From: <sha...@us...> - 2010-08-31 18:51:57
|
Revision: 12619 http://exist.svn.sourceforge.net/exist/?rev=12619&view=rev Author: shabanovd Date: 2010-08-31 18:51:49 +0000 (Tue, 31 Aug 2010) Log Message: ----------- [feature] LDAP & AD realms read-only authentication Modified Paths: -------------- trunk/eXist/extensions/security/activedirectory/src/org/exist/security/realm/activedirectory/ActiveDirectoryRealm.java trunk/eXist/extensions/security/ldap/src/org/exist/security/realm/ldap/LDAPRealm.java trunk/eXist/extensions/security/ldap/test/org/exist/security/realm/ldap/LDAPRealmTest.java trunk/eXist/extensions/security/openid/src/org/exist/security/openid/servlet/AuthenticatorOpenId.java trunk/eXist/src/org/exist/config/Configurator.java trunk/eXist/src/org/exist/security/SecurityManager.java Added Paths: ----------- trunk/eXist/extensions/security/openid/src/org/exist/security/openid/AccountImpl.java Removed Paths: ------------- trunk/eXist/extensions/security/openid/src/org/exist/security/openid/UserImpl.java Modified: trunk/eXist/extensions/security/activedirectory/src/org/exist/security/realm/activedirectory/ActiveDirectoryRealm.java =================================================================== --- trunk/eXist/extensions/security/activedirectory/src/org/exist/security/realm/activedirectory/ActiveDirectoryRealm.java 2010-08-31 18:16:31 UTC (rev 12618) +++ trunk/eXist/extensions/security/activedirectory/src/org/exist/security/realm/activedirectory/ActiveDirectoryRealm.java 2010-08-31 18:51:49 UTC (rev 12619) @@ -30,8 +30,9 @@ import org.exist.config.annotation.*; import org.exist.security.AuthenticationException; import org.exist.security.Subject; +import org.exist.security.internal.AbstractAccount; import org.exist.security.internal.SecurityManagerImpl; -import org.exist.security.internal.SubjectImpl; +import org.exist.security.internal.SubjectAccreditedImpl; import org.exist.security.internal.AccountImpl; import org.exist.security.realm.ldap.LDAPRealm; import org.exist.security.realm.ldap.LdapContextFactory; @@ -70,7 +71,8 @@ */ @Override public String getId() { - return "ActiveDirectory@" + ((ContextFactory) ensureContextFactory()).getDomain(); + String domain = ((ContextFactory) ensureContextFactory()).getDomain(); + return "ActiveDirectory@" + domain; } /* @@ -123,7 +125,13 @@ } try { - return new SubjectImpl(new AccountImpl(this, username), null); + AbstractAccount account = (AbstractAccount) getAccount(username); + if (account == null) { + account = new AccountImpl(this, username); + //TODO: addAccount(account); + } + + return new SubjectAccreditedImpl(account, ctxGC); } catch (ConfigurationException e) { throw new AuthenticationException( AuthenticationException.UNNOWN_EXCEPTION, Modified: trunk/eXist/extensions/security/ldap/src/org/exist/security/realm/ldap/LDAPRealm.java =================================================================== --- trunk/eXist/extensions/security/ldap/src/org/exist/security/realm/ldap/LDAPRealm.java 2010-08-31 18:16:31 UTC (rev 12618) +++ trunk/eXist/extensions/security/ldap/src/org/exist/security/realm/ldap/LDAPRealm.java 2010-08-31 18:51:49 UTC (rev 12619) @@ -34,9 +34,10 @@ import org.exist.security.PermissionDeniedException; import org.exist.security.Subject; import org.exist.security.Account; +import org.exist.security.internal.AbstractAccount; import org.exist.security.internal.AbstractRealm; import org.exist.security.internal.SecurityManagerImpl; -import org.exist.security.internal.SubjectImpl; +import org.exist.security.internal.SubjectAccreditedImpl; import org.exist.security.internal.AccountImpl; import org.exist.storage.DBBroker; @@ -49,6 +50,8 @@ private final static Logger LOG = Logger.getLogger(LDAPRealm.class); + public static String ID = "LDAP"; + protected LdapContextFactory ldapContextFactory = null; public LDAPRealm(SecurityManagerImpl sm, Configuration config) { @@ -71,20 +74,12 @@ @Override public String getId() { - // TODO Auto-generated method stub - return null; + return ID; } @Override - public boolean updateAccount(Account account) throws PermissionDeniedException, EXistException { - // TODO Auto-generated