1/*2 * Licensed to the Apache Software Foundation (ASF) under one or more3 * contributor license agreements. See the NOTICE file distributed with4 * this work for additional information regarding copyright ownership.5 * The ASF licenses this file to You under the Apache License, Version 2.06 * (the "License"); you may not use this file except in compliance with7 * the License. You may obtain a copy of the License at8*9* http://www.apache.org/licenses/LICENSE-2.010*11* Unless required by applicable law or agreed to in writing, software12* distributed under the License is distributed on an "AS IS" BASIS,13* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.14* See the License for the specific language governing permissions and15* limitations under the License.16*/17packageorg.apache.jetspeed.security.spi.impl;
1819import org.apache.commons.logging.Log;
20import org.apache.commons.logging.LogFactory;
21import org.apache.jetspeed.security.SecurityException;
22import org.apache.jetspeed.security.om.InternalCredential;
23import org.apache.jetspeed.security.spi.InternalPasswordCredentialInterceptor;
24import org.apache.jetspeed.security.spi.PasswordCredentialProvider;
2526/***27 * <p>28 * Checks if a (pre)set password in the persitent store is valid according to the configured29 * {@link PasswordCredentialProvider#getValidator() validator} when loaded from the persistent store.</p>30 * <p>31 * If the password checks out to be invalid, an error is logged and the credential is flagged to be 32 * {@link InternalCredential#isUpdateRequired() updateRequired}.</p>33 * 34 * @author <a href="mailto:ate@douma.nu">Ate Douma</a>35 * @version $Id$36 */37publicclassValidatePasswordOnLoadInterceptorextendsAbstractInternalPasswordCredentialInterceptorImpl38 {
39privatestaticfinal Log log = LogFactory.getLog(InternalPasswordCredentialInterceptor.class);
4041/***42 * @return true is the password was invalid and update is required43 * @see org.apache.jetspeed.security.spi.InternalPasswordCredentialInterceptor#afterLoad(org.apache.jetspeed.security.spi.PasswordCredentialProvider, java.lang.String, org.apache.jetspeed.security.om.InternalCredential)44 */45publicboolean afterLoad(PasswordCredentialProvider pcProvider, String userName, InternalCredential credential)
46 throws SecurityException
47 {
48boolean updated = false;
49if (!credential.isEncoded() && pcProvider.getValidator() != null )
50 {
51try52 {
53 pcProvider.getValidator().validate(credential.getValue());
54 }
55catch (SecurityException e)
56 {
57 log.error("Loaded password for user "+userName+" is invalid. The user will be required to change it.");
58// persitent store contains an invalid password59// allow login (assuming the user knows the invalid value) but enforce an update60 credential.setUpdateRequired(true);
61 updated = true;
62 }
63 }
64return updated;
65 }
66 }