Menu
▾
▴
tolven-cvs-commit — Tolven CVS Commit
You can subscribe to this list here.
| 2006 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
(141) |
Sep
(184) |
Oct
(159) |
Nov
(77) |
Dec
(114) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2007 |
Jan
(212) |
Feb
(302) |
Mar
(323) |
Apr
(360) |
May
(302) |
Jun
(392) |
Jul
(299) |
Aug
(858) |
Sep
(499) |
Oct
(489) |
Nov
(324) |
Dec
(438) |
| 2008 |
Jan
(449) |
Feb
(388) |
Mar
(811) |
Apr
(583) |
May
(949) |
Jun
(1431) |
Jul
(943) |
Aug
(527) |
Sep
(576) |
Oct
(440) |
Nov
(1046) |
Dec
(658) |
| 2009 |
Jan
(259) |
Feb
(192) |
Mar
(495) |
Apr
(2322) |
May
(2023) |
Jun
(1387) |
Jul
(722) |
Aug
(771) |
Sep
(167) |
Oct
(142) |
Nov
(384) |
Dec
(884) |
| 2010 |
Jan
(344) |
Feb
(82) |
Mar
(248) |
Apr
(341) |
May
(389) |
Jun
(289) |
Jul
(19) |
Aug
(478) |
Sep
(274) |
Oct
(431) |
Nov
(322) |
Dec
(207) |
| 2011 |
Jan
(125) |
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|
From: John C. <jc...@us...> - 2007-02-24 07:52:27
|
Update of /cvsroot/tolven/tolvenMobileServer/src/org/tolven In directory sc8-pr-cvs10.sourceforge.net:/tmp/cvs-serv31504/src/org/tolven Log Message: Directory /cvsroot/tolven/tolvenMobileServer/src/org/tolven added to the repository |
|
From: John C. <jc...@us...> - 2007-02-24 07:52:27
|
Update of /cvsroot/tolven/tolvenMobileServer/src/org In directory sc8-pr-cvs10.sourceforge.net:/tmp/cvs-serv31504/src/org Log Message: Directory /cvsroot/tolven/tolvenMobileServer/src/org added to the repository |
|
From: John C. <jc...@us...> - 2007-02-24 07:52:27
|
Update of /cvsroot/tolven/tolvenMobileServer/src/org/tolven/mobile In directory sc8-pr-cvs10.sourceforge.net:/tmp/cvs-serv31504/src/org/tolven/mobile Log Message: Directory /cvsroot/tolven/tolvenMobileServer/src/org/tolven/mobile added to the repository |
|
From: John C. <jc...@us...> - 2007-02-24 07:50:47
|
Update of /cvsroot/tolven/tolvenMobileServer In directory sc8-pr-cvs10.sourceforge.net:/tmp/cvs-serv30664/tolvenMobileServer Log Message: Directory /cvsroot/tolven/tolvenMobileServer added to the repository |
|
From: John C. <jc...@us...> - 2007-02-24 07:50:19
|
Update of /cvsroot/tolven/tolvenMobileClient In directory sc8-pr-cvs10.sourceforge.net:/tmp/cvs-serv30567/tolvenMobileClient Log Message: Directory /cvsroot/tolven/tolvenMobileClient added to the repository |
|
From: John C. <jc...@us...> - 2007-02-22 21:20:18
|
Update of /cvsroot/tolven/tolvenWEB/web/five In directory sc8-pr-cvs10.sourceforge.net:/tmp/cvs-serv2069/web/five Modified Files: obs.xhtml allergies.xhtml Log Message: Fix display layouts Index: obs.xhtml =================================================================== RCS file: /cvsroot/tolven/tolvenWEB/web/five/obs.xhtml,v retrieving revision 1.2 retrieving revision 1.3 diff -C2 -d -r1.2 -r1.3 *** obs.xhtml 16 Feb 2007 04:18:30 -0000 1.2 --- obs.xhtml 22 Feb 2007 21:20:16 -0000 1.3 *************** *** 47,51 **** <thead> <tr> ! <th align="right" width="125px">Date</th> <th align="left" width="210px">Test</th> <th align="right" width="100px">Value</th> --- 47,51 ---- <thead> <tr> ! <th align="left" width="125px">Date</th> <th align="left" width="210px">Test</th> <th align="right" width="100px">Value</th> *************** *** 57,76 **** <table id="#{menu.element}LG" > <tbody> ! <tr><td align="right" width="125px">-</td><td width="210px">-</td><td align="right" width="100px">-</td><td width="75px">-</td><td width="150px">-</td></tr> ! <tr><td align="right" width="125px">-</td><td width="210px">-</td><td align="right" width="100px">-</td><td width="75px">-</td><td width="150px">-</td></tr> ! <tr><td align="right" width="125px">-</td><td width="210px">-</td><td align="right" width="100px">-</td><td width="75px">-</td><td width="150px">-</td></tr> ! <tr><td align="right" width="125px">-</td><td width="210px">-</td><td align="right" width="100px">-</td><td width="75px">-</td><td width="150px">-</td></tr> ! <tr><td align="right" width="125px">-</td><td width="210px">-</td><td align="right" width="100px">-</td><td width="75px">-</td><td width="150px">-</td></tr> ! <tr><td align="right" width="125px">-</td><td width="210px">-</td><td align="right" width="100px">-</td><td width="75px">-</td><td width="150px">-</td></tr> ! <tr><td align="right" width="125px">-</td><td width="210px">-</td><td align="right" width="100px">-</td><td width="75px">-</td><td width="150px">-</td></tr> ! <tr><td align="right" width="125px">-</td><td width="210px">-</td><td align="right" width="100px">-</td><td width="75px">-</td><td width="150px">-</td></tr> ! <tr><td align="right" width="125px">-</td><td width="210px">-</td><td align="right" width="100px">-</td><td width="75px">-</td><td width="150px">-</td></tr> ! <tr><td align="right" width="125px">-</td><td width="210px">-</td><td align="right" width="100px">-</td><td width="75px">-</td><td width="150px">-</td></tr> ! <tr><td align="right" width="125px">-</td><td width="210px">-</td><td align="right" width="100px">-</td><td width="75px">-</td><td width="150px">-</td></tr> ! <tr><td align="right" width="125px">-</td><td width="210px">-</td><td align="right" width="100px">-</td><td width="75px">-</td><td width="150px">-</td></tr> ! <tr><td align="right" width="125px">-</td><td width="210px">-</td><td align="right" width="100px">-</td><td width="75px">-</td><td width="150px">-</td></tr> ! <tr><td align="right" width="125px">-</td><td width="210px">-</td><td align="right" width="100px">-</td><td width="75px">-</td><td width="150px">-</td></tr> ! <tr><td align="right" width="125px">-</td><td width="210px">-</td><td align="right" width="100px">-</td><td width="75px">-</td><td width="150px">-</td></tr> ! <tr><td align="right" width="125px">-</td><td width="210px">-</td><td align="right" width="100px">-</td><td width="75px">-</td><td width="150px">-</td></tr> </tbody> </table> --- 57,76 ---- <table id="#{menu.element}LG" > <tbody> ! <tr><td align="left" width="125px">-</td><td width="210px">-</td><td align="right" width="100px">-</td><td width="75px">-</td><td width="150px">-</td></tr> ! <tr><td align="left" width="125px">-</td><td width="210px">-</td><td align="right" width="100px">-</td><td width="75px">-</td><td width="150px">-</td></tr> ! <tr><td align="left" width="125px">-</td><td width="210px">-</td><td align="right" width="100px">-</td><td width="75px">-</td><td width="150px">-</td></tr> ! <tr><td align="left" width="125px">-</td><td width="210px">-</td><td align="right" width="100px">-</td><td width="75px">-</td><td width="150px">-</td></tr> ! <tr><td align="left" width="125px">-</td><td width="210px">-</td><td align="right" width="100px">-</td><td width="75px">-</td><td width="150px">-</td></tr> ! <tr><td align="left" width="125px">-</td><td width="210px">-</td><td align="right" width="100px">-</td><td width="75px">-</td><td width="150px">-</td></tr> ! <tr><td align="left" width="125px">-</td><td width="210px">-</td><td align="right" width="100px">-</td><td width="75px">-</td><td width="150px">-</td></tr> ! <tr><td align="left" width="125px">-</td><td width="210px">-</td><td align="right" width="100px">-</td><td width="75px">-</td><td width="150px">-</td></tr> ! <tr><td align="left" width="125px">-</td><td width="210px">-</td><td align="right" width="100px">-</td><td width="75px">-</td><td width="150px">-</td></tr> ! <tr><td align="left" width="125px">-</td><td width="210px">-</td><td align="right" width="100px">-</td><td width="75px">-</td><td width="150px">-</td></tr> ! <tr><td align="left" width="125px">-</td><td width="210px">-</td><td align="right" width="100px">-</td><td width="75px">-</td><td width="150px">-</td></tr> ! <tr><td align="left" width="125px">-</td><td width="210px">-</td><td align="right" width="100px">-</td><td width="75px">-</td><td width="150px">-</td></tr> ! <tr><td align="left" width="125px">-</td><td width="210px">-</td><td align="right" width="100px">-</td><td width="75px">-</td><td width="150px">-</td></tr> ! <tr><td align="left" width="125px">-</td><td width="210px">-</td><td align="right" width="100px">-</td><td width="75px">-</td><td width="150px">-</td></tr> ! <tr><td align="left" width="125px">-</td><td width="210px">-</td><td align="right" width="100px">-</td><td width="75px">-</td><td width="150px">-</td></tr> ! <tr><td align="left" width="125px">-</td><td width="210px">-</td><td align="right" width="100px">-</td><td width="75px">-</td><td width="150px">-</td></tr> </tbody> </table> Index: allergies.xhtml =================================================================== RCS file: /cvsroot/tolven/tolvenWEB/web/five/allergies.xhtml,v retrieving revision 1.2 retrieving revision 1.3 diff -C2 -d -r1.2 -r1.3 *** allergies.xhtml 16 Feb 2007 04:18:30 -0000 1.2 --- allergies.xhtml 22 Feb 2007 21:20:16 -0000 1.3 *************** *** 29,34 **** <thead> <tr> - <th align="left" width="125px">Started</th> <th align="left" width="210px">Allergy</th> <th align="left" width="150px">Status</th> </tr> --- 29,34 ---- <thead> <tr> <th align="left" width="210px">Allergy</th> + <th align="left" width="125px">Started</th> <th align="left" width="150px">Status</th> </tr> *************** *** 37,56 **** <table id="#{menu.element}LG" > <tbody> ! <tr><td align="left" width="125px">-</td><td width="210px">-</td><td width="150px">-</td></tr> ! <tr><td align="left" width="125px">-</td><td width="210px">-</td><td width="150px">-</td></tr> ! <tr><td align="left" width="125px">-</td><td width="210px">-</td><td width="150px">-</td></tr> ! <tr><td align="left" width="125px">-</td><td width="210px">-</td><td width="150px">-</td></tr> ! <tr><td align="left" width="125px">-</td><td width="210px">-</td><td width="150px">-</td></tr> ! <tr><td align="left" width="125px">-</td><td width="210px">-</td><td width="150px">-</td></tr> ! <tr><td align="left" width="125px">-</td><td width="210px">-</td><td width="150px">-</td></tr> ! <tr><td align="left" width="125px">-</td><td width="210px">-</td><td width="150px">-</td></tr> ! <tr><td align="left" width="125px">-</td><td width="210px">-</td><td width="150px">-</td></tr> ! <tr><td align="left" width="125px">-</td><td width="210px">-</td><td width="150px">-</td></tr> ! <tr><td align="left" width="125px">-</td><td width="210px">-</td><td width="150px">-</td></tr> ! <tr><td align="left" width="125px">-</td><td width="210px">-</td><td width="150px">-</td></tr> ! <tr><td align="left" width="125px">-</td><td width="210px">-</td><td width="150px">-</td></tr> ! <tr><td align="left" width="125px">-</td><td width="210px">-</td><td width="150px">-</td></tr> ! <tr><td align="left" width="125px">-</td><td width="210px">-</td><td width="150px">-</td></tr> ! <tr><td align="left" width="125px">-</td><td width="210px">-</td><td width="150px">-</td></tr> </tbody> </table> --- 37,56 ---- <table id="#{menu.element}LG" > <tbody> ! <tr><td align="left" width="210px">-</td><td width="125px">-</td><td width="150px">-</td></tr> ! <tr><td align="left" width="210px">-</td><td width="125px">-</td><td width="150px">-</td></tr> ! <tr><td align="left" width="210px">-</td><td width="125px">-</td><td width="150px">-</td></tr> ! <tr><td align="left" width="210px">-</td><td width="125px">-</td><td width="150px">-</td></tr> ! <tr><td align="left" width="210px">-</td><td width="125px">-</td><td width="150px">-</td></tr> ! <tr><td align="left" width="210px">-</td><td width="125px">-</td><td width="150px">-</td></tr> ! <tr><td align="left" width="210px">-</td><td width="125px">-</td><td width="150px">-</td></tr> ! <tr><td align="left" width="210px">-</td><td width="125px">-</td><td width="150px">-</td></tr> ! <tr><td align="left" width="210px">-</td><td width="125px">-</td><td width="150px">-</td></tr> ! <tr><td align="left" width="210px">-</td><td width="125px">-</td><td width="150px">-</td></tr> ! <tr><td align="left" width="210px">-</td><td width="125px">-</td><td width="150px">-</td></tr> ! <tr><td align="left" width="210px">-</td><td width="125px">-</td><td width="150px">-</td></tr> ! <tr><td align="left" width="210px">-</td><td width="125px">-</td><td width="150px">-</td></tr> ! <tr><td align="left" width="210px">-</td><td width="125px">-</td><td width="150px">-</td></tr> ! <tr><td align="left" width="210px">-</td><td width="125px">-</td><td width="150px">-</td></tr> ! <tr><td align="left" width="210px">-</td><td width="125px">-</td><td width="150px">-</td></tr> </tbody> </table> |
