diff --git a/zanata-war/src/main/java/org/zanata/action/InactiveAccountAction.java b/zanata-war/src/main/java/org/zanata/action/InactiveAccountAction.java
index 67467bbb34..317c07719a 100644
--- a/zanata-war/src/main/java/org/zanata/action/InactiveAccountAction.java
+++ b/zanata-war/src/main/java/org/zanata/action/InactiveAccountAction.java
@@ -11,21 +11,21 @@
import org.jboss.seam.annotations.Scope;
import org.jboss.seam.annotations.Transactional;
import org.jboss.seam.faces.FacesMessages;
-import org.jboss.seam.faces.Renderer;
import org.zanata.action.validator.NotDuplicateEmail;
import org.zanata.dao.AccountDAO;
+import org.zanata.dao.CredentialsDAO;
import org.zanata.dao.PersonDAO;
import org.zanata.model.HAccount;
import org.zanata.model.HPerson;
+import org.zanata.security.AuthenticationType;
+import org.zanata.security.ZanataCredentials;
+import org.zanata.security.ZanataOpenId;
import org.zanata.service.EmailService;
@Name("inactiveAccountAction")
-@Scope(ScopeType.CONVERSATION)
+@Scope(ScopeType.PAGE)
public class InactiveAccountAction implements Serializable
{
- @In(create = true)
- private Renderer renderer;
-
@In
private AccountDAO accountDAO;
@@ -35,9 +35,16 @@ public class InactiveAccountAction implements Serializable
@In
private EmailService emailServiceImpl;
- private String email;
+ @In
+ private ZanataCredentials credentials;
+
+ @In
+ private ZanataOpenId zanataOpenId;
+
+ @In
+ private CredentialsDAO credentialsDAO;
- private String username;
+ private String email;
private HAccount account;
@@ -45,7 +52,15 @@ public class InactiveAccountAction implements Serializable
public void init()
{
- account = accountDAO.getByUsername(username);
+ if( credentials.getAuthType() == AuthenticationType.OPENID )
+ {
+ // NB: Maybe we can get the authenticated openid from somewhere else
+ account = credentialsDAO.findByUser( zanataOpenId.getId() ).getAccount();
+ }
+ else
+ {
+ account = accountDAO.getByUsername(credentials.getUsername());
+ }
}
public void sendActivationEmail()
@@ -102,12 +117,4 @@ public String getEmail() {
public void setEmail(String email) {
this.email = email;
}
-
- public String getUsername() {
- return username;
- }
-
- public void setUsername(String username) {
- this.username = username;
- }
}
diff --git a/zanata-war/src/main/java/org/zanata/action/LoginAction.java b/zanata-war/src/main/java/org/zanata/action/LoginAction.java
index da0a519205..9d57ff6228 100644
--- a/zanata-war/src/main/java/org/zanata/action/LoginAction.java
+++ b/zanata-war/src/main/java/org/zanata/action/LoginAction.java
@@ -30,6 +30,7 @@
import org.zanata.dao.AccountDAO;
import org.zanata.security.AuthenticationManager;
import org.zanata.security.AuthenticationType;
+import org.zanata.security.ZanataCredentials;
import org.zanata.security.openid.OpenIdProviderType;
/**
@@ -45,6 +46,9 @@ public class LoginAction implements Serializable
{
private static final long serialVersionUID = 1L;
+ @In
+ private ZanataCredentials credentials;
+
@In
private AuthenticationManager authenticationManager;
@@ -63,9 +67,6 @@ public class LoginAction implements Serializable
private String authProvider;
- private OpenIdProviderType openIdProviderType;
-
- private AuthenticationType authType;
public String getUsername()
{
@@ -98,20 +99,26 @@ public void setAuthProvider(String authProvider)
}
/**
- * Prepares authentication based on the passed parameters.
+ * Prepares authentication credentials based on the passed parameters.
