+++ /dev/null
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
- ~ Licensed to the Apache Software Foundation (ASF) under one
- ~ or more contributor license agreements. See the NOTICE file
- ~ distributed with this work for additional information
- ~ regarding copyright ownership. The ASF licenses this file
- ~ to you under the Apache License, Version 2.0 (the
- ~ "License"); you may not use this file except in compliance
- ~ with the License. You may obtain a copy of the License at
- ~
- ~ http://www.apache.org/licenses/LICENSE-2.0
- ~
- ~ Unless required by applicable law or agreed to in writing,
- ~ software distributed under the License is distributed on an
- ~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- ~ KIND, either express or implied. See the License for the
- ~ specific language governing permissions and limitations
- ~ under the License.
- -->
-
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
-
- <modelVersion>4.0.0</modelVersion>
-
- <parent>
- <artifactId>redback-integrations</artifactId>
- <groupId>org.apache.archiva.redback</groupId>
- <version>2.1-SNAPSHOT</version>
- </parent>
-
- <artifactId>redback-jsecurity</artifactId>
- <packaging>bundle</packaging>
- <name>Redback :: Integration :: JSecurity Integration</name>
-
- <dependencies>
- <dependency>
- <groupId>org.apache.archiva.redback</groupId>
- <artifactId>redback-users-api</artifactId>
- </dependency>
- <dependency>
- <groupId>org.apache.archiva.redback</groupId>
- <artifactId>redback-rbac-model</artifactId>
- </dependency>
- <dependency>
- <groupId>org.apache.archiva.redback</groupId>
- <artifactId>redback-system</artifactId>
- </dependency>
- <dependency>
- <groupId>org.jsecurity</groupId>
- <artifactId>jsecurity</artifactId>
- <version>0.9.0</version>
- </dependency>
-
- <!-- Test Dependencies -->
- <dependency>
- <groupId>org.apache.archiva.redback</groupId>
- <artifactId>redback-users-memory</artifactId>
- <scope>test</scope>
- </dependency>
- <dependency>
- <groupId>org.apache.archiva.redback</groupId>
- <artifactId>redback-rbac-memory</artifactId>
- <scope>test</scope>
- </dependency>
- <dependency>
- <groupId>org.hsqldb</groupId>
- <artifactId>hsqldb</artifactId>
- <scope>test</scope>
- </dependency>
- <dependency>
- <groupId>org.slf4j</groupId>
- <artifactId>slf4j-simple</artifactId>
- <scope>test</scope>
- </dependency>
- </dependencies>
-
- <build>
- <plugins>
- <plugin>
- <groupId>org.apache.felix</groupId>
- <artifactId>maven-bundle-plugin</artifactId>
- <configuration>
- <instructions>
- <Export-Package>
- org.apache.archiva.redback.jsecurity;version=${project.version};-split-package:=merge-first
- </Export-Package>
- <Import-Package>
- org.apache.archiva.redback.policy;version=${project.version},
- org.apache.archiva.redback.rbac;version=${project.version},
- org.apache.archiva.redback.users;version=${project.version},
- org.jsecurity*;version="[0.9,2)",
- org.slf4j;resolution:=optional
- </Import-Package>
- </instructions>
- </configuration>
- </plugin>
- </plugins>
- </build>
-
-</project>
+++ /dev/null
-package org.apache.archiva.redback.jsecurity;
-
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-import org.jsecurity.authc.AuthenticationException;
-
-public class PrincipalLockedException
- extends AuthenticationException
-{
- public PrincipalLockedException( String message, Throwable cause )
- {
- super( message, cause );
- }
-
- public PrincipalLockedException( String message )
- {
- super( message );
- }
-
- public PrincipalLockedException( Throwable cause )
- {
- super( cause );
- }
-}
+++ /dev/null
-package org.apache.archiva.redback.jsecurity;
-
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-import org.jsecurity.authc.AuthenticationException;
-
-public class PrincipalPasswordChangeRequiredException
- extends AuthenticationException
-{
- public PrincipalPasswordChangeRequiredException( String message, Throwable cause )
- {
- super( message, cause );
- }
-
- public PrincipalPasswordChangeRequiredException( String message )
- {
- super( message );
- }
-
- public PrincipalPasswordChangeRequiredException( Throwable cause )
- {
- super( cause );
- }
-}
+++ /dev/null
-package org.apache.archiva.redback.jsecurity;
-
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-import org.apache.archiva.redback.policy.AccountLockedException;
-import org.apache.archiva.redback.policy.UserSecurityPolicy;
-import org.apache.archiva.redback.rbac.Permission;
-import org.apache.archiva.redback.rbac.RBACManager;
-import org.apache.archiva.redback.rbac.RbacManagerException;
-import org.apache.archiva.redback.rbac.UserAssignment;
-import org.apache.archiva.redback.users.User;
-import org.apache.archiva.redback.users.UserManager;
-import org.apache.archiva.redback.users.UserNotFoundException;