|
From: John C. <jc...@us...> - 2007-02-22 09:23:21
|
Update of /cvsroot/tolven/tolvenWEB/web/manage In directory sc8-pr-cvs10.sourceforge.net:/tmp/cvs-serv9464/web/manage Modified Files: addSponsor.xhtml Log Message: Remove hard-coded context (/Tolven) Index: addSponsor.xhtml =================================================================== RCS file: /cvsroot/tolven/tolvenWEB/web/manage/addSponsor.xhtml,v retrieving revision 1.2 retrieving revision 1.3 diff -C2 -d -r1.2 -r1.3 *** addSponsor.xhtml 17 Feb 2007 01:03:47 -0000 1.2 --- addSponsor.xhtml 22 Feb 2007 09:23:19 -0000 1.3 *************** *** 42,46 **** <h:commandButton action="#{reg.addSponsorship}" value="Add Sponsorship"/> </h:panelGrid> ! <h:outputLink value="/Tolven/private/sponsoredUsers.jsf"> <h:outputText value="List of sponsored users"/> </h:outputLink> --- 42,46 ---- <h:commandButton action="#{reg.addSponsorship}" value="Add Sponsorship"/> </h:panelGrid> ! <h:outputLink value="../private/sponsoredUsers.jsf"> <h:outputText value="List of sponsored users"/> </h:outputLink> |
|
From: Joseph I. <jos...@us...> - 2007-02-22 02:55:12
|
Update of /cvsroot/tolven/tolvenWEB/src/org/tolven/index In directory sc8-pr-cvs10.sourceforge.net:/tmp/cvs-serv11867/src/org/tolven/index Modified Files: Browse.java Log Message: Return to Browse after login out and immediate login Index: Browse.java =================================================================== RCS file: /cvsroot/tolven/tolvenWEB/src/org/tolven/index/Browse.java,v retrieving revision 1.11 retrieving revision 1.12 diff -C2 -d -r1.11 -r1.12 *** Browse.java 21 Feb 2007 12:19:10 -0000 1.11 --- Browse.java 22 Feb 2007 02:55:12 -0000 1.12 *************** *** 123,127 **** Writer writer = openPage( request, response ); writer.write( "<p>Logged out</p>\n"); ! writer.write( "<p><a href='accounts.browse'>Login</a></p>\n"); closePage(writer); } --- 123,127 ---- Writer writer = openPage( request, response ); writer.write( "<p>Logged out</p>\n"); ! writer.write( "<p><a href='accounts.browse?client=mobile'>Login</a></p>\n"); closePage(writer); } |
|
From: Joseph I. <jos...@us...> - 2007-02-21 12:19:14
|
Update of /cvsroot/tolven/tolvenWEB/web/five In directory sc8-pr-cvs10.sourceforge.net:/tmp/cvs-serv27424/web/five Added Files: loginDispatch.jsp Log Message: Browse gets a single login by tying into the same login process as the main application. --- NEW FILE: loginDispatch.jsp --- <%@page contentType="text/html"%> <%@page pageEncoding="UTF-8"%> <%@page language="java" import="java.util.*" import="javax.naming.*, javax.servlet.http.*, javax.security.auth.*, javax.security.jacc.*, java.security.*, java.util.*, java.security.acl.*, org.jboss.security.*"%> <%-- The taglib directive below imports the JSTL library. If you uncomment it, you must also add the JSTL library to the project. The Add Library... action on Libraries node in Projects view can be used to add the JSTL 1.1 library. --%> <%-- <%@taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c"%> --%> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <meta http-equiv="pragma" content="no-cache"> <meta http-equiv="cache-control" content="no-cache"> <meta http-equiv="expires" content="0"> </head> <body> <% if ("mobile".equalsIgnoreCase(request.getParameter("client"))) { %> <jsp:forward page="/login.browse" /> <%} else { %> <jsp:forward page="/five/login.jsf" /> <%} %> </body> </html> |
|
From: Joseph I. <jos...@us...> - 2007-02-21 12:19:14
|
Update of /cvsroot/tolven/tolvenWEB/src/org/tolven/index In directory sc8-pr-cvs10.sourceforge.net:/tmp/cvs-serv27424/src/org/tolven/index Modified Files: BrowseSecurityFilter.java BrowseBase.java Browse.java Log Message: Browse gets a single login by tying into the same login process as the main application. Index: BrowseSecurityFilter.java =================================================================== RCS file: /cvsroot/tolven/tolvenWEB/src/org/tolven/index/BrowseSecurityFilter.java,v retrieving revision 1.8 retrieving revision 1.9 diff -C2 -d -r1.8 -r1.9 *** BrowseSecurityFilter.java 20 Feb 2007 03:45:26 -0000 1.8 --- BrowseSecurityFilter.java 21 Feb 2007 12:19:10 -0000 1.9 *************** *** 3,13 **** --- 3,18 ---- import java.io.IOException; import java.io.Writer; + import java.security.Principal; + import java.security.acl.Group; import java.util.Date; import java.util.List; + import java.util.Set; import javax.annotation.EJB; import javax.naming.InitialContext; import javax.naming.NamingException; + import javax.security.auth.Subject; import javax.security.auth.login.LoginContext; + import javax.security.jacc.PolicyContext; import javax.servlet.Filter; import javax.servlet.FilterChain; *************** *** 23,26 **** --- 28,32 ---- import org.tolven.core.entity.TolvenUser; import org.tolven.security.auth.UsernamePasswordAccountUserIdCallbackHandler; + import org.tolven.security.key.PrivateKeyRing; /** *************** *** 57,82 **** HttpServletRequest request = (HttpServletRequest) req; HttpServletResponse response = (HttpServletResponse) resp; ! LoginContext lc = null; ! UsernamePasswordAccountUserIdCallbackHandler handler = null; try { - //UsernamePasswordHandler handler = new UsernamePasswordHandler(request.getSession()); String uri = request.getRequestURI(); ! // Let the login page through, already logged in or not. ! // Login doesn't need authorization. ! // If the login has needed params, we'll attempt a login, otherwise, we just go back ! // to the login page. ! if (uri.endsWith("login.browse")) { ! if (null!=request.getParameter("username") && ! null!=request.getParameter("password")) { ! // Not logged in yet so...authenticate the user ! String username = request.getParameter("username"); ! String password = request.getParameter("password"); ! handler = ! new UsernamePasswordAccountUserIdCallbackHandler(username, password.toCharArray()); ! lc = new LoginContext("tolvenLDAP", handler); ! lc.login(); ! System.out.println("Password verified"); ! TolvenUser user = activateLocal.loginUser(username, new Date()); ! System.out.println("TolvenUser accepted"); // This simulates the SelectAccount page List<AccountUser> accountUsers = activateLocal.findUserAccounts(user); --- 63,93 ---- HttpServletRequest request = (HttpServletRequest) req; HttpServletResponse response = (HttpServletResponse) resp; ! Subject subject = null; ! Principal principal = null; ! try { ! subject = (Subject) PolicyContext.getContext("javax.security.auth.Subject.container"); ! if (subject == null) ! throw new ServletException("No Subject in PolicyContext - Not logged In"); ! principal = null; ! Object obj = null; ! for (java.util.Iterator iter = subject.getPrincipals().iterator(); iter.hasNext();) { ! obj = iter.next(); ! if (obj instanceof Principal && !(obj instanceof Group)) { ! principal = (Principal) obj; ! break; ! } ! } ! } catch (Exception ex) { ! throw new ServletException("Problem with Subject in PolicyContext"); ! } try { String uri = request.getRequestURI(); ! if (!uri.endsWith("accounts.browse")) { ! if (request.getParameter("account") == null && request.getSession().getAttribute("accountUserId") == null) { ! response.sendRedirect("accounts.browse"); ! return; ! } ! if (request.getSession().getAttribute("accountUserId") == null) { ! TolvenUser user = activateLocal.loginUser(principal.getName(), new Date()); // This simulates the SelectAccount page List<AccountUser> accountUsers = activateLocal.findUserAccounts(user); *************** *** 91,116 **** } } ! if (accountUser==null) throw new ServletException( "Account not valid for this user"); System.out.println("Account id " + Long.toString(accountId) + " accepted"); - // Remember this accountUser long accountUserId = new Long(accountUser.getId()); request.getSession().setAttribute("accountUserId", accountUserId); - // Login to a particual account - handler.setAccountUserId(accountUserId); - lc.login(); - request.getSession().setAttribute("loginContext", lc); - // // At this point we want to direct the user to the first page response.sendRedirect("view.browse"); return; } - // Just let the login page display - chain.doFilter(request, response); - return; - } - lc = (LoginContext) request.getSession().getAttribute("loginContext"); - if (null == lc) { - throw new ServletException("Not logged in"); - } else { - lc.login(); } chain.doFilter(request, response); --- 102,118 ---- } } ! if (accountUser == null) ! throw new ServletException("Account not valid for this user"); System.out.println("Account id " + Long.toString(accountId) + " accepted"); long accountUserId = new Long(accountUser.getId()); + Set<PrivateKeyRing> privateCredentials = subject.getPrivateCredentials(PrivateKeyRing.class); + if (privateCredentials.isEmpty()) + throw new ServletException("No PrivateKeyRing"); + PrivateKeyRing privateKeyRing = (PrivateKeyRing) privateCredentials.iterator().next(); + privateKeyRing.setAccountPrivateKey(accountUser.getAccountPrivateKey()); request.getSession().setAttribute("accountUserId", accountUserId); response.sendRedirect("view.browse"); return; } } chain.doFilter(request, response); Index: BrowseBase.java =================================================================== RCS file: /cvsroot/tolven/tolvenWEB/src/org/tolven/index/BrowseBase.java,v retrieving revision 1.7 retrieving revision 1.8 diff -C2 -d -r1.7 -r1.8 *** BrowseBase.java 20 Feb 2007 03:39:21 -0000 1.7 --- BrowseBase.java 21 Feb 2007 12:19:10 -0000 1.8 *************** *** 11,14 **** --- 11,15 ---- import javax.security.auth.Subject; import javax.security.auth.login.LoginContext; + import javax.security.jacc.PolicyContext; import javax.servlet.ServletConfig; import javax.servlet.ServletException; *************** *** 73,81 **** writer.write( "<body>\n"); // If logged in, show a few things and allow the user to log out ! if (null!