From 30fe2e93369b30c5ebb644413fe181e2940192cc Mon Sep 17 00:00:00 2001
From: Mathieu Baudier <mbaudier@argeo.org>
Date: Sun, 2 Oct 2011 13:04:41 +0000
Subject: [PATCH] Improve login and keyring

git-svn-id: https://svn.argeo.org/commons/trunk@4770 4cfe0d0a-d680-48aa-b62c-e0a02a3f76cc
---
 .../argeo/util/crypto/AbstractKeyring.java    |  6 +--
 demo/argeo_node_web.properties                |  2 +-
 .../security/equinox/SpringLoginModule.java   |  9 ++--
 .../META-INF/jaas_default.txt                 |  6 ++-
 .../META-INF/jaas_default.txt                 |  5 ---
 .../ui/dialogs/AbstractLoginDialog.java       |  3 +-
 .../ui/dialogs/DefaultLoginDialog.java        | 41 ++++---------------
 .../META-INF/MANIFEST.MF                      |  2 -
 .../META-INF/spring/jcr.xml                   |  2 +-
 .../commands/AddRemoteRepository.java         |  3 +-
 .../org/argeo/jcr/security/CaManager.java     |  7 ----
 .../org/argeo/jcr/security/SecurityTypes.java |  5 ---
 12 files changed, 26 insertions(+), 65 deletions(-)
 delete mode 100644 server/runtime/org.argeo.server.jcr/src/main/java/org/argeo/jcr/security/CaManager.java
 delete mode 100644 server/runtime/org.argeo.server.jcr/src/main/java/org/argeo/jcr/security/SecurityTypes.java

diff --git a/basic/runtime/org.argeo.basic.nodeps/src/main/java/org/argeo/util/crypto/AbstractKeyring.java b/basic/runtime/org.argeo.basic.nodeps/src/main/java/org/argeo/util/crypto/AbstractKeyring.java
index 3e9da4c2c..ee82fd944 100644
--- a/basic/runtime/org.argeo.basic.nodeps/src/main/java/org/argeo/util/crypto/AbstractKeyring.java
+++ b/basic/runtime/org.argeo.basic.nodeps/src/main/java/org/argeo/util/crypto/AbstractKeyring.java
@@ -160,13 +160,13 @@ public abstract class AbstractKeyring implements Keyring {
 			} else {// setup keyring
 				TextOutputCallback textCb1 = new TextOutputCallback(
 						TextOutputCallback.INFORMATION,
-						"Enter a master password");
+						"Enter a master password which will protect your private data");
 				TextOutputCallback textCb2 = new TextOutputCallback(
 						TextOutputCallback.INFORMATION,
-						"It will encrypt your private data");
+						"(for example your credentials to third-party services)");
 				TextOutputCallback textCb3 = new TextOutputCallback(
 						TextOutputCallback.INFORMATION,
-						"Don't forget it or your data is lost");
+						"Don't forget this password since the data cannot be read without it");
 				PasswordCallback confirmPasswordCb = new PasswordCallback(
 						"Confirm password", false);
 				// first try
diff --git a/demo/argeo_node_web.properties b/demo/argeo_node_web.properties
index 062aeeca1..bece10cee 100644
--- a/demo/argeo_node_web.properties
+++ b/demo/argeo_node_web.properties
@@ -1,9 +1,9 @@
 argeo.osgi.start=\
 org.springframework.osgi.extender,\
+org.argeo.security.services,\
 org.argeo.node.repofactory.jackrabbit,\
 org.argeo.node.repo.jackrabbit,\
 org.argeo.security.dao.ldap,\
-org.argeo.security.services,\
 org.argeo.security.equinox,\
 org.eclipse.core.runtime,\
 org.eclipse.equinox.common,\
diff --git a/security/plugins/org.argeo.security.equinox/src/main/java/org/argeo/security/equinox/SpringLoginModule.java b/security/plugins/org.argeo.security.equinox/src/main/java/org/argeo/security/equinox/SpringLoginModule.java
index ad6390d36..03f5f35ed 100644
--- a/security/plugins/org.argeo.security.equinox/src/main/java/org/argeo/security/equinox/SpringLoginModule.java
+++ b/security/plugins/org.argeo.security.equinox/src/main/java/org/argeo/security/equinox/SpringLoginModule.java
@@ -7,7 +7,6 @@ import javax.security.auth.callback.Callback;
 import javax.security.auth.callback.CallbackHandler;
 import javax.security.auth.callback.NameCallback;
 import javax.security.auth.callback.PasswordCallback;
-import javax.security.auth.callback.TextOutputCallback;
 import javax.security.auth.login.LoginException;
 
