package org.argeo.cms.internal.auth;
-import java.nio.ByteBuffer;
-import java.nio.CharBuffer;
-import java.nio.charset.Charset;
import java.security.Principal;
import java.util.Arrays;
import java.util.Collections;
import javax.security.auth.spi.LoginModule;
import javax.security.auth.x500.X500Principal;
-import org.apache.commons.codec.binary.Base64;
-import org.apache.commons.codec.digest.DigestUtils;
import org.apache.jackrabbit.core.security.AnonymousPrincipal;
import org.apache.jackrabbit.core.security.SecurityConstants;
import org.apache.jackrabbit.core.security.principal.AdminPrincipal;
private CallbackHandler callbackHandler;
private boolean isAnonymous = false;
- private final static LdapName ROLE_ADMIN_NAME, ROLE_USER_NAME,
- ROLE_ANONYMOUS_NAME;
+ private final static LdapName ROLE_KERNEL_NAME, ROLE_ADMIN_NAME,
+ ROLE_ANONYMOUS_NAME, ROLE_USER_NAME;
private final static List<LdapName> RESERVED_ROLES;
private final static X500Principal ROLE_ANONYMOUS_PRINCIPAL;
static {
try {
+ ROLE_KERNEL_NAME = new LdapName(KernelHeader.ROLE_KERNEL);
ROLE_ADMIN_NAME = new LdapName(KernelHeader.ROLE_ADMIN);
ROLE_USER_NAME = new LdapName(KernelHeader.ROLE_USER);
ROLE_ANONYMOUS_NAME = new LdapName(KernelHeader.ROLE_ANONYMOUS);
RESERVED_ROLES = Collections.unmodifiableList(Arrays
- .asList(new LdapName[] { ROLE_ANONYMOUS_NAME,
- ROLE_USER_NAME, ROLE_ADMIN_NAME,
+ .asList(new LdapName[] { ROLE_KERNEL_NAME, ROLE_ADMIN_NAME,
+ ROLE_ANONYMOUS_NAME, ROLE_USER_NAME,
new LdapName(KernelHeader.ROLE_GROUP_ADMIN),
new LdapName(KernelHeader.ROLE_USER_ADMIN) }));
ROLE_ANONYMOUS_PRINCIPAL = new X500Principal(
else
throw new CredentialNotFoundException("No credentials provided");
- // user = (User) userAdmin.getRole(username);
user = userAdmin.getUser(null, username);
if (user == null)
return false;
-
- byte[] hashedPassword = ("{SHA}" + Base64
- .encodeBase64String(DigestUtils.sha1(toBytes(password))))
- .getBytes();
- if (!user.hasCredential("userpassword", hashedPassword))
+ if (!user.hasCredential(null, password))
return false;
} else
// anonymous
return true;
}
- private byte[] toBytes(char[] chars) {
- CharBuffer charBuffer = CharBuffer.wrap(chars);
- ByteBuffer byteBuffer = Charset.forName("UTF-8").encode(charBuffer);
- byte[] bytes = Arrays.copyOfRange(byteBuffer.array(),
- byteBuffer.position(), byteBuffer.limit());
- Arrays.fill(charBuffer.array(), '\u0000'); // clear sensitive data
- Arrays.fill(byteBuffer.array(), (byte) 0); // clear sensitive data
- return bytes;
- }
-
@Override
public boolean commit() throws LoginException {
if (authorization != null) {
private void checkImpliedPrincipalName(LdapName roleName) {
if (ROLE_USER_NAME.equals(roleName)
- || ROLE_ANONYMOUS_NAME.equals(roleName))
+ || ROLE_ANONYMOUS_NAME.equals(roleName)
+ || ROLE_KERNEL_NAME.equals(roleName))
throw new CmsException(roleName + " cannot be listed as role");
}
}