[Idrs-commit] CVS: Idrs/dev/src/net/sourceforge/idrs/core/servlet IDRSAuth.java,NONE,1.1 IdrsAuthBas
Brought to you by:
bigman921
Menu
▾
▴
[Idrs-commit] CVS: Idrs/dev/src/net/sourceforge/idrs/core/servlet IDRSAuth.java,NONE,1.1 IdrsAuthBase.java,1.1,1.2 IdrsController.java,1.3,1.4 IdrsAuthDefault.java,1.1,1.2 IDRSSecurity.java,1.8,1.9
|
From: Marc B. <big...@us...> - 2003-04-19 03:14:01
|
Update of /cvsroot/idrs/Idrs/dev/src/net/sourceforge/idrs/core/servlet In directory sc8-pr-cvs1:/tmp/cvs-serv21774/dev/src/net/sourceforge/idrs/core/servlet Modified Files: IdrsAuthBase.java IdrsController.java IdrsAuthDefault.java IDRSSecurity.java Added Files: IDRSAuth.java Log Message: Added ability for IDRS security implementation to assume that if a record is retrieved, the password is ok. This will allow for proprietary password encryption models to be used --- NEW FILE: IDRSAuth.java --- package net.sourceforge.idrs.core.servlet; import net.sourceforge.idrs.utils.*; import java.util.*; import java.io.*; import java.sql.*; import java.security.*; /** * @author mlb * * To change this generated comment edit the template variable "typecomment": * Window>Preferences>Java>Templates. * To enable and disable the creation of type comments go to * Window>Preferences>Java>Code Generation. */ public interface IDRSAuth { public abstract boolean loadUser(Connection con, String user, String pass, Application app, boolean toLower, boolean isDisgested) throws Exception ; public String getUserPass(); public void setUserPass(String pass); public void setUserPassBytes(byte[] pass); public byte[] getUserPassBytes(); public String getUserGroups(); public void setUserGroups(String groups); public int getUserId(); public void setUserId(int id); public boolean checkPass(); public void setCheckPass(boolean check); } Index: IdrsAuthBase.java =================================================================== RCS file: /cvsroot/idrs/Idrs/dev/src/net/sourceforge/idrs/core/servlet/IdrsAuthBase.java,v retrieving revision 1.1 retrieving revision 1.2 diff -C2 -d -r1.1 -r1.2 *** IdrsAuthBase.java 6 Feb 2003 20:13:44 -0000 1.1 --- IdrsAuthBase.java 19 Apr 2003 03:13:49 -0000 1.2 *************** *** 18,21 **** --- 18,23 ---- private int id; private byte[] passBytes; + private boolean check; + /** *************** *** 29,33 **** * @see net.sourceforge.idrs.core.servlet.IDRSAuth#loadUser(Connection, String, Application) */ ! public abstract boolean loadUser(Connection con, String user, Application app, boolean toLower,boolean isDigested) throws Exception ; /** --- 31,35 ---- * @see net.sourceforge.idrs.core.servlet.IDRSAuth#loadUser(Connection, String, Application) */ ! public abstract boolean loadUser(Connection con, String user, String pass, Application app, boolean toLower,boolean isDigested) throws Exception ; /** *************** *** 79,82 **** --- 81,92 ---- return this.passBytes; } + + public boolean checkPass() { + return this.check; + } + public void setCheckPass(boolean check) { + this.check = check; + } + } Index: IdrsController.java =================================================================== RCS file: /cvsroot/idrs/Idrs/dev/src/net/sourceforge/idrs/core/servlet/IdrsController.java,v retrieving revision 1.3 retrieving revision 1.4 diff -C2 -d -r1.3 -r1.4 *** IdrsController.java 26 Mar 2003 21:33:09 -0000 1.3 --- IdrsController.java 19 Apr 2003 03:13:49 -0000 1.4 *************** *** 438,444 **** try { isSecure = secure.checkOK(); ! } catch (Exception securException) { //user is not authentic, deny access secure.close(); accessDenied(req, resp); --- 438,445 ---- try { isSecure = secure.checkOK(); ! System.out.println("Secure : " + isSecure); } catch (Exception securException) { //user is not authentic, deny access + securException.printStackTrace(System.out); secure.close(); accessDenied(req, resp); *************** *** 