Yair Zaslavsky has uploaded a new change for review.
Change subject: 2. core: Adding support for returning password URL change to
client
......................................................................
2. core: Adding support for returning password URL change to client
This patch performs the following:
1. Change to AuthenticationResult - no need to hold the detailedInfo
classes can extend AuthenticationResult and hold information in fields if neede
2. Handling fetching the password change URL and attaching it to the canDoAction
messages in case the password has expired.
Change-Id: I0825b1624696e687d76b867f4844f7016819cf2c
Signed-off-by: Yair Zaslavsky <yzasl...@redhat.com>
---
M
backend/manager/modules/authentication/src/main/java/org/ovirt/engine/core/authentication/internal/InternalAuthenticator.java
M
backend/manager/modules/authentication/src/main/java/org/ovirt/engine/core/authentication/nop/NopAuthenticationResult.java
M
backend/manager/modules/authentication/src/main/java/org/ovirt/engine/core/authentication/nop/NopAuthenticator.java
M
backend/manager/modules/authentication/src/main/java/org/ovirt/engine/core/authentication/result/BooleanAuthenticationResult.java
M
backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/authentication/provisional/ProvisionalAuthenticationResult.java
M
backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/authentication/provisional/ProvisionalAuthenticator.java
M
backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/LoginBaseCommand.java
M
backend/manager/modules/common/src/main/java/org/ovirt/engine/core/authentication/AuthenticationResult.java
M
backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/errors/VdcBllMessages.java
M backend/manager/modules/dal/src/main/resources/bundles/AppErrors.properties
10 files changed, 73 insertions(+), 47 deletions(-)
git pull ssh://gerrit.ovirt.org:29418/ovirt-engine refs/changes/20/23620/1
diff --git
a/backend/manager/modules/authentication/src/main/java/org/ovirt/engine/core/authentication/internal/InternalAuthenticator.java
b/backend/manager/modules/authentication/src/main/java/org/ovirt/engine/core/authentication/internal/InternalAuthenticator.java
index 7f6e17d..0e004ca 100644
---
a/backend/manager/modules/authentication/src/main/java/org/ovirt/engine/core/authentication/internal/InternalAuthenticator.java
+++
b/backend/manager/modules/authentication/src/main/java/org/ovirt/engine/core/authentication/internal/InternalAuthenticator.java
@@ -16,11 +16,8 @@
public class InternalAuthenticator implements PasswordAuthenticator {
private static final Logger log =
LoggerFactory.getLogger(InternalAuthenticator.class);
- /**
- * {@inheritDoc}
- */
@Override
- public AuthenticationResult<?> authenticate(String user, String password) {
+ public AuthenticationResult authenticate(String user, String password) {
String adminName = Config.<String> getValue(ConfigValues.AdminUser);
String adminPassword = Config.<String>
getValue(ConfigValues.AdminPassword);
return new BooleanAuthenticationResult(ObjectUtils.equals(user,
adminName) &&
diff --git
a/backend/manager/modules/authentication/src/main/java/org/ovirt/engine/core/authentication/nop/NopAuthenticationResult.java
b/backend/manager/modules/authentication/src/main/java/org/ovirt/engine/core/authentication/nop/NopAuthenticationResult.java
index ac37708..ec7524c 100644
---
a/backend/manager/modules/authentication/src/main/java/org/ovirt/engine/core/authentication/nop/NopAuthenticationResult.java
+++
b/backend/manager/modules/authentication/src/main/java/org/ovirt/engine/core/authentication/nop/NopAuthenticationResult.java
@@ -4,12 +4,10 @@
import java.util.List;
import org.ovirt.engine.core.authentication.AuthenticationResult;
-import org.ovirt.engine.core.common.errors.VdcBllMessages;