*/
- private void configureAuthentication()
+ private void prepareCredentials()
{
+ AuthenticationType authType = null;
+ OpenIdProviderType openIdProviderType = null;
+
+ credentials.setUsername( username );
+ credentials.setPassword( password );
+
// All others
if (authProvider == null)
{
if (applicationConfiguration.isInternalAuth())
{
- this.authType = AuthenticationType.INTERNAL;
+ authType = AuthenticationType.INTERNAL;
}
else if (applicationConfiguration.isJaasAuth())
{
- this.authType = AuthenticationType.JAAS;
+ authType = AuthenticationType.JAAS;
}
}
// Open Id / internal auth
@@ -120,33 +127,36 @@ else if (applicationConfiguration.isJaasAuth())
try
{
// If it is open Id
- this.openIdProviderType = OpenIdProviderType.valueOf(authProvider);
- this.authType = AuthenticationType.OPENID;
+ openIdProviderType = OpenIdProviderType.valueOf(authProvider);
+ authType = AuthenticationType.OPENID;
}
catch (Exception e)
{
// If it's not open id, it might be another authentication type
- this.openIdProviderType = null;
- this.authType = AuthenticationType.valueOf(authProvider);
+ openIdProviderType = null;
+ authType = AuthenticationType.valueOf(authProvider);
}
}
+
+ credentials.setAuthType( authType );
+ credentials.setOpenIdProviderType( openIdProviderType );
}
public String login()
{
- this.configureAuthentication();
+ this.prepareCredentials();
String loginResult = null;
- switch (authType)
+ switch (credentials.getAuthType())
{
case OPENID:
- loginResult = this.loginWithOpenId();
+ loginResult = authenticationManager.openIdLogin();
break;
case INTERNAL:
- loginResult = this.loginWithInternal();
+ loginResult = authenticationManager.internalLogin();
break;
case JAAS:
- loginResult = this.loginWithJaas();
+ loginResult = authenticationManager.jaasLogin();
break;
// Kerberos auth happens on its own
}
@@ -162,7 +172,7 @@ public String login()
*/
public boolean isAuthenticatedNotActivate()
{
- boolean ignoreAccountEnabledCheck = true;
+ /*boolean ignoreAccountEnabledCheck = true;
if (authType == AuthenticationType.INTERNAL)
{
ignoreAccountEnabledCheck = true;
@@ -176,24 +186,9 @@ else if (authType == AuthenticationType.JAAS)
{
inactiveAccountAction.setUsername(username);
return true;
- }
+ }*/
return false;
}
-
- private String loginWithOpenId()
- {
- return authenticationManager.openIdLogin(openIdProviderType, username);
- }
-
- private String loginWithInternal()
- {
- return authenticationManager.internalLogin(username, password);
- }
-
- private String loginWithJaas()
- {
- return authenticationManager.jaasLogin(username, password);
- }
}
diff --git a/zanata-war/src/main/java/org/zanata/security/AuthenticationManager.java b/zanata-war/src/main/java/org/zanata/security/AuthenticationManager.java
index 0d2788574c..8f1bbdb769 100644
--- a/zanata-war/src/main/java/org/zanata/security/AuthenticationManager.java
+++ b/zanata-war/src/main/java/org/zanata/security/AuthenticationManager.java
@@ -22,13 +22,17 @@
import java.util.List;
+import org.jboss.seam.Component;
import org.jboss.seam.ScopeType;
import org.jboss.seam.annotations.AutoCreate;
import org.jboss.seam.annotations.In;
import org.jboss.seam.annotations.Name;
import org.jboss.seam.annotations.Observer;
import org.jboss.seam.annotations.Scope;
+import org.jboss.seam.faces.FacesMessages;
import org.jboss.seam.security.Credentials;
+import org.jboss.seam.security.Identity;
+import org.zanata.ApplicationConfiguration;
import org.zanata.dao.AccountDAO;
import org.zanata.dao.CredentialsDAO;
import org.zanata.model.HAccount;