=request.getSession().getAttribute("loginContext")) { ! LoginContext lc = (LoginContext)request.getSession().getAttribute("loginContext"); ! Subject subject = lc.getSubject(); ! if (lc.getSubject() == null) ! throw new IllegalStateException("No Subject found in LoginContext"); //TODO: Assume one Principal at this time. Should the Principal be identified in the Subject or via ejbContext? Principal principal = null; --- 74,87 ---- writer.write( "<body>\n"); // If logged in, show a few things and allow the user to log out ! if (null!=request.getSession().getAttribute("accountUserId")) { ! Subject subject = null; ! try { ! subject = (Subject) PolicyContext.getContext("javax.security.auth.Subject.container"); ! if (subject == null) ! throw new IllegalStateException("No Subject found in PolicyContext"); ! } catch(Exception ex) { ! //TODO: This should be thrown ! ex.printStackTrace(); ! } //TODO: Assume one Principal at this time. Should the Principal be identified in the Subject or via ejbContext? Principal principal = null; Index: Browse.java =================================================================== RCS file: /cvsroot/tolven/tolvenWEB/src/org/tolven/index/Browse.java,v retrieving revision 1.10 retrieving revision 1.11 diff -C2 -d -r1.10 -r1.11 *** Browse.java 20 Feb 2007 03:39:21 -0000 1.10 --- Browse.java 21 Feb 2007 12:19:10 -0000 1.11 *************** *** 64,68 **** return; } ! // See if we have an account user id. Can't go on without it. Object obj = request.getSession().getAttribute("accountUserId"); --- 64,73 ---- return; } ! if (uri.endsWith("accounts.browse")) { ! Writer writer = openPage(request, response); ! this.accountsForm(writer); ! closePage(writer); ! return; ! } // See if we have an account user id. Can't go on without it. Object obj = request.getSession().getAttribute("accountUserId"); *************** *** 114,125 **** if( uri.endsWith("logout.browse")) { - LoginContext lc = (LoginContext) request.getSession(false).getAttribute("loginContext"); - if (lc != null) - lc.logout(); request.getSession(false).invalidate(); // Prepare response back to client Writer writer = openPage( request, response ); writer.write( "<p>Logged out</p>\n"); ! writer.write( "<p><a href='login.browse'>Login</a></p>\n"); closePage(writer); } --- 119,127 ---- if( uri.endsWith("logout.browse")) { request.getSession(false).invalidate(); // Prepare response back to client Writer writer = openPage( request, response ); writer.write( "<p>Logged out</p>\n"); ! writer.write( "<p><a href='accounts.browse'>Login</a></p>\n"); closePage(writer); } *************** *** 130,169 **** } } ! ! /** ! * Construct a complete list of all menustructure items (for the current account). ! * @throws IOException ! */ ! void showAllMenuStructure( AccountUser au, Writer writer) throws IOException { ! // Output results in an HTML table ! writer.write( "<p><em>All MenuStructure (Metadata) "); ! writer.write( Long.toString(au.getAccount().getId()) ); ! writer.write( "</em></p>\n"); ! writer.write( "<table border=\"1\" cellspacing=\"0\" cellpadding=\"2\">\n"); ! writer.write( "<tr>" ); ! writer.write( "<th><em>Id</em></th>"); ! writer.write( "<th><em>Path</em></th>"); ! writer.write( "<th><em>Type</em></th>"); ! writer.write( "<th><em>Title</em></th>"); ! writer.write( "<th><em>Repeating</em></th>"); ! writer.write( "</tr>\n"); ! // Get all metadata (for this account) ! List<MenuStructure> menus = menuLocal.findFullMenuStructure( au.getAccount().getId()); ! for (MenuStructure ms : menus) { ! writer.write( "<tr>" ); ! writer.write( "<td>" + ms.getId() + "</td>"); ! writer.write( "<td>" + ms.getPath() + "</td>"); ! writer.write( "<td>" + ms.getRole() + "</td>"); ! writer.write( "<td>" + ms.getText() + "</td>"); ! writer.write( "<td>"); ! if (ms.getRepeating()!=null) writer.write(ms.getRepeating()); ! else writer.write(" "); ! writer.write( "</td>" ); ! writer.write( "</tr>\n"); ! } ! writer.write( "</table>\n"); ! } ! ! /** * Look for any lists that could be queried based on the element we have (or lack thereof). As we select * elements that have more or different embedded ids, this list changes. However, this list is not influenced --- 132,171 ---- } } ! ! /** ! * Construct a complete list of all menustructure items (for the current account). ! * @throws IOException ! */ ! void showAllMenuStructure( AccountUser au, Writer writer) throws IOException { ! // Output results in an HTML table ! writer.write( "<p><em>All MenuStructure (Metadata) "); ! writer.write( Long.toString(au.getAccount().getId()) ); ! writer.write( "</em></p>\n"); ! writer.write( "<table border=\"1\" cellspacing=\"0\" cellpadding=\"2\">\n"); ! writer.write( "<tr>" ); ! writer.write( "<th><em>Id</em></th>"); ! writer.write( "<th><em>Path</em></th>"); ! writer.write( "<th><em>Type</em></th>"); ! writer.write( "<th><em>Title</em></th>"); ! writer.write( "<th><em>Repeating</em></th>"); ! writer.write( "</tr>\n"); ! // Get all metadata (for this account) ! List<MenuStructure> menus = menuLocal.findFullMenuStructure( au.getAccount().getId()); ! for (MenuStructure ms : menus) { ! writer.write( "<tr>" ); ! writer.write( "<td>" + ms.getId() + "</td>"); ! writer.write( "<td>" + ms.getPath() + "</td>"); ! writer.write( "<td>" + ms.getRole() + "</td>"); ! writer.write( "<td>" + ms.getText() + "</td>"); ! writer.write( "<td>"); ! if (ms.getRepeating()!=null) writer.write(ms.getRepeating()); ! else writer.write(" "); ! writer.write( "</td>" ); ! writer.write( "</tr>\n"); ! } ! writer.write( "</table>\n"); ! } ! ! /** * Look for any lists that could be queried based on the element we have (or lack thereof). As we select * elements that have more or different embedded ids, this list changes. However, this list is not influenced *************** *** 497,517 **** } } ! ! /** ! * A simple login form needed to collect username, password, and account ! * @param writer ! * @throws IOException ! */ ! void loginForm( Writer writer ) throws IOException { ! writer.write( "<form method=\"post\" action=\"login.browse\" >" ); ! writer.write( "User Id<br/>"); ! writer.write( "<input type=\"text\" name=\"username\" size=\"30\" />"); ! writer.write( "<br/>"); ! writer.write( "Password<br/><input name=\"password\" type=\"password\" value=\"\" size=\"20\" />"); ! writer.write( " Don't count on this sample app being secure<br/>"); ! writer.write( "Account<br/><input name=\"account\" type=\"text\" value=\"\" size=\"8\" />"); ! writer.write( "<input type=\"submit\" name=\"Submit\" value=\"Login\" /><br/>"); ! writer.write( "</form>"); ! } /** --- 499,530 ---- } } ! ! /** ! * A simple login form needed to collect username, password, and account ! * @param writer ! * @throws IOException ! */ ! void loginForm( Writer writer ) throws IOException { ! writer.write( "<form method=\"post\" action=\"j_security_check\" >" ); ! writer.write( "User Id<br/>"); ! writer.write( "<input type=\"text\" name=\"j_username\" size=\"30\" />"); ! writer.write( "<br/>"); ! writer.write( "Password<br/><input name=\"j_password\" type=\"password\" value=\"\" size=\"20\" />"); ! writer.write( " Don't count on this sample app being secure<br/>"); ! writer.write( "<input type=\"submit\" name=\"Submit\" value=\"Login\" /><br/>"); ! writer.write( "</form>"); ! } ! ! /** ! * A simple login form needed to collect username, password, and account ! * @param writer ! * @throws IOException ! */ ! void accountsForm( Writer writer ) throws IOException { ! writer.write( "<form method=\"post\" action=\"view.browse\" >" ); ! writer.write( "Account<br/><input name=\"account\" type=\"text\" value=\"\" size=\"8\" />"); ! writer.write( "<input type=\"submit\" name=\"Submit\" value=\"Login\" /><br/>"); ! writer.write( "</form>"); ! } /** |
|
From: Joseph I. <jos...@us...> - 2007-02-21 12:19:14
|
Update of /cvsroot/tolven/tolvenWEB/web/WEB-INF In directory sc8-pr-cvs10.sourceforge.net:/tmp/cvs-serv27424/web/WEB-INF Modified Files: web.xml Log Message: Browse gets a single login by tying into the same login process as the main application. Index: web.xml =================================================================== RCS file: /cvsroot/tolven/tolvenWEB/web/WEB-INF/web.xml,v retrieving revision 1.19 retrieving revision 1.20 diff -C2 -d -r1.19 -r1.20 *** web.xml 17 Feb 2007 01:04:27 -0000 1.19 --- web.xml 21 Feb 2007 12:19:11 -0000 1.20 *************** *** 284,291 **** </user-data-constraint> </security-constraint> <login-config> <auth-method>FORM</auth-method> <form-login-config> ! <form-login-page>/five/login.jsf</form-login-page> <form-error-page>/fail_login.html</form-error-page> </form-login-config> --- 284,306 ---- </user-data-constraint> </security-constraint> + <security-constraint> + <web-resource-collection> + <web-resource-name>Protected Area</web-resource-name> + <!-- Define the context-relative URL(s) to be protected --> + <!-- All resources protected unless otherwise listed in previous security-constraints --> + <url-pattern>*.browse</url-pattern> + </web-resource-collection> + <auth-constraint> + <!-- Anyone with one of the listed roles may access this area --> + <role-name>*</role-name> + </auth-constraint> + <user-data-constraint> + <transport-guarantee>CONFIDENTIAL</transport-guarantee> + </user-data-constraint> + </security-constraint> <login-config> <auth-method>FORM</auth-method> <form-login-config> ! <form-login-page>/five/loginDispatch.jsp</form-login-page> <form-error-page>/fail_login.html</form-error-page> </form-login-config> |
|
From: Joseph I. <jos...@us...> - 2007-02-20 08:31:35
|