455,463 **** //store username and password ! req.getSession().putValue("user", user); ! req.getSession().putValue("pass", pass); //if the password isn't ok ! if (!secure.passwordOK()) { try { session.putValue("bad", "1"); --- 456,466 ---- //store username and password ! if (! secure.isAnon()) { ! req.getSession().putValue("user", user); ! req.getSession().putValue("pass", pass); ! } //if the password isn't ok ! if (!secure.passwordOK() && !secure.isAnon()) { try { session.putValue("bad", "1"); Index: IdrsAuthDefault.java =================================================================== RCS file: /cvsroot/idrs/Idrs/dev/src/net/sourceforge/idrs/core/servlet/IdrsAuthDefault.java,v retrieving revision 1.1 retrieving revision 1.2 diff -C2 -d -r1.1 -r1.2 *** IdrsAuthDefault.java 6 Feb 2003 20:13:43 -0000 1.1 --- IdrsAuthDefault.java 19 Apr 2003 03:13:49 -0000 1.2 *************** *** 28,35 **** --- 28,37 ---- Connection con, String user, + String pass, Application app, boolean toLower, boolean isDigested) throws Exception { + this.setCheckPass(true); boolean hasEntry; String sql = "SELECT * FROM tblUser WHERE UserName=?"; *************** *** 68,72 **** this.setUserGroups("-1,"); this.setUserId(-1); ! this.setUserPass("anonamous"); } --- 70,74 ---- this.setUserGroups("-1,"); this.setUserId(-1); ! this.setUserPass("anonymous"); } Index: IDRSSecurity.java =================================================================== RCS file: /cvsroot/idrs/Idrs/dev/src/net/sourceforge/idrs/core/servlet/IDRSSecurity.java,v retrieving revision 1.8 retrieving revision 1.9 diff -C2 -d -r1.8 -r1.9 *** IDRSSecurity.java 6 Feb 2003 20:13:43 -0000 1.8 --- IDRSSecurity.java 19 Apr 2003 03:13:49 -0000 1.9 *************** *** 33,36 **** --- 33,37 ---- private boolean passOK; private boolean toLower; + private boolean checkPass; private PreparedStatement psUser; private ResultSet rsUser; *************** *** 55,58 **** --- 56,60 ---- */ public IDRSSecurity(DocInfo doc,String userName,String password, Connection con,boolean toLower,boolean digestPass,String digest, IDRSAuth imp, Application app) throws Exception { + this.checkPass = true; this.doc = doc; this.userName = userName; *************** *** 68,72 **** this.imp = imp; ! this.hasEntry = imp.loadUser(con,this.userName,app,toLower,digestPass); this.ugroups = imp.getUserGroups(); if (digestPass) { --- 70,74 ---- this.imp = imp; ! this.hasEntry = imp.loadUser(con,this.userName,this.password,app,toLower,digestPass); this.ugroups = imp.getUserGroups(); if (digestPass) { *************** *** 77,81 **** } this.uid = imp.getUserId(); ! --- 79,83 ---- } this.uid = imp.getUserId(); ! this.checkPass = imp.checkPass(); *************** *** 175,183 **** isOK = doc.passGate(this.ugroups); ! if (isOK && hasEntry) { return passwordOK(); } ! else if (isOK) { this.ugroups="-1"; return true; --- 177,189 ---- isOK = doc.passGate(this.ugroups); ! //System.out.println("is ok : " + isOK); ! //System.out.println("has entry : " + hasEntry); ! //System.out.println("is anaon : " + doc.passGate("-1")); if (isOK && hasEntry) { return passwordOK(); } ! ! else if (doc.passGate("-1") ) { ! //System.out.println("is anon"); this.ugroups="-1"; return true; *************** *** 193,196 **** --- 199,206 ---- } + boolean isAnon() { + return doc.passGate("-1"); + } + /** * Determines if a given password is valid *************** *** 198,206 **** public boolean passwordOK() throws Exception { if (! passOK) { ! if (this.digestPass) { ! MessageDigest md = MessageDigest.getInstance(this.digest); md.update(password.getBytes()); --- 208,221 ---- public boolean passwordOK() throws Exception { + if (! this.checkPass) { + return true; + } + if (! passOK) { + if (password == null) return false; ! if (this.digestPass) { ! MessageDigest md = MessageDigest.getInstance(this.digest); md.update(password.getBytes()); |