-public class NopAuthenticationResult extends AuthenticationResult<Object> {
+public class NopAuthenticationResult extends AuthenticationResult {
public NopAuthenticationResult() {
- super(null);
}
@Override
@@ -18,7 +16,7 @@
}
@Override
- public List<VdcBllMessages> resolveMessage() {
+ public List<String> resolveMessage() {
return Collections.emptyList();
}
}
diff --git
a/backend/manager/modules/authentication/src/main/java/org/ovirt/engine/core/authentication/nop/NopAuthenticator.java
b/backend/manager/modules/authentication/src/main/java/org/ovirt/engine/core/authentication/nop/NopAuthenticator.java
index 4194944..39c1d36 100644
---
a/backend/manager/modules/authentication/src/main/java/org/ovirt/engine/core/authentication/nop/NopAuthenticator.java
+++
b/backend/manager/modules/authentication/src/main/java/org/ovirt/engine/core/authentication/nop/NopAuthenticator.java
@@ -11,11 +11,8 @@
public class NopAuthenticator implements PasswordAuthenticator {
private static final Logger log =
LoggerFactory.getLogger(NopAuthenticator.class);
- /**
- * {@inheritDoc}
- */
@Override
- public AuthenticationResult<?> authenticate(String name, String password) {
+ public AuthenticationResult authenticate(String name, String password) {
return new NopAuthenticationResult();
}
}
diff --git
a/backend/manager/modules/authentication/src/main/java/org/ovirt/engine/core/authentication/result/BooleanAuthenticationResult.java
b/backend/manager/modules/authentication/src/main/java/org/ovirt/engine/core/authentication/result/BooleanAuthenticationResult.java
index 7c3c291..1e47350 100644
---
a/backend/manager/modules/authentication/src/main/java/org/ovirt/engine/core/authentication/result/BooleanAuthenticationResult.java
+++
b/backend/manager/modules/authentication/src/main/java/org/ovirt/engine/core/authentication/result/BooleanAuthenticationResult.java
@@ -4,21 +4,22 @@
import java.util.List;
import org.ovirt.engine.core.authentication.AuthenticationResult;
-import org.ovirt.engine.core.common.errors.VdcBllMessages;
-public class BooleanAuthenticationResult extends AuthenticationResult<Boolean>
{
+public class BooleanAuthenticationResult extends AuthenticationResult {
- public BooleanAuthenticationResult(Boolean detailedInfo) {
- super(detailedInfo);
+ private boolean value;
+
+ public BooleanAuthenticationResult(boolean value) {
+ this.value = value;
}
@Override
public boolean isSuccessful() {
- return detailedInfo;
+ return value;
}
@Override
- public List<VdcBllMessages> resolveMessage() {
+ public List<String> resolveMessage() {
return Collections.emptyList();
}
diff --git
a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/authentication/provisional/ProvisionalAuthenticationResult.java
b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/authentication/provisional/ProvisionalAuthenticationResult.java
index 2081bcb..de476ce 100644
---
a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/authentication/provisional/ProvisionalAuthenticationResult.java
+++
b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/authentication/provisional/ProvisionalAuthenticationResult.java
@@ -1,25 +1,71 @@
package org.ovirt.engine.core.authentication.provisional;
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.Iterator;
import java.util.List;
+import java.util.Map;
import org.ovirt.engine.core.authentication.AuthenticationResult;
import org.ovirt.engine.core.bll.adbroker.UserAuthenticationResult;
+import org.ovirt.engine.core.common.config.Config;
+import org.ovirt.engine.core.common.config.ConfigValues;
import org.ovirt.engine.core.common.errors.VdcBllMessages;
-public class ProvisionalAuthenticationResult extends
AuthenticationResult<UserAuthenticationResult> {
+public class ProvisionalAuthenticationResult extends AuthenticationResult {
- public ProvisionalAuthenticationResult(UserAuthenticationResult