Update of /cvsroot/tolven/tolvenEJB/src/org/tolven/security/auth In directory sc8-pr-cvs10.sourceforge.net:/tmp/cvs-serv30614/src/org/tolven/security/auth Modified Files: KeyLoginModule.java Log Message: Ensure that credentials are removed from the Subject before new ones are added (they were only being removed from a copy supplied by the Subject) Index: KeyLoginModule.java =================================================================== RCS file: /cvsroot/tolven/tolvenEJB/src/org/tolven/security/auth/KeyLoginModule.java,v retrieving revision 1.7 retrieving revision 1.8 diff -C2 -d -r1.7 -r1.8 *** KeyLoginModule.java 20 Feb 2007 03:37:24 -0000 1.7 --- KeyLoginModule.java 20 Feb 2007 08:31:20 -0000 1.8 *************** *** 155,161 **** System.out.println(getClass() + ": Adding UserPrivateKey to Subject " + principalName); // UserPrivateKey: Ensure there is only one PrivateKeyRing in a Subject by removing any that might be there ! for (Iterator iter = subject.getPrivateCredentials(PrivateKeyRing.class).iterator(); iter.hasNext();) { ! iter.next(); ! iter.remove(); } PrivateKeyRing privateKeyRing = new PrivateKeyRing(userPrivateKey); --- 155,163 ---- System.out.println(getClass() + ": Adding UserPrivateKey to Subject " + principalName); // UserPrivateKey: Ensure there is only one PrivateKeyRing in a Subject by removing any that might be there ! Object obj = null; ! for (Iterator iter = subject.getPrivateCredentials().iterator(); iter.hasNext();) { ! obj = iter.next(); ! if (obj instanceof PrivateKeyRing) ! iter.remove(); } PrivateKeyRing privateKeyRing = new PrivateKeyRing(userPrivateKey); *************** *** 163,169 **** System.out.println(getClass() + ": Adding UserPublicKey to Subject " + principalName); // UserPublicKey: Ensure there is only one UserPublicKey in a Subject by removing any that might be there ! for (Iterator iter = subject.getPublicCredentials(UserPublicKey.class).iterator(); iter.hasNext();) { ! iter.next(); ! iter.remove(); } subject.getPublicCredentials().add(userPublicKey); --- 165,172 ---- System.out.println(getClass() + ": Adding UserPublicKey to Subject " + principalName); // UserPublicKey: Ensure there is only one UserPublicKey in a Subject by removing any that might be there ! for (Iterator iter = subject.getPublicCredentials().iterator(); iter.hasNext();) { ! obj = iter.next(); ! if (obj instanceof UserPublicKey) ! iter.remove(); } subject.getPublicCredentials().add(userPublicKey); *************** *** 179,185 **** throw new LoginException(getClass() + ": Could not locate an AccountPublicKey for AccountUser with id=" + accountUserId); // Ensure there are no other AccountPublicKeys ! for (Iterator iter = subject.getPublicCredentials(AccountPublicKey.class).iterator(); iter.hasNext();) { ! iter.next(); ! iter.remove(); } System.out.println(getClass() + ": Adding AccountPublicKey to Subject " + principalName); --- 182,189 ---- throw new LoginException(getClass() + ": Could not locate an AccountPublicKey for AccountUser with id=" + accountUserId); // Ensure there are no other AccountPublicKeys ! for (Iterator iter = subject.getPublicCredentials().iterator(); iter.hasNext();) { ! obj = iter.next(); ! if (obj instanceof AccountPublicKey) ! iter.remove(); } System.out.println(getClass() + ": Adding AccountPublicKey to Subject " + principalName); *************** *** 214,225 **** // Remove PrivateKeyRing if (subject != null) { ! for (Iterator iter = subject.getPrivateCredentials(PrivateKeyRing.class).iterator(); iter.hasNext();) { ! iter.next(); ! iter.remove(); } // Remove all UserPublicKey ! for (Iterator iter = subject.getPublicCredentials(UserPublicKey.class).iterator(); iter.hasNext();) { ! iter.next(); ! iter.remove(); } } --- 218,238 ---- // Remove PrivateKeyRing if (subject != null) { ! Object obj = null; ! for (Iterator iter = subject.getPrivateCredentials().iterator(); iter.hasNext();) { ! obj = iter.next(); ! if (obj instanceof PrivateKeyRing) ! iter.remove(); } // Remove all UserPublicKey ! for (Iterator iter = subject.getPublicCredentials().iterator(); iter.hasNext();) { ! obj = iter.next(); ! if (obj instanceof UserPublicKey) ! iter.remove(); ! } ! // Remove all AccountPublicKey ! for (Iterator iter = subject.getPublicCredentials().iterator(); iter.hasNext();) { ! obj = iter.next(); ! if (obj instanceof AccountPublicKey) ! iter.remove(); } } |
|
From: Joseph I. <jos...@us...> - 2007-02-20 03:45:28
|
Update of /cvsroot/tolven/tolvenWEB/src/org/tolven/index In directory sc8-pr-cvs10.sourceforge.net:/tmp/cvs-serv8838/src/org/tolven/index Modified Files: BrowseSecurityFilter.java Log Message: There is now no need for the accountUserId to be placed in every request. It is kept in the session for use by the rest of the application. Index: BrowseSecurityFilter.java =================================================================== RCS file: /cvsroot/tolven/tolvenWEB/src/org/tolven/index/BrowseSecurityFilter.java,v retrieving revision 1.7 retrieving revision 1.8 diff -C2 -d -r1.7 -r1.8 *** BrowseSecurityFilter.java 20 Feb 2007 03:39:21 -0000 1.7 --- BrowseSecurityFilter.java 20 Feb 2007 03:45:26 -0000 1.8 *************** *** 114,120 **** lc.login(); } - // Expose AccountUser to the application for this request. - long accountUserId = (Long) request.getSession().getAttribute("accountUserId"); - request.setAttribute("accountUser", activateLocal.findAccountUser(accountUserId)); chain.doFilter(request, response); } catch (Exception e) { --- 114,117 ---- |
|
From: Joseph I. <jos...@us...> - 2007-02-20 03:39:25
|
Update of /cvsroot/tolven/tolvenEJB/src/org/tolven/security/auth In directory sc8-pr-cvs10.sourceforge.net:/tmp/cvs-serv6346/src/org/tolven/security/auth Modified Files: UsernamePasswordAccountUserIdCallbackHandler.java Log Message: UsernamePasswordAccountUsreCallbackHandler now allows the accountUserId to be changed after it has been passed to the LoginContext. A login performed on the LoginContext, will cause the appropriate AccountPrivataKey/AccountPublicKey to be added to the Subject. Index: UsernamePasswordAccountUserIdCallbackHandler.java =================================================================== RCS file: /cvsroot/tolven/tolvenEJB/src/org/tolven/security/auth/UsernamePasswordAccountUserIdCallbackHandler.java,v retrieving revision 1.1 retrieving revision 1.2 diff -C2 -d -r1.1 -r1.2 *** UsernamePasswordAccountUserIdCallbackHandler.java 19 Feb 2007 10:17:31 -0000 1.1 --- UsernamePasswordAccountUserIdCallbackHandler.java 20 Feb 2007 03:39:24 -0000 1.2 *************** *** 42,45 **** --- 42,49 ---- this.accountUserId = accountUserId; } + + public void setAccountUserId(long accountUserId) { + this.accountUserId = accountUserId; + } public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException { |
|
From: Joseph I. <jos...@us...> - 2007-02-20 03:39:23
|
Update of /cvsroot/tolven/tolvenWEB/src/org/tolven/index In directory sc8-pr-cvs10.sourceforge.net:/tmp/cvs-serv6336/src/org/tolven/index Modified Files: BrowseSecurityFilter.java BrowseBase.java Browse.java Log Message: UsernamePasswordAccountUsreCallbackHandler now allows the accountUserId to be changed after it has been passed to the LoginContext. A login performed on the LoginContext, will cause the appropriate AccountPrivataKey/AccountPublicKey to be added to the Subject. Index: BrowseSecurityFilter.java =================================================================== RCS file: /cvsroot/tolven/tolvenWEB/src/org/tolven/index/BrowseSecurityFilter.java,v retrieving revision 1.6 retrieving revision 1.7 diff -C2 -d -r1.6 -r1.7 *** BrowseSecurityFilter.java 19 Feb 2007 12:54:28 -0000 1.6 --- BrowseSecurityFilter.java 20 Feb 2007 03:39:21 -0000 1.7 *************** *** 23,26 **** --- 23,27 ---- import org.tolven.core.entity.TolvenUser; import org.tolven.security.auth.UsernamePasswordAccountUserIdCallbackHandler; + /** * In our simple servlet sample application we still need to satisfy security requirements we'll *************** *** 40,147 **** @EJB protected ActivationLocal activateLocal; ! void loginForm( Writer writer ) throws IOException { ! writer.write( "<form method=\"get\" action=\"login.browse\" >" ); ! writer.write( "User Id<br/>"); ! writer.write( "<input type=\"text\" name=\"username\" size=\"30\" />"); ! writer.write( "<br/>"); ! writer.write( "Password<br/><input name=\"password\" type=\"password\" value=\"\" size=\"20\" />"); ! writer.write( "<br/>"); ! writer.write( "Account<br/><input name=\"account\" type=\"text\" value=\"\" size=\"8\" />"); ! writer.write( "<input type=\"submit\" name=\"Submit\" value=\"Login\" /><br/>"); ! writer.write( "</form>"); ! } ! ! public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) throws IOException, ServletException { System.out.println(getClass() + " : doFilter"); ! HttpServletRequest request = (HttpServletRequest)req; ! HttpServletResponse response = (HttpServletResponse)resp; ! LoginContext lc = null; ! UsernamePasswordAccountUserIdCallbackHandler handler = null; ! try { ! //UsernamePasswordHandler handler = new UsernamePasswordHandler(request.getSession()); ! String uri = request.getRequestURI(); ! // Let the login page through, already logged in or not. ! // Login doesn't need authorization. ! // If the login has needed params, we'll attempt a login, otherwise, we just go back ! // to the login page. ! if( uri.endsWith("login.browse")) { if (null!=request.getParameter("username") && ! null!=request.getParameter("password") && ! null!=request.getParameter("account")) { ! // Not logged in yet so...authenticate the user ! String username = request.getParameter("username"); ! String password = request.getParameter("password"); handler = new UsernamePasswordAccountUserIdCallbackHandler(username, password.toCharArray()); ! lc = new LoginContext("tolvenLDAP", handler); ! lc.login(); ! System.out.println( "Password verified"); ! TolvenUser user = activateLocal.loginUser( username, new Date() ); ! System.out.println( "TolvenUser accepted"); ! // This simulates the SelectAccount page ! List<AccountUser> accountUsers = activateLocal.findUserAccounts(user); ! long accountId = Long.parseLong((String)request.getParameter("account")); ! AccountUser accountUser = null; ! // Select the most recent AccountUser and use that account ! for ( AccountUser au : accountUsers ) { ! if (accountId==au.getAccount().getId() ) { ! accountUser = au; ! accountId = au.getAccount().getId(); ! break; ! } ! } if (accountUser==null) throw new ServletException( "Account not valid for this user"); ! System.out.println( "Account id " + Long.toString(accountId) + " accepted"); ! lc.logout(); ! // Remember this accountUser ! long accountUserId = new Long(accountUser.getId()); ! request.getSession().setAttribute("accountUserId", accountUserId); ! handler = ! new UsernamePasswordAccountUserIdCallbackHandler(username, password.toCharArray(), accountUserId); ! lc = new LoginContext("tolvenLDAP", handler); ! // Login to a particual account lc.login(); ! request.getSession().setAttribute("loginContext", lc); ! // // At this point we want to direct the user to the first page ! response.sendRedirect("view.browse"); ! return; ! } ! // Just let the login page display ! chain.doFilter(request, response); ! return; ! } ! lc = (LoginContext) request.getSession().getAttribute("loginContext"); ! if (null == lc) { ! throw new ServletException( "Not logged in"); ! } else { ! lc.login(); ! } // Expose AccountUser to the application for this request. long accountUserId = (Long) request.getSession().getAttribute("accountUserId"); request.setAttribute("accountUser", activateLocal.findAccountUser(accountUserId)); ! chain.doFilter(request, response); ! } catch (Exception e) { ! throw new ServletException( "Error in BrowseSecurityFilter", e); ! // response.sendRedirect("login.browse"); ! } ! } ! public void init(FilterConfig config) throws ServletException { ! try { ! InitialContext ctx = new InitialContext(); ! activateLocal = (ActivationLocal) ctx.lookup("tolven/ActivationBean/local"); } catch (NamingException e) { ! throw new RuntimeException(e); } ! } ! ! public void destroy() { ! // TODO Auto-generated method stub ! } } --- 41,144 ---- @EJB protected ActivationLocal activateLocal; ! void loginForm(Writer writer) throws IOException { ! writer.write("<form method=\"get\" action=\"login.browse\" >"); ! writer.write("User Id<br/>"); ! writer.write("<input type=\"text\" name=\"username\" size=\"30\" />"); ! writer.write("<br/>"); ! writer.write("Password<br/><input name=\"password\" type=\"password\" value=\"\" size=\"20\" />"); ! writer.write("<br/>"); ! writer.write("Account<br/><input name=\"account\" type=\"text\" value=\"\" size=\"8\" />"); ! writer.write("<input type=\"submit\" name=\"Submit\" value=\"Login\" /><br/>"); ! writer.write("</form>"); ! } ! ! public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) throws IOException, ServletException { System.out.println(getClass() + " : doFilter"); ! HttpServletRequest request = (HttpServletRequest) req; ! HttpServletResponse response = (HttpServletResponse) resp; ! LoginContext lc = null; ! UsernamePasswordAccountUserIdCallbackHandler handler = null; ! try { ! //UsernamePasswordHandler handler = new UsernamePasswordHandler(request.getSession()); ! String uri = request.getRequestURI(); ! // Let the login page through, already logged in or not. ! // Login doesn't need authorization. ! // If the login has needed params, we'll attempt a login, otherwise, we just go back ! // to the login page. ! if (uri.endsWith("login.browse")) { if (null!