 import org.apache.commons.logging.Log;
@@ -28,8 +27,8 @@ public class SpringLoginModule extends SecurityContextLoginModule {
 	private CallbackHandler callbackHandler;
 
 	private Subject subject;
-	
-	private Long waitBetweenFailedLoginAttempts = 5*1000l;
+
+	private Long waitBetweenFailedLoginAttempts = 5 * 1000l;
 
 	public SpringLoginModule() {
 
@@ -61,8 +60,6 @@ public class SpringLoginModule extends SecurityContextLoginModule {
 				subject.getPublicCredentials().clear();
 
 			// ask for username and password
-			Callback label = new TextOutputCallback(
-					TextOutputCallback.INFORMATION, "Required login");
 			NameCallback nameCallback = new NameCallback("User");
 			PasswordCallback passwordCallback = new PasswordCallback(
 					"Password", false);
@@ -71,7 +68,7 @@ public class SpringLoginModule extends SecurityContextLoginModule {
 
 			if (callbackHandler == null)
 				throw new LoginException("No call back handler available");
-			callbackHandler.handle(new Callback[] { label, nameCallback,
+			callbackHandler.handle(new Callback[] { nameCallback,
 					passwordCallback });
 
 			// Set user name and password
diff --git a/security/plugins/org.argeo.security.ui.rap/META-INF/jaas_default.txt b/security/plugins/org.argeo.security.ui.rap/META-INF/jaas_default.txt
index b6cbaa655..72b66eabf 100644
--- a/security/plugins/org.argeo.security.ui.rap/META-INF/jaas_default.txt
+++ b/security/plugins/org.argeo.security.ui.rap/META-INF/jaas_default.txt
@@ -11,4 +11,8 @@ SPRING {
 SPRING_SECURITY_CONTEXT {
     org.eclipse.equinox.security.auth.module.ExtensionLoginModule sufficient
         extensionId="org.argeo.security.equinox.springSecurityContextLoginModule";
-};
\ No newline at end of file
+};
+
+KEYRING {
+    org.argeo.util.crypto.KeyringLoginModule required;
+};
diff --git a/security/plugins/org.argeo.security.ui.rcp/META-INF/jaas_default.txt b/security/plugins/org.argeo.security.ui.rcp/META-INF/jaas_default.txt
index 98e39b54f..bbabac66a 100644
--- a/security/plugins/org.argeo.security.ui.rcp/META-INF/jaas_default.txt
+++ b/security/plugins/org.argeo.security.ui.rcp/META-INF/jaas_default.txt
@@ -17,11 +17,6 @@ WINDOWS {
         extensionId="org.argeo.security.equinox.osSpringLoginModule";
 };
 
-KEYRING_OLD {
-    org.eclipse.equinox.security.auth.module.ExtensionLoginModule required
-        extensionId="org.argeo.security.equinox.keyringLoginModule";
-};
-
 KEYRING {
     org.argeo.util.crypto.KeyringLoginModule required;
 };
diff --git a/security/plugins/org.argeo.security.ui/src/main/java/org/argeo/security/ui/dialogs/AbstractLoginDialog.java b/security/plugins/org.argeo.security.ui/src/main/java/org/argeo/security/ui/dialogs/AbstractLoginDialog.java
index fecb80afc..7c7104577 100644
--- a/security/plugins/org.argeo.security.ui/src/main/java/org/argeo/security/ui/dialogs/AbstractLoginDialog.java
+++ b/security/plugins/org.argeo.security.ui/src/main/java/org/argeo/security/ui/dialogs/AbstractLoginDialog.java
@@ -79,6 +79,7 @@ public abstract class AbstractLoginDialog extends TrayDialog implements
 				isCancelled = false;
 				setBlockOnOpen(false);
 				open();
+
 				final Button okButton = getButton(IDialogConstants.OK_ID);
 				okButton.setText("Login");
 				okButton.addSelectionListener(new SelectionListener() {
@@ -170,6 +171,6 @@ public abstract class AbstractLoginDialog extends TrayDialog implements
 
