Examples of org.apache.jetspeed.security.om.InternalCredential

• org.apache.jetspeed.security.om.InternalCredential

  Interface representing a security credential.

  The credential value represents the value of the credential such as a password.

  For now, we do not have custom credentials classes and credentials support only 1 credential (i.e. 1 password).

  The credential type represents whether a credential is private or public:

  • Private credential: type == 0
  • Public credential: type == 1

  The credential classname represent the class of credential.

  TODO Add multiple credentials support. @author David Le Strat @version $Id: InternalCredential.java 516448 2007-03-09 16:25:47Z ate $

    public void setPasswordExpiration(String userName, java.sql.Date expirationDate) throws SecurityException
    {
        InternalUserPrincipal internalUser = securityAccess.getInternalUserPrincipal(userName, false);
        if (null != internalUser)
        {
            InternalCredential credential = getPasswordCredential(internalUser, userName );
            if ( credential != null )
            {
                long time = new Date().getTime();
                if ( expirationDate != null && new java.sql.Date(time).after(expirationDate))
                {
                    credential.setExpired(true);
                }
                else
                {
                    credential.setExpired(false);
                }
                credential.setExpirationDate(expirationDate);

                credential.setModifiedDate(new Timestamp(time));
                internalUser.setModifiedDate(new Timestamp(time));
                securityAccess.setInternalUserPrincipal(internalUser, false);
            }
        }
        else

    {
        boolean authenticated = false;
        InternalUserPrincipal internalUser = securityAccess.getInternalUserPrincipal(userName, false);
        if (null != internalUser)
        {
            InternalCredential credential = getPasswordCredential(internalUser, userName );
            if ( credential != null && credential.isEnabled() && !credential.isExpired())
            {
                String encodedPassword = password;
                if ( pcProvider.getEncoder() != null && credential.isEncoded())
                {
                    if ( pcProvider.getEncoder() instanceof AlgorithmUpgradeCredentialPasswordEncoder )
                    {
                        encodedPassword = ((AlgorithmUpgradeCredentialPasswordEncoder)pcProvider.getEncoder()).encode(userName,password, credential);
                    }
                    else
                    {
                        encodedPassword = pcProvider.getEncoder().encode(userName,password);
                    }
                }

                authenticated = credential.getValue().equals(encodedPassword);
                boolean update = false;

                if ( ipcInterceptor != null )
                {
                    update = ipcInterceptor.afterAuthenticated(internalUser, userName, credential, authenticated);
                    if ( update && (!credential.isEnabled() || credential.isExpired()))
                    {
                        authenticated = false;
                    }
                }
                long time = new Date().getTime();

                if ( authenticated )
                {
                    credential.setAuthenticationFailures(0);

                    if ( pcProvider.getEncoder() != null && pcProvider.getEncoder() instanceof AlgorithmUpgradeCredentialPasswordEncoder)
                    {
                        ((AlgorithmUpgradeCredentialPasswordEncoder)pcProvider.getEncoder()).recodeIfNeeded(userName,password,credential);
                    }

                    credential.setPreviousAuthenticationDate(credential.getLastAuthenticationDate());
                    credential.setLastAuthenticationDate(new Timestamp(time));
                    update = true;
                }

                if ( update )
                {
                    credential.setModifiedDate(new Timestamp(time));
                    internalUser.setModifiedDate(new Timestamp(time));
                    securityAccess.setInternalUserPrincipal(internalUser, false);
                }
            }
        }

    {
        Collection internalCredentials = internalUser.getCredentials();
        ArrayList historicalPasswordCredentials = new ArrayList();
        if ( internalCredentials != null )
        {
            InternalCredential currCredential;
            Iterator iter = internalCredentials.iterator();

            while (iter.hasNext())
            {
                currCredential = (InternalCredential) iter.next();
                if (currCredential.getType() == InternalCredential.PRIVATE )
                {
                    if ((null != currCredential.getClassname())
                            && (currCredential.getClassname().equals(HISTORICAL_PASSWORD_CREDENTIAL)))
                    {
                        historicalPasswordCredentials.add(currCredential);
                    }
                }
            }
        }
        if (historicalPasswordCredentials.size() > 1)
        {
            Collections.sort(historicalPasswordCredentials,internalCredentialCreationDateComparator);
        }

        int historyCount = historyCount = historicalPasswordCredentials.size();
        InternalCredential historicalPasswordCredential;
        if ( authenticated )
        {
            // check password already used
            for ( int i = 0; i < historyCount && i < historySize; i++ )
            {
                historicalPasswordCredential = (InternalCredential)historicalPasswordCredentials.get(i);
                if ( historicalPasswordCredential.getValue() != null &&
                        historicalPasswordCredential.getValue().equals(password) )
                {
                    throw new PasswordAlreadyUsedException();
                }
            }
        }