=request.getParameter("username") && ! null!=request.getParameter("password")) { ! // Not logged in yet so...authenticate the user ! String username = request.getParameter("username"); ! String password = request.getParameter("password"); handler = new UsernamePasswordAccountUserIdCallbackHandler(username, password.toCharArray()); ! lc = new LoginContext("tolvenLDAP", handler); ! lc.login(); ! System.out.println("Password verified"); ! TolvenUser user = activateLocal.loginUser(username, new Date()); ! System.out.println("TolvenUser accepted"); ! // This simulates the SelectAccount page ! List<AccountUser> accountUsers = activateLocal.findUserAccounts(user); ! long accountId = Long.parseLong((String) request.getParameter("account")); ! AccountUser accountUser = null; ! // Select the most recent AccountUser and use that account ! for (AccountUser au : accountUsers) { ! if (accountId == au.getAccount().getId()) { ! accountUser = au; ! accountId = au.getAccount().getId(); ! break; ! } ! } if (accountUser==null) throw new ServletException( "Account not valid for this user"); ! System.out.println("Account id " + Long.toString(accountId) + " accepted"); ! // Remember this accountUser ! long accountUserId = new Long(accountUser.getId()); ! request.getSession().setAttribute("accountUserId", accountUserId); ! // Login to a particual account ! handler.setAccountUserId(accountUserId); ! lc.login(); ! request.getSession().setAttribute("loginContext", lc); ! // // At this point we want to direct the user to the first page ! response.sendRedirect("view.browse"); ! return; ! } ! // Just let the login page display ! chain.doFilter(request, response); ! return; ! } ! lc = (LoginContext) request.getSession().getAttribute("loginContext"); ! if (null == lc) { ! throw new ServletException("Not logged in"); ! } else { lc.login(); ! } // Expose AccountUser to the application for this request. long accountUserId = (Long) request.getSession().getAttribute("accountUserId"); request.setAttribute("accountUser", activateLocal.findAccountUser(accountUserId)); ! chain.doFilter(request, response); ! } catch (Exception e) { ! throw new ServletException("Error in BrowseSecurityFilter", e); ! // response.sendRedirect("login.browse"); ! } ! } ! public void init(FilterConfig config) throws ServletException { ! try { ! InitialContext ctx = new InitialContext(); ! activateLocal = (ActivationLocal) ctx.lookup("tolven/ActivationBean/local"); } catch (NamingException e) { ! throw new RuntimeException(e); } ! } ! public void destroy() { ! // TODO Auto-generated method stub + } + } Index: BrowseBase.java =================================================================== RCS file: /cvsroot/tolven/tolvenWEB/src/org/tolven/index/BrowseBase.java,v retrieving revision 1.6 retrieving revision 1.7 diff -C2 -d -r1.6 -r1.7 *** BrowseBase.java 19 Feb 2007 12:54:28 -0000 1.6 --- BrowseBase.java 20 Feb 2007 03:39:21 -0000 1.7 *************** *** 19,22 **** --- 19,23 ---- import org.tolven.app.CreatorLocal; import org.tolven.app.MenuLocal; + import org.tolven.core.ActivationLocal; import org.tolven.core.entity.AccountUser; import org.tolven.doc.DocumentLocal; *************** *** 35,38 **** --- 36,40 ---- @EJB protected DocumentLocal documentLocal; @EJB protected XMLProtectedLocal xmlProtectedBean; + @EJB protected ActivationLocal activationLocal; @Override *************** *** 46,49 **** --- 48,52 ---- documentLocal = (DocumentLocal) ctx.lookup("tolven/DocumentBean/local"); xmlProtectedBean = (XMLProtectedLocal) ctx.lookup("tolven/XMLProtectedBean/local"); + activationLocal = (ActivationLocal) ctx.lookup("tolven/ActivationBean/local"); } catch (NamingException e) *************** *** 92,96 **** writer.write( "</em> Account: <em>"); String accountUserIdString = ""; ! AccountUser accountUser = (AccountUser) request.getAttribute("accountUser"); if (accountUser != null) accountUserIdString = String.valueOf(accountUser.getAccount().getId()); --- 95,102 ---- writer.write( "</em> Account: <em>"); String accountUserIdString = ""; ! obj = request.getSession().getAttribute("accountUserId"); ! if (obj == null) ! throw new RuntimeException("No accountUser found in session"); ! AccountUser accountUser = (AccountUser) activationLocal.findAccountUser((Long)obj); if (accountUser != null) accountUserIdString = String.valueOf(accountUser.getAccount().getId()); Index: Browse.java =================================================================== RCS file: /cvsroot/tolven/tolvenWEB/src/org/tolven/index/Browse.java,v retrieving revision 1.9 retrieving revision 1.10 diff -C2 -d -r1.9 -r1.10 *** Browse.java 19 Feb 2007 11:37:08 -0000 1.9 --- Browse.java 20 Feb 2007 03:39:21 -0000 1.10 *************** *** 66,70 **** // See if we have an account user id. Can't go on without it. ! AccountUser accountUser = (AccountUser) request.getAttribute("accountUser"); if (null==accountUser) { response.sendRedirect("login.browse"); --- 66,73 ---- // See if we have an account user id. Can't go on without it. ! Object obj = request.getSession().getAttribute("accountUserId"); ! if (obj == null) ! throw new RuntimeException("No accountUser found in session"); ! AccountUser accountUser = (AccountUser) activationLocal.findAccountUser((Long)obj); if (null==accountUser) { response.sendRedirect("login.browse"); |
|
From: Joseph I. <jos...@us...> - 2007-02-20 03:37:26
|
Update of /cvsroot/tolven/tolvenEJB/src/org/tolven/security/auth In directory sc8-pr-cvs10.sourceforge.net:/tmp/cvs-serv5472/src/org/tolven/security/auth Modified Files: KeyLoginModule.java Log Message: Removed a misplaced System.out Index: KeyLoginModule.java =================================================================== RCS file: /cvsroot/tolven/tolvenEJB/src/org/tolven/security/auth/KeyLoginModule.java,v retrieving revision 1.6 retrieving revision 1.7 diff -C2 -d -r1.6 -r1.7 *** KeyLoginModule.java 19 Feb 2007 10:17:31 -0000 1.6 --- KeyLoginModule.java 20 Feb 2007 03:37:24 -0000 1.7 *************** *** 175,179 **** System.out.println(getClass() + ": Adding AccountPrivateKey to PrivateKeyRing " + principalName); privateKeyRing.setAccountPrivateKey(accountPrivateKey); - System.out.println(getClass() + " :JOE: privateKey=" + privateKeyRing); AccountPublicKey accountPublicKey = activation.findAccountPublicKey(accountUserId); if (accountPublicKey == null) --- 175,178 ---- |
|
From: Joseph I. <jos...@us...> - 2007-02-19 13:02:48
|
Update of /cvsroot/tolven/tolvenEJB/src/org/tolven/security In directory sc8-pr-cvs10.sourceforge.net:/tmp/cvs-serv19039/src/org/tolven/security Modified Files: TolvenPrincipal.java Log Message: Removed unnecessary System.outs and also made TolvenPrincipal and Tolven Group serializable. Index: TolvenPrincipal.java =================================================================== RCS file: /cvsroot/tolven/tolvenEJB/src/org/tolven/security/TolvenPrincipal.java,v retrieving revision 1.1 retrieving revision 1.2 diff -C2 -d -r1.1 -r1.2 *** TolvenPrincipal.java 19 Jan 2007 08:22:55 -0000 1.1 --- TolvenPrincipal.java 19 Feb 2007 13:02:45 -0000 1.2 *************** *** 14,17 **** --- 14,18 ---- package org.tolven.security; + import java.io.Serializable; import java.security.Principal; *************** *** 22,26 **** * */ ! public class TolvenPrincipal implements Principal { private String name; --- 23,27 ---- * */ ! public class TolvenPrincipal implements Principal, Serializable { private String name; *************** *** 34,36 **** --- 35,45 ---- } + public boolean equals(Object anObject) { + return anObject instanceof TolvenPrincipal && name.equals(((TolvenPrincipal) anObject).getName()); + } + + public int hashCode() { + return name.hashCode(); + } + } |
|
From: Joseph I. <jos...@us...> - 2007-02-19 13:02:48
|
Update of /cvsroot/tolven/tolvenEJB/src/org/tolven/security/acl In directory sc8-pr-cvs10.sourceforge.net:/tmp/cvs-serv19039/src/org/tolven/security/acl Modified Files: TolvenGroup.java Log Message: Removed unnecessary System.outs and also made TolvenPrincipal and Tolven Group serializable. Index: TolvenGroup.java =================================================================== RCS file: /cvsroot/tolven/tolvenEJB/src/org/tolven/security/acl/TolvenGroup.java,v retrieving revision 1.1 retrieving revision 1.2 diff -C2 -d -r1.1 -r1.2 *** TolvenGroup.java 19 Jan 2007 08:22:55 -0000 1.1 --- TolvenGroup.java 19 Feb 2007 13:02:45 -0000 1.2 *************** *** 14,17 **** --- 14,18 ---- package org.tolven.security.acl; + import java.io.Serializable; import java.security.Principal; import java.security.acl.Group; *************** *** 26,30 **** * */ ! public class TolvenGroup implements Group { private String name; --- 27,31 ---- * */ ! public class TolvenGroup implements Group, Serializable { private String name; *************** *** 50,58 **** obj = e.nextElement(); if (obj instanceof Group) { - System.out.println("JOE: instanceof Group " + ((Group) obj).isMember(member)); return ((Group) obj).isMember(member); } else if (obj instanceof Principal) { myPrincipal = (Principal) obj; - System.out.println("JOE: instanceof " + myPrincipal.getName() + " AND " + myPrincipal.getName() != null && myPrincipal.getName().equals(member.getName())); return myPrincipal.getName() != null && myPrincipal.getName().equals(member.getName()); } --- 51,57 ---- |
|
From: Joseph I. <jos...@us...> - 2007-02-19 12:54:30
|