 	protected void configureShell(Shell shell) {
 		super.configureShell(shell);
-		shell.setText("Login");
+		shell.setText("Autentication");
 	}
 }
diff --git a/security/plugins/org.argeo.security.ui/src/main/java/org/argeo/security/ui/dialogs/DefaultLoginDialog.java b/security/plugins/org.argeo.security.ui/src/main/java/org/argeo/security/ui/dialogs/DefaultLoginDialog.java
index 8c8554c6b..208eefea8 100644
--- a/security/plugins/org.argeo.security.ui/src/main/java/org/argeo/security/ui/dialogs/DefaultLoginDialog.java
+++ b/security/plugins/org.argeo.security.ui/src/main/java/org/argeo/security/ui/dialogs/DefaultLoginDialog.java
@@ -1,6 +1,7 @@
 package org.argeo.security.ui.dialogs;
 
 import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
 import javax.security.auth.callback.NameCallback;
 import javax.security.auth.callback.PasswordCallback;
 import javax.security.auth.callback.TextOutputCallback;
@@ -9,6 +10,7 @@ import org.eclipse.swt.SWT;
 import org.eclipse.swt.events.ModifyEvent;
 import org.eclipse.swt.events.ModifyListener;
 import org.eclipse.swt.graphics.Point;
+import org.eclipse.swt.graphics.Rectangle;
 import org.eclipse.swt.layout.GridData;
 import org.eclipse.swt.layout.GridLayout;
 import org.eclipse.swt.widgets.Composite;
@@ -18,6 +20,7 @@ import org.eclipse.swt.widgets.Label;
 import org.eclipse.swt.widgets.Shell;
 import org.eclipse.swt.widgets.Text;
 
+/** Default authentication dialog, to be used as {@link CallbackHandler}. */
 public class DefaultLoginDialog extends AbstractLoginDialog {
 
 	public DefaultLoginDialog() {
@@ -26,7 +29,6 @@ public class DefaultLoginDialog extends AbstractLoginDialog {
 
 	protected DefaultLoginDialog(Shell parentShell) {
 		super(parentShell);
-		// setBlockOnOpen(false);
 	}
 
 	protected Point getInitialSize() {
@@ -37,6 +39,12 @@ public class DefaultLoginDialog extends AbstractLoginDialog {
 	protected Control createContents(Composite parent) {
 		Control control = super.createContents(parent);
 		parent.pack();
+		// Move the dialog to the center of the top level shell.
+		Rectangle shellBounds = Display.getCurrent().getBounds();
+		Point dialogSize = parent.getSize();
+		int x = shellBounds.x + (shellBounds.width - dialogSize.x) / 2;
+		int y = shellBounds.y + (shellBounds.height - dialogSize.y) / 2;
+		parent.setLocation(x, y);
 		return control;
 	}
 
@@ -123,35 +131,4 @@ public class DefaultLoginDialog extends AbstractLoginDialog {
 
