From: <cl...@hy...> - 2008-06-27 09:15:59
|
Author: clee Date: 2008-06-27 02:15:51 -0700 (Fri, 27 Jun 2008) New Revision: 9917 URL: http://svn.hyperic.org/?view=rev&root=Hyperic+HQ&revision=9917 Modified: branches/HQ_3_2/src/org/hyperic/hq/auth/server/session/AuthManagerEJBImpl.java branches/HQ_3_2/src/org/hyperic/hq/bizapp/server/session/AuthBossEJBImpl.java branches/HQ_3_2/src/org/hyperic/hq/dao/PrincipalDAO.java branches/HQ_3_2/src/org/hyperic/hq/hqu/rendit_sys/helpers/UserHelper.groovy branches/HQ_3_2/src/org/hyperic/hq/hqu/rendit_sys/metaclass/AuthzSubjectCategory.groovy Log: [HHQ-2027] Allow passwords to be manipulated by the hashed value Modified: branches/HQ_3_2/src/org/hyperic/hq/auth/server/session/AuthManagerEJBImpl.java =================================================================== --- branches/HQ_3_2/src/org/hyperic/hq/auth/server/session/AuthManagerEJBImpl.java 2008-06-27 06:32:33 UTC (rev 9916) +++ branches/HQ_3_2/src/org/hyperic/hq/auth/server/session/AuthManagerEJBImpl.java 2008-06-27 09:15:51 UTC (rev 9917) @@ -25,11 +25,6 @@ package org.hyperic.hq.auth.server.session; -import java.util.ArrayList; -import java.util.Collection; -import java.util.HashMap; -import java.util.Iterator; - import javax.ejb.CreateException; import javax.ejb.SessionBean; import javax.ejb.SessionContext; @@ -74,6 +69,11 @@ public AuthManagerEJBImpl() {} + private PrincipalDAO getPrincipalDAO() { + return new PrincipalDAO(DAOFactory.getDAOFactory()); + } + + private boolean isReady() { return ProductManagerEJBImpl.getOne().isReady(); } @@ -184,8 +184,10 @@ public void addUser(AuthzSubjectValue subject, String username, String password) { - PrincipalDAO lhome = DAOFactory.getDAOFactory().getPrincipalDAO(); - lhome.create(username, password); + // All passwords are stored encrypted + String passwordHash = Util.createPasswordHash("MD5", "base64", + null, null, password); + getPrincipalDAO().create(username, passwordHash); } /** @@ -208,8 +210,7 @@ // peeps with modifyUsers can modify other AuthzSubjectManagerEJBImpl.getOne().checkModifyUsers(subject); } - PrincipalDAO lhome = DAOFactory.getDAOFactory().getPrincipalDAO(); - Principal local = lhome.findByUsername(username); + Principal local = getPrincipalDAO().findByUsername(username); // hash the password as is done in ejbCreate. Fixes 4661 String hash = Util.createPasswordHash("MD5", "base64", null, null, password); @@ -217,6 +218,35 @@ } /** + * Change the hashed password for a user. + * + * @param subject The subject of the currently logged in user + * @param username The username whose password will be changed. + * @param password The new password for this user + * + * @ejb:interface-method + * @ejb:transaction type="REQUIRED" + */ + public void changePasswordHash(AuthzSubjectValue subject, String username, + String hash) + throws PermissionException + { + // AUTHZ check + if(!subject.getName().equals(username)) { + // users can change their own passwords... only + // peeps with modifyUsers can modify other + AuthzSubjectManagerEJBImpl.getOne().checkModifyUsers(subject); + } + PrincipalDAO dao = getPrincipalDAO(); + Principal local = dao.findByUsername(username); + if (local != null) + local.setPassword(hash); + else + dao.create(username, hash); + } + + + /** * Delete a user from the internal database * * @param subject The subject of the currently logged in user @@ -226,7 +256,7 @@ * @ejb:transaction type="REQUIRED" */ public void deleteUser(AuthzSubjectValue subject, String username) { - PrincipalDAO lhome = DAOFactory.getDAOFactory().getPrincipalDAO(); + PrincipalDAO lhome = getPrincipalDAO(); Principal local = lhome.findByUsername(username); // Principal does not exist for users authenticated by other JAAS @@ -246,30 +276,19 @@ * @ejb:transaction type="Required" */ public boolean isUser(AuthzSubjectValue subject, String username) { - PrincipalDAO lhome = DAOFactory.getDAOFactory().getPrincipalDAO(); - return lhome.findByUsername(username) != null; + return getPrincipalDAO().findByUsername(username) != null; } /** - * Get a collection of all users + * Get the principle of a user * - * @param subject The subject of the currently logged in user + * @param subject The subject for whom to return the principle * * @ejb:interface-method * @ejb:transaction type="Required" */ - public Collection getAllUsers(AuthzSubjectValue subject) { - PrincipalDAO lhome = DAOFactory.getDAOFactory().getPrincipalDAO(); - - Collection principals = lhome.findAllUsers(); - Collection users = new ArrayList(); - - for (Iterator i = principals.iterator(); i.hasNext();) { - Principal p = (Principal)i.next(); - users.add(p.getPrincipal()); - } - - return users; + public Principal getPrincipal(AuthzSubject subject) { + return getPrincipalDAO().findByUsername(subject.getName()); } public static AuthManagerLocal getOne() { Modified: branches/HQ_3_2/src/org/hyperic/hq/bizapp/server/session/AuthBossEJBImpl.java =================================================================== --- branches/HQ_3_2/src/org/hyperic/hq/bizapp/server/session/AuthBossEJBImpl.java 2008-06-27 06:32:33 UTC (rev 9916) +++ branches/HQ_3_2/src/org/hyperic/hq/bizapp/server/session/AuthBossEJBImpl.java 2008-06-27 09:15:51 UTC (rev 9917) @@ -179,18 +179,6 @@ } /** - * Get a collection of all users - * - * @ejb:interface-method - */ - public Collection getAllUsers(int sessionID) - throws SessionException - { - AuthzSubjectValue subject = manager.getSubject(sessionID); - return getAuthManager().getAllUsers(subject); - } - - /** * @ejb:create-method */ public void ejbCreate() {} Modified: branches/HQ_3_2/src/org/hyperic/hq/dao/PrincipalDAO.java =================================================================== --- branches/HQ_3_2/src/org/hyperic/hq/dao/PrincipalDAO.java 2008-06-27 06:32:33 UTC (rev 9916) +++ branches/HQ_3_2/src/org/hyperic/hq/dao/PrincipalDAO.java 2008-06-27 09:15:51 UTC (rev 9917) @@ -29,7 +29,6 @@ import org.hyperic.dao.DAOFactory; import org.hyperic.hq.auth.Principal; -import org.jboss.security.Util; /** * @@ -55,11 +54,8 @@ super.remove(entity); } - public Principal create(String principal, String password) + public Principal create(String principal, String passwordHash) { - // All passwords are stored encrypted - String passwordHash = Util.createPasswordHash("MD5", "base64", - null, null, password); Principal p = new Principal(); p.setPrincipal(principal); Modified: branches/HQ_3_2/src/org/hyperic/hq/hqu/rendit_sys/helpers/UserHelper.groovy =================================================================== --- branches/HQ_3_2/src/org/hyperic/hq/hqu/rendit_sys/helpers/UserHelper.groovy 2008-06-27 06:32:33 UTC (rev 9916) +++ branches/HQ_3_2/src/org/hyperic/hq/hqu/rendit_sys/helpers/UserHelper.groovy 2008-06-27 09:15:51 UTC (rev 9917) @@ -1,5 +1,6 @@ package org.hyperic.hq.hqu.rendit.helpers +import org.hyperic.hq.auth.server.session.AuthManagerEJBImpl import org.hyperic.hq.authz.server.session.AuthzSubject import org.hyperic.hq.authz.server.session.AuthzSubjectManagerEJBImpl as SubjectMan import org.hyperic.hq.authz.shared.AuthzSubjectValue @@ -35,18 +36,28 @@ * Create a user * @return a {@link AuthzSubject}s */ - public createUser(userName, active, dsn, dept, email, first, last, phone, sms, html) { - subjectMan.createSubject(userValue, userName, active, dsn, dept, email, first, last, phone, sms, - html) + public createUser(userName, active, dsn, dept, email, first, last, phone, + sms, html) { + subjectMan.createSubject(userValue, userName, active, dsn, dept, email, + first, last, phone, sms, html) } /** * Update a user * @return a {@link AuthzSubject}s */ - public updateUser(found, active, dsn, dept, email, first, last, phone, sms, html) { - subjectMan.updateSubject(user, found, active, dsn, dept, email, first, last, phone, sms, html) + public updateUser(found, active, dsn, dept, email, first, last, phone, sms, + html) { + subjectMan.updateSubject(user, found, active, dsn, dept, email, first, + last, phone, sms, html) } + + /** + * Update a user's password + */ + public updateUserPassword(subject, password) { + AuthManagerEJBImpl.one.changePasswordHash(userValue, subject, password) + } /** * Remove a user from database Modified: branches/HQ_3_2/src/org/hyperic/hq/hqu/rendit_sys/metaclass/AuthzSubjectCategory.groovy =================================================================== --- branches/HQ_3_2/src/org/hyperic/hq/hqu/rendit_sys/metaclass/AuthzSubjectCategory.groovy 2008-06-27 06:32:33 UTC (rev 9916) +++ branches/HQ_3_2/src/org/hyperic/hq/hqu/rendit_sys/metaclass/AuthzSubjectCategory.groovy 2008-06-27 09:15:51 UTC (rev 9917) @@ -1,5 +1,6 @@ package org.hyperic.hq.hqu.rendit.metaclass +import org.hyperic.hq.auth.server.session.AuthManagerEJBImpl import org.hyperic.hq.authz.shared.PermissionManager import org.hyperic.hq.authz.shared.PermissionManagerFactory import org.hyperic.hq.authz.server.session.AuthzSubject @@ -10,4 +11,9 @@ .getInstance() .hasAdminPermission(subject.id) } + + static getPassword(AuthzSubject subject) { + def principal = AuthManagerEJBImpl.one.getPrincipal(subject) + principal?.password + } } |