Update of /cvsroot/tolven/tolvenWEB/src/org/tolven/index In directory sc8-pr-cvs10.sourceforge.net:/tmp/cvs-serv15459/src/org/tolven/index Modified Files: BrowseSecurityFilter.java BrowseBase.java Log Message: Remove the need to have the account in the session. Index: BrowseSecurityFilter.java =================================================================== RCS file: /cvsroot/tolven/tolvenWEB/src/org/tolven/index/BrowseSecurityFilter.java,v retrieving revision 1.5 retrieving revision 1.6 diff -C2 -d -r1.5 -r1.6 *** BrowseSecurityFilter.java 19 Feb 2007 12:14:11 -0000 1.5 --- BrowseSecurityFilter.java 19 Feb 2007 12:54:28 -0000 1.6 *************** *** 69,74 **** null!=request.getParameter("password") && null!=request.getParameter("account")) { - // Move key parameters to session - request.getSession().setAttribute("account", request.getParameter("account")); // Not logged in yet so...authenticate the user String username = request.getParameter("username"); --- 69,72 ---- *************** *** 83,87 **** // This simulates the SelectAccount page List<AccountUser> accountUsers = activateLocal.findUserAccounts(user); ! long accountId = Long.parseLong((String)request.getSession().getAttribute("account")); AccountUser accountUser = null; // Select the most recent AccountUser and use that account --- 81,85 ---- // This simulates the SelectAccount page List<AccountUser> accountUsers = activateLocal.findUserAccounts(user); ! long accountId = Long.parseLong((String)request.getParameter("account")); AccountUser accountUser = null; // Select the most recent AccountUser and use that account Index: BrowseBase.java =================================================================== RCS file: /cvsroot/tolven/tolvenWEB/src/org/tolven/index/BrowseBase.java,v retrieving revision 1.5 retrieving revision 1.6 diff -C2 -d -r1.5 -r1.6 *** BrowseBase.java 19 Feb 2007 12:14:11 -0000 1.5 --- BrowseBase.java 19 Feb 2007 12:54:28 -0000 1.6 *************** *** 19,22 **** --- 19,23 ---- import org.tolven.app.CreatorLocal; import org.tolven.app.MenuLocal; + import org.tolven.core.entity.AccountUser; import org.tolven.doc.DocumentLocal; import org.tolven.doc.XMLProtectedLocal; *************** *** 90,94 **** writer.write( principal.getName()); writer.write( "</em> Account: <em>"); ! writer.write( (String) request.getSession().getAttribute("account")); writer.write( "</em><br/>"); writer.write( " <a href='logout.browse'>Logout</a>"); --- 91,99 ---- writer.write( principal.getName()); writer.write( "</em> Account: <em>"); ! String accountUserIdString = ""; ! AccountUser accountUser = (AccountUser) request.getAttribute("accountUser"); ! if (accountUser != null) ! accountUserIdString = String.valueOf(accountUser.getAccount().getId()); ! writer.write( accountUserIdString); writer.write( "</em><br/>"); writer.write( " <a href='logout.browse'>Logout</a>"); |
|
From: Joseph I. <jos...@us...> - 2007-02-19 12:14:18
|
Update of /cvsroot/tolven/tolvenWEB/src/org/tolven/index In directory sc8-pr-cvs10.sourceforge.net:/tmp/cvs-serv31046/src/org/tolven/index Modified Files: BrowseSecurityFilter.java BrowseBase.java Log Message: Remove the need to have the username and password in the session. Index: BrowseSecurityFilter.java =================================================================== RCS file: /cvsroot/tolven/tolvenWEB/src/org/tolven/index/BrowseSecurityFilter.java,v retrieving revision 1.4 retrieving revision 1.5 diff -C2 -d -r1.4 -r1.5 *** BrowseSecurityFilter.java 19 Feb 2007 10:39:08 -0000 1.4 --- BrowseSecurityFilter.java 19 Feb 2007 12:14:11 -0000 1.5 *************** *** 70,83 **** null!=request.getParameter("account")) { // Move key parameters to session - request.getSession().setAttribute("username", request.getParameter("username")); - request.getSession().setAttribute("password", request.getParameter("password")); request.getSession().setAttribute("account", request.getParameter("account")); // Not logged in yet so...authenticate the user handler = ! new UsernamePasswordAccountUserIdCallbackHandler(request.getParameter("username"), request.getParameter("password").toCharArray()); lc = new LoginContext("tolvenLDAP", handler); lc.login(); System.out.println( "Password verified"); ! TolvenUser user = activateLocal.loginUser( (String)request.getSession().getAttribute("username"), new Date() ); System.out.println( "TolvenUser accepted"); // This simulates the SelectAccount page --- 70,83 ---- null!=request.getParameter("account")) { // Move key parameters to session request.getSession().setAttribute("account", request.getParameter("account")); // Not logged in yet so...authenticate the user + String username = request.getParameter("username"); + String password = request.getParameter("password"); handler = ! new UsernamePasswordAccountUserIdCallbackHandler(username, password.toCharArray()); lc = new LoginContext("tolvenLDAP", handler); lc.login(); System.out.println( "Password verified"); ! TolvenUser user = activateLocal.loginUser( username, new Date() ); System.out.println( "TolvenUser accepted"); // This simulates the SelectAccount page *************** *** 100,104 **** request.getSession().setAttribute("accountUserId", accountUserId); handler = ! new UsernamePasswordAccountUserIdCallbackHandler(request.getParameter("username"), request.getParameter("password").toCharArray(), accountUserId); lc = new LoginContext("tolvenLDAP", handler); // Login to a particual account --- 100,104 ---- request.getSession().setAttribute("accountUserId", accountUserId); handler = ! new UsernamePasswordAccountUserIdCallbackHandler(username, password.toCharArray(), accountUserId); lc = new LoginContext("tolvenLDAP", handler); // Login to a particual account Index: BrowseBase.java =================================================================== RCS file: /cvsroot/tolven/tolvenWEB/src/org/tolven/index/BrowseBase.java,v retrieving revision 1.4 retrieving revision 1.5 diff -C2 -d -r1.4 -r1.5 *** BrowseBase.java 19 Feb 2007 11:07:55 -0000 1.4 --- BrowseBase.java 19 Feb 2007 12:14:11 -0000 1.5 *************** *** 3,10 **** --- 3,14 ---- import java.io.IOException; import java.io.Writer; + import java.security.Principal; + import java.security.acl.Group; import javax.annotation.EJB; import javax.naming.InitialContext; import javax.naming.NamingException; + import javax.security.auth.Subject; + import javax.security.auth.login.LoginContext; import javax.servlet.ServletConfig; import javax.servlet.ServletException; *************** *** 66,72 **** // If logged in, show a few things and allow the user to log out if (null!=request.getSession().getAttribute("loginContext")) { writer.write( "<p>"); ! writer.write( " Username: <em>" ); ! writer.write( (String) request.getSession().getAttribute("username")); writer.write( "</em> Account: <em>"); writer.write( (String) request.getSession().getAttribute("account")); --- 70,92 ---- // If logged in, show a few things and allow the user to log out if (null!=request.getSession().getAttribute("loginContext")) { + LoginContext lc = (LoginContext)request.getSession().getAttribute("loginContext"); + Subject subject = lc.getSubject(); + if (lc.getSubject() == null) + throw new IllegalStateException("No Subject found in LoginContext"); + //TODO: Assume one Principal at this time. Should the Principal be identified in the Subject or via ejbContext? + Principal principal = null; + Object obj = null; + for (java.util.Iterator iter = subject.getPrincipals().iterator(); iter.hasNext();) { + obj = iter.next(); + if (obj instanceof Principal && !(obj instanceof Group)) { + principal = (Principal) obj; + break; + } + } + if (principal == null) + throw new IllegalStateException("No Principal found in Subject"); writer.write( "<p>"); ! writer.write( " Username: <em>" ); ! writer.write( principal.getName()); writer.write( "</em> Account: <em>"); writer.write( (String) request.getSession().getAttribute("account")); |
|
From: Joseph I. <jos...@us...> - 2007-02-19 11:37:10
|
Update of /cvsroot/tolven/tolvenWEB/src/org/tolven/index In directory sc8-pr-cvs10.sourceforge.net:/tmp/cvs-serv15403/src/org/tolven/index Modified Files: Browse.java Log Message: Make certain that the LoginContext is logged out when the session is invalidated. Index: Browse.java =================================================================== RCS file: /cvsroot/tolven/tolvenWEB/src/org/tolven/index/Browse.java,v retrieving revision 1.8 retrieving revision 1.9 diff -C2 -d -r1.8 -r1.9 *** Browse.java 16 Feb 2007 04:03:30 -0000 1.8 --- Browse.java 19 Feb 2007 11:37:08 -0000 1.9 *************** *** 10,13 **** --- 10,14 ---- import java.util.Map; + import javax.security.auth.login.LoginContext; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; *************** *** 110,113 **** --- 111,117 ---- if( uri.endsWith("logout.browse")) { + LoginContext lc = (LoginContext) request.getSession(false).getAttribute("loginContext"); + if (lc != null) + lc.logout(); request.getSession(false).invalidate(); // Prepare response back to client |
|
From: Joseph I. <jos...@us...> - 2007-02-19 11:07:58
|
Update of /cvsroot/tolven/tolvenWEB/src/org/tolven/index In directory sc8-pr-cvs10.sourceforge.net:/tmp/cvs-serv2866/src/org/tolven/index Modified Files: BrowseBase.java Log Message: Return the logged in/logged out information, which is now based on the presence of LoginContext in the session rather than Subject. Index: BrowseBase.java =================================================================== RCS file: /cvsroot/tolven/tolvenWEB/src/org/tolven/index/BrowseBase.java,v retrieving revision 1.3 retrieving revision 1.4 diff -C2 -d -r1.3 -r1.4 *** BrowseBase.java 7 Feb 2007 01:40:33 -0000 1.3 --- BrowseBase.java 19 Feb 2007 11:07:55 -0000 1.4 *************** *** 65,69 **** writer.write( "<body>\n"); // If logged in, show a few things and allow the user to log out ! if (null!=request.getSession().getAttribute("subject")) { writer.write( "<p>"); writer.write( " Username: <em>" ); --- 65,69 ---- writer.write( "<body>\n"); // If logged in, show a few things and allow the user to log out ! if (null!=request.getSession().getAttribute("loginContext")) { writer.write( "<p>"); writer.write( " Username: <em>" ); |
|
From: Joseph I. <jos...@us...> - 2007-02-19 10:39:14
|