detailedInfo) {
- super(detailedInfo);
+
+ private volatile static Map<String, String> passwordChangeUrlsPerDomain =
null;
+ private String domain;
+ private UserAuthenticationResult authResult;
+
+ public ProvisionalAuthenticationResult(String domain,
UserAuthenticationResult userAuthResult) {
+ this.authResult = userAuthResult;
+ if (passwordChangeUrlsPerDomain == null) {
+ synchronized (ProvisionalAuthenticationResult.class) {
+ if (passwordChangeUrlsPerDomain == null) {
+ passwordChangeUrlsPerDomain = new HashMap<String,
String>();
+ String changePasswordUrl = Config.<String>
getValue(ConfigValues.ChangePasswordUrl);
+ String[] pairs = changePasswordUrl.split(",");
+ for (String pair : pairs) {
+ // Split the pair in such a way that if the URL
contains :, it will not be split to strings
+ String[] pairParts = pair.split(":", 2);
+ if (pairParts.length >= 2) {
+ passwordChangeUrlsPerDomain.put(pairParts[0],
pairParts[1]);
+ }
+ }
+ }
+ }
+ }
+ this.domain = domain;
+
}
@Override
public boolean isSuccessful() {
- return detailedInfo.isSuccessful();
+ return authResult.isSuccessful();
}
@Override
- public List<VdcBllMessages> resolveMessage() {
- return detailedInfo.getErrorMessages();
+ public List<String> resolveMessage() {
+ Iterator<VdcBllMessages> it = authResult.getErrorMessages().iterator();
+ List<String> result = new ArrayList<>();
+ while (it.hasNext()) {
+ VdcBllMessages current = it.next();
+ if (current == VdcBllMessages.USER_PASSWORD_EXPIRED) {
+ String passwordChangeUrl =
passwordChangeUrlsPerDomain.get(domain);
+ if (passwordChangeUrl != null) {
+
result.add(VdcBllMessages.USER_PASSWORD_EXPIRED_CHANGE_URL_PROVIDED.name());
+ result.add(String.format("$URL %1$s", passwordChangeUrl));
+ } else {
+ result.add(current.name());
+ }
+ } else {
+ result.add(current.name());
+
+ }
+ }
+ return result;
}
}
diff --git
a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/authentication/provisional/ProvisionalAuthenticator.java
b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/authentication/provisional/ProvisionalAuthenticator.java
index 2a4e3a8..f5d24f3 100644
---
a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/authentication/provisional/ProvisionalAuthenticator.java
+++
b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/authentication/provisional/ProvisionalAuthenticator.java
@@ -33,12 +33,12 @@
* {@inheritDoc}
*/
@Override
- public AuthenticationResult<?> authenticate(String name, String password) {
+ public AuthenticationResult authenticate(String name, String password) {
LdapReturnValueBase ldapResult = broker.runAdAction(
AdActionType.AuthenticateUser,
new LdapUserPasswordBaseParameters(domain, name, password)
);
UserAuthenticationResult authResult = (UserAuthenticationResult)
ldapResult.getReturnValue();
- return new ProvisionalAuthenticationResult(authResult);
+ return new ProvisionalAuthenticationResult(domain, authResult);
}
}
diff --git
a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/LoginBaseCommand.java
b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/LoginBaseCommand.java
index 352710a..b74c850 100644
---
a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/LoginBaseCommand.java
+++
b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/LoginBaseCommand.java
@@ -137,15 +137,15 @@
PasswordAuthenticator passwordAuthenticator = (PasswordAuthenticator)
authenticator;
// Perform the actual authentication:
- AuthenticationResult<?> result =
passwordAuthenticator.authenticate(loginName, password);
+ AuthenticationResult result =
passwordAuthenticator.authenticate(loginName, password);
if (!result.isSuccessful()) {
log.infoFormat(
"Can't login user \"{0}\" with authentication profile \"{1}\"
because the authentication failed.",
loginName,
profileName
);
