Menu
▾
▴
tolven-cvs-commit — Tolven CVS Commit
You can subscribe to this list here.
| 2006 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
(141) |
Sep
(184) |
Oct
(159) |
Nov
(77) |
Dec
(114) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2007 |
Jan
(212) |
Feb
(302) |
Mar
(323) |
Apr
(360) |
May
(302) |
Jun
(392) |
Jul
(299) |
Aug
(858) |
Sep
(499) |
Oct
(489) |
Nov
(324) |
Dec
(438) |
| 2008 |
Jan
(449) |
Feb
(388) |
Mar
(811) |
Apr
(583) |
May
(949) |
Jun
(1431) |
Jul
(943) |
Aug
(527) |
Sep
(576) |
Oct
(440) |
Nov
(1046) |
Dec
(658) |
| 2009 |
Jan
(259) |
Feb
(192) |
Mar
(495) |
Apr
(2322) |
May
(2023) |
Jun
(1387) |
Jul
(722) |
Aug
(771) |
Sep
(167) |
Oct
(142) |
Nov
(384) |
Dec
(884) |
| 2010 |
Jan
(344) |
Feb
(82) |
Mar
(248) |
Apr
(341) |
May
(389) |
Jun
(289) |
Jul
(19) |
Aug
(478) |
Sep
(274) |
Oct
(431) |
Nov
(322) |
Dec
(207) |
| 2011 |
Jan
(125) |
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|
From: Joseph I. <jos...@us...> - 2007-01-10 08:52:02
|
Update of /cvsroot/tolven/tolvenWEB In directory sc8-pr-cvs10.sourceforge.net:/tmp/cvs-serv29237 Modified Files: build.xml Log Message: Moved KeyLdapLoginModule and KeyLdapCallbackHandler to the web tier to assist in both UserPrivateKey/Public and AccountPrivateKey/PublicKey placement. Index: build.xml =================================================================== RCS file: /cvsroot/tolven/tolvenWEB/build.xml,v retrieving revision 1.7 retrieving revision 1.8 diff -C2 -d -r1.7 -r1.8 *** build.xml 21 Aug 2006 00:41:42 -0000 1.7 --- build.xml 10 Jan 2007 08:52:00 -0000 1.8 *************** *** 28,31 **** --- 28,34 ---- </fileset> <pathelement location="${junit.location}/junit.jar"/> + <fileset dir="${tolven.location}"> + <include name="lib/jboss/jbosssx.jar"/> + </fileset> </path> <target name="init"> |
|
From: Joseph I. <jos...@us...> - 2007-01-10 08:52:02
|
Update of /cvsroot/tolven/tolvenWEB/src/org/tolven/web In directory sc8-pr-cvs10.sourceforge.net:/tmp/cvs-serv29237/src/org/tolven/web Modified Files: RegisterAction.java Log Message: Moved KeyLdapLoginModule and KeyLdapCallbackHandler to the web tier to assist in both UserPrivateKey/Public and AccountPrivateKey/PublicKey placement. Index: RegisterAction.java =================================================================== RCS file: /cvsroot/tolven/tolvenWEB/src/org/tolven/web/RegisterAction.java,v retrieving revision 1.32 retrieving revision 1.33 diff -C2 -d -r1.32 -r1.33 *** RegisterAction.java 7 Jan 2007 04:43:49 -0000 1.32 --- RegisterAction.java 10 Jan 2007 08:52:00 -0000 1.33 *************** *** 45,49 **** import org.tolven.gen.CHRGenerator; import org.tolven.security.TolvenPerson; ! import org.tolven.security.auth.KeyLdapCallbackHandler; import org.tolven.security.bean.LDAPLocal; import org.tolven.security.key.UserPrivateKey; --- 45,49 ---- import org.tolven.gen.CHRGenerator; import org.tolven.security.TolvenPerson; ! import org.tolven.web.security.auth.KeyLdapCallbackHandler; import org.tolven.security.bean.LDAPLocal; import org.tolven.security.key.UserPrivateKey; |
|
From: Joseph I. <jos...@us...> - 2007-01-10 08:51:58
|
Update of /cvsroot/tolven/tolvenEJB In directory sc8-pr-cvs10.sourceforge.net:/tmp/cvs-serv29220 Modified Files: build.xml Log Message: Moved KeyLdapLoginModule and KeyLdapCallbackHandler to the web tier to assist in both UserPrivateKey/Public and AccountPrivateKey/PublicKey placement. Index: build.xml =================================================================== RCS file: /cvsroot/tolven/tolvenEJB/build.xml,v retrieving revision 1.12 retrieving revision 1.13 diff -C2 -d -r1.12 -r1.13 *** build.xml 17 Dec 2006 02:54:12 -0000 1.12 --- build.xml 10 Jan 2007 08:51:56 -0000 1.13 *************** *** 28,34 **** <include name="client/*.jar"/> </fileset> - <fileset dir="${deploy.location}"> - <include name="lib/jbosssx.jar"/> - </fileset> <pathelement location="${junit.location}/junit.jar"/> </path> --- 28,31 ---- |
|
From: Joseph I. <jos...@us...> - 2007-01-10 08:51:58
|
Update of /cvsroot/tolven/tolvenEJB/src/org/tolven/security/auth In directory sc8-pr-cvs10.sourceforge.net:/tmp/cvs-serv29220/src/org/tolven/security/auth Removed Files: KeyLdapCallbackHandler.java KeyLdapLoginModule.java Log Message: Moved KeyLdapLoginModule and KeyLdapCallbackHandler to the web tier to assist in both UserPrivateKey/Public and AccountPrivateKey/PublicKey placement. --- KeyLdapCallbackHandler.java DELETED --- --- KeyLdapLoginModule.java DELETED --- |
|
From: Joseph I. <jos...@us...> - 2007-01-10 08:51:54
|
Update of /cvsroot/tolven/tolvenWEB/src/org/tolven/web/security/auth In directory sc8-pr-cvs10.sourceforge.net:/tmp/cvs-serv29204/src/org/tolven/web/security/auth Log Message: Directory /cvsroot/tolven/tolvenWEB/src/org/tolven/web/security/auth added to the repository |
|
From: Joseph I. <jos...@us...> - 2007-01-10 08:51:54
|
Update of /cvsroot/tolven/tolvenWEB/src/org/tolven/web/security In directory sc8-pr-cvs10.sourceforge.net:/tmp/cvs-serv29204/src/org/tolven/web/security Log Message: Directory /cvsroot/tolven/tolvenWEB/src/org/tolven/web/security added to the repository |
|
From: Joseph I. <jos...@us...> - 2007-01-09 07:44:13
|
Update of /cvsroot/tolven/tolvenEJB/src/org/tolven/doc/entity In directory sc8-pr-cvs10.sourceforge.net:/tmp/cvs-serv19005/src/org/tolven/doc/entity Modified Files: DocBase.java Log Message: If document encryption is active and a user attempts to access an encrypted document, send back "THIS DOCUMENT IS ENCRYPTED AND YOU DO NOT HAVE A KEY TO DECRYPT IT". Index: DocBase.java =================================================================== RCS file: /cvsroot/tolven/tolvenEJB/src/org/tolven/doc/entity/DocBase.java,v retrieving revision 1.12 retrieving revision 1.13 diff -C2 -d -r1.12 -r1.13 *** DocBase.java 1 Jan 2007 22:15:59 -0000 1.12 --- DocBase.java 9 Jan 2007 07:44:08 -0000 1.13 *************** *** 221,225 **** } catch (Exception ex) { ex.printStackTrace(); ! throw new RuntimeException(ex.getMessage()); } } --- 221,225 ---- } catch (Exception ex) { ex.printStackTrace(); ! return "THIS DOCUMENT IS ENCRYPTED AND YOU DO NOT HAVE A KEY TO DECRYPT IT".getBytes(); } } |
|
From: Joseph I. <jos...@us...> - 2007-01-08 07:26:39
|