Update of /cvsroot/tolven/tolvenWEB/src/org/tolven/index In directory sc8-pr-cvs10.sourceforge.net:/tmp/cvs-serv22982/src/org/tolven/index Modified Files: BrowseSecurityFilter.java Log Message: Now uses the new UsernamePasswordAccountUserId to supply the AccountUserId for use by the KeyLoginModule. Index: BrowseSecurityFilter.java =================================================================== RCS file: /cvsroot/tolven/tolvenWEB/src/org/tolven/index/BrowseSecurityFilter.java,v retrieving revision 1.3 retrieving revision 1.4 diff -C2 -d -r1.3 -r1.4 *** BrowseSecurityFilter.java 17 Feb 2007 01:02:33 -0000 1.3 --- BrowseSecurityFilter.java 19 Feb 2007 10:39:08 -0000 1.4 *************** *** 3,29 **** import java.io.IOException; import java.io.Writer; - import java.security.GeneralSecurityException; import java.util.Date; import java.util.List; - import java.util.Set; import javax.annotation.EJB; import javax.naming.InitialContext; import javax.naming.NamingException; - import javax.security.auth.Subject; - import javax.security.auth.callback.Callback; - import javax.security.auth.callback.CallbackHandler; - import javax.security.auth.callback.NameCallback; - import javax.security.auth.callback.PasswordCallback; - import javax.security.auth.callback.UnsupportedCallbackException; import javax.security.auth.login.LoginContext; - import javax.security.auth.login.LoginException; - import javax.security.jacc.PolicyContext; - import javax.security.jacc.PolicyContextException; import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; - import javax.servlet.RequestDispatcher; - import javax.servlet.ServletContext; import javax.servlet.ServletException; import javax.servlet.ServletRequest; --- 3,16 ---- *************** *** 31,42 **** import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; - import javax.servlet.http.HttpSession; import org.tolven.core.ActivationLocal; import org.tolven.core.entity.AccountUser; import org.tolven.core.entity.TolvenUser; ! import org.tolven.security.key.PrivateKeyRing; ! import org.tolven.security.key.UserPrivateKey; ! import org.tolven.security.key.UserPublicKey; /** * In our simple servlet sample application we still need to satisfy security requirements we'll --- 18,26 ---- import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.tolven.core.ActivationLocal; import org.tolven.core.entity.AccountUser; import org.tolven.core.entity.TolvenUser; ! import org.tolven.security.auth.UsernamePasswordAccountUserIdCallbackHandler; /** * In our simple servlet sample application we still need to satisfy security requirements we'll *************** *** 53,142 **** */ public class BrowseSecurityFilter implements Filter { - private ServletContext context = null; @EJB protected ActivationLocal activateLocal; - class UsernamePasswordHandler implements CallbackHandler { - HttpSession session; - - public UsernamePasswordHandler(HttpSession session) { - this.session = session; - } - - public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException { - int len = callbacks.length; - Callback cb; - for(int i=0; i<len; i++) { - cb = callbacks[i]; - if(cb instanceof NameCallback) { - NameCallback ncb = (NameCallback)cb; - ncb.setName((String)session.getAttribute("username")); - } - else if (cb instanceof PasswordCallback) { - PasswordCallback pcb = (PasswordCallback)cb; - pcb.setPassword(((String)session.getAttribute("password")).toCharArray()); - } else { - throw new UnsupportedCallbackException(cb, "Unknown callback request"); - } - } - } - }; - - /** - * Return the PrivateKeyRing for the user - * @return - * @throws PolicyContextException - * @throws GeneralSecurityException - */ - public PrivateKeyRing getPrivateKeyRing() throws PolicyContextException, GeneralSecurityException { - Subject subject = (Subject) PolicyContext.getContext("javax.security.auth.Subject.container"); - if (subject == null) - throw new GeneralSecurityException("No Subject found in PolicyContext for " ); - Set privateCredentials = subject.getPrivateCredentials(PrivateKeyRing.class); - if (privateCredentials.isEmpty()) - throw new GeneralSecurityException(": No PrivateKeyRing found for " ); - return (PrivateKeyRing) privateCredentials.iterator().next(); - } - - /** - * Return the PublicKey for the user - * @return - * @throws PolicyContextException - * @throws GeneralSecurityException - */ - public UserPublicKey getUserPublicKey() throws PolicyContextException, GeneralSecurityException { - Subject subject = (Subject) PolicyContext.getContext("javax.security.auth.Subject.container"); - if (subject == null) - throw new GeneralSecurityException("No Subject found in PolicyContext for " ); - Set publicCredentials = subject.getPublicCredentials(UserPublicKey.class); - if (publicCredentials.isEmpty()) - throw new GeneralSecurityException(": No UserPublicKey found for "); - return (UserPublicKey) publicCredentials.iterator().next(); - } - - /** - * Return the UserPrivateKey for the user - * @return - * @throws PolicyContextException - * @throws GeneralSecurityException - */ - public UserPrivateKey getUserPrivateKey() throws PolicyContextException, GeneralSecurityException { - return getPrivateKeyRing().getUserPrivateKey(); - } - - /** - * Add Keys from the Subject to what should be a new TolvenUser who is logging in - * @throws PolicyContextException - * @throws GeneralSecurityException - */ - private void addKeysToUser(TolvenUser tolvenUser) throws PolicyContextException, GeneralSecurityException { - UserPrivateKey userPrivateKey = getUserPrivateKey(); - if (userPrivateKey == null) - throw new GeneralSecurityException("User has no UserPrivateKey and none found in Subject"); - if (!tolvenUser.hasUserPrivateKey()) { - tolvenUser.setUserPrivateKey(userPrivateKey); - tolvenUser.setUserPublicKey(getUserPublicKey()); - } - } void loginForm( Writer writer ) throws IOException { writer.write( "<form method=\"get\" action=\"login.browse\" >" ); --- 37,43 ---- *************** *** 151,171 **** } - - /** - * Update the PrivateKeyRing with the AccountPrivateKey of the Account that the user is currently logged into - * @throws PolicyContextException - * @throws GeneralSecurityException - */ - protected void updatePrivateKeyRing(AccountUser accountUser) throws PolicyContextException, GeneralSecurityException { - PrivateKeyRing privateKeyRing = getPrivateKeyRing(); - privateKeyRing.setAccountPrivateKey(accountUser.getAccountPrivateKey()); - } - public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) throws IOException, ServletException { HttpServletRequest request = (HttpServletRequest)req; HttpServletResponse response = (HttpServletResponse)resp; LoginContext lc = null; try { ! UsernamePasswordHandler handler = new UsernamePasswordHandler(request.getSession()); String uri = request.getRequestURI(); // Let the login page through, already logged in or not. --- 52,63 ---- } public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) throws IOException, ServletException { + System.out.println(getClass() + " : doFilter"); HttpServletRequest request = (HttpServletRequest)req; HttpServletResponse response = (HttpServletResponse)resp; LoginContext lc = null; + UsernamePasswordAccountUserIdCallbackHandler handler = null; try { ! //UsernamePasswordHandler handler = new UsernamePasswordHandler(request.getSession()); String uri = request.getRequestURI(); // Let the login page through, already logged in or not. *************** *** 181,186 **** request.getSession().setAttribute("password", request.getParameter("password")); request.getSession().setAttribute("account", request.getParameter("account")); ! request.getSession().setAttribute("subject", null); ! // Not logged in yet so... lc = new LoginContext("tolvenLDAP", handler); lc.login(); --- 73,79 ---- request.getSession().setAttribute("password", request.getParameter("password")); request.getSession().setAttribute("account", request.getParameter("account")); ! // Not logged in yet so...authenticate the user ! handler = ! new UsernamePasswordAccountUserIdCallbackHandler(request.getParameter("username"), request.getParameter("password").toCharArray()); lc = new LoginContext("tolvenLDAP", handler); lc.login(); *************** *** 202,209 **** if (accountUser==null) throw new ServletException( "Account not valid for this user"); System.out.println( "Account id " + Long.toString(accountId) + " accepted"); // Remember this accountUser ! request.getSession().setAttribute("accountUserId", new Long(accountUser.getId())); ! // Save subject for use during logged in session ! request.getSession().setAttribute("subject", lc.getSubject()); // // At this point we want to direct the user to the first page response.sendRedirect("view.browse"); --- 95,108 ---- if (accountUser==null) throw new ServletException( "Account not valid for this user"); System.out.println( "Account id " + Long.toString(accountId) + " accepted"); + lc.logout(); // Remember this accountUser ! long accountUserId = new Long(accountUser.getId()); ! request.getSession().setAttribute("accountUserId", accountUserId); ! handler = ! new UsernamePasswordAccountUserIdCallbackHandler(request.getParameter("username"), request.getParameter("password").toCharArray(), accountUserId); ! lc = new LoginContext("tolvenLDAP", handler); ! // Login to a particual account ! lc.login(); ! request.getSession().setAttribute("loginContext", lc); // // At this point we want to direct the user to the first page response.sendRedirect("view.browse"); *************** *** 214,234 **** return; } ! // OK, we assume the user is logged in. But we recheck before doing anything. ! Subject subject = (Subject) request.getSession().getAttribute("subject"); ! // Not logged in, back to login. ! if (null==subject) { ! throw new ServletException( "BrowseSecurityFilter: user not logged in"); ! } ! // Setup login context based on stored subject ! lc = new LoginContext( "tolvenLDAP", subject, handler); ! lc.login(); ! long accountUserId = (Long) request.getSession(false).getAttribute("accountUserId"); ! AccountUser accountUser = activateLocal.findAccountUser(accountUserId); ! if (null==accountUser) { ! throw new ServletException( "Invalid account specified"); ! } // Expose AccountUser to the application for this request. ! request.setAttribute("accountUser", accountUser); ! updatePrivateKeyRing( accountUser ); chain.doFilter(request, response); } catch (Exception e) { --- 113,125 ---- return; } ! lc = (LoginContext) request.getSession().getAttribute("loginContext"); ! if (null == lc) { ! throw new ServletException( "Not logged in"); ! } else { ! lc.login(); ! } // Expose AccountUser to the application for this request. ! long accountUserId = (Long) request.getSession().getAttribute("accountUserId"); ! request.setAttribute("accountUser", activateLocal.findAccountUser(accountUserId)); chain.doFilter(request, response); } catch (Exception e) { *************** *** 236,252 **** // response.sendRedirect("login.browse"); } - finally { - // Clear login state from this thread before we leave (no matter what) - if (null!=lc) - try { - lc.logout(); - } catch (LoginException e) { - e.printStackTrace(); - } - } } public void init(FilterConfig config) throws ServletException { - context = config.getServletContext(); try { --- 127,133 ---- |
|
From: Joseph I. <jos...@us...> - 2007-02-19 10:17:33
|