@@ -61,7 +65,7 @@ public class AuthenticationManager
private ZanataJpaIdentityStore identityStore;
@In
- private Credentials credentials;
+ private ZanataCredentials credentials;
@In
private ZanataOpenId zanataOpenId;
@@ -75,6 +79,11 @@ public class AuthenticationManager
@In
private AccountDAO accountDAO;
+ @In
+ private UserRedirectBean userRedirect;
+
+ @In
+ private ApplicationConfiguration applicationConfiguration;
@@ -103,39 +112,49 @@ private String login(AuthenticationType authenticationType, String username, Str
/**
* Logs in user with internal authentication type
*
- * @param username
- * @param password
* @return
*/
- public String internalLogin(String username, String password)
+ public String internalLogin()
{
- return login(AuthenticationType.INTERNAL, username, password);
+ if( isLoggedInAccountWaitingForActivation() )
+ {
+ return "inactive";
+ }
+
+ return login(AuthenticationType.INTERNAL, credentials.getUsername(), credentials.getPassword());
}
/**
* Logs in user with jaas authentication type
*
- * @param username
- * @param password
* @return
*/
- public String jaasLogin(String username, String password)
+ public String jaasLogin()
+ {
+ return login(AuthenticationType.JAAS, credentials.getUsername(), credentials.getPassword());
+ }
+
+ /**
+ * Logs in with the kerberos authentication type
+ */
+ public void kerberosLogin()
{
- return login(AuthenticationType.JAAS, username, password);
+ if( credentials.getAuthType() == AuthenticationType.KERBEROS && applicationConfiguration.isKerberosAuth() )
+ {
+ SpNegoIdentity spNegoIdentity = (SpNegoIdentity) Component.getInstance(SpNegoIdentity.class, ScopeType.SESSION);
+ spNegoIdentity.setCredential();
+ }
}
/**
- * Logs in an Open Id user
+ * Logs in an Open Id user. Uses the values set in {@link ZanataCredentials}
+ * for authentication. This method should be invoked to authenticate AND log
+ * a user into Zanata.
*
- * @param openIdProviderType Open Id provider to use for authentication
- * @param username User name. The provider will use this username to construct an Open Id.
* @return A String with the result of the operation.
*/
- public String openIdLogin(OpenIdProviderType openIdProviderType, String username)
+ public String openIdLogin()
{
- credentials.setUsername(username);
- zanataOpenId.setProvider( openIdProviderType );
-
// Federated OpenId providers
if( zanataOpenId.isFederatedProvider() )
{
@@ -166,7 +185,58 @@ public String openIdLogin(OpenIdProviderType openIdProviderType, String username
*/
public void openIdAuthenticate(OpenIdProviderType openIdProviderType, String username, OpenIdAuthCallback callback)
{
- zanataOpenId.login(username, openIdProviderType, callback);
+ ZanataCredentials volatileCreds = new ZanataCredentials();
+ volatileCreds.setAuthType(AuthenticationType.OPENID);
+ volatileCreds.setOpenIdProviderType(openIdProviderType);
+ volatileCreds.setUsername(username);
+ zanataOpenId.login(volatileCreds, callback);
+ }
+
+ /**
+ * This method indicates where a user needs to be redirected for security purposes. It should be
+ * used to determine where to direct a user when they try to access secured content.
+ *
+ * @return A string containing a hint of where to redirect the user.
+ * Valid values are:
+ * edit - Redirect the user to the edit profile page.
+ * redirect - Allow the user to continue to the page they originally aimed for.
+ * home - Redirect the user to the home page.
+ * inactive - The user's account is inactive.
+ * login - Redirect the user to the login page.