Update of /cvsroot/tolven/tolvenWEB/web/WEB-INF In directory sc8-pr-cvs10.sourceforge.net:/tmp/cvs-serv25451/web/WEB-INF Modified Files: web.xml Log Message: Propagated the all roles auth-constraint in web.xml to the security role of the web.xml. Added roleSets to KeyLdapLoginModule which will need to handle the * role when JACC is switched on later. Index: web.xml =================================================================== RCS file: /cvsroot/tolven/tolvenWEB/web/WEB-INF/web.xml,v retrieving revision 1.12 retrieving revision 1.13 diff -C2 -d -r1.12 -r1.13 *** web.xml 25 Dec 2006 12:52:19 -0000 1.12 --- web.xml 8 Jan 2007 07:26:38 -0000 1.13 *************** *** 188,190 **** --- 188,193 ---- </form-login-config> </login-config> + <security-role> + <role-name>*</role-name> + </security-role> </web-app> |
|
From: Joseph I. <jos...@us...> - 2007-01-08 07:26:37
|
Update of /cvsroot/tolven/tolvenEJB/src/org/tolven/security/auth In directory sc8-pr-cvs10.sourceforge.net:/tmp/cvs-serv25441/src/org/tolven/security/auth Modified Files: KeyLdapLoginModule.java Log Message: Propagated the all roles auth-constraint in web.xml to the security role of the web.xml. Added roleSets to KeyLdapLoginModule which will need to handle the * role when JACC is switched on later. Index: KeyLdapLoginModule.java =================================================================== RCS file: /cvsroot/tolven/tolvenEJB/src/org/tolven/security/auth/KeyLdapLoginModule.java,v retrieving revision 1.10 retrieving revision 1.11 diff -C2 -d -r1.10 -r1.11 *** KeyLdapLoginModule.java 7 Jan 2007 04:23:12 -0000 1.10 --- KeyLdapLoginModule.java 8 Jan 2007 07:26:35 -0000 1.11 *************** *** 15,18 **** --- 15,19 ---- import java.security.Principal; + import java.security.acl.Group; import java.util.Date; import java.util.Iterator; *************** *** 22,25 **** --- 23,28 ---- import javax.security.auth.login.LoginException; + import org.jboss.security.SimpleGroup; + import org.jboss.security.SimplePrincipal; import org.jboss.security.auth.spi.LdapLoginModule; import org.tolven.core.entity.Status; *************** *** 43,46 **** --- 46,62 ---- private transient boolean userModified = false; + //TODO: Currently we treat all roles the same. When we decide to add roles to LDAP, this method can be removed. + protected Group[] getRoleSets() { + Group[] roleSets = null; + if (System.getProperty("tolven.security.keys.activate") == null) { + roleSets = new Group[0]; + } else { + roleSets = new Group[1]; + roleSets[0] = new SimpleGroup("Roles"); + roleSets[0].addMember(new SimplePrincipal("*")); + } + return roleSets; + } + /** * If the LdapLoginModule superclass validates the inputPassword as true, then create a corresponding TolvenUser with status NEW_LOGIN, if necessary. *************** *** 104,108 **** userPrivateKey.unlockPrivateKey(passwordCredential.getPassword()); // Ensure there is only one UserPrivateKey in a Subject by removing any that might be there ! for(Iterator iter = subject.getPrivateCredentials(UserPrivateKey.class).iterator(); iter.hasNext(); ) { iter.remove(); } --- 120,124 ---- userPrivateKey.unlockPrivateKey(passwordCredential.getPassword()); // Ensure there is only one UserPrivateKey in a Subject by removing any that might be there ! for (Iterator iter = subject.getPrivateCredentials(UserPrivateKey.class).iterator(); iter.hasNext();) { iter.remove(); } *************** *** 110,114 **** System.out.println(getClass() + ": Adding getUserPublicKey to Subject " + user.getLdapUID()); // Ensure there is only one UserPublicKey in a Subject by removing any that might be there ! for(Iterator iter = subject.getPublicCredentials(UserPublicKey.class).iterator(); iter.hasNext(); ) { iter.remove(); } --- 126,130 ---- System.out.println(getClass() + ": Adding getUserPublicKey to Subject " + user.getLdapUID()); // Ensure there is only one UserPublicKey in a Subject by removing any that might be there ! for (Iterator iter = subject.getPublicCredentials(UserPublicKey.class).iterator(); iter.hasNext();) { iter.remove(); } |
|
From: Joseph I. <jos...@us...> - 2007-01-08 07:23:07
|
Update of /cvsroot/tolven/tolven/conf In directory sc8-pr-cvs10.sourceforge.net:/tmp/cvs-serv23800/conf Modified Files: application.xml Log Message: Removed unused security roles Index: application.xml =================================================================== RCS file: /cvsroot/tolven/tolven/conf/application.xml,v retrieving revision 1.2 retrieving revision 1.3 diff -C2 -d -r1.2 -r1.3 *** application.xml 24 Jun 2006 04:50:38 -0000 1.2 --- application.xml 8 Jan 2007 07:23:03 -0000 1.3 *************** *** 11,22 **** <ejb>tolvenEJB.jar</ejb> </module> - <security-role> - <role-name>ANYONE</role-name> - </security-role> - <security-role> - <role-name>gen</role-name> - </security-role> - <security-role> - <role-name>provider</role-name> - </security-role> </application> --- 11,13 ---- |
|
From: Joseph I. <jos...@us...> - 2007-01-07 04:43:55
|
Update of /cvsroot/tolven/tolvenWEB/src/org/tolven/web In directory sc8-pr-cvs10.sourceforge.net:/tmp/cvs-serv1859/src/org/tolven/web Modified Files: RegisterAction.java Log Message: When the code for security keys is activated, force the user to login again if they change their password, because the change results in new keys, and keys are always delivered to the Subject at the time of login. Index: RegisterAction.java =================================================================== RCS file: /cvsroot/tolven/tolvenWEB/src/org/tolven/web/RegisterAction.java,v retrieving revision 1.31 retrieving revision 1.32 diff -C2 -d -r1.31 -r1.32 *** RegisterAction.java 7 Jan 2007 04:24:06 -0000 1.31 --- RegisterAction.java 7 Jan 2007 04:43:49 -0000 1.32 *************** *** 27,30 **** --- 27,31 ---- import javax.security.auth.login.LoginContext; import javax.security.auth.login.LoginException; + import javax.servlet.http.HttpSession; import org.apache.commons.fileupload.FileItem; *************** *** 382,385 **** --- 383,387 ---- // Send it to LDAP ldap.updatePerson( getTp() ); + boolean forceLogin = false; if (System.getProperty("tolven.security.keys.activate") != null) { if (getOldUserPassword() != null && getOldUserPassword().trim().length() > 0) { *************** *** 387,390 **** --- 389,394 ---- userPrivateKey.initNewPassword(getUser().getUserPrivateKey(), getOldUserPassword().toCharArray(), getTp().getUserPassword().toCharArray()); getUser().setUserPrivateKey(userPrivateKey); + // force user login in order to update the Subject with the new UserPrivateKey + forceLogin = true; } } *************** *** 400,403 **** --- 404,411 ---- System.out.println( "Uploaded file: " + likenessFile ); } + if(forceLogin) { + HttpSession session = (HttpSession)FacesContext.getCurrentInstance().getExternalContext().getSession(false); + session.invalidate(); + } return "success"; } |