-import org.jsecurity.authc.AuthenticationException;
-import org.jsecurity.authc.AuthenticationInfo;
-import org.jsecurity.authc.AuthenticationToken;
-import org.jsecurity.authc.SimpleAuthenticationInfo;
-import org.jsecurity.authc.UsernamePasswordToken;
-import org.jsecurity.authc.credential.CredentialsMatcher;
-import org.jsecurity.authz.AuthorizationInfo;
-import org.jsecurity.authz.SimpleAuthorizationInfo;
-import org.jsecurity.realm.AuthorizingRealm;
-import org.jsecurity.subject.PrincipalCollection;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import java.util.HashSet;
-import java.util.Iterator;
-import java.util.Set;
-
-public class RedbackRealm
- extends AuthorizingRealm
-{
- private Logger log = LoggerFactory.getLogger( RedbackRealm.class );
-
- private final UserManager userManager;
-
- private final RBACManager rbacManager;
-
- private final UserSecurityPolicy securityPolicy;
-
- public RedbackRealm( UserManager userManager, RBACManager rbacManager, UserSecurityPolicy securityPolicy )
- {
- this.userManager = userManager;
- this.rbacManager = rbacManager;
- this.securityPolicy = securityPolicy;
- }
-
- @Override
- protected AuthorizationInfo doGetAuthorizationInfo( PrincipalCollection principals )
- {
- final String username = (String) principals.fromRealm( getName() ).iterator().next();
-
- try
- {
- final UserAssignment assignment = rbacManager.getUserAssignment( username );
- final Set<String> roleNames = new HashSet<String>( assignment.getRoleNames() );
- final Set<String> permissions = new HashSet<String>();
-
- for ( Iterator<Permission> it = rbacManager.getAssignedPermissions( username ).iterator(); it.hasNext(); )
- {
- Permission permission = it.next();
- permissions.add( permission.getName() );
- }
-
- SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo( roleNames );
- authorizationInfo.setStringPermissions( permissions );
-
- return authorizationInfo;
- }
- catch ( RbacManagerException e )
- {
- log.error( "Could not authenticate against data source", e );
- }
-
- return null;
- }
-
- @Override
- protected AuthenticationInfo doGetAuthenticationInfo( AuthenticationToken token )
- throws AuthenticationException
- {
- if ( token == null )
- {
- throw new AuthenticationException( "AuthenticationToken cannot be null" );
- }
-
- final UsernamePasswordToken passwordToken = (UsernamePasswordToken) token;
-
- User user = null;
- try
- {
- user = userManager.findUser( passwordToken.getUsername() );
- }
- catch ( UserNotFoundException e )
- {
- log.error( "Could not find user " + passwordToken.getUsername() );
- }
-
- if ( user == null )
- {
- return null;
- }
-
- if ( user.isLocked() && !user.isPasswordChangeRequired() )
- {
- throw new PrincipalLockedException( "User " + user.getPrincipal() + " is locked." );
- }
-
- if ( user.isPasswordChangeRequired() )
- {
- throw new PrincipalPasswordChangeRequiredException(
- "Password change is required for user " + user.getPrincipal() );
- }
-
- return new RedbackAuthenticationInfo( user, getName() );
- }
-
- @Override
- public CredentialsMatcher getCredentialsMatcher()
- {
- return new CredentialsMatcher()
- {
- public boolean doCredentialsMatch( AuthenticationToken token, AuthenticationInfo info )
- {
- final String credentials = new String( (char[]) token.getCredentials() );
- final boolean match = securityPolicy.getPasswordEncoder().encodePassword( credentials ).equals(
- (String) info.getCredentials() );
- if ( !match )
- {
- User user = ( (RedbackAuthenticationInfo) info ).getUser();
- try
- {
- securityPolicy.extensionExcessiveLoginAttempts( user );
- }
- catch ( AccountLockedException e )
- {
- log.info( "User{} has been locked", user.getUsername(), e );
- }
- finally
- {
- try
- {
- userManager.updateUser( user );
- }
- catch ( UserNotFoundException e )
- {
- log.error( "The user to be updated could not be found", e );
- }
- }
- }
- return match;
- }
- };
- }
-
- final class RedbackAuthenticationInfo
- extends SimpleAuthenticationInfo
- {
- private final User user;
-
- public RedbackAuthenticationInfo( User user, String realmName )
- {
- super( user.getPrincipal(), user.getEncodedPassword(), realmName );
- this.user = user;
- }
-
- public User getUser()
- {
- return user;
- }
- }
-}
+++ /dev/null
-package org.apache.archiva.redback.jsecurity;
-
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-import junit.framework.TestCase;
-import org.apache.archiva.redback.jsecurity.PrincipalLockedException;
-import org.apache.archiva.redback.jsecurity.PrincipalPasswordChangeRequiredException;
-import org.apache.archiva.redback.jsecurity.RedbackRealm;
-import org.apache.archiva.redback.policy.UserSecurityPolicy;
-import org.apache.archiva.redback.rbac.Operation;
-import org.apache.archiva.redback.rbac.Permission;