+ */
+ public String getAuthenticationRedirect()
+ {
+ if (identity.getAuthenticationType() == AuthenticationType.KERBEROS && identity.isLoggedIn() && isNewUser())
+ {
+ return "edit";
+ }
+
+ if (identity.getAuthenticationType() == AuthenticationType.KERBEROS && identity.isLoggedIn() && !isNewUser())
+ {
+ if (userRedirect != null && userRedirect.isRedirect())
+ {
+ return "redirect";
+ }
+ else
+ {
+ return "home";
+ }
+ }
+
+ if (identity.getAuthenticationType() == AuthenticationType.KERBEROS && !identity.isLoggedIn())
+ {
+ if (isLoggedInAccountWaitingForActivation())
+ {
+ return "inactive";
+ }
+ return "home";
+ }
+
+ if (identity.getAuthenticationType() != AuthenticationType.KERBEROS)
+ {
+ return "login";
+ }
+ return null;
}
@@ -221,16 +291,18 @@ public boolean isAccountEnabled(String username)
return identityStore.isUserEnabled(username);
}
- public boolean authenticate(String username, String password, boolean ignoreAccountEnabled)
+ public boolean isLoggedInAccountWaitingForActivation()
{
- if (ignoreAccountEnabled)
- {
- return identityStore.authenticateIgnoreEnabled(username, password);
- }
- else
+ boolean userIsAuthenticated = true;
+
+ // For internal Authentication, the user must be re-authenticated without taking into account
+ // the account's enabled flag
+ if( credentials.getAuthType() == AuthenticationType.INTERNAL && applicationConfiguration.isInternalAuth() )
{
- return identityStore.authenticate(username, password);
+ userIsAuthenticated = identityStore.authenticateEvenIfDisabled(credentials.getUsername(), credentials.getPassword());
}
+
+ return userIsAuthenticated && !isAccountEnabled(credentials.getUsername()) && !isAccountActivated(credentials.getUsername());
}
public boolean isNewUser(String username)
@@ -238,6 +310,11 @@ public boolean isNewUser(String username)
return identityStore.isNewUser(username);
}
+ public boolean isNewUser()
+ {
+ return isNewUser( credentials.getUsername() );
+ }
+
public void setAuthenticateUser(String username)
{
Object user = identityStore.lookupUser(username);
@@ -249,4 +326,60 @@ public List getImpliedRoles(String username)
return identityStore.getImpliedRoles(username);
}
+ private boolean isAccountEnabledAndActivated()
+ {
+ String username = identity.getCredentials().getUsername();
+ if (isAccountEnabled(username))
+ {
+ return true;
+ }
+ else
+ {
+ String message = "";
+ if (!isAccountActivated(username))
+ {
+ message = "#{messages['org.jboss.seam.loginFailed']}";
+ }
+ else
+ {
+ message = "User " + username + " has been disabled. Please contact server admin.";
+ }
+
+ FacesMessages.instance().clear();
+ FacesMessages.instance().add(message);
+
+ //identity.setPreAuthenticated(false);
+ //identity.unAuthenticate();
+
+ return false;
+ }
+ }
+
+ private boolean isExternalLogin()
+ {
+ return identity.getAuthenticationType() != AuthenticationType.INTERNAL && !identity.isApiRequest();
+ }
+
+ private void applyAuthentication()
+ {
+ String username = identity.getCredentials().getUsername();
+
+ for (String role : getImpliedRoles(username))
+ {
+ identity.addRole(role);
+ }
+ setAuthenticateUser(username);
+ }
+
+
+ @Observer(Identity.EVENT_LOGIN_SUCCESSFUL)
+ public void loginInSuccessful()
+ {
+ identity.setPreAuthenticated(true);
+ if (isExternalLogin() && !isNewUser() && isAccountEnabledAndActivated())
+ {
+ applyAuthentication();
+ }
+ }
+
}
diff --git a/zanata-war/src/main/java/org/zanata/security/OpenIdLoginModule.java b/zanata-war/src/main/java/org/zanata/security/OpenIdLoginModule.java
index 8afbcaed36..72e20a6c96 100644
--- a/zanata-war/src/main/java/org/zanata/security/OpenIdLoginModule.java
+++ b/zanata-war/src/main/java/org/zanata/security/OpenIdLoginModule.java
@@ -44,7 +44,6 @@ public class OpenIdLoginModule implements LoginModule
protected CallbackHandler callbackHandler;
protected String username;
- protected OpenIdProviderType openIdProviderType;
public boolean abort() throws LoginException
{
@@ -74,7 +73,7 @@ public boolean login() throws LoginException
callbackHandler.handle(new Callback[] { cbName, cbPassword });
username = cbName.getName();
ZanataOpenId openid = (ZanataOpenId) Component.getInstance(ZanataOpenId.class, ScopeType.SESSION);
- openid.login(username);
+ openid.login(ZanataIdentity.instance().getCredentials());
}
catch (Exception ex)
{
diff --git a/zanata-war/src/main/java/org/zanata/security/ZanataCredentials.java b/zanata-war/src/main/java/org/zanata/security/ZanataCredentials.java
new file mode 100644
index 0000000000..954fce92d0
--- /dev/null
+++ b/zanata-war/src/main/java/org/zanata/security/ZanataCredentials.java
@@ -0,0 +1,78 @@
+/*
+ * Copyright 2010, Red Hat, Inc. and individual contributors as indicated by the
+ * @author tags. See the copyright.txt file in the distribution for a full
+ * listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it under the
+ * terms of the GNU Lesser General Public License as published by the Free
+ * Software Foundation; either version 2.1 of the License, or (at your option)
+ * any later version.