|
From: Joseph I. <jos...@us...> - 2007-01-07 04:24:10
|
Update of /cvsroot/tolven/tolvenWEB/src/org/tolven/web In directory sc8-pr-cvs10.sourceforge.net:/tmp/cvs-serv27581/src/org/tolven/web Modified Files: RegisterAction.java Log Message: When keys are activated, the LDAP user password is kept in synch with the UserPrivateKey Index: RegisterAction.java =================================================================== RCS file: /cvsroot/tolven/tolvenWEB/src/org/tolven/web/RegisterAction.java,v retrieving revision 1.30 retrieving revision 1.31 diff -C2 -d -r1.30 -r1.31 *** RegisterAction.java 4 Jan 2007 09:52:44 -0000 1.30 --- RegisterAction.java 7 Jan 2007 04:24:06 -0000 1.31 *************** *** 358,362 **** { if (getOldUserPassword() == null || getOldUserPassword().trim().length() == 0) { - setOldUserPassword(null); FacesContext.getCurrentInstance().addMessage("register:oldUserPassword", new FacesMessage("Old password must be supplied")); return "error"; --- 358,361 ---- *************** *** 383,386 **** --- 382,392 ---- // Send it to LDAP ldap.updatePerson( getTp() ); + if (System.getProperty("tolven.security.keys.activate") != null) { + if (getOldUserPassword() != null && getOldUserPassword().trim().length() > 0) { + UserPrivateKey userPrivateKey = UserPrivateKey.getInstance(); + userPrivateKey.initNewPassword(getUser().getUserPrivateKey(), getOldUserPassword().toCharArray(), getTp().getUserPassword().toCharArray()); + getUser().setUserPrivateKey(userPrivateKey); + } + } // And update the user object now, too if (user!=null) activation.updateUser( user ); |
|
From: Joseph I. <jos...@us...> - 2007-01-07 04:23:14
|
Update of /cvsroot/tolven/tolvenEJB/src/org/tolven/security/auth In directory sc8-pr-cvs10.sourceforge.net:/tmp/cvs-serv27277/src/org/tolven/security/auth Modified Files: KeyLdapLoginModule.java Log Message: Added/changed error comments for clarity Index: KeyLdapLoginModule.java =================================================================== RCS file: /cvsroot/tolven/tolvenEJB/src/org/tolven/security/auth/KeyLdapLoginModule.java,v retrieving revision 1.9 retrieving revision 1.10 diff -C2 -d -r1.9 -r1.10 *** KeyLdapLoginModule.java 7 Jan 2007 02:04:05 -0000 1.9 --- KeyLdapLoginModule.java 7 Jan 2007 04:23:12 -0000 1.10 *************** *** 78,82 **** userModified = true; } ! System.out.println(getClass() + ": login " + callerPrincipalUserName + "=" + validated); } catch (Exception ex) { ex.printStackTrace(); --- 78,82 ---- userModified = true; } ! System.out.println(getClass() + ": validate " + callerPrincipalUserName + "=" + validated); } catch (Exception ex) { ex.printStackTrace(); *************** *** 120,123 **** --- 120,124 ---- System.out.println(getClass() + ": completing login for " + user.getLdapUID()); } catch (Exception ex) { + System.out.println(getClass() + ": could not complete login for " + user.getLdapUID() + " CAUSE: " + ex.getMessage()); ex.printStackTrace(); throw new LoginException(ex.getMessage()); |
|
From: Joseph I. <jos...@us...> - 2007-01-07 02:04:07
|
Update of /cvsroot/tolven/tolvenEJB/src/org/tolven/security/auth In directory sc8-pr-cvs10.sourceforge.net:/tmp/cvs-serv5945/src/org/tolven/security/auth Modified Files: KeyLdapLoginModule.java Log Message: Ensure that there is only one UserPrivateKey and one UserPublicKey in a Subject at any given time. Index: KeyLdapLoginModule.java =================================================================== RCS file: /cvsroot/tolven/tolvenEJB/src/org/tolven/security/auth/KeyLdapLoginModule.java,v retrieving revision 1.8 retrieving revision 1.9 diff -C2 -d -r1.8 -r1.9 *** KeyLdapLoginModule.java 3 Jan 2007 07:24:09 -0000 1.8 --- KeyLdapLoginModule.java 7 Jan 2007 02:04:05 -0000 1.9 *************** *** 16,19 **** --- 16,21 ---- import java.security.Principal; import java.util.Date; + import java.util.Iterator; + import javax.naming.InitialContext; import javax.resource.spi.security.PasswordCredential; *************** *** 24,27 **** --- 26,30 ---- import org.tolven.core.entity.TolvenUser; import org.tolven.security.key.UserPrivateKey; + import org.tolven.security.key.UserPublicKey; import org.tolven.security.LoginLocal; *************** *** 100,105 **** --- 103,116 ---- System.out.println(getClass() + ": Adding UserPrivateKey to Subject " + user.getLdapUID()); userPrivateKey.unlockPrivateKey(passwordCredential.getPassword()); + // Ensure there is only one UserPrivateKey in a Subject by removing any that might be there + for(Iterator iter = subject.getPrivateCredentials(UserPrivateKey.class).iterator(); iter.hasNext(); ) { + iter.remove(); + } subject.getPrivateCredentials().add(userPrivateKey); System.out.println(getClass() + ": Adding getUserPublicKey to Subject " + user.getLdapUID()); + // Ensure there is only one UserPublicKey in a Subject by removing any that might be there + for(Iterator iter = subject.getPublicCredentials(UserPublicKey.class).iterator(); iter.hasNext(); ) { + iter.remove(); + } subject.getPublicCredentials().add(user.getUserPublicKey()); if (userModified) { |
|
From: Joseph I. <jos...@us...> - 2007-01-05 07:53:53
|
Update of /cvsroot/tolven/tolvenWEB/web/templates In directory sc8-pr-cvs10.sourceforge.net:/tmp/cvs-serv24310/web/templates Modified Files: portalTemplate.xhtml Log Message: Show User Preferences even when user is not in an Account. Index: portalTemplate.xhtml =================================================================== RCS file: /cvsroot/tolven/tolvenWEB/web/templates/portalTemplate.xhtml,v retrieving revision 1.14 retrieving revision 1.15 diff -C2 -d -r1.14 -r1.15 *** portalTemplate.xhtml 29 Nov 2006 01:35:33 -0000 1.14 --- portalTemplate.xhtml 5 Jan 2007 07:53:49 -0000 1.15 *************** *** 66,71 **** <li><a target="_blank" href="http://www.tolven.org/index.html">Tolven Home</a></li> <li><a href="#">Help</a></li> <h:panelGroup rendered="#{top.accountUserId!=0}"> - <li><a href="userDemog.jsf">Preferences</a></li> <li><a href="customize.jsf?accountUserId=#{top.accountUserId}">Customize</a></li> </h:panelGroup> --- 66,71 ---- <li><a target="_blank" href="http://www.tolven.org/index.html">Tolven Home</a></li> <li><a href="#">Help</a></li> + <li><a href="userDemog.jsf">Preferences</a></li> <h:panelGroup rendered="#{top.accountUserId!=0}"> <li><a href="customize.jsf?accountUserId=#{top.accountUserId}">Customize</a></li> </h:panelGroup> |
