Examples of org.apache.jetspeed.security.om.InternalCredential

• org.apache.jetspeed.security.om.InternalCredential

  Interface representing a security credential.

  The credential value represents the value of the credential such as a password.

  For now, we do not have custom credentials classes and credentials support only 1 credential (i.e. 1 password).

  The credential type represents whether a credential is private or public:

  • Private credential: type == 0
  • Public credential: type == 1

  The credential classname represent the class of credential.

  TODO Add multiple credentials support. @author David Le Strat @version $Id: InternalCredential.java 516448 2007-03-09 16:25:47Z ate $

   * getCredential
   * returns the credentials for a given user
   */
  private SSOContext  getCredential(SSOSite ssoSite, String fullPath)
  {
    InternalCredential credential = null;
    InternalUserPrincipal remotePrincipal = null;
    String remoteUser = null;
    String remoteFullPath = null;

    //  Get remotePrincipals for Site and match them with the Remote Principal for the Principal attached to site
    Collection principalsForSite = ssoSite.getPrincipals();
    Collection remoteForSite = ssoSite.getRemotePrincipals();

    // If any of them don't exist just return
    if (principalsForSite == null || remoteForSite== null )
        return null;  // no entry

    Collection remoteForPrincipals = getRemotePrincipalsForPrincipal(principalsForSite, fullPath);

    if ( remoteForPrincipals == null)
        return null;  // no entry

    // Get remote Principal that matches the site and the principal
    if ((remotePrincipal = FindRemoteMatch(remoteForPrincipals, remoteForSite)) == null )
    {
        return null;  // No entry
    }
    else
    {
        // Has an entry
      if ( remotePrincipal.getCredentials() != null)
        credential = (InternalCredential)remotePrincipal.getCredentials().iterator().next();

      // Error checking  -- should have a credential at this point
      if ( credential == null)
      {
        System.out.println("Warning: Remote User " + remotePrincipal.getFullPath() + " doesn't have a credential");
        return null;
      }
    }

    //  Create new context
    String name = remotePrincipal.getFullPath();
    int ix = name.lastIndexOf('/');
    if ( ix != -1)
      name = name.substring(ix + 1);

    SSOContext context = new SSOContextImpl(credential.getPrincipalId(), name, credential.getValue());

    return context;
  }

    if ( site.getCredentials() != null)
    {
      Iterator itCredentials = site.getCredentials().iterator();
      while(itCredentials.hasNext() )
      {
        InternalCredential tmp = (InternalCredential)itCredentials.next();
        if ( tmp != null && tmp.getPrincipalId() == principalId)
          return tmp;
      }
    }

    return null;

      }

      // Update principal information
      //remotePrincipal.setFullPath("/sso/" + ssoSite.getSiteId() + "/user/"+ principalName + "/" + remoteUser);

      InternalCredential credential = (InternalCredential)remotePrincipal.getCredentials().iterator().next();

      // New credential object
       if ( credential != null)
        // Remove credential and principal from mapping
         credential.setValue(this.scramble(pwd));

      // Update database and reset cache
       try
       {
           getPersistenceBrokerTemplate().store(credential);

   * getCredential
   * returns the credentials for a given user
   */
  private SSOContext  getCredential(SSOSite ssoSite, String fullPath)
  {
    InternalCredential credential = null;
    InternalUserPrincipal remotePrincipal = null;
    String remoteUser = null;
    String remoteFullPath = null;

    //  Get remotePrincipals for Site and match them with the Remote Principal for the Principal attached to site
    Collection principalsForSite = ssoSite.getPrincipals();
    Collection remoteForSite = ssoSite.getRemotePrincipals();

    // If any of them don't exist just return
    if ( principalsForSite == null  || remoteForSite== null )
        return null;  // no entry

    Collection remoteForPrincipals = getRemotePrincipalsForPrincipal(principalsForSite, fullPath);

    if ( remoteForPrincipals == null)
        return null;  // no entry

    // Get remote Principal that matches the site and the principal
    if ((remotePrincipal = findRemoteMatch(remoteForPrincipals, remoteForSite)) == null )
    {
        return null;  // No entry
    }
    else
    {
        // Has an entry
      if ( remotePrincipal.getCredentials() != null)
        credential = (InternalCredential)remotePrincipal.getCredentials().iterator().next();

      // Error checking  -- should have a credential at this point
      if ( credential == null)
      {
        System.out.println("Warning: Remote User " + remotePrincipal.getFullPath() + " doesn't have a credential");
        return null;
      }
    }

    //  Create new context
    String name = stripPrincipalName(remotePrincipal.getFullPath());

    SSOContext context = new SSOContextImpl(credential.getPrincipalId(), name, this.unscramble(credential.getValue()));

    return context;
  }

            InternalUserPrincipal remotePrincipal = (InternalUserPrincipal)principals.next();
            String fullpath = remotePrincipal.getFullPath();
            Iterator creds = remotePrincipal.getCredentials().iterator();
            while (creds.hasNext())
            {
                InternalCredential cred = (InternalCredential) creds.next();
                SSOContext context = new SSOContextImpl(remotePrincipal.getPrincipalId(),
                                                stripPrincipalName(remotePrincipal.getFullPath()),
                                                cred.getValue(),
                                                stripPortalPrincipalName(remotePrincipal.getFullPath()));
                list.add(context);
            }
        }
        return list;

            while (itRemotePrincipals.hasNext() )
            {
              InternalUserPrincipal remotePrincipal = (InternalUserPrincipal)itRemotePrincipals.next();
                  if (remotePrincipal != null)
                  {
                    InternalCredential credential = null;
                    if ( remotePrincipal.getCredentials() != null)
                      credential = (InternalCredential)remotePrincipal.getCredentials().iterator().next();

                    if (credential != null)
                    {
                      if (log.isInfoEnabled())
                        log.info("SSOComponent -- Remote Principal ["+stripPrincipalName(remotePrincipal.getFullPath())+"] has credential ["+this.unscramble(credential.getValue())+ "]");

                      client.getState().setCredentials(
                            site.getRealm(),
                                  urlObj.getHost(),
                                  new UsernamePasswordCredentials(stripPrincipalName(remotePrincipal.getFullPath()),  this.unscramble(credential.getValue()))
                              );