+ *
+ * This software is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this software; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF
+ * site: http://www.fsf.org.
+ */
+package org.zanata.security;
+
+import org.jboss.seam.annotations.Install;
+import org.jboss.seam.annotations.Name;
+import org.jboss.seam.annotations.Scope;
+import org.jboss.seam.annotations.intercept.BypassInterceptors;
+import org.jboss.seam.security.Credentials;
+import org.zanata.security.openid.OpenIdProviderType;
+
+import static org.jboss.seam.ScopeType.SESSION;
+import static org.jboss.seam.annotations.Install.APPLICATION;
+
+/**
+ * Overrides the default Seam credentials.
+ * Adds app-specific security concepts like authentication mechanisms.
+ *
+ * @author Carlos Munoz camunoz@redhat.com
+ * @see {@link Credentials}
+ */
+@Name("org.jboss.seam.security.credentials")
+@Scope(SESSION)
+@Install(precedence = APPLICATION)
+@BypassInterceptors
+public class ZanataCredentials extends Credentials
+{
+ private AuthenticationType authType;
+
+ private OpenIdProviderType openIdProviderType;
+
+
+ public AuthenticationType getAuthType()
+ {
+ return authType;
+ }
+
+ public void setAuthType(AuthenticationType authType)
+ {
+ this.authType = authType;
+ }
+
+ public OpenIdProviderType getOpenIdProviderType()
+ {
+ return openIdProviderType;
+ }
+
+ public void setOpenIdProviderType(OpenIdProviderType openIdProviderType)
+ {
+ this.openIdProviderType = openIdProviderType;
+ }
+
+ @Override
+ public void clear()
+ {
+ super.clear();
+ authType = null;
+ openIdProviderType = null;
+ }
+}
diff --git a/zanata-war/src/main/java/org/zanata/security/ZanataExternalLoginBean.java b/zanata-war/src/main/java/org/zanata/security/ZanataExternalLoginBean.java
deleted file mode 100644
index 533cfe5dfd..0000000000
--- a/zanata-war/src/main/java/org/zanata/security/ZanataExternalLoginBean.java
+++ /dev/null
@@ -1,197 +0,0 @@
-/*
- * Copyright 2010, Red Hat, Inc. and individual contributors
- * as indicated by the @author tags. See the copyright.txt file in the
- * distribution for a full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.zanata.security;
-
-
-import static org.jboss.seam.annotations.Install.APPLICATION;
-
-import java.io.Serializable;
-
-import org.apache.commons.lang.StringUtils;
-import org.jboss.seam.Component;
-import org.jboss.seam.ScopeType;
-import org.jboss.seam.annotations.Begin;
-import org.jboss.seam.annotations.Create;
-import org.jboss.seam.annotations.Install;
-import org.jboss.seam.annotations.Name;
-import org.jboss.seam.annotations.Observer;
-import org.jboss.seam.annotations.Scope;
-import org.jboss.seam.annotations.Startup;
-import org.jboss.seam.annotations.intercept.BypassInterceptors;
-import org.jboss.seam.faces.FacesMessages;
-import org.jboss.seam.security.Identity;
-import org.zanata.ApplicationConfiguration;
-import org.zanata.action.InactiveAccountAction;
-
-@Name("zanataExternalLoginBean")
-@Scope(ScopeType.SESSION)
-@Install(precedence = APPLICATION)
-@BypassInterceptors
-@Startup
-public class ZanataExternalLoginBean implements Serializable
-{
- private static final long serialVersionUID = 1L;
-
- private ZanataIdentity identity;
-
- private ApplicationConfiguration applicationConfiguration;
-
- private UserRedirectBean userRedirectBean;
-
- private AuthenticationManager authenticationManager;
-
- private String redirectUsername = "";