|
From: Joseph I. <jos...@us...> - 2007-01-05 07:53:50
|
Update of /cvsroot/tolven/tolvenWEB/web/private In directory sc8-pr-cvs10.sourceforge.net:/tmp/cvs-serv24310/web/private Modified Files: userDemog.xhtml Log Message: Show User Preferences even when user is not in an Account. Index: userDemog.xhtml =================================================================== RCS file: /cvsroot/tolven/tolvenWEB/web/private/userDemog.xhtml,v retrieving revision 1.8 retrieving revision 1.9 diff -C2 -d -r1.8 -r1.9 *** userDemog.xhtml 3 Jan 2007 09:28:08 -0000 1.8 --- userDemog.xhtml 5 Jan 2007 07:53:48 -0000 1.9 *************** *** 82,86 **** </h:panelGroup> </h:form> ! <h3>You are logged into account #{reg.account.id} #{reg.account.title}</h3> <h3>All accounts you are a member of</h3> <h:dataTable value="#{reg.userAccounts}" var="au"> --- 82,88 ---- </h:panelGroup> </h:form> ! <h:panelGroup rendered="#{top.accountUserId!=0}"> ! <h3>You are logged into account #{reg.account.id} #{reg.account.title}</h3> ! </h:panelGroup> <h3>All accounts you are a member of</h3> <h:dataTable value="#{reg.userAccounts}" var="au"> |
|
From: Joseph I. <jos...@us...> - 2007-01-04 09:52:46
|
Update of /cvsroot/tolven/tolvenWEB/src/org/tolven/web In directory sc8-pr-cvs10.sourceforge.net:/tmp/cvs-serv20297/src/org/tolven/web Modified Files: RegisterAction.java Log Message: Fixed a path bug, and added logic to check for empty strings, since the password fields never appeared to be null. Index: RegisterAction.java =================================================================== RCS file: /cvsroot/tolven/tolvenWEB/src/org/tolven/web/RegisterAction.java,v retrieving revision 1.29 retrieving revision 1.30 diff -C2 -d -r1.29 -r1.30 *** RegisterAction.java 3 Jan 2007 09:28:08 -0000 1.29 --- RegisterAction.java 4 Jan 2007 09:52:44 -0000 1.30 *************** *** 355,365 **** public String updatePrefs( ) throws Exception { boolean error = false; ! if (getRepeatUserPassword()!=null || getTp().getUserPassword()!=null) { if (getOldUserPassword() == null || getOldUserPassword().trim().length() == 0) { setOldUserPassword(null); FacesContext.getCurrentInstance().addMessage("register:oldUserPassword", new FacesMessage("Old password must be supplied")); ! error = true; ! } else if (getRepeatUserPassword()==null || getTp().getUserPassword()==null || !getRepeatUserPassword().equals(getTp().getUserPassword())) { FacesContext.getCurrentInstance().addMessage( "register:userPassword2", new FacesMessage("Both passwords must match")); --- 355,376 ---- public String updatePrefs( ) throws Exception { boolean error = false; ! if ((getRepeatUserPassword() != null && getRepeatUserPassword().trim().length() > 0) || (getTp().getUserPassword() != null && getTp().getUserPassword().length() > 0)) { if (getOldUserPassword() == null || getOldUserPassword().trim().length() == 0) { setOldUserPassword(null); FacesContext.getCurrentInstance().addMessage("register:oldUserPassword", new FacesMessage("Old password must be supplied")); ! return "error"; ! } ! // Check the old password ! try { ! LoginContext loginContext = new LoginContext("tolvenLDAP", new KeyLdapCallbackHandler(getTp().getUid(), getOldUserPassword().toCharArray())); ! loginContext.login(); ! loginContext.logout(); ! } catch (LoginException ex) { ! // Login failed ! FacesContext.getCurrentInstance().addMessage("register:oldUserPassword", new FacesMessage("Incorrect password")); ! return "error"; ! } ! if (getRepeatUserPassword()== null || getRepeatUserPassword().trim().length() == 0 || getTp().getUserPassword()== null || getTp().getUserPassword().trim().length() == 0 || !getRepeatUserPassword().equals(getTp().getUserPassword())) { FacesContext.getCurrentInstance().addMessage( "register:userPassword2", new FacesMessage("Both passwords must match")); *************** *** 368,381 **** } if (error) return "error"; - // Check the old password - try { - LoginContext loginContext = new LoginContext("tolvenLDAP", new KeyLdapCallbackHandler(getTp().getUid(), getOldUserPassword().toCharArray())); - loginContext.login(); - loginContext.logout(); - } catch (LoginException ex) { - // Login failed - FacesContext.getCurrentInstance().addMessage("register:oldUserPassword", new FacesMessage("Incorrect password")); - return "error"; - } // Recalculate new CN getTp().setCn( getTp().getGivenName() + " " + getTp().getSn()); --- 379,382 ---- |
|
From: John C. <jc...@us...> - 2007-01-03 16:50:35
|
Update of /cvsroot/tolven/tolvenWEB/web/WEB-INF In directory sc8-pr-cvs10.sourceforge.net:/tmp/cvs-serv16830/web/WEB-INF Modified Files: faces-config.xml Log Message: Add error case to userDemog.xhtml form Index: faces-config.xml =================================================================== RCS file: /cvsroot/tolven/tolvenWEB/web/WEB-INF/faces-config.xml,v retrieving revision 1.29 retrieving revision 1.30 diff -C2 -d -r1.29 -r1.30 *** faces-config.xml 4 Dec 2006 09:01:10 -0000 1.29 --- faces-config.xml 3 Jan 2007 16:50:32 -0000 1.30 *************** *** 227,230 **** --- 227,234 ---- </navigation-case> <navigation-case> + <from-outcome>error</from-outcome> + <to-view-id>/private/userDemog.xhtml</to-view-id> + </navigation-case> + <navigation-case> <from-outcome>cancel</from-outcome> <to-view-id>/private/dispatch.xhtml</to-view-id> |
|
From: Joseph I. <jos...@us...> - 2007-01-03 09:28:13
|
Update of /cvsroot/tolven/tolvenEJB/src/org/tolven/doc/bean In directory sc8-pr-cvs10.sourceforge.net:/tmp/cvs-serv22211/src/org/tolven/doc/bean Modified Files: DocumentBean.java Log Message: Added Old Password to userDemog. The LDAP password is now verified by the KeyLdapLoginModule (using the KeyLdapCallbackHandler). Index: DocumentBean.java =================================================================== RCS file: /cvsroot/tolven/tolvenEJB/src/org/tolven/doc/bean/DocumentBean.java,v retrieving revision 1.13 retrieving revision 1.14 diff -C2 -d -r1.13 -r1.14 *** DocumentBean.java 25 Dec 2006 12:52:14 -0000 1.13 --- DocumentBean.java 3 Jan 2007 09:28:12 -0000 1.14 *************** *** 33,37 **** import javax.xml.transform.stream.StreamSource; - import org.jboss.annotation.security.SecurityDomain; import org.tolven.admin.AdministrativeDetail; import org.tolven.admin.Details; --- 33,36 ---- *************** *** 56,61 **** */ @Stateless() ! @Local(DocumentLocal.class) ! //@SecurityDomain("tolvenLDAP") public class DocumentBean implements DocumentLocal { --- 55,59 ---- */ @Stateless() ! @Local(DocumentLocal.class) public class DocumentBean implements DocumentLocal { |
