rhbz803923 - Security system refactoring.

The current workflow has become too complicated, so centering all the authentication functions around the AuthenticationManager class. Get rid of the ZanataExternalAuthentication component. Implement custom Credentials class that also holds the type of authentication being used. Some work still left to be done, specially around the Open Id 'listeners' and some extra events being triggered (see the AuthenticationManager), but overall it should be much more compact.
zanata · Dec 14, 2012 · c85e4f6 · c85e4f6
1 parent 99c406f
commit c85e4f6
Show file tree

Hide file tree

Showing 13 changed files with 331 additions and 313 deletions.
diff --git a/zanata-war/src/main/java/org/zanata/action/InactiveAccountAction.java b/zanata-war/src/main/java/org/zanata/action/InactiveAccountAction.java
@@ -11,21 +11,21 @@
 import org.jboss.seam.annotations.Scope;
 import org.jboss.seam.annotations.Transactional;
 import org.jboss.seam.faces.FacesMessages;
-import org.jboss.seam.faces.Renderer;
 import org.zanata.action.validator.NotDuplicateEmail;
 import org.zanata.dao.AccountDAO;
+import org.zanata.dao.CredentialsDAO;
 import org.zanata.dao.PersonDAO;
 import org.zanata.model.HAccount;
 import org.zanata.model.HPerson;
+import org.zanata.security.AuthenticationType;
+import org.zanata.security.ZanataCredentials;
+import org.zanata.security.ZanataOpenId;
 import org.zanata.service.EmailService;
 
 @Name("inactiveAccountAction")
-@Scope(ScopeType.CONVERSATION)
+@Scope(ScopeType.PAGE)
 public class InactiveAccountAction implements Serializable
 {
-   @In(create = true)
-   private Renderer renderer;
-
    @In
    private AccountDAO accountDAO;
 
@@ -35,17 +35,32 @@ public class InactiveAccountAction implements Serializable
    @In
    private EmailService emailServiceImpl;
 
-   private String email;
+   @In
+   private ZanataCredentials credentials;
+
+   @In
+   private ZanataOpenId zanataOpenId;
+
+   @In
+   private CredentialsDAO credentialsDAO;
 
-   private String username;
+   private String email;
 
    private HAccount account;
 
    private static final long serialVersionUID = 1L;
 
    public void init()
    {
-      account = accountDAO.getByUsername(username);
+      if( credentials.getAuthType() == AuthenticationType.OPENID )
+      {
+         // NB: Maybe we can get the authenticated openid from somewhere else
+         account = credentialsDAO.findByUser( zanataOpenId.getId() ).getAccount();
+      }
+      else
+      {
+         account = accountDAO.getByUsername(credentials.getUsername());
+      }
    }
 
    public void sendActivationEmail()
@@ -102,12 +117,4 @@ public String getEmail() {
     public void setEmail(String email) {
         this.email = email;
     }
-
-    public String getUsername() {
-        return username;
-    }
-
-    public void setUsername(String username) {
-        this.username = username;
-    }
 }
diff --git a/zanata-war/src/main/java/org/zanata/action/LoginAction.java b/zanata-war/src/main/java/org/zanata/action/LoginAction.java
@@ -30,6 +30,7 @@
 import org.zanata.dao.AccountDAO;
 import org.zanata.security.AuthenticationManager;
 import org.zanata.security.AuthenticationType;
+import org.zanata.security.ZanataCredentials;
 import org.zanata.security.openid.OpenIdProviderType;
 
 /**
@@ -45,6 +46,9 @@ public class LoginAction implements Serializable
 {
    private static final long serialVersionUID = 1L;
 
+   @In
+   private ZanataCredentials credentials;
+
    @In
    private AuthenticationManager authenticationManager;
 
@@ -63,9 +67,6 @@ public class LoginAction implements Serializable
 
    private String authProvider;
 
-   private OpenIdProviderType openIdProviderType;
-
-   private AuthenticationType authType;
 
    public String getUsername()
    {
@@ -98,20 +99,26 @@ public void setAuthProvider(String authProvider)
    }
 
    /**
-    * Prepares authentication based on the passed parameters.
+    * Prepares authentication credentials based on the passed parameters.
     */
-   private void configureAuthentication()
+   private void prepareCredentials()
    {
+      AuthenticationType authType = null;
+      OpenIdProviderType openIdProviderType = null;
+
+      credentials.setUsername( username );
+      credentials.setPassword( password );
+
       // All others
       if (authProvider == null)
       {
          if (applicationConfiguration.isInternalAuth())
          {
-            this.authType = AuthenticationType.INTERNAL;
+            authType = AuthenticationType.INTERNAL;
          }
          else if (applicationConfiguration.isJaasAuth())
          {
-            this.authType = AuthenticationType.JAAS;
+            authType = AuthenticationType.JAAS;
          }
       }
       // Open Id / internal auth
@@ -120,33 +127,36 @@ else if (applicationConfiguration.isJaasAuth())
          try
          {
             // If it is open Id
-            this.openIdProviderType = OpenIdProviderType.valueOf(authProvider);
-            this.authType = AuthenticationType.OPENID;
+            openIdProviderType = OpenIdProviderType.valueOf(authProvider);
+            authType = AuthenticationType.OPENID;
          }
          catch (Exception e)
          {
             // If it's not open id, it might be another authentication type
-            this.openIdProviderType = null;
-            this.authType = AuthenticationType.valueOf(authProvider);
+            openIdProviderType = null;
+            authType = AuthenticationType.valueOf(authProvider);
          }
       }
+
+      credentials.setAuthType( authType );
+      credentials.setOpenIdProviderType( openIdProviderType );
    }
 
    public String login()
    {
-      this.configureAuthentication();
+      this.prepareCredentials();
       String loginResult = null;
 
-      switch (authType)
+      switch (credentials.getAuthType())
       {
       case OPENID:
-         loginResult = this.loginWithOpenId();
+         loginResult = authenticationManager.openIdLogin();
          break;
       case INTERNAL:
-         loginResult = this.loginWithInternal();
+         loginResult = authenticationManager.internalLogin();
          break;
       case JAAS:
-         loginResult = this.loginWithJaas();
+         loginResult = authenticationManager.jaasLogin();
          break;
       // Kerberos auth happens on its own
       }
@@ -162,7 +172,7 @@ public String login()
     */
    public boolean isAuthenticatedNotActivate()
    {
-      boolean ignoreAccountEnabledCheck = true;
+      /*boolean ignoreAccountEnabledCheck = true;
       if (authType == AuthenticationType.INTERNAL)
       {
          ignoreAccountEnabledCheck = true;
@@ -176,24 +186,9 @@ else if (authType == AuthenticationType.JAAS)
       {
          inactiveAccountAction.setUsername(username);
          return true;
-      }
+      }*/
       return false;
 
    }
-
-   private String loginWithOpenId()
-   {
-      return authenticationManager.openIdLogin(openIdProviderType, username);
-   }
-
-   private String loginWithInternal()
-   {
-      return authenticationManager.internalLogin(username, password);
-   }
-
-   private String loginWithJaas()
-   {
-      return authenticationManager.jaasLogin(username, password);
-   }
 
 }