-
- private InactiveAccountAction inactiveAccountAction;
-
- @Create
- public void init()
- {
- identity = (ZanataIdentity) Component.getInstance(ZanataIdentity.class, ScopeType.SESSION);
- applicationConfiguration = (ApplicationConfiguration) Component.getInstance(ApplicationConfiguration.class, ScopeType.APPLICATION);
- userRedirectBean = (UserRedirectBean) Component.getInstance(UserRedirectBean.class, ScopeType.SESSION);
- authenticationManager = (AuthenticationManager) Component.getInstance(AuthenticationManager.class, ScopeType.SESSION);
- }
-
- private boolean isAccountEnabledAndActivated()
- {
- String username = identity.getCredentials().getUsername();
- if (authenticationManager.isAccountEnabled(username))
- {
- return true;
- }
- else
- {
- String message = "";
- if (!authenticationManager.isAccountActivated(username))
- {
- message = "#{messages['org.jboss.seam.loginFailed']}";
- redirectUsername = username;
- }
- else
- {
- message = "User " + username + " has been disabled. Please contact server admin.";
- }
-
- FacesMessages.instance().clear();
- FacesMessages.instance().add(message);
-
- identity.setPreAuthenticated(false);
- identity.unAuthenticate();
-
- return false;
- }
- }
-
- public boolean isRedirectToInactiveAccPage()
- {
- if (!StringUtils.isEmpty(redirectUsername))
- {
- initInactionAccountAction();
- return true;
- }
- return false;
- }
-
- @Begin
- private void initInactionAccountAction()
- {
- inactiveAccountAction = (InactiveAccountAction) Component.getInstance(InactiveAccountAction.class, ScopeType.CONVERSATION);
- inactiveAccountAction.setUsername(redirectUsername);
- }
-
- public boolean isNewUser()
- {
- return authenticationManager.isNewUser(identity.getCredentials().getUsername());
- }
-
- public boolean externalLogin()
- {
- return identity.getAuthenticationType() != AuthenticationType.INTERNAL && !identity.isApiRequest();
- }
-
- public void applyAuthentication()
- {
- String username = identity.getCredentials().getUsername();
-
- for (String role : authenticationManager.getImpliedRoles(username))
- {
- identity.addRole(role);
- }
- authenticationManager.setAuthenticateUser(username);
- }
-
-
- @Observer(Identity.EVENT_LOGIN_SUCCESSFUL)
- public void loginInSuccessful()
- {
- identity.setPreAuthenticated(true);
- if (externalLogin() && !isNewUser() && isAccountEnabledAndActivated())
- {
- applyAuthentication();
- }
- }
-
- public void spNegoExecute()
- {
- if (applicationConfiguration.isKerberosAuth())
- {
- SpNegoIdentity spNegoIdentity = (SpNegoIdentity) Component.getInstance(SpNegoIdentity.class, ScopeType.SESSION);
- spNegoIdentity.setCredential();
- }
- }
-
- public String redirect()
- {
- if (identity.getAuthenticationType() == AuthenticationType.KERBEROS && identity.isLoggedIn() && isNewUser())
- {
- return "edit";
- }
-
- if (identity.getAuthenticationType() == AuthenticationType.KERBEROS && identity.isLoggedIn() && !isNewUser())
- {
- if (userRedirectBean.isRedirect())
- {
- return "redirect";
- }
- else
- {
- return "home";
- }
- }
-
- if (identity.getAuthenticationType() == AuthenticationType.KERBEROS && !identity.isLoggedIn())
- {
- if (isRedirectToInactiveAccPage())
- {
- return "inactiveAccount";
- }
- return "home";
- }
-
- if (identity.getAuthenticationType() != AuthenticationType.KERBEROS)
- {
- return "login";
- }
- return null;
- }
-
-}