|
From: Joseph I. <jos...@us...> - 2007-01-03 09:28:13
|
Update of /cvsroot/tolven/tolvenEJB/src/org/tolven/security/auth In directory sc8-pr-cvs10.sourceforge.net:/tmp/cvs-serv22211/src/org/tolven/security/auth Added Files: KeyLdapCallbackHandler.java Log Message: Added Old Password to userDemog. The LDAP password is now verified by the KeyLdapLoginModule (using the KeyLdapCallbackHandler). --- NEW FILE: KeyLdapCallbackHandler.java --- package org.tolven.security.auth; import java.io.IOException; import javax.security.auth.callback.Callback; import javax.security.auth.callback.CallbackHandler; import javax.security.auth.callback.NameCallback; import javax.security.auth.callback.PasswordCallback; import javax.security.auth.callback.UnsupportedCallbackException; /** * This class, in conjuction with KeyLdapLoginModule, provides a way to verify a user's LDAP identity. * * @author Joseph Isaac * */ public class KeyLdapCallbackHandler implements CallbackHandler { private String username; private char[] password; public KeyLdapCallbackHandler(String username, char[] password) { this.username = username; this.password = password; } public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException { for (int i = 0; i < callbacks.length; i++) { if (callbacks[i] instanceof NameCallback) { NameCallback nc = (NameCallback) callbacks[i]; nc.setName(username); } else if (callbacks[i] instanceof PasswordCallback) { PasswordCallback pc = (PasswordCallback) callbacks[i]; pc.setPassword(password); } else { throw new UnsupportedCallbackException(callbacks[i], "Unsupported Callback"); } } } } |
|
From: Joseph I. <jos...@us...> - 2007-01-03 09:28:10
|
Update of /cvsroot/tolven/tolvenWEB/web/private In directory sc8-pr-cvs10.sourceforge.net:/tmp/cvs-serv22175/web/private Modified Files: userDemog.xhtml Log Message: Added Old Password to userDemog. The LDAP password is now verified by the KeyLdapLoginModule (using the KeyLdapCallbackHandler). Index: userDemog.xhtml =================================================================== RCS file: /cvsroot/tolven/tolvenWEB/web/private/userDemog.xhtml,v retrieving revision 1.7 retrieving revision 1.8 diff -C2 -d -r1.7 -r1.8 *** userDemog.xhtml 6 Nov 2006 07:41:30 -0000 1.7 --- userDemog.xhtml 3 Jan 2007 09:28:08 -0000 1.8 *************** *** 35,38 **** --- 35,43 ---- <h:message for="sn" errorClass="errorMsg" infoClass="infoMsg" warnClass="warnMsg" fatalClass="fatalMsg"/> </h:panelGroup> + <h:outputText value="Old Password"/> + <h:panelGroup> + <h:inputSecret id="oldUserPassword" value="#{reg.oldUserPassword}" size="50"/> + <h:message for="oldUserPassword" errorClass="errorMsg" infoClass="infoMsg" warnClass="warnMsg" fatalClass="fatalMsg"/> + </h:panelGroup> <h:outputText value="New Password"/> <h:panelGroup> |
|
From: Joseph I. <jos...@us...> - 2007-01-03 09:28:10
|
Update of /cvsroot/tolven/tolvenWEB/src/org/tolven/web In directory sc8-pr-cvs10.sourceforge.net:/tmp/cvs-serv22175/src/org/tolven/web Modified Files: RegisterAction.java Log Message: Added Old Password to userDemog. The LDAP password is now verified by the KeyLdapLoginModule (using the KeyLdapCallbackHandler). Index: RegisterAction.java =================================================================== RCS file: /cvsroot/tolven/tolvenWEB/src/org/tolven/web/RegisterAction.java,v retrieving revision 1.28 retrieving revision 1.29 diff -C2 -d -r1.28 -r1.29 *** RegisterAction.java 3 Jan 2007 07:24:05 -0000 1.28 --- RegisterAction.java 3 Jan 2007 09:28:08 -0000 1.29 *************** *** 25,28 **** --- 25,30 ---- import javax.naming.NamingException; import javax.persistence.NoResultException; + import javax.security.auth.login.LoginContext; + import javax.security.auth.login.LoginException; import org.apache.commons.fileupload.FileItem; *************** *** 42,45 **** --- 44,48 ---- import org.tolven.gen.CHRGenerator; import org.tolven.security.TolvenPerson; + import org.tolven.security.auth.KeyLdapCallbackHandler; import org.tolven.security.bean.LDAPLocal; import org.tolven.security.key.UserPrivateKey; *************** *** 72,75 **** --- 75,79 ---- private String repeatUid; private String repeatUserPassword; + private String oldUserPassword; private String testResult; *************** *** 146,150 **** System.out.println( "Created account: " + account.getId() + ", acct type " + account.getAccountType().getKnownType()); // Note, the user automatically gets account permission because they are the only user on that new account. ! accountBean.addAccountUser(account, getTop().getUser(), getNow(), true); accountUsers = null; menu.createDefaultMenuStructure( account ); --- 150,154 ---- System.out.println( "Created account: " + account.getId() + ", acct type " + account.getAccountType().getKnownType()); // Note, the user automatically gets account permission because they are the only user on that new account. ! accountBean.addAccountUser( account, getTop().getUser(), getNow(), true); accountUsers = null; menu.createDefaultMenuStructure( account ); *************** *** 353,357 **** if (getRepeatUserPassword()!=null || getTp().getUserPassword()!=null) { ! if (getRepeatUserPassword()==null || getTp().getUserPassword()==null || !getRepeatUserPassword().equals(getTp().getUserPassword())) { FacesContext.getCurrentInstance().addMessage( "register:userPassword2", new FacesMessage("Both passwords must match")); --- 357,365 ---- if (getRepeatUserPassword()!=null || getTp().getUserPassword()!=null) { ! if (getOldUserPassword() == null || getOldUserPassword().trim().length() == 0) { ! setOldUserPassword(null); ! FacesContext.getCurrentInstance().addMessage("register:oldUserPassword", new FacesMessage("Old password must be supplied")); ! error = true; ! } else if (getRepeatUserPassword()==null || getTp().getUserPassword()==null || !getRepeatUserPassword().equals(getTp().getUserPassword())) { FacesContext.getCurrentInstance().addMessage( "register:userPassword2", new FacesMessage("Both passwords must match")); *************** *** 360,363 **** --- 368,381 ---- } if (error) return "error"; + // Check the old password + try { + LoginContext loginContext = new LoginContext("tolvenLDAP", new KeyLdapCallbackHandler(getTp().getUid(), getOldUserPassword().toCharArray())); + loginContext.login(); + loginContext.logout(); + } catch (LoginException ex) { + // Login failed + FacesContext.getCurrentInstance().addMessage("register:oldUserPassword", new FacesMessage("Incorrect password")); + return "error"; + } // Recalculate new CN getTp().setCn( getTp().getGivenName() + " " + getTp().getSn()); *************** *** 451,454 **** --- 469,480 ---- } + public String getOldUserPassword() { + return oldUserPassword; + } + + public void setOldUserPassword(String oldUserPassword) { + this.oldUserPassword = oldUserPassword; + } + public String getRepeatUserPassword() { return repeatUserPassword; |