method stub - return false; - } - - @Override public void startUp(DBBroker broker) throws EXistException { - // TODO Auto-generated method stub - + super.startUp(broker); } public Subject authenticate(String username, Object credentials) throws AuthenticationException { @@ -99,9 +94,15 @@ } finally { LdapUtils.closeContext(ctx); } + + try { + AbstractAccount account = (AbstractAccount) getAccount(username); + if (account == null) { + account = new AccountImpl(this, username); + //TODO: addAccount(account); + } - try { - return new SubjectImpl(new AccountImpl(this, username), null); + return new SubjectAccreditedImpl(account, ctx); } catch (ConfigurationException e) { throw new AuthenticationException( AuthenticationException.UNNOWN_EXCEPTION, @@ -127,25 +128,31 @@ } @Override + public boolean updateAccount(Account account) throws PermissionDeniedException, EXistException { + // TODO Auto-generated method stub + return false; + } + + @Override public boolean deleteAccount(Account account) throws PermissionDeniedException, EXistException { // TODO Auto-generated method stub return false; } @Override - public Group addGroup(Group role) throws PermissionDeniedException, EXistException { + public Group addGroup(Group group) throws PermissionDeniedException, EXistException { // TODO Auto-generated method stub return null; } @Override - public boolean updateGroup(Group role) throws PermissionDeniedException, EXistException { + public boolean updateGroup(Group group) throws PermissionDeniedException, EXistException { // TODO Auto-generated method stub return false; } @Override - public boolean deleteGroup(Group role) throws PermissionDeniedException, EXistException { + public boolean deleteGroup(Group group) throws PermissionDeniedException, EXistException { // TODO Auto-generated method stub return false; } Modified: trunk/eXist/extensions/security/ldap/test/org/exist/security/realm/ldap/LDAPRealmTest.java =================================================================== --- trunk/eXist/extensions/security/ldap/test/org/exist/security/realm/ldap/LDAPRealmTest.java 2010-08-31 18:16:31 UTC (rev 12618) +++ trunk/eXist/extensions/security/ldap/test/org/exist/security/realm/ldap/LDAPRealmTest.java 2010-08-31 18:51:49 UTC (rev 12619) @@ -43,9 +43,9 @@ private static String config = "<LDAP>" + - " <context " + - " principalPattern='cn={0},dc=local' " + - " url='ldap://localhost:389'/>" + + " <context>" + + " <principalPattern>cn={0},dc=local</principalPattern>" + + " <url>ldap://localhost:389</url>" + "</LDAP>"; private static LDAPRealm realm; Copied: trunk/eXist/extensions/security/openid/src/org/exist/security/openid/AccountImpl.java (from rev 12557, trunk/eXist/extensions/security/openid/src/org/exist/security/openid/UserImpl.java) =================================================================== --- trunk/eXist/extensions/security/openid/src/org/exist/security/openid/AccountImpl.java (rev 0) +++ trunk/eXist/extensions/security/openid/src/org/exist/security/openid/AccountImpl.java 2010-08-31 18:51:49 UTC (rev 12619) @@ -0,0 +1,122 @@ +/* + * eXist Open Source Native XML Database + * Copyright (C) 2010 The eXist Project + * http://exist-db.org + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + * + * $Id$ + */ +package org.exist.security.openid; + +import java.lang.Override; +import java.util.HashMap; +import java.util.Map; + +import org.exist.config.ConfigurationException; +import org.exist.security.UserAttributes; +import org.exist.security.internal.AbstractAccount; +import org.exist.security.internal.AbstractRealm; +import org.exist.xmldb.XmldbURI; +import org.openid4java.discovery.Identifier; + +/** + * @author <a href="mailto:sha...