Update of /cvsroot/tolven/tolvenEJB/src/org/tolven/security/bean In directory sc8-pr-cvs10.sourceforge.net:/tmp/cvs-serv13523/src/org/tolven/security/bean Modified Files: LoginBean.java Log Message: Added UsernamePasswordAccountUseridCallbackHandler which allows login with either just the username/password or with the username/password/accountUserId. This class can be used in conjuction with the KeyLoginModule, if there is control over the LoginContext instance. Index: LoginBean.java =================================================================== RCS file: /cvsroot/tolven/tolvenEJB/src/org/tolven/security/bean/LoginBean.java,v retrieving revision 1.4 retrieving revision 1.5 diff -C2 -d -r1.4 -r1.5 *** LoginBean.java 29 Jan 2007 01:56:54 -0000 1.4 --- LoginBean.java 19 Feb 2007 10:17:31 -0000 1.5 *************** *** 19,25 **** --- 19,27 ---- import org.tolven.admin.ActivateInvitation; + import org.tolven.core.AccountDAOLocal; import org.tolven.core.ActivationLocal; import org.tolven.core.InvitationLocal; import org.tolven.core.bean.InvitationException; + import org.tolven.core.entity.AccountUser; import org.tolven.core.entity.Sponsorship; import org.tolven.core.entity.Status; *************** *** 30,33 **** --- 32,37 ---- import org.tolven.security.LoginRemote; import org.tolven.security.TolvenPerson; + import org.tolven.security.key.AccountPrivateKey; + import org.tolven.security.key.AccountPublicKey; import org.tolven.security.key.UserKeyRing; @Stateless *************** *** 41,44 **** --- 45,50 ---- @EJB private InvitationLocal invitationBean; @EJB private LDAPLocal ldapBean; + @EJB private AccountDAOLocal accountBean; + @EJB private ActivationLocal activationBean;; /** *************** *** 65,72 **** --- 71,102 ---- public UserKeyRing findUserKeyRing(String aPrincipal) { + //TolvenUser implements the UserKeyRing interface return findUser(aPrincipal); } /** + * Return an AccountPrivateKey given an AccountUserId + * @param anAccountUserId + * @return + */ + public AccountPrivateKey findAccountPrivateKey(long anAccountUserId) { + AccountUser accountUser = activationBean.findAccountUser(anAccountUserId); + if (accountUser == null) + throw new RuntimeException("Could not find AccountUser with id=" + anAccountUserId); + return accountUser.getAccountPrivateKey(); + } + + /** + * Return an AccountPublicKey given an AccountUserId + * @param anAccountUserId + * @return + */ + public AccountPublicKey findAccountPublicKey(long anAccountUserId) { + AccountUser accountUser = activationBean.findAccountUser(anAccountUserId); + if (accountUser == null) + throw new RuntimeException("Could not find AccountUser with id=" + anAccountUserId); + return accountUser.getAccount().getAccountPublicKey(); + } + /** * Register a new user with an activation step that validates the userId as a valid eMail addresss. * <ol> |
|
From: Joseph I. <jos...@us...> - 2007-02-19 10:17:33
|
Update of /cvsroot/tolven/tolvenEJB/src/org/tolven/security/auth In directory sc8-pr-cvs10.sourceforge.net:/tmp/cvs-serv13523/src/org/tolven/security/auth Modified Files: KeyLoginModule.java Added Files: UsernamePasswordAccountUserIdCallbackHandler.java AccountUserIdCallback.java Log Message: Added UsernamePasswordAccountUseridCallbackHandler which allows login with either just the username/password or with the username/password/accountUserId. This class can be used in conjuction with the KeyLoginModule, if there is control over the LoginContext instance. --- NEW FILE: UsernamePasswordAccountUserIdCallbackHandler.java --- /* * Copyright (C) 2006 Tolven Inc * * This library is free software; you can redistribute it and/or modify it under the terms of * the GNU Lesser General Public License as published by the Free Software Foundation; either * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; * without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. * See the GNU Lesser General Public License for more details. * * Contact: in...@to... */ package org.tolven.security.auth; import java.io.IOException; import javax.security.auth.callback.Callback; import javax.security.auth.callback.CallbackHandler; import javax.security.auth.callback.NameCallback; import javax.security.auth.callback.PasswordCallback; import javax.security.auth.callback.UnsupportedCallbackException; /** * This class provides a way to supply the username, password and optionally the accountUserId to LoginModules via the CallbackHandler interface * @author Joseph Isaac * */ public class UsernamePasswordAccountUserIdCallbackHandler implements CallbackHandler { String username; char[] password; long accountUserId; public UsernamePasswordAccountUserIdCallbackHandler(String username, char[] password) { this(username, password, 0); } public UsernamePasswordAccountUserIdCallbackHandler(String username, char[] password, long accountUserId) { this.username = username; this.password = password; this.accountUserId = accountUserId; } public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException { int len = callbacks.length; Callback cb; for (int i = 0; i < len; i++) { cb = callbacks[i]; if (cb instanceof NameCallback) { NameCallback ncb = (NameCallback) cb; ncb.setName(username); } else if (cb instanceof PasswordCallback) { PasswordCallback pcb = (PasswordCallback) cb; pcb.setPassword(password); } else if (cb instanceof AccountUserIdCallback) { AccountUserIdCallback pcb = (AccountUserIdCallback) cb; pcb.setAccountUserId(accountUserId); } else { throw new UnsupportedCallbackException(cb, "Unsupported Callback Exception"); } } } } Index: KeyLoginModule.java =================================================================== RCS file: /cvsroot/tolven/tolvenEJB/src/org/tolven/security/auth/KeyLoginModule.java,v retrieving revision 1.5 retrieving revision 1.6 diff -C2 -d -r1.5 -r1.6 *** KeyLoginModule.java 18 Feb 2007 10:20:43 -0000 1.5 --- KeyLoginModule.java 19 Feb 2007 10:17:31 -0000 1.6 *************** *** 36,39 **** --- 36,41 ---- import org.tolven.security.TolvenPrincipal; import org.tolven.security.acl.TolvenGroup; + import org.tolven.security.key.AccountPrivateKey; + import org.tolven.security.key.AccountPublicKey; import org.tolven.security.key.PrivateKeyRing; import org.tolven.security.key.UserKeyRing; *************** *** 54,60 **** private Subject subject = null; ! private CallbackHandler callbackHandler = null; private String principalName; private char[] password; public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> arg2, Map<String, ?> arg3) { --- 56,63 ---- private Subject subject = null; ! private CallbackHandler callbackHandler; private String principalName; private char[] password; + private long accountUserId; public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> arg2, Map<String, ?> arg3) { *************** *** 70,76 **** NameCallback nc = new NameCallback("User name: "); PasswordCallback pc = new PasswordCallback("Password: ", false); ! Callback[] callbacks = { nc, pc }; try { ! callbackHandler.handle(callbacks); principalName = nc.getName(); if (principalName == null) --- 73,88 ---- NameCallback nc = new NameCallback("User name: "); PasswordCallback pc = new PasswordCallback("Password: ", false); ! AccountUserIdCallback auc = new AccountUserIdCallback("AccountUserId: "); ! Callback[] callbacks = { nc, pc, auc }; ! Callback[] stdCallbacks = { nc, pc }; try { ! //TODO: We currently use a custom callback handler, but have not changed the default callback handler ! // So both can come through here and being interfaces, there is no way to distinguish between them ! // Here we try the default first, and recognize it because if it does not support the AccountUseridCallback ! try { ! callbackHandler.handle(callbacks); ! } catch (UnsupportedCallbackException ex) { ! callbackHandler.handle(stdCallbacks); ! } principalName = nc.getName(); if (principalName == null) *************** *** 82,85 **** --- 94,98 ---- System.arraycopy(tmpPassword, 0, password, 0, tmpPassword.length); pc.clearPassword(); + accountUserId = auc.getAccountUserId(); } catch (IOException e) { LoginException le = new LoginException("Failed to get principalName/password"); *************** *** 146,151 **** iter.remove(); } ! subject.getPrivateCredentials().add(new PrivateKeyRing(userPrivateKey)); ! System.out.println(getClass() + ": Adding getUserPublicKey to Subject " + principalName); // UserPublicKey: Ensure there is only one UserPublicKey in a Subject by removing any that might be there for (Iterator iter = subject.getPublicCredentials(UserPublicKey.class).iterator(); iter.hasNext();) { --- 159,165 ---- iter.remove(); } ! PrivateKeyRing privateKeyRing = new PrivateKeyRing(userPrivateKey); ! subject.getPrivateCredentials().add(privateKeyRing); ! System.out.println(getClass() + ": Adding UserPublicKey to Subject " + principalName); // UserPublicKey: Ensure there is only one UserPublicKey in a Subject by removing any that might be there for (Iterator iter = subject.getPublicCredentials(UserPublicKey.class).iterator(); iter.hasNext();) { *************** *** 154,157 **** --- 168,190 ---- } subject.getPublicCredentials().add(userPublicKey); + if (accountUserId != 0) { + // Setup the AccountPrivateKey and AccountPublicKey + AccountPrivateKey accountPrivateKey = activation.findAccountPrivateKey(accountUserId); + if (accountPrivateKey == null) + throw new LoginException(getClass() + ": Could not locate an AccountPrivateKey for AccountUser with id=" + accountUserId); + System.out.println(getClass() + ": Adding AccountPrivateKey to PrivateKeyRing " + principalName); + privateKeyRing.setAccountPrivateKey(accountPrivateKey); + System.out.println(getClass() + " :JOE: privateKey=" + privateKeyRing); + AccountPublicKey accountPublicKey = activation.findAccountPublicKey(accountUserId); + if (accountPublicKey == null) + throw new LoginException(getClass() + ": Could not locate an AccountPublicKey for AccountUser with id=" + accountUserId); + // Ensure there are no other AccountPublicKeys + for (Iterator iter = subject.getPublicCredentials(AccountPublicKey.class).iterator(); iter.hasNext();) { + iter.next(); + iter.remove(); + } + System.out.println(getClass() + ": Adding AccountPublicKey to Subject " + principalName); + subject.getPublicCredentials().add(accountPublicKey); + } System.out.println(getClass() + ": completing login for " + principalName); } catch (Exception ex) { *************** *** 175,178 **** --- 208,212 ---- callbackHandler = null; principalName = null; + accountUserId = 0; if (password != null) Arrays.fill(password, '0'); --- NEW FILE: AccountUserIdCallback.java --- /* * Copyright (C) 2006 Tolven Inc * * This library is free software; you can redistribute it and/or modify it under the terms of * the GNU Lesser General Public License as published by the Free Software Foundation; either * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; * without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. * See the GNU Lesser General Public License for more details. * * Contact: in...@to... */ package org.tolven.security.auth; import javax.security.auth.callback.Callback; /** * This class provides a way to supply the AccountUserId to a LoginModule * @author Joseph Isaac * */ public class AccountUserIdCallback implements Callback { private String prompt; private long accountUserId; AccountUserIdCallback(String prompt) { this.prompt = prompt; } /** * Return a prompt * @return */ public String getPrompt() { return prompt; } /** * Return the accountUserId * @return */ public long getAccountUserId() { return accountUserId; } /** * Set the accountUserId * @param accountUserId */ public void setAccountUserId(long accountUserId) { this.accountUserId = accountUserId; } } |
3 messages has been excluded from this view by a project administrator.