|
From: Joseph I. <jos...@us...> - 2007-01-03 07:24:11
|
Update of /cvsroot/tolven/tolvenEJB/src/org/tolven/core/bean In directory sc8-pr-cvs10.sourceforge.net:/tmp/cvs-serv3988/src/org/tolven/core/bean Modified Files: AccountDAOBean.java Log Message: UserPrivateKey is now passed directly to AccountDAOBean to circumvent problems with the @SecurityDomain beign added there. A number of different types of login come through AccountDAOBean, and until the bean is refactored, it is best to avoid using the annotation there (and that removes access to the Subject for some mysterious JBoss reason). Index: AccountDAOBean.java =================================================================== RCS file: /cvsroot/tolven/tolvenEJB/src/org/tolven/core/bean/AccountDAOBean.java,v retrieving revision 1.20 retrieving revision 1.21 diff -C2 -d -r1.20 -r1.21 *** AccountDAOBean.java 1 Jan 2007 11:19:31 -0000 1.20 --- AccountDAOBean.java 3 Jan 2007 07:24:09 -0000 1.21 *************** *** 18,22 **** import java.util.Date; import java.util.List; - import java.util.Set; import javax.annotation.Resource; --- 18,21 ---- *************** *** 25,31 **** import javax.persistence.PersistenceContext; import javax.persistence.Query; ! import javax.security.auth.Subject; ! import javax.security.jacc.PolicyContext; ! import org.jboss.annotation.security.SecurityDomain; import org.tolven.core.AccountDAOLocal; import org.tolven.core.SponsoredUser; --- 24,28 ---- import javax.persistence.PersistenceContext; import javax.persistence.Query; ! import org.tolven.core.AccountDAOLocal; import org.tolven.core.SponsoredUser; *************** *** 39,43 **** import org.tolven.security.key.AccountPrivateKey; import org.tolven.security.key.UserPrivateKey; - import org.tolven.security.key.UserPublicKey; --- 36,39 ---- *************** *** 49,53 **** @Stateless() @Local(AccountDAOLocal.class) - //@SecurityDomain("tolvenLDAP") public class AccountDAOBean implements org.tolven.core.AccountDAOLocal { @PersistenceContext --- 45,48 ---- *************** *** 154,162 **** * @param inviterAccountUser The AccountUser of the inviter * @param invitedUser the existing (although possibly very recent) TolvenUser object * @param now Transactional "now" time * @param accountPermission boolean indicating if this user has account administration permission */ ! public AccountUser inviteAccountUser(Account account, AccountUser inviterAccountUser, TolvenUser invitedUser, Date now, boolean accountPermission) { ! if (System.getProperty("tolven.security.keys.activate") != null) { try { if (invitedUser.getPublicKey() == null) { --- 149,160 ---- * @param inviterAccountUser The AccountUser of the inviter * @param invitedUser the existing (although possibly very recent) TolvenUser object + * @param anInviterUserPrivateKey the UserPrivateKey of the inviter of the Account * @param now Transactional "now" time * @param accountPermission boolean indicating if this user has account administration permission */ ! public AccountUser inviteAccountUser(Account account, AccountUser inviterAccountUser, TolvenUser invitedUser, UserPrivateKey anInviterUserPrivateKey, Date now, boolean accountPermission) { ! if (System.getProperty("tolven.security.keys.activate") == null) { ! return addAccountUser(account, invitedUser, now, accountPermission); ! } else { try { if (invitedUser.getPublicKey() == null) { *************** *** 165,175 **** // TODO: The correct location of the creation of an Invitation is still to be determined. It is created // here, for demo purposes, but is not persisted - Subject subject = (Subject) PolicyContext.getContext("javax.security.auth.Subject.container"); - if (subject == null) - throw new IllegalStateException("No Subject found in PolicyContext for " + ejbContext.getCallerPrincipal()); - Set privateCredentials = subject.getPrivateCredentials(UserPrivateKey.class); - if (privateCredentials.isEmpty()) - throw new RuntimeException(": No UserPrivateKey found for " + ejbContext.getCallerPrincipal()); - UserPrivateKey inviterPrivateKey = (UserPrivateKey)privateCredentials.iterator().next(); AccountPrivateKey inviterAccountPrivateKey = inviterAccountUser.getAccountPrivateKey(); if (inviterAccountPrivateKey == null) --- 163,166 ---- *************** *** 177,181 **** Invitation invitation = null; AccountPrivateKey invitedAccountPrivateKey = AccountPrivateKey.getInstance(); ! invitedAccountPrivateKey.init(inviterAccountPrivateKey, inviterPrivateKey, invitedUser.getPublicKey()); invitation = new Invitation(); invitation.setStatus(Status.INACTIVE.value()); --- 168,172 ---- Invitation invitation = null; AccountPrivateKey invitedAccountPrivateKey = AccountPrivateKey.getInstance(); ! invitedAccountPrivateKey.init(inviterAccountPrivateKey, anInviterUserPrivateKey, invitedUser.getPublicKey()); invitation = new Invitation(); invitation.setStatus(Status.INACTIVE.value()); *************** *** 186,191 **** throw new RuntimeException(getClass() + ": Problem with inviteAccountUser for " + ejbContext.getCallerPrincipal() + " CAUSE: " + ex.getMessage()); } - } else { - return addAccountUser(account, invitedUser, null, now, accountPermission); } } --- 177,180 ---- *************** *** 217,250 **** // experimental, then developers are free to play by setting System // property tolven.security.keys.activate ! if (System.getProperty("tolven.security.keys.activate") != null) { ! setupAccountKeys(account, au, invitation); ! } em.persist( au ); return au; } ! private void setupAccountKeys(Account account, AccountUser accountUser, Invitation invitation) { ! // TODO: At this point the AccountUser cannot have