@gm...">Dmitriy Shabanov</a> + * + */ +public class AccountImpl extends AbstractAccount { + + Identifier _identifier = null; + + public AccountImpl(AbstractRealm realm, Identifier identifier) throws ConfigurationException { + super(realm, -1, identifier.getIdentifier()); + _identifier = identifier; + } + + @Override + public void setPassword(String passwd) { + } + + @Override + public String getPassword() { + return null; + } + + @Override + public XmldbURI getHome() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getDigestPassword() { + return null; + } + + //TODO: find a place to construct 'full' name + public String getName_() { + String name = ""; + if (attributes.containsKey(UserAttributes.FIRTSNAME)) + name += attributes.get(UserAttributes.FIRTSNAME); + + if (attributes.containsKey(UserAttributes.LASTNAME)) { + if (name != "") name += " "; + name += attributes.get(UserAttributes.LASTNAME); + } + + if (name.equals("")) + name += attributes.get(UserAttributes.FULLNAME); + + if (name.equals("")) + return _identifier.getIdentifier(); + + return name; + } + + private Map<String, Object> attributes = new HashMap<String, Object>(); + + /** + * Add a named attribute. + * + * @param name + * @param value + */ + @Override + public void setAttribute(String name, Object value) { + String id = UserAttributes.alias.get(name); + if (id == null) + attributes.put(name, value); + else + attributes.put(id, value); + } + + /** + * Get the named attribute value. + * + * @param name The String that is the name of the attribute. + * @return The value associated with the name or null if no value is associated with the name. + */ + @Override + public Object getAttribute(String name) { + String id = UserAttributes.alias.get(name); + if (id != null) + return attributes.get(id); + + if (name.equalsIgnoreCase("id")) + return _identifier.getIdentifier(); + + return attributes.get(name); + } +} Deleted: trunk/eXist/extensions/security/openid/src/org/exist/security/openid/UserImpl.java =================================================================== --- trunk/eXist/extensions/security/openid/src/org/exist/security/openid/UserImpl.java 2010-08-31 18:16:31 UTC (rev 12618) +++ trunk/eXist/extensions/security/openid/src/org/exist/security/openid/UserImpl.java 2010-08-31 18:51:49 UTC (rev 12619) @@ -1,127 +0,0 @@ -/* - * eXist Open Source Native XML Database - * Copyright (C) 2010 The eXist Project - * http://exist-db.org - * - * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public License - * as published by the Free Software Foundation; either version 2 - * of the License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - * - * $Id$ - */ -package org.exist.security.openid; - -import java.lang.Override; -import java.util.HashMap; -import java.util.Map; -import java.util.Set; - -import org.exist.config.Configuration; -import org.exist.config.ConfigurationException; -import org.exist.security.Group; -import org.exist.security.UserAttributes; -import org.exist.security.Account; -import org.exist.security.internal.AbstractAccount; -import org.exist.security.internal.AbstractRealm; -import org.exist.security.realm.Realm; -import org.exist.xmldb.XmldbURI; -import org.openid4java.discovery.Identifier; - -/** - * @author <a href="mailto:sha...@gm...">Dmitriy Shabanov</a> - * - */ -public class UserImpl extends AbstractAccount { - - Identifier _identifier = null; - - public UserImpl(AbstractRealm realm, Identifier identifier) throws ConfigurationException { - super(realm, -1, identifier.getIdentifier()); - _identifier = identifier; - } - - @Override - public void setPassword(String passwd) { - } - - @Override - public String getPassword() { - return null; - } - - @Override - public XmldbURI getHome() { - // TODO Auto-generated method stub - return null; - } - - @Override - public String getDigestPassword() { - return null; - } - - //TODO: find a place to construct 'full' name - public String getName_() { - String name = ""; - if (attributes.containsKey(UserAttributes.FIRTSNAME)) - name += attributes.get(UserAttributes.FIRTSNAME); - - if (attributes.containsKey(UserAttributes.LASTNAME)) { - if (name != "") name += " "; - name += attributes.get(UserAttributes.LASTNAME); - } - - if (name.equals("")) - name += attributes.get(UserAttributes.FULLNAME); - - if (name.equals("")) - return _identifier.getIdentifier(); - - return name; - } - - private Map<String, Object> attributes = new HashMap<String, Object>(); - - /** - * Add a named attribute. - * - * @param name - * @param value - */ - @Override - public void setAttribute(String name, Object value) { - String