Yair Zaslavsky has uploaded a new change for review.
Change subject: aaa: Removal of authenticator classes
......................................................................
aaa: Removal of authenticator classes
The methods are consolidated to the Authenticator class
Topic: AAA
Change-Id: If3a6f8586bdb14fcc6c09c77dc1b761b795fce07
Signed-off-by: Yair Zaslavsky <yzasl...@redhat.com>
---
M
backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/AuthenticationFilter.java
M
backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/Authenticator.java
D
backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/NegotiatingAuthenticator.java
M
backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/header/HeaderAuthenticator.java
M
backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/internal/InternalAuthenticator.java
M
backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/nop/NopAuthenticator.java
M
backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/aaa/provisional/ProvisionalAuthenticator.java
M
backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/LoginBaseCommand.java
M
backend/manager/modules/extensions-api-root/extensions-api/src/main/java/org/ovirt/engine/api/extensions/Extension.java
9 files changed, 88 insertions(+), 46 deletions(-)
git pull ssh://gerrit.ovirt.org:29418/ovirt-engine refs/changes/71/25571/1
diff --git
a/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/AuthenticationFilter.java
b/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/AuthenticationFilter.java
index 5452482..f7640c7 100644
---
a/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/AuthenticationFilter.java
+++
b/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/AuthenticationFilter.java
@@ -63,7 +63,7 @@
for (AuthenticationProfile profile :
AuthenticationProfileRepository.getInstance().getProfiles()) {
if (profile != null) {
Authenticator authenticator =
profile.getAuthenticator();
- if (authenticator instanceof
NegotiatingAuthenticator) {
+ if (authenticator.isNegotiationAuth()) {
profiles.add(0, profile);
}
@@ -123,8 +123,7 @@
return;
}
- NegotiatingAuthenticator authenticator =
(NegotiatingAuthenticator) profile.getAuthenticator();
- NegotiationResult result = authenticator