator log.warn( "skip exception closing naming search result {}", e.getMessage() ); } } + + @Override + public boolean isValid() { + return connectionFactory.isValid(); + } } diff --git a/redback-common/redback-common-ldap/src/main/java/org/apache/archiva/redback/common/ldap/connection/ConfigurableLdapConnectionFactory.java b/redback-common/redback-common-ldap/src/main/java/org/apache/archiva/redback/common/ldap/connection/ConfigurableLdapConnectionFactory.java index 4aab487d..2340cc5e 100644 --- a/redback-common/redback-common-ldap/src/main/java/org/apache/archiva/redback/common/ldap/connection/ConfigurableLdapConnectionFactory.java +++ b/redback-common/redback-common-ldap/src/main/java/org/apache/archiva/redback/common/ldap/connection/ConfigurableLdapConnectionFactory.java @@ -21,6 +21,8 @@ package org.apache.archiva.redback.common.ldap.connection; import org.apache.archiva.redback.configuration.UserConfiguration; import org.apache.archiva.redback.configuration.UserConfigurationKeys; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; import org.springframework.stereotype.Service; import javax.annotation.PostConstruct; @@ -41,6 +43,8 @@ public class ConfigurableLdapConnectionFactory implements LdapConnectionFactory { + private final Logger log = LoggerFactory.getLogger(ConfigurableLdapConnectionFactory.class); + private String hostname; private int port; @@ -61,6 +65,8 @@ public class ConfigurableLdapConnectionFactory private LdapConnectionConfiguration ldapConnectionConfiguration; + private boolean valid = false; + @Inject @Named(value = "userConfiguration#default") @@ -90,10 +96,11 @@ public class ConfigurableLdapConnectionFactory ldapConnectionConfiguration.setAuthenticationMethod( userConf.getString( UserConfigurationKeys.LDAP_AUTHENTICATION_METHOD, authenticationMethod ) ); ldapConnectionConfiguration.setExtraProperties( extraProperties ); + valid = true; } catch ( InvalidNameException e ) { - throw new RuntimeException( "Error while initializing connection factory.", e ); + log.error("Error during initialization of LdapConnectionFactory "+e.getMessage(),e); } } @@ -266,4 +273,8 @@ public class ConfigurableLdapConnectionFactory { this.userConf = userConf; } + + public boolean isValid() { + return valid; + } } diff --git a/redback-common/redback-common-ldap/src/main/java/org/apache/archiva/redback/common/ldap/connection/LdapConnectionFactory.java b/redback-common/redback-common-ldap/src/main/java/org/apache/archiva/redback/common/ldap/connection/LdapConnectionFactory.java index d81b3e23..4d6ec030 100644 --- a/redback-common/redback-common-ldap/src/main/java/org/apache/archiva/redback/common/ldap/connection/LdapConnectionFactory.java +++ b/redback-common/redback-common-ldap/src/main/java/org/apache/archiva/redback/common/ldap/connection/LdapConnectionFactory.java @@ -51,4 +51,6 @@ public interface LdapConnectionFactory void initialize(); + public boolean isValid(); + } From 78d822d145a6bfd6450e4f837a79e363c9d83bd0 Mon Sep 17 00:00:00 2001 From: Martin Stockhammer Date: Sun, 16 Oct 2016 16:49:38 +0200 Subject: [PATCH 4/4] Fixing validation error in unit tests --- .../DefaultAuthenticationManager.java | 136 ++++++++---------- .../users/UserManagerAuthenticator.java | 6 + .../keystore/KeyStoreAuthenticator.java | 6 + 3 files changed, 71 insertions(+), 77 deletions(-) diff --git a/redback-authentication/redback-authentication-api/src/main/java/org/apache/archiva/redback/authentication/DefaultAuthenticationManager.java b/redback-authentication/redback-authentication-api/src/main/java/org/apache/archiva/redback/authentication/DefaultAuthenticationManager.java index bda32762..1bc47707 100644 --- a/redback-authentication/redback-authentication-api/src/main/java/org/apache/archiva/redback/authentication/DefaultAuthenticationManager.java +++ b/redback-authentication/redback-authentication-api/src/main/java/org/apache/archiva/redback/authentication/DefaultAuthenticationManager.java @@ -41,7 +41,7 @@ import java.util.Map; /** * DefaultAuthenticationManager: the goal of the authentication manager is to act as a conduit for * authentication requests into different authentication schemes - * + *

* For example, the default implementation can be configured with any number of authenticators and will * sequentially try them for an authenticated result. This allows you to have the standard user/pass * auth procedure followed by authentication based on a known key for 'remember me' type functionality. @@ -50,10 +50,9 @@ import java.util.Map; */ @Service("authenticationManager") public class DefaultAuthenticationManager - implements AuthenticationManager -{ + implements AuthenticationManager { - private Logger log = LoggerFactory.getLogger( getClass() ); + private Logger log = LoggerFactory.getLogger(getClass()); private List authenticators; @@ -61,113 +60,96 @@ public class DefaultAuthenticationManager private ApplicationContext applicationContext; @Inject - @Named( value = "userManager#default" ) + @Named(value = "userManager#default") private UserManager userManager; - @SuppressWarnings( "unchecked" ) + @SuppressWarnings("unchecked") @PostConstruct - public void initialize() - { + public void initialize() { this.authenticators = - new ArrayList( applicationContext.getBeansOfType( Authenticator.class ).values() ); + new ArrayList(applicationContext.getBeansOfType(Authenticator.class).values()); } - public String getId() - { + public String getId() { return "Default Authentication Manager - " + this.getClass().getName() + " : managed authenticators - " + - knownAuthenticators(); + knownAuthenticators(); } - public AuthenticationResult authenticate( AuthenticationDataSource source ) - throws AccountLockedException, AuthenticationException, MustChangePasswordException - { - if ( authenticators == null || authenticators.size() == 0 ) - { - return ( new AuthenticationResult( false, null, new AuthenticationException( - "no valid authenticators, can't authenticate" ) ) ); + public AuthenticationResult authenticate(AuthenticationDataSource source) + throws AccountLockedException, AuthenticationException, MustChangePasswordException { + if (authenticators == null || authenticators.size() == 0) { + return (new AuthenticationResult(false, null, new AuthenticationException( + "no valid authenticators, can't authenticate"))); } // put AuthenticationResult exceptions in a map List authnResultErrors = new ArrayList(); - for ( Authenticator authenticator : authenticators ) - { - if ( authenticator.isValid() && authenticator.supportsDataSource( source ) ) - { - AuthenticationResult authResult = authenticator.authenticate( source ); - List authenticationFailureCauses = - authResult.getAuthenticationFailureCauses(); + for (Authenticator authenticator : authenticators) { + if (authenticator.isValid()) { + if (authenticator.supportsDataSource(source)) { + AuthenticationResult authResult = authenticator.authenticate(source); + List authenticationFailureCauses = + authResult.getAuthenticationFailureCauses(); - if ( authResult.isAuthenticated() ) - { - //olamy: as we can chain various user managers with Archiva - // user manager authenticator can lock accounts in the following case : - // 2 user managers: ldap and jdo. - // ldap correctly find the user but cannot compare hashed password - // jdo reject password so increase loginAttemptCount - // now ldap bind authenticator work but loginAttemptCount has been increased. - // so we restore here loginAttemptCount to 0 if in authenticationFailureCauses + if (authResult.isAuthenticated()) { + //olamy: as we can chain various user managers with Archiva + // user manager authenticator can lock accounts in the following case : + // 2 user managers: ldap and jdo. + // ldap correctly find the user but cannot compare hashed password + // jdo reject password so increase loginAttemptCount + // now ldap bind authenticator work but loginAttemptCount has been increased. + // so we restore here loginAttemptCount to 0 if in authenticationFailureCauses - for ( AuthenticationFailureCause authenticationFailureCause : authenticationFailureCauses ) - { - User user = authenticationFailureCause.getUser(); - if ( user != null ) - { - if ( user.getCountFailedLoginAttempts() > 0 ) - { - user.setCountFailedLoginAttempts( 0 ); - if ( !userManager.isReadOnly() ) - { - try - { - userManager.updateUser( user ); - } - catch ( UserManagerException e ) - { - log.debug( e.getMessage(), e ); - log.warn( "skip error updating user: {}", e.getMessage() ); + for (AuthenticationFailureCause authenticationFailureCause : authenticationFailureCauses) { + User user = authenticationFailureCause.getUser(); + if (user != null) { + if (user.getCountFailedLoginAttempts() > 0) { + user.setCountFailedLoginAttempts(0); + if (!userManager.isReadOnly()) { + try { + userManager.updateUser(user); + } catch (UserManagerException e) { + log.debug(e.getMessage(), e); + log.warn("skip error updating user: {}", e.getMessage()); + } } } } } + return authResult; } - return authResult; - } - if ( authenticationFailureCauses != null ) - { - authnResultErrors.addAll( authenticationFailureCauses ); - } - else - { - if ( authResult.getException() != null ) - { - authnResultErrors.add( - new AuthenticationFailureCause( AuthenticationConstants.AUTHN_RUNTIME_EXCEPTION, - authResult.getException().getMessage() ) ); + if (authenticationFailureCauses != null) { + authnResultErrors.addAll(authenticationFailureCauses); + } else { + if (authResult.getException() != null) { + authnResultErrors.add( + new AuthenticationFailureCause(AuthenticationConstants.AUTHN_RUNTIME_EXCEPTION, + authResult.getException().getMessage())); + } } + + } - - + } else { + log.warn("Invalid authenticator found: " + authenticator.getId()); } } - return ( new AuthenticationResult( false, null, new AuthenticationException( - "authentication failed on authenticators: " + knownAuthenticators() ), authnResultErrors ) ); + return (new AuthenticationResult(false, null, new AuthenticationException( + "authentication failed on authenticators: " + knownAuthenticators()), authnResultErrors)); } - public List getAuthenticators() - { + public List getAuthenticators() { return authenticators; } - private String knownAuthenticators() - { + private String knownAuthenticators() { StringBuilder strbuf = new StringBuilder(); - for ( Authenticator authenticator : authenticators ) - { - strbuf.append( '(' ).append( authenticator.getId() ).append( ") " ); + for (Authenticator authenticator : authenticators) { + strbuf.append('(').append(authenticator.getId()).append(") "); } return strbuf.toString(); diff --git a/redback-authentication/redback-authentication-providers/redback-authentication-users/src/main/java/org/apache/archiva/redback/authentication/users/UserManagerAuthenticator.java b/redback-authentication/redback-authentication-providers/redback-authentication-users/src/main/java/org/apache/archiva/redback/authentication/users/UserManagerAuthenticator.java index 567b7b3f..ed9e33ae 100644 --- a/redback-authentication/redback-authentication-providers/redback-authentication-users/src/main/java/org/apache/archiva/redback/authentication/users/UserManagerAuthenticator.java +++ b/redback-authentication/redback-authentication-providers/redback-authentication-users/src/main/java/org/apache/archiva/redback/authentication/users/UserManagerAuthenticator.java @@ -40,6 +40,7 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.stereotype.Service; +import javax.annotation.PostConstruct; import javax.inject.Inject; import javax.inject.Named; import java.util.ArrayList; @@ -69,6 +70,11 @@ public class UserManagerAuthenticator return "UserManagerAuthenticator"; } + @PostConstruct + private void init() { + super.valid = true; + } + /** * @throws org.apache.archiva.redback.policy.AccountLockedException diff --git a/redback-keys/redback-authentication-keys/src/main/java/org/apache/archiva/redback/authentication/keystore/KeyStoreAuthenticator.java b/redback-keys/redback-authentication-keys/src/main/java/org/apache/archiva/redback/authentication/keystore/KeyStoreAuthenticator.java index 51a9d31f..931c6100 100644 --- a/redback-keys/redback-authentication-keys/src/main/java/org/apache/archiva/redback/authentication/keystore/KeyStoreAuthenticator.java +++ b/redback-keys/redback-authentication-keys/src/main/java/org/apache/archiva/redback/authentication/keystore/KeyStoreAuthenticator.java @@ -39,6 +39,7 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.stereotype.Service; +import javax.annotation.PostConstruct; import javax.annotation.Resource; /** @@ -59,6 +60,11 @@ public class KeyStoreAuthenticator @Resource(name = "userManager#default") private UserManager userManager; + @PostConstruct + private void init() { + super.valid=true; + } + public String getId() { return getClass().getName();