EncodePasswordOnFirstLoadInterceptor xref

View Javadoc

1   /* 
2    * Licensed to the Apache Software Foundation (ASF) under one or more
3    * contributor license agreements.  See the NOTICE file distributed with
4    * this work for additional information regarding copyright ownership.
5    * The ASF licenses this file to You under the Apache License, Version 2.0
6    * (the "License"); you may not use this file except in compliance with
7    * the License.  You may obtain a copy of the License at
8   *
9   *     http://www.apache.org/licenses/LICENSE-2.0
10  *
11  * Unless required by applicable law or agreed to in writing, software
12  * distributed under the License is distributed on an "AS IS" BASIS,
13  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14  * See the License for the specific language governing permissions and
15  * limitations under the License.
16  */
17  package org.apache.jetspeed.security.spi.impl;
18  
19  import java.sql.Timestamp;
20  import java.util.Date;
21  
22  import org.apache.jetspeed.security.AlgorithmUpgradePasswordEncodingService;
23  import org.apache.jetspeed.security.SecurityException;
24  import org.apache.jetspeed.security.om.InternalCredential;
25  import org.apache.jetspeed.security.spi.PasswordCredentialProvider;
26  
27  /***
28   * <p>
29   * Encodes (encrypts) an {@link InternalCredential} password using the configured {@link PasswordCredentialProvider#getEncoder() encoder}
30   * if it is loaded unencoded from the persistent store.</p>
31   * <p>
32   * This interceptor is useful when credentials need to be preset in the persistent store (like through scripts) or
33   * migrated unencoded from a different storage.</p>
34   * 
35   * @author <a href="mailto:ate@douma.nu">Ate Douma</a>
36   * @version $Id$
37   */
38  public class EncodePasswordOnFirstLoadInterceptor extends AbstractInternalPasswordCredentialInterceptorImpl
39  {
40      /***
41       * @return true if now encoded
42       * @see org.apache.jetspeed.security.spi.InternalPasswordCredentialInterceptor#afterLoad(org.apache.jetspeed.security.spi.PasswordCredentialProvider, java.lang.String, org.apache.jetspeed.security.om.InternalCredential)
43       */
44      public boolean afterLoad(PasswordCredentialProvider pcProvider, String userName, InternalCredential credential)
45              throws SecurityException
46      {
47          boolean updated = false;
48          if (!credential.isEncoded() && pcProvider.getEncoder() != null )
49          {
50              credential.setValue(pcProvider.getEncoder().encode(userName,credential.getValue()));
51              credential.setEncoded(true);
52              
53              if ( pcProvider.getEncoder() instanceof AlgorithmUpgradePasswordEncodingService)
54              {
55                  // For the AlgorithmUpgradePBEPasswordService to be able to distinguise between
56                  // old and new encoded passwords, it evaluates the last and previous authentication timestamps.
57                  // With an automatic encoding (using the new encoding schema) the last authentication must be
58                  // set to null (as the user hasn't been authenticated yet again, which leaves the previous
59                  // authentication timestamp for indicating when the (new) encoding took place.
60                  credential.setPreviousAuthenticationDate(new Timestamp(new Date().getTime()));
61                  credential.setLastAuthenticationDate(null);
62              }
63              updated = true;
64          }
65          return updated;
66      }
67  }