diff --git a/zanata-war/src/main/java/org/zanata/security/ZanataIdentity.java b/zanata-war/src/main/java/org/zanata/security/ZanataIdentity.java
index a4bec4cab3..eab620aabe 100644
--- a/zanata-war/src/main/java/org/zanata/security/ZanataIdentity.java
+++ b/zanata-war/src/main/java/org/zanata/security/ZanataIdentity.java
@@ -42,6 +42,7 @@
import org.jboss.seam.contexts.Contexts;
import org.jboss.seam.core.Events;
import org.jboss.seam.security.Configuration;
+import org.jboss.seam.security.Credentials;
import org.jboss.seam.security.Identity;
import org.jboss.seam.security.NotLoggedInException;
import org.jboss.seam.security.permission.RuleBasedPermissionResolver;
@@ -123,6 +124,12 @@ public void checkLoggedIn()
}
}
+ @Override
+ public ZanataCredentials getCredentials()
+ {
+ return (ZanataCredentials)super.getCredentials();
+ }
+
@Observer("org.jboss.seam.preDestroyContext.SESSION")
public void logout()
{
@@ -261,10 +268,10 @@ public String login( AuthenticationType authType )
{
this.preAuthenticated = true;
}
- else
+ /*else
{
this.getCredentials().clear();
- }
+ }*/
return result;
}
}
diff --git a/zanata-war/src/main/java/org/zanata/security/ZanataJpaIdentityStore.java b/zanata-war/src/main/java/org/zanata/security/ZanataJpaIdentityStore.java
index 704dcf0bd6..e6830f0093 100644
--- a/zanata-war/src/main/java/org/zanata/security/ZanataJpaIdentityStore.java
+++ b/zanata-war/src/main/java/org/zanata/security/ZanataJpaIdentityStore.java
@@ -109,13 +109,14 @@ public boolean apiKeyAuthenticate(String username, String apiKey)
}
/**
- * Custom authentication that ignores if the account is enabled flag
+ * Custom authentication that ignores the account's enabled state.
*
* @param username
* @param password
* @return
+ * @see {@link JpaIdentityStore#authenticate(String, String)}
*/
- public boolean authenticateIgnoreEnabled(String username, String password)
+ public boolean authenticateEvenIfDisabled(String username, String password)
{
Object user = lookupUser(username);
if (user == null)
diff --git a/zanata-war/src/main/java/org/zanata/security/ZanataOpenId.java b/zanata-war/src/main/java/org/zanata/security/ZanataOpenId.java
index 87d440ec1d..4796829d8c 100644
--- a/zanata-war/src/main/java/org/zanata/security/ZanataOpenId.java
+++ b/zanata-war/src/main/java/org/zanata/security/ZanataOpenId.java
@@ -252,21 +252,7 @@ private void loginImmediate()
}
}
- public void login( String username )
- {
- if( this.openIdProvider == null )
- {
- throw new RuntimeException("Attempting to log in with Open Id without specifying the provider type.");
- }
- this.login(username, null);
- }
-
- public void login(String username, OpenIdProviderType openIdProviderType)
- {
- this.login(username, openIdProviderType, this);
- }
-
- public void login(String username, OpenIdProviderType openIdProviderType, OpenIdAuthCallback callback)
+ private void login(String username, OpenIdProviderType openIdProviderType, OpenIdAuthCallback callback)
{
try
{
@@ -283,6 +269,16 @@ public void login(String username, OpenIdProviderType openIdProviderType, OpenId
}
}
+ public void login(ZanataCredentials credentials)
+ {
+ this.login(credentials, this);
+ }
+
+ public void login(ZanataCredentials credentials, OpenIdAuthCallback callback)
+ {
+ this.login(credentials.getUsername(), credentials.getOpenIdProviderType(), callback);
+ }
+
private void login()
{
authResult = new OpenIdAuthenticationResult();