a PrivateKey ! if (accountUser.hasAccountPrivateKey()) ! return; try { if (account.hasPublicKey()) { ! // No invitation, no keys ! if (invitation != null) ! accountUser.setAccountPrivateKey(invitation.getAccountPrivateKey()); ! } else { ! Subject subject = (Subject) PolicyContext.getContext("javax.security.auth.Subject.container"); ! if (subject == null) ! throw new IllegalStateException("No Subject found in PolicyContext for " + ejbContext.getCallerPrincipal()); ! Set publicCredentials = subject.getPublicCredentials(UserPublicKey.class); ! if (publicCredentials.isEmpty()) { ! throw new IllegalStateException("No UserPublicKey found for Subject " + ejbContext.getCallerPrincipal()); } else { ! UserPublicKey userPublicKey = (UserPublicKey) publicCredentials.iterator().next(); ! AccountPrivateKey accountPrivateKey = AccountPrivateKey.getInstance(); ! PublicKey accountPublicKey = accountPrivateKey.init(userPublicKey.getPublicKey()); ! account.setPublicKey(accountPublicKey); ! accountUser.setAccountPrivateKey(accountPrivateKey); } } } catch (Exception ex) { --- 206,242 ---- // experimental, then developers are free to play by setting System // property tolven.security.keys.activate ! if (System.getProperty("tolven.security.keys.activate") != null) ! setupAccountKeys(account, au, invitation, user); em.persist( au ); return au; } ! /** ! * If the account already has a PublicKey, then retrieve the AccountPrivateKey from the Invitation and pass it to the AccountUser. ! * If the account does not yet have a PublicKey, then create a key pair now...place the AccountPublicKey in the Account and protect. ! * the AccountPrivateKey with aUserPublicKey, and place it in the AccountUser. ! * @param account ! * @param accountUser should not yet have an AccountPrivateKey. ! * @param invitation contains an AccountPrivateKey, from the invitee, if this Account is not new. ! * @param user being invited to the Account (may be a self-invitation for a new Account) ! */ ! private void setupAccountKeys(Account account, AccountUser accountUser, Invitation invitation, TolvenUser user) { try { + // TODO: At this point the AccountUser cannot have a PrivateKey + if (accountUser.hasAccountPrivateKey()) + return; if (account.hasPublicKey()) { ! if (invitation == null) { ! throw new RuntimeException("An invitation is required to obtain an AccountPrivateKey"); } else { ! accountUser.setAccountPrivateKey(invitation.getAccountPrivateKey()); } + } else { + if (user.getUserPublicKey() == null) + throw new RuntimeException("A UserPublicKey is required to protect an AccountPrivateKey"); + AccountPrivateKey accountPrivateKey = AccountPrivateKey.getInstance(); + PublicKey accountPublicKey = accountPrivateKey.init(user.getUserPublicKey().getPublicKey()); + account.setPublicKey(accountPublicKey); + accountUser.setAccountPrivateKey(accountPrivateKey); } } catch (Exception ex) { |
|
From: Joseph I. <jos...@us...> - 2007-01-03 07:24:11
|
Update of /cvsroot/tolven/tolvenEJB/src/org/tolven/security/auth In directory sc8-pr-cvs10.sourceforge.net:/tmp/cvs-serv3988/src/org/tolven/security/auth Modified Files: KeyLdapLoginModule.java Log Message: UserPrivateKey is now passed directly to AccountDAOBean to circumvent problems with the @SecurityDomain beign added there. A number of different types of login come through AccountDAOBean, and until the bean is refactored, it is best to avoid using the annotation there (and that removes access to the Subject for some mysterious JBoss reason). Index: KeyLdapLoginModule.java =================================================================== RCS file: /cvsroot/tolven/tolvenEJB/src/org/tolven/security/auth/KeyLdapLoginModule.java,v retrieving revision 1.7 retrieving revision 1.8 diff -C2 -d -r1.7 -r1.8 *** KeyLdapLoginModule.java 1 Jan 2007 10:15:35 -0000 1.7 --- KeyLdapLoginModule.java 3 Jan 2007 07:24:09 -0000 1.8 *************** *** 18,24 **** import javax.naming.InitialContext; import javax.resource.spi.security.PasswordCredential; - import javax.security.auth.Subject; import javax.security.auth.login.LoginException; - import javax.security.jacc.PolicyContext; import org.jboss.security.auth.spi.LdapLoginModule; --- 18,22 ---- *************** *** 51,78 **** System.out.println(getClass() + ": validatePassword"); boolean validated = super.validatePassword(inputPassword, expectedPassword); ! if (System.getProperty("tolven.security.keys.activate") != null) { ! Principal callerPrincipal = getIdentity(); ! String callerPrincipalUserName = null; ! if (callerPrincipal != null) ! callerPrincipalUserName = callerPrincipal.getName(); try { ! if (validated) { ! //TODO: Must be a real LDAP validated user logging in ! validated = validateLDAPUser(callerPrincipalUserName, inputPassword); ! System.out.println(getClass() + ": login " + callerPrincipalUserName + "=" + validated); ! } else { ! Subject callerSubject = (Subject) PolicyContext.getContext("javax.security.auth.Subject.container"); ! if (callerSubject == null) { ! //TODO: No Subject and it's not a tolvenLDAP user logging in, for now assume a register request until roles implemented ! validated = true; ! System.out.println(getClass() + ": login null Subject=" + validated); ! } else { ! //TODO: Could be one of our MDBs logging in...check the role ! validated = validateMDB(); ! System.out.println(getClass() + ": login MDB=" + validated); ! } ! //TODO: Could be one of our MDBs logging in...check the role ! System.out.println(getClass() + ": MDB validated=" + validated); } } catch (Exception ex) { ex.printStackTrace(); --- 49,79 ---- System.out.println(getClass() + ": validatePassword"); boolean validated = super.validatePassword(inputPassword, expectedPassword); ! if (validated && System.getProperty("tolven.security.keys.activate") != null) { ! //TODO: Must be a real LDAP validated user logging in try { ! Principal callerPrincipal = getIdentity(); ! if (callerPrincipal == null) { ! //TODO: Should not be null but just in case ! System.out.println(getClass() + ": Principal is null, login validated false"); ! return false; } + String callerPrincipalUserName = callerPrincipal.getName(); + char[] password = null; + if (inputPassword != null) + password = inputPassword.toCharArray(); + passwordCredential = new PasswordCredential(callerPrincipalUserName, password); + InitialContext ictx = new InitialContext(); + loginLocal = (LoginLocal) ictx.lookup("tolven/LoginBean/local"); + user = loginLocal.findUser(callerPrincipalUserName); + if (user == null) { + // Password has validated at this point, so must be a real LDAPUser with no TolvenUser yet (but a registerd user) + user = new TolvenUser(); + user.setLdapUID(callerPrincipalUserName); + user.setStatus(Status.NEW_LOGIN.value()); + user.setLastLogin(null); // Last login is null, never logged in before this + user.setCreation(new Date()); + userModified = true; + } + System.out.println(getClass() + ": login " + callerPrincipalUserName + "=" + validated); } catch (Exception ex) { ex.printStackTrace(); *************** *** 83,140 **** } - private boolean validateLDAPUser(String callerPrincipalUserName, String inputPassword) { - try { - char[] password = null; - if (inputPassword != null) - password = inputPassword.toCharArray(); - passwordCredential = new PasswordCredential(callerPrincipalUserName, password); - InitialContext ictx = new InitialContext(); - loginLocal = (LoginLocal) ictx.lookup("tolven/LoginBean/local"); - user = loginLocal.findUser(callerPrincipalUserName); - if (user == null) { - // Password has validated at this point, so must be a real LDAPUser with no TolvenUser yet (sregisterd user) - user = new TolvenUser(); - user.setLdapUID(callerPrincipalUserName); - user.setStatus(Status.NEW_LOGIN.value()); - user.setLastLogin(null); // Last login is null, never logged in before this - //TODO: Where should I get the current time from (Calendar is not used much in this application)? - user.setCreation(new Date()); - userModified = true; - } - return true; - } catch (Exception ex) { - ex.printStackTrace(); - return false; - } - } - - private boolean validateMDB() { - try { - Subject callerSubject = (Subject) PolicyContext.getContext("javax.security.auth.Subject.container"); - if (callerSubject == null) { - System.out.println(getClass() + ": MDB Subject is null"); - } else { - Object obj = null; - for (java.util.Iterator iter = callerSubject.getPrincipals().iterator(); iter.hasNext();) { - obj = iter.next(); - if (obj instanceof java.security.acl.Group) { - Principal callerPrincipal = null; - for (java.util.Enumeration e = ((java.security.acl.Group) obj).members(); e.hasMoreElements();) { - callerPrincipal = (java.security.Principal) e.nextElement(); - //TODO: This role will become configurable when a separate loginmodule is created - if ("guest".equals(callerPrincipal.getName())) { - return true; - } - } - } - } - } - return false; - } catch (Exception ex) { - ex.printStackTrace(); - return false; - } - } - /** * If the superclass commits, then place the PasswordCredential, UserPrivateKey and PublicKey in the Subject --- 84,87 ---- *************** *** 145,169 **** if (committed && System.getProperty("tolven.security.keys.activate") != null) { try { ! if (user == null) { ! //Must be an MDB ! System.out.println(getClass() + ": completing login for an MDB"); ! } else { ! if (!user.hasUserPrivateKey()) { ! System.out.println(getClass() + ": initialize keys "); ! user.initUserPrivateKey(passwordCredential.getPassword()); ! userModified = true; ! } ! UserPrivateKey userPrivateKey = user.getUserPrivateKey(); ! System.out.println(getClass() + ": Adding UserPrivateKey to Subject " + user.getLdapUID()); ! userPrivateKey.unlockPrivateKey(passwordCredential.getPassword()); ! subject.getPrivateCredentials().add(userPrivateKey); ! System.out.println(getClass() + ": Adding getUserPublicKey to Subject " + user.getLdapUID()); ! subject.getPublicCredentials().add(user.getUserPublicKey()); ! if (userModified) { ! loginLocal.update(user); ! System.out.println(getClass() + ": persisted new keys user " + user.getLdapUID()); ! } ! System.out.println(getClass() + ": completing login for " + user.getLdapUID()); } } catch (Exception ex) { ex.printStackTrace(); --- 92,111 ---- if (committed && System.getProperty("tolven.security.keys.activate") != null) { try { ! if (!user.hasUserPrivateKey()) { ! System.out.println(getClass() + ": initialize keys "); ! user.initUserPrivateKey(passwordCredential.getPassword()); ! userModified = true; } + UserPrivateKey userPrivateKey = user.getUserPrivateKey(); + System.out.println(getClass() + ": Adding UserPrivateKey to Subject " + user.getLdapUID()); + userPrivateKey.unlockPrivateKey(passwordCredential.getPassword()); + subject.getPrivateCredentials().add(userPrivateKey); + System.out.println(getClass() + ": Adding getUserPublicKey to Subject " + user.getLdapUID()); + subject.getPublicCredentials().add(user.getUserPublicKey()); + if (userModified) { + loginLocal.update(user); + System.out.println(getClass() + ": persisted new keys user " + user.getLdapUID()); + } + System.out.println(getClass() + ": completing login for " + user.getLdapUID()); } catch (Exception ex) { ex.printStackTrace(); |
|
From: Joseph I. <jos...@us...> - 2007-01-03 07:24:11
|
Update of /cvsroot/tolven/tolvenEJB/src/org/tolven/core In directory sc8-pr-cvs10.sourceforge.net:/tmp/cvs-serv3988/src/org/tolven/core Modified Files: AccountDAOLocal.java Log Message: UserPrivateKey is now passed directly to AccountDAOBean to circumvent problems with the @SecurityDomain beign added there. A number of different types of login come through AccountDAOBean, and until the bean is refactored, it is best to avoid using the annotation there (and that removes access to the Subject for some mysterious JBoss reason). Index: AccountDAOLocal.java =================================================================== RCS file: /cvsroot/tolven/tolvenEJB/src/org/tolven/core/AccountDAOLocal.java,v retrieving revision 1.10 retrieving revision 1.11 diff -C2 -d -r1.10 -r1.11 *** AccountDAOLocal.java 25 Dec 2006 01:43:24 -0000 1.10 --- AccountDAOLocal.java 3 Jan 2007 07:24:09 -0000 1.11 *************** *** 25,28 **** --- 25,29 ---- import org.tolven.core.entity.TolvenUser; import org.tolven.core.entity.AccountType; + import org.tolven.security.key.UserPrivateKey; *************** *** 75,79 **** * @see ActivationBean */ ! public AccountUser inviteAccountUser(Account account, AccountUser accountUser, TolvenUser invidtedUser, Date now, boolean accountPermission ); /** --- 76,80 ---- * @see ActivationBean */ ! public AccountUser inviteAccountUser(Account account, AccountUser accountUser, TolvenUser invidtedUser, UserPrivateKey anInviterPrivateKey, Date now, boolean accountPermission ); /** |
3 messages has been excluded from this view by a project administrator.