                      // Build URL if it's Form authentication
                      StringBuffer siteURL = new StringBuffer(site.getSiteURL());

                    // Check if it's form based or ChallengeResponse
                    if (site.isFormAuthentication())
                    {
                      siteURL.append("?").append(site.getFormUserField()).append("=").append(stripPrincipalName(remotePrincipal.getFullPath())).append("&").append(site.getFormPwdField()).append("=").append(this.unscramble(credential.getValue()));
                    }

                      get = new GetMethod(siteURL.toString());

                            // Tell the GET method to automatically handle authentication. The

    {
        Set credentials = new HashSet();
        InternalUserPrincipal internalUser = securityAccess.getInternalUserPrincipal(username, false);
        if (null != internalUser)
        {
            InternalCredential credential = getPasswordCredential(internalUser, username );
            if ( credential != null )
            {
                try
                {
                    credentials.add(pcProvider.create(username,credential));

        return new HashSet();
    }

    private InternalCredential getPasswordCredential(InternalUserPrincipal internalUser, String username)
    {
        InternalCredential credential = null;

        Collection internalCredentials = internalUser.getCredentials();
        if ( internalCredentials != null )
        {
            Iterator iter = internalCredentials.iterator();

            while (iter.hasNext())
            {
                credential = (InternalCredential) iter.next();
                if (credential.getType() == InternalCredential.PRIVATE )
                {
                    if ((null != credential.getClassname())
                            && (credential.getClassname().equals(pcProvider.getPasswordCredentialClass().getName())))
                    {
                        try
                        {
                            if ( ipcInterceptor != null && ipcInterceptor.afterLoad(pcProvider, username, credential) )
                            {

        if (null == credentials)
        {
            credentials = new ArrayList();
        }

        InternalCredential credential = getPasswordCredential(internalUser, userName );

        if (null != oldPassword)
        {
            if ( credential != null &&
                    credential.getValue() != null &&
                    credential.isEncoded() &&
                    pcProvider.getEncoder() != null )
            {
                oldPassword = pcProvider.getEncoder().encode(userName, oldPassword);
            }
        }

        if (oldPassword != null && (credential == null || credential.getValue() == null || !credential.getValue().equals(oldPassword)))
        {
            // supplied PasswordCredential not defined for this user
            throw new InvalidPasswordException();
        }

        if ( pcProvider.getValidator() != null )
        {
            try
            {
                pcProvider.getValidator().validate(newPassword);
            }
            catch (InvalidPasswordException ipe)
            {
                throw new InvalidNewPasswordException();
            }
        }

        boolean encoded = false;
        if ( pcProvider.getEncoder() != null )
        {
            newPassword = pcProvider.getEncoder().encode(userName, newPassword);
            encoded = true;
        }

        boolean create = credential == null;

        if ( create )
        {
            credential = new InternalCredentialImpl(internalUser.getPrincipalId(), newPassword, InternalCredential.PRIVATE,
                            pcProvider.getPasswordCredentialClass().getName());
            credential.setEncoded(encoded);
            credentials.add(credential);
        }
        else if ( oldPassword == null )
        {
/* TODO: should only be allowed for admin
            // User *has* an PasswordCredential: setting a new Credential without supplying
            // its current one is not allowed
            throw new SecurityException(SecurityException.PASSWORD_REQUIRED);
*/
        }
        else if ( oldPassword.equals(newPassword) )
        {
            throw new PasswordAlreadyUsedException();
        }

        if ( ipcInterceptor != null )
        {
            if ( create )
            {
                ipcInterceptor.beforeCreate(internalUser, credentials, userName, credential, newPassword );
            }
            else
            {
                ipcInterceptor.beforeSetPassword(internalUser, credentials, userName, credential, newPassword, oldPassword != null );
            }
        }
        if (!create)
        {
            credential.setValue(newPassword);
            credential.setEncoded(encoded);
            credential.setUpdateRequired(false);
        }

        internalUser.setModifiedDate(new Timestamp(new Date().getTime()));
        internalUser.setCredentials(credentials);
        // Set the user with the new credentials.

    public void setPasswordEnabled(String userName, boolean enabled) throws SecurityException
    {
        InternalUserPrincipal internalUser = securityAccess.getInternalUserPrincipal(userName, false);
        if (null != internalUser)
        {
            InternalCredential credential = getPasswordCredential(internalUser, userName );
            if ( credential != null && !credential.isExpired() && credential.isEnabled() != enabled )
            {
                credential.setEnabled(enabled);
                credential.setAuthenticationFailures(0);
                internalUser.setModifiedDate(new Timestamp(new Date().getTime()));
                securityAccess.setInternalUserPrincipal(internalUser, false);
            }
        }
        else