id = UserAttributes.alias.get(name); - if (id == null) - attributes.put(name, value); - else - attributes.put(id, value); - } - - /** - * Get the named attribute value. - * - * @param name The String that is the name of the attribute. - * @return The value associated with the name or null if no value is associated with the name. - */ - @Override - public Object getAttribute(String name) { - String id = UserAttributes.alias.get(name); - if (id != null) - return attributes.get(id); - - if (name.equalsIgnoreCase("id")) - return _identifier.getIdentifier(); - - return attributes.get(name); - } -} Modified: trunk/eXist/extensions/security/openid/src/org/exist/security/openid/servlet/AuthenticatorOpenId.java =================================================================== --- trunk/eXist/extensions/security/openid/src/org/exist/security/openid/servlet/AuthenticatorOpenId.java 2010-08-31 18:16:31 UTC (rev 12618) +++ trunk/eXist/extensions/security/openid/src/org/exist/security/openid/servlet/AuthenticatorOpenId.java 2010-08-31 18:51:49 UTC (rev 12619) @@ -40,10 +40,11 @@ import org.exist.security.UserAttributes; import org.exist.security.Account; import org.exist.security.internal.AbstractRealm; +import org.exist.security.internal.SubjectAccreditedImpl; import org.exist.security.internal.SubjectImpl; import org.exist.security.openid.OpenIDUtility; import org.exist.security.openid.SessionAuthentication; -import org.exist.security.openid.UserImpl; +import org.exist.security.openid.AccountImpl; import org.exist.xquery.util.HTTPUtils; import org.openid4java.OpenIDException; import org.openid4java.association.AssociationSessionType; @@ -299,7 +300,7 @@ Identifier verified = verification.getVerifiedId(); if (verified != null) { // success - org.exist.security.Subject principal = new SubjectImpl(new UserImpl(openIDrealm, verified), null); + org.exist.security.Subject principal = new SubjectAccreditedImpl(new AccountImpl(openIDrealm, verified), verified); AuthSuccess authSuccess = (AuthSuccess) verification.getAuthResponse(); authSuccess.getExtensions(); Modified: trunk/eXist/src/org/exist/config/Configurator.java =================================================================== --- trunk/eXist/src/org/exist/config/Configurator.java 2010-08-31 18:16:31 UTC (rev 12618) +++ trunk/eXist/src/org/exist/config/Configurator.java 2010-08-31 18:51:49 UTC (rev 12619) @@ -33,8 +33,6 @@ import java.lang.reflect.Field; import java.lang.reflect.InvocationTargetException; import java.lang.reflect.Method; -import java.lang.reflect.ParameterizedType; -import java.lang.reflect.Type; import java.util.ArrayList; import java.util.HashMap; import java.util.Iterator; @@ -260,16 +258,6 @@ String typeName = field.getType().getName(); if (typeName.equals("java.util.List")) { - System.out.print("Field: " + field.getName() + " - "); - Type type = field.getGenericType(); - if (type instanceof ParameterizedType) { - ParameterizedType pType = (ParameterizedType)type; - System.out.print("Raw type: " + pType.getRawType() + " - "); - System.out.println("Type args: " + pType.getActualTypeArguments()[0]); - } else { - System.out.println("Type: " + field.getType()); - } - if (!field.isAnnotationPresent(ConfigurationFieldAsElement.class)) { LOG.warn("Wrong annotation for strucure: "+field.getName()+", list can't be configurated throw attribute."); continue; Modified: trunk/eXist/src/org/exist/security/SecurityManager.java =================================================================== --- trunk/eXist/src/org/exist/security/SecurityManager.java 2010-08-31 18:16:31 UTC (rev 12618) +++ trunk/eXist/src/org/exist/security/SecurityManager.java 2010-08-31 18:51:49 UTC (rev 12619) @@ -49,6 +49,7 @@ public final static XmldbURI SECURITY_COLLETION_URI = XmldbURI.SYSTEM_COLLECTION_URI.append("security"); public final static XmldbURI CONFIG_FILE_URI = XmldbURI.create("config.xml"); + public final static String SYSTEM = "SYSTEM"; public final static String DBA_GROUP = "dba"; public final static String DBA_USER = "admin"; public final static String GUEST_GROUP = "guest"; This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |