Skip to content
This repository has been archived by the owner. It is now read-only.
Permalink
Browse files

rhbz803923 - Security system refactoring.

The current workflow has become too complicated, so centering all the authentication functions around the AuthenticationManager class.
Get rid of the ZanataExternalAuthentication component.
Implement custom Credentials class that also holds the type of authentication being used.
Some work still left to be done, specially around the Open Id 'listeners' and some extra events being triggered (see the AuthenticationManager), but overall it should be much more compact.
  • Loading branch information...
carlosmunoz committed Dec 14, 2012
1 parent 99c406f commit c85e4f6d8d0a6177d2b0678cafe1deb1c98e2fd1
@@ -11,21 +11,21 @@
import org.jboss.seam.annotations.Scope;
import org.jboss.seam.annotations.Transactional;
import org.jboss.seam.faces.FacesMessages;
import org.jboss.seam.faces.Renderer;
import org.zanata.action.validator.NotDuplicateEmail;
import org.zanata.dao.AccountDAO;
import org.zanata.dao.CredentialsDAO;
import org.zanata.dao.PersonDAO;
import org.zanata.model.HAccount;
import org.zanata.model.HPerson;
import org.zanata.security.AuthenticationType;
import org.zanata.security.ZanataCredentials;
import org.zanata.security.ZanataOpenId;
import org.zanata.service.EmailService;

@Name("inactiveAccountAction")
@Scope(ScopeType.CONVERSATION)
@Scope(ScopeType.PAGE)
public class InactiveAccountAction implements Serializable
{
@In(create = true)
private Renderer renderer;

@In
private AccountDAO accountDAO;

@@ -35,17 +35,32 @@
@In
private EmailService emailServiceImpl;

private String email;
@In
private ZanataCredentials credentials;

@In
private ZanataOpenId zanataOpenId;

@In
private CredentialsDAO credentialsDAO;

private String username;
private String email;

private HAccount account;

private static final long serialVersionUID = 1L;

public void init()
{
account = accountDAO.getByUsername(username);
if( credentials.getAuthType() == AuthenticationType.OPENID )
{
// NB: Maybe we can get the authenticated openid from somewhere else
account = credentialsDAO.findByUser( zanataOpenId.getId() ).getAccount();
}
else
{
account = accountDAO.getByUsername(credentials.getUsername());
}
}

public void sendActivationEmail()
@@ -102,12 +117,4 @@ public String getEmail() {
public void setEmail(String email) {
this.email = email;
}

public String getUsername() {
return username;
}

public void setUsername(String username) {
this.username = username;
}
}
@@ -30,6 +30,7 @@
import org.zanata.dao.AccountDAO;
import org.zanata.security.AuthenticationManager;
import org.zanata.security.AuthenticationType;
import org.zanata.security.ZanataCredentials;
import org.zanata.security.openid.OpenIdProviderType;

/**
@@ -45,6 +46,9 @@
{
private static final long serialVersionUID = 1L;

@In
private ZanataCredentials credentials;

@In
private AuthenticationManager authenticationManager;

@@ -63,9 +67,6 @@

private String authProvider;

private OpenIdProviderType openIdProviderType;

private AuthenticationType authType;

public String getUsername()
{
@@ -98,20 +99,26 @@ public void setAuthProvider(String authProvider)
}

/**
* Prepares authentication based on the passed parameters.
* Prepares authentication credentials based on the passed parameters.
*/
private void configureAuthentication()
private void prepareCredentials()
{
AuthenticationType authType = null;
OpenIdProviderType openIdProviderType = null;

credentials.setUsername( username );
credentials.setPassword( password );

// All others
if (authProvider == null)
{
if (applicationConfiguration.isInternalAuth())
{
this.authType = AuthenticationType.INTERNAL;
authType = AuthenticationType.INTERNAL;
}
else if (applicationConfiguration.isJaasAuth())
{
this.authType = AuthenticationType.JAAS;
authType = AuthenticationType.JAAS;
}
}
// Open Id / internal auth
@@ -120,33 +127,36 @@ else if (applicationConfiguration.isJaasAuth())
try
{
// If it is open Id
this.openIdProviderType = OpenIdProviderType.valueOf(authProvider);
this.authType = AuthenticationType.OPENID;
openIdProviderType = OpenIdProviderType.valueOf(authProvider);
authType = AuthenticationType.OPENID;
}
catch (Exception e)
{
// If it's not open id, it might be another authentication type
this.openIdProviderType = null;
this.authType = AuthenticationType.valueOf(authProvider);
openIdProviderType = null;
authType = AuthenticationType.valueOf(authProvider);
}
}

credentials.setAuthType( authType );
credentials.setOpenIdProviderType( openIdProviderType );
}

public String login()
{
this.configureAuthentication();
this.prepareCredentials();
String loginResult = null;

switch (authType)
switch (credentials.getAuthType())
{
case OPENID:
loginResult = this.loginWithOpenId();
loginResult = authenticationManager.openIdLogin();
break;
case INTERNAL:
loginResult = this.loginWithInternal();
loginResult = authenticationManager.internalLogin();
break;
case JAAS:
loginResult = this.loginWithJaas();
loginResult = authenticationManager.jaasLogin();
break;
// Kerberos auth happens on its own
}
@@ -162,7 +172,7 @@ public String login()
*/
public boolean isAuthenticatedNotActivate()
{
boolean ignoreAccountEnabledCheck = true;
/*boolean ignoreAccountEnabledCheck = true;
if (authType == AuthenticationType.INTERNAL)
{
ignoreAccountEnabledCheck = true;
@@ -176,24 +186,9 @@ else if (authType == AuthenticationType.JAAS)
{
inactiveAccountAction.setUsername(username);
return true;
}
}*/
return false;

}

private String loginWithOpenId()
{
return authenticationManager.openIdLogin(openIdProviderType, username);
}

private String loginWithInternal()
{
return authenticationManager.internalLogin(username, password);
}

private String loginWithJaas()
{
return authenticationManager.jaasLogin(username, password);
}

}

0 comments on commit c85e4f6

Please sign in to comment.
You can’t perform that action at this time.