    {
        Set credentials = new HashSet();
        InternalUserPrincipal internalUser = securityAccess.getInternalUserPrincipal(username, false);
        if (null != internalUser)
        {
            InternalCredential credential = getPasswordCredential(internalUser, username );
            if ( credential != null )
            {
                try
                {
                    credentials.add(pcProvider.create(username,credential));

        return new HashSet();
    }

    private InternalCredential getPasswordCredential(InternalUserPrincipal internalUser, String username)
    {
        InternalCredential credential = null;

        Collection internalCredentials = internalUser.getCredentials();
        if ( internalCredentials != null )
        {
            Iterator iter = internalCredentials.iterator();

            while (iter.hasNext())
            {
                credential = (InternalCredential) iter.next();
                if (credential.getType() == InternalCredential.PRIVATE )
                {
                    if ((null != credential.getClassname())
                            && (credential.getClassname().equals(pcProvider.getPasswordCredentialClass().getName())))
                    {
                        try
                        {
                            if ( ipcInterceptor != null && ipcInterceptor.afterLoad(pcProvider, username, credential) )
                            {

        if (null == credentials)
        {
            credentials = new ArrayList();
        }

        InternalCredential credential = getPasswordCredential(internalUser, userName );

        if (null != oldPassword)
        {
            if ( credential != null &&
                    credential.getValue() != null &&
                    credential.isEncoded() &&
                    pcProvider.getEncoder() != null )
            {
                if ( pcProvider.getEncoder() instanceof AlgorithmUpgradeCredentialPasswordEncoder )
                {
                    oldPassword = ((AlgorithmUpgradeCredentialPasswordEncoder)pcProvider.getEncoder()).encode(userName,oldPassword, credential);
                }
                else
                {
                    oldPassword = pcProvider.getEncoder().encode(userName,oldPassword);
                }
            }
        }

        if (oldPassword != null && (credential == null || credential.getValue() == null || !credential.getValue().equals(oldPassword)))
        {
            // supplied PasswordCredential not defined for this user
            throw new InvalidPasswordException();
        }
        if (!raw) // bypass validation if raw
        {
          if ( pcProvider.getValidator() != null )
          {
              try
              {
                  pcProvider.getValidator().validate(newPassword);
              }
              catch (InvalidPasswordException ipe)
              {
                  throw new InvalidNewPasswordException();
              }
          }
        }
        boolean encoded = false;
        if ( pcProvider.getEncoder() != null )
        {
          if (!(raw)) // if raw just bypass encoding
            newPassword = pcProvider.getEncoder().encode(userName, newPassword);
            encoded = true;
        }

        boolean create = credential == null;

        if ( create )
        {
            credential = new InternalCredentialImpl(internalUser.getPrincipalId(), newPassword, InternalCredential.PRIVATE,
                            pcProvider.getPasswordCredentialClass().getName());
            credential.setEncoded(encoded);
            credentials.add(credential);
        }
        else if ( oldPassword == null )
        {
/* TODO: should only be allowed for admin
            // User *has* an PasswordCredential: setting a new Credential without supplying
            // its current one is not allowed
            throw new SecurityException(SecurityException.PASSWORD_REQUIRED);
*/
        }
        else if ( oldPassword.equals(newPassword) )
        {
            throw new PasswordAlreadyUsedException();
        }

        if ( ipcInterceptor != null )
        {
            if ( create )
            {
                ipcInterceptor.beforeCreate(internalUser, credentials, userName, credential, newPassword );
            }
            else
            {
                ipcInterceptor.beforeSetPassword(internalUser, credentials, userName, credential, newPassword, oldPassword != null );
            }
        }

        if (!create)
        {
            credential.setValue(newPassword);
            credential.setEncoded(encoded);
            credential.setUpdateRequired(false);
        }

        long time = new Date().getTime();

        if ( oldPassword == null )
        {
            // non-user (admin) modified the password

            if ( encoded && pcProvider.getEncoder() instanceof AlgorithmUpgradePasswordEncodingService )
            {
                // set current time in previous auth date, and clear last authentication date
                // !!! While this might be a bit strange logic, it is *required* for the AlgorithmUpgradePBEPasswordEncodingService
                // to be able to distinguise password changes from other changes
                credential.setPreviousAuthenticationDate(new Timestamp(new Date().getTime()));
                credential.setLastAuthenticationDate(null);
            }
        }
        else
        {
            // authenticated password change (by user itself)
            credential.setPreviousAuthenticationDate(credential.getLastAuthenticationDate());
            credential.setLastAuthenticationDate(new Timestamp(time));
        }

        credential.setModifiedDate(new Timestamp(time));
        internalUser.setModifiedDate(new Timestamp(time));
        internalUser.setCredentials(credentials);
        // Set the user with the new credentials.
        securityAccess.setInternalUserPrincipal(internalUser, false);
    }