-import org.apache.archiva.redback.rbac.RBACManager;
-import org.apache.archiva.redback.rbac.Resource;
-import org.apache.archiva.redback.rbac.Role;
-import org.apache.archiva.redback.rbac.UserAssignment;
-import org.apache.archiva.redback.users.User;
-import org.apache.archiva.redback.users.UserManager;
-import org.jsecurity.authc.IncorrectCredentialsException;
-import org.jsecurity.authc.UsernamePasswordToken;
-import org.jsecurity.mgt.DefaultSecurityManager;
-import org.jsecurity.subject.PrincipalCollection;
-import org.jsecurity.subject.SimplePrincipalCollection;
-import org.jsecurity.subject.Subject;
-import org.junit.After;
-import org.junit.Before;
-import org.junit.Test;
-import org.junit.runner.RunWith;
-import org.springframework.test.context.ContextConfiguration;
-import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
-
-import javax.inject.Inject;
-import javax.inject.Named;
-
-
-@RunWith( SpringJUnit4ClassRunner.class )
-@ContextConfiguration( locations = { "classpath*:/META-INF/spring-context.xml", "classpath*:/spring-context.xml" } )
-public class RedbackRealmTest
- extends TestCase
-{
- private DefaultSecurityManager securityManager;
-
- private RedbackRealm realm;
-
- @Inject
- @Named( value = "userManager#memory" )
- private UserManager userManager;
-
- @Inject
- @Named( value = "rBACManager#memory" )
- private RBACManager rbacManager;
-
- @Inject
- private UserSecurityPolicy userSecurityPolicy;
-
- private User user;
-
- @Before
- public void setUp()
- throws Exception
- {
- super.setUp();
- securityManager = new DefaultSecurityManager();
-
- realm = new RedbackRealm( userManager, rbacManager, userSecurityPolicy );
- securityManager.setRealm( realm );
-
- user = userManager.createUser( "test1", "John Tester", "jtester@redback.codehaus.org" );
- user.setPassword( "password1" );
- userManager.addUser( user );
- userManager.updateUser( user );
- }
-
- @After
- public void tearDown()
- throws Exception
- {
- super.tearDown();
- securityManager.destroy();
- securityManager = null;
- realm = null;
- }
-
- protected String getPlexusConfigLocation()
- {
- return "plexus.xml";
- }
-
- public void testThrowsExceptionIfUserAccountLocked()
- throws Exception
- {
- user.setLocked( true );
- userManager.updateUser( user );
- try
- {
- securityManager.login( new UsernamePasswordToken( "test1", "password1" ) );
- fail( "Should not be able to login" );
- }
- catch ( PrincipalLockedException e )
- {
- assertTrue( true );
- }
- }
-
- @Test
- public void testThrowsExceptionIfUserAccountNeedsPasswordChange()
- throws Exception
- {
- user.setPasswordChangeRequired( true );
- userManager.updateUser( user );
- try
- {
- securityManager.login( new UsernamePasswordToken( "test1", "password1" ) );
- fail( "Should not be able to login" );
- }
- catch ( PrincipalPasswordChangeRequiredException e )
- {
- assertTrue( true );
- }
- }
-
- @Test
- public void testUnsuccessfullAuthAttemptsLockAccount()
- throws Exception
- {
- assertFalse( user.isLocked() );
- userSecurityPolicy.setLoginAttemptCount( 2 );
- try
- {
- securityManager.login( new UsernamePasswordToken( "test1", "incorrectpassowrd" ) );
- fail( "password should be incorrect" );
- }
- catch ( IncorrectCredentialsException e )
- {
- assertFalse( user.isLocked() );
- }
-
- try
- {
- securityManager.login( new UsernamePasswordToken( "test1", "incorrectpassowrd" ) );
- fail( "password should be incorrect" );
- }
- catch ( IncorrectCredentialsException e )
- {
- assertTrue( user.isLocked() );
- }
- }
-
- @Test
- public void testBasic()
- throws Exception
- {
- assertEquals( 1, userManager.getUsers().size() );
-
- Role role1 = rbacManager.createRole( "role1" );
- Permission permission = rbacManager.createPermission( "Allowed to write to repository" );
- Operation operation = rbacManager.createOperation( "myop" );
- Resource resource = rbacManager.createResource( "filesystem" );
-
- permission.setOperation( operation );
- permission.setPermanent( false );
- permission.setResource( resource );
-
- role1.addPermission( permission );
- rbacManager.savePermission( permission );
- rbacManager.saveRole( role1 );
-
- Role role2 = rbacManager.createRole( "role2" );
-
- UserAssignment assignment = rbacManager.createUserAssignment( user.getUsername() );
- assignment.addRoleName( "role1" );
- rbacManager.saveUserAssignment( assignment );
-
- Subject subject = securityManager.login( new UsernamePasswordToken( "test1", "password1" ) );
- assertTrue( subject.isAuthenticated() );
- assertTrue( subject.hasRole( "role1" ) );
- assertFalse( subject.hasRole( "role2" ) );
-
- PrincipalCollection principals = new SimplePrincipalCollection( "test1", realm.getName() );
-
- assertTrue( securityManager.isPermitted( principals, "Allowed to write to repository" ) );
- }
-}
projects / archiva.git / commitdiff