@@ -316,13 +312,13 @@ public void afterOpenIdAuth(OpenIdAuthenticationResult result)
HAccount authenticatedAccount = accountDAO.getByCredentialsId( result.getAuthenticatedId() );
// If the user hasn't been registered, there is no authenticated account
- if( authenticatedAccount != null )
+ if( authenticatedAccount != null && authenticatedAccount.isEnabled() )
{
credentials.setUsername( authenticatedAccount.getUsername() );
Identity.instance().acceptExternallyAuthenticatedPrincipal((new OpenIdPrincipal(result.getAuthenticatedId())));
+ this.loginImmediate();
}
- this.loginImmediate();
}
}
diff --git a/zanata-war/src/main/webapp/WEB-INF/pages.xml b/zanata-war/src/main/webapp/WEB-INF/pages.xml
index 493cd22700..37ed2c2857 100644
--- a/zanata-war/src/main/webapp/WEB-INF/pages.xml
+++ b/zanata-war/src/main/webapp/WEB-INF/pages.xml
@@ -14,17 +14,16 @@
-
+
-
+
-
+
-
-
+
@@ -63,8 +62,8 @@
-
-
+
+
@@ -75,8 +74,7 @@
-
-
+
@@ -91,20 +89,19 @@
-
+
+
+
+
+
-
+
-
+
-
-
-
-
-
diff --git a/zanata-war/src/main/webapp/profile/edit.xhtml b/zanata-war/src/main/webapp/profile/edit.xhtml
index 634678b0fe..f87a18eddb 100644
--- a/zanata-war/src/main/webapp/profile/edit.xhtml
+++ b/zanata-war/src/main/webapp/profile/edit.xhtml
@@ -10,7 +10,7 @@
Edit Profile
-
+
diff --git a/zanata-war/src/test/java/org/zanata/rest/service/CopyTransRestTest.java b/zanata-war/src/test/java/org/zanata/rest/service/CopyTransRestTest.java
index 4ba1fea1ea..04d72ac5aa 100644
--- a/zanata-war/src/test/java/org/zanata/rest/service/CopyTransRestTest.java
+++ b/zanata-war/src/test/java/org/zanata/rest/service/CopyTransRestTest.java
@@ -30,6 +30,7 @@
import org.zanata.ZanataRestTest;
import org.zanata.rest.dto.CopyTransStatus;
import org.zanata.seam.SeamAutowire;
+import org.zanata.security.ZanataCredentials;
import org.zanata.security.ZanataIdentity;
import org.zanata.service.impl.CopyTransServiceImpl;
import org.zanata.service.impl.LocaleServiceImpl;
@@ -62,7 +63,7 @@ protected void prepareResources()
MockitoAnnotations.initMocks(this);
when(mockIdentity.hasPermission(anyString(), anyString(), anyVararg())).thenReturn(true);
when(mockIdentity.hasPermission(anyString(), anyString())).thenReturn(true);
- Credentials credentials = new Credentials();
+ ZanataCredentials credentials = new ZanataCredentials();
credentials.setUsername("testuser");
when(mockIdentity.getCredentials()).thenReturn(credentials);
diff --git a/zanata-war/src/test/java/org/zanata/webtrans/server/rpc/RemoteLoggingHandlerTest.java b/zanata-war/src/test/java/org/zanata/webtrans/server/rpc/RemoteLoggingHandlerTest.java
index 4c0d9226c4..c7327401ca 100644
--- a/zanata-war/src/test/java/org/zanata/webtrans/server/rpc/RemoteLoggingHandlerTest.java
+++ b/zanata-war/src/test/java/org/zanata/webtrans/server/rpc/RemoteLoggingHandlerTest.java
@@ -8,6 +8,7 @@
import org.testng.annotations.BeforeMethod;
import org.testng.annotations.Test;
import org.zanata.seam.SeamAutowire;
+import org.zanata.security.ZanataCredentials;
import org.zanata.security.ZanataIdentity;
import org.zanata.webtrans.shared.rpc.NoOpResult;
import org.zanata.webtrans.shared.rpc.RemoteLoggingAction;
@@ -39,7 +40,7 @@ public void setUp() throws Exception
.autowire(RemoteLoggingHandler.class);
// @formatter:on
- when(identity.getCredentials()).thenReturn(new Credentials());
+ when(identity.getCredentials()).thenReturn(new ZanataCredentials());
}
@Test