      }

      // Update principal information
      //remotePrincipal.setFullPath("/sso/" + ssoSite.getSiteId() + "/user/"+ principalName + "/" + remoteUser);

      InternalCredential credential = (InternalCredential)remotePrincipal.getCredentials().iterator().next();

      // New credential object
       if ( credential != null)
        // Remove credential and principal from mapping
         credential.setValue(this.scramble(pwd));

      // Update database and reset cache
       try
       {
           getPersistenceBrokerTemplate().store(credential);

   * getCredential
   * returns the credentials for a given user
   */
  private SSOContext  getCredential(SSOSite ssoSite, String fullPath)
  {
    InternalCredential credential = null;
    InternalUserPrincipal remotePrincipal = null;
    String remoteUser = null;
    String remoteFullPath = null;

    //  Get remotePrincipals for Site and match them with the Remote Principal for the Principal attached to site
    Collection principalsForSite = ssoSite.getPrincipals();
    Collection remoteForSite = ssoSite.getRemotePrincipals();

    // If any of them don't exist just return
    if ( principalsForSite == null  || remoteForSite== null )
        return null;  // no entry

    Collection remoteForPrincipals = getRemotePrincipalsForPrincipal(principalsForSite, fullPath);

    if ( remoteForPrincipals == null)
        return null;  // no entry

    // Get remote Principal that matches the site and the principal
    if ((remotePrincipal = findRemoteMatch(remoteForPrincipals, remoteForSite)) == null )
    {
        return null;  // No entry
    }
    else
    {
        // Has an entry
      if ( remotePrincipal.getCredentials() != null)
        credential = (InternalCredential)remotePrincipal.getCredentials().iterator().next();

      // Error checking  -- should have a credential at this point
      if ( credential == null)
      {
//        System.out.println("Warning: Remote User " + remotePrincipal.getFullPath() + " doesn't have a credential");
        return null;
      }
    }

    //  Create new context
    String name = stripPrincipalName(remotePrincipal.getFullPath());

    SSOContext context = new SSOContextImpl(credential.getPrincipalId(), name, this.unscramble(credential.getValue()));

    return context;
  }

            InternalUserPrincipal remotePrincipal = (InternalUserPrincipal)principals.next();
            String fullpath = remotePrincipal.getFullPath();
            Iterator creds = remotePrincipal.getCredentials().iterator();
            while (creds.hasNext())
            {
                InternalCredential cred = (InternalCredential) creds.next();
                SSOContext context = new SSOContextImpl(remotePrincipal.getPrincipalId(),
                                                stripPrincipalName(remotePrincipal.getFullPath()),
                                                cred.getValue(),
                                                stripPortalPrincipalName(remotePrincipal.getFullPath()));
                list.add(context);
            }
        }
        return list;

            while (itRemotePrincipals.hasNext() )
            {
              InternalUserPrincipal remotePrincipal = (InternalUserPrincipal)itRemotePrincipals.next();
                  if (remotePrincipal != null)
                  {
                    InternalCredential credential = null;
                    if ( remotePrincipal.getCredentials() != null)
                      credential = (InternalCredential)remotePrincipal.getCredentials().iterator().next();

                    if (credential != null)
                    {
                      if (log.isInfoEnabled())
                        log.info("SSOComponent -- Remote Principal ["+stripPrincipalName(remotePrincipal.getFullPath())+"] has credential ["+this.unscramble(credential.getValue())+ "]");

                      client.getState().setCredentials(
                            site.getRealm(),
                                  urlObj.getHost(),
                                  new UsernamePasswordCredentials(stripPrincipalName(remotePrincipal.getFullPath()),  this.unscramble(credential.getValue()))
                              );

                      // Build URL if it's Form authentication
                      StringBuffer siteURL = new StringBuffer(site.getSiteURL());

                    // Check if it's form based or ChallengeResponse
                    if (site.isFormAuthentication())
                    {
                      siteURL.append("?").append(site.getFormUserField()).append("=").append(stripPrincipalName(remotePrincipal.getFullPath())).append("&").append(site.getFormPwdField()).append("=").append(this.unscramble(credential.getValue()));
                    }

                      get = new GetMethod(siteURL.toString());

                            // Tell the GET method to automatically handle authentication. The