- for (VdcBllMessages msg : result.resolveMessage()) {
- addCanDoActionMessage(msg);
+ for (String msg : result.resolveMessage()) {
+ getReturnValue().getCanDoActionMessages().add(msg);
}
return false;
}
diff --git
a/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/authentication/AuthenticationResult.java
b/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/authentication/AuthenticationResult.java
index f29ba91..4220fc1 100644
---
a/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/authentication/AuthenticationResult.java
+++
b/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/authentication/AuthenticationResult.java
@@ -2,26 +2,10 @@
import java.util.List;
-import org.ovirt.engine.core.common.errors.VdcBllMessages;
-
/**
* This class represents a result returned by an Authenticator
*/
-public abstract class AuthenticationResult<T> {
-
- protected T detailedInfo;
-
- protected AuthenticationResult(T detailedInfo) {
- this.detailedInfo = detailedInfo;
- }
-
- public void setDetailedInfo(T detailedInfo) {
- this.detailedInfo = detailedInfo;
- }
-
- public T getDetailedInfo() {
- return detailedInfo;
- }
+public abstract class AuthenticationResult {
/**
* Returns whether the authentication is successful
@@ -33,5 +17,5 @@
* Resolves the detailed information into VdcBll messages
* @return
*/
- public abstract List<VdcBllMessages> resolveMessage();
+ public abstract List<String> resolveMessage();
}
diff --git
a/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/errors/VdcBllMessages.java
b/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/errors/VdcBllMessages.java
index 1e4eb7a..8c34f9c 100644
---
a/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/errors/VdcBllMessages.java
+++
b/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/errors/VdcBllMessages.java
@@ -383,6 +383,7 @@
USER_FAILED_TO_AUTHENTICATE(ErrorType.NO_AUTHENTICATION),
USER_FAILED_TO_AUTHENTICATE_KERBEROS_ERROR(ErrorType.NO_AUTHENTICATION),
USER_PASSWORD_EXPIRED(ErrorType.NO_AUTHENTICATION),
+ USER_PASSWORD_EXPIRED_CHANGE_URL_PROVIDED(ErrorType.NO_AUTHENTICATION),
USER_ACCOUNT_DISABLED(ErrorType.NO_AUTHENTICATION),
USER_PERMISSION_DENIED(ErrorType.NO_AUTHENTICATION),
USER_MUST_EXIST_IN_DB(ErrorType.NO_AUTHENTICATION),
diff --git
a/backend/manager/modules/dal/src/main/resources/bundles/AppErrors.properties
b/backend/manager/modules/dal/src/main/resources/bundles/AppErrors.properties
index 7f4315e..bbb829c 100644
---
a/backend/manager/modules/dal/src/main/resources/bundles/AppErrors.properties
+++
b/backend/manager/modules/dal/src/main/resources/bundles/AppErrors.properties
@@ -916,6 +916,7 @@
#Suspected (not in use?)
USER_PASSWORD_EXPIRED=Cannot Login. User Password has expired, Please change
your password.
+USER_PASSWORD_EXPIRED_CHANGE_URL_PROVIDED=Cannot Login. User Password has
expired. Use the following URL to change the password: ${URL}
USER_CANNOT_LOGIN_DOMAIN_NOT_SUPPORTED=Cannot Login. The Domain provided is
not configured, please contact your system administrator.
VM_POOL_CANNOT_DECREASE_VMS_FROM_POOL=Cannot decrease VMs from VM-Pool.
@@ -1135,3 +1136,4 @@
ISCSI_BOND_NOT_EXIST=Cannot ${action} ${type}. The specified iSCSI bond
doesn't exist.
ISCSI_BOND_WITH_SAME_NAME_EXIST_IN_DATA_CENTER=Cannot ${action} ${type}. iSCSI
bond with the same name already exists in the Data Center.
+
--
To view, visit http://gerrit.ovirt.org/23620
To unsubscribe, visit http://gerrit.ovirt.org/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I0825b1624696e687d76b867f4844f7016819cf2c
Gerrit-PatchSet: 1
Gerrit-Project: ovirt-engine
Gerrit-Branch: ovirt-engine-3.4
Gerrit-Owner: Yair Zaslavsky <yzasl...@redhat.com>
_______________________________________________
Engine-patches mailing list
Engine-patches@ovirt.org
http://lists.ovirt.org/mailman/listinfo/engine-patches