 	public void internalHandle() {
 	}
-
-	// hack to simulate modal
-	// see
-	// http://dev.eclipse.org/mhonarc/newsLists/news.eclipse.platform.jface/msg00181.html
-	// protected void setShellStyle(int newShellStyle) {
-	// // turn off APPLICATION_MODAL
-	// int newstyle = newShellStyle & ~SWT.APPLICATION_MODAL;
-	// // turn on MODELESS
-	// newstyle |= SWT.MODELESS;
-	// super.setShellStyle(newstyle);
-	// }
-	//
-	// public int open() {
-	//
-	// int retVal = super.open();
-	// // this will let the caller wait till OK, Cancel is
-	// // pressed, but will let the other GUI responsive
-	// pumpMessages();
-	// return retVal;
-	// }
-	//
-	// protected void pumpMessages() {
-	// Shell sh = getShell();
-	// Display disp = sh.getDisplay();
-	// while (!sh.isDisposed()) {
-	// if (!disp.readAndDispatch())
-	// disp.sleep();
-	// }
-	// disp.update();
-	// }
-
 }
diff --git a/server/plugins/org.argeo.jcr.ui.explorer/META-INF/MANIFEST.MF b/server/plugins/org.argeo.jcr.ui.explorer/META-INF/MANIFEST.MF
index b903e0763..4572f0a44 100644
--- a/server/plugins/org.argeo.jcr.ui.explorer/META-INF/MANIFEST.MF
+++ b/server/plugins/org.argeo.jcr.ui.explorer/META-INF/MANIFEST.MF
@@ -32,8 +32,6 @@ Import-Package: javax.jcr,
  org.argeo.jcr,
  org.argeo.jcr.security,
  org.argeo.jcr.spring,
- org.argeo.security.jcr,
- org.argeo.security.ui,
  org.argeo.util,
  org.argeo.util.crypto,
  org.eclipse.ui.forms,
diff --git a/server/plugins/org.argeo.jcr.ui.explorer/META-INF/spring/jcr.xml b/server/plugins/org.argeo.jcr.ui.explorer/META-INF/spring/jcr.xml
index 728e005b5..7869429d4 100644
--- a/server/plugins/org.argeo.jcr.ui.explorer/META-INF/spring/jcr.xml
+++ b/server/plugins/org.argeo.jcr.ui.explorer/META-INF/spring/jcr.xml
@@ -8,7 +8,7 @@
 	<bean id="repositoryRegister" class="org.argeo.jcr.DefaultRepositoryRegister">
 	</bean>
 
-	<bean id="nodeSession" class="org.argeo.security.jcr.SecureThreadBoundSession">
+	<bean id="nodeSession" class="org.argeo.jcr.spring.ThreadBoundSession">
 		<property name="repository" ref="nodeRepository" />
 	</bean>
 
diff --git a/server/plugins/org.argeo.jcr.ui.explorer/src/main/java/org/argeo/jcr/ui/explorer/commands/AddRemoteRepository.java b/server/plugins/org.argeo.jcr.ui.explorer/src/main/java/org/argeo/jcr/ui/explorer/commands/AddRemoteRepository.java
index 4e120ac47..f784bb698 100644
--- a/server/plugins/org.argeo.jcr.ui.explorer/src/main/java/org/argeo/jcr/ui/explorer/commands/AddRemoteRepository.java
+++ b/server/plugins/org.argeo.jcr.ui.explorer/src/main/java/org/argeo/jcr/ui/explorer/commands/AddRemoteRepository.java
@@ -157,7 +157,8 @@ public class AddRemoteRepository extends AbstractHandler implements
 							username.getText(), pwd);
 					session = repository.login(sc);
 					MessageDialog.openInformation(getParentShell(), "Success",
-							"Connection to " + uri + "successful");
+							"Connection to '" + uriText.getText()
+									+ "' successful");
 				}
 			} catch (Exception e) {
 				ErrorFeedback.show(
diff --git a/server/runtime/org.argeo.server.jcr/src/main/java/org/argeo/jcr/security/CaManager.java b/server/runtime/org.argeo.server.jcr/src/main/java/org/argeo/jcr/security/CaManager.java
deleted file mode 100644
index be6687ce6..000000000
--- a/server/runtime/org.argeo.server.jcr/src/main/java/org/argeo/jcr/security/CaManager.java
+++ /dev/null
@@ -1,7 +0,0 @@
-package org.argeo.jcr.security;
-
-
-public class CaManager {
-	// private Session session;
-
-}
diff --git a/server/runtime/org.argeo.server.jcr/src/main/java/org/argeo/jcr/security/SecurityTypes.java b/server/runtime/org.argeo.server.jcr/src/main/java/org/argeo/jcr/security/SecurityTypes.java
deleted file mode 100644
index c2bde844f..000000000
--- a/server/runtime/org.argeo.server.jcr/src/main/java/org/argeo/jcr/security/SecurityTypes.java
+++ /dev/null
@@ -1,5 +0,0 @@
-package org.argeo.jcr.security;
-
-public interface SecurityTypes {
-	public final static String SECURITY_CA = "security:ca";
-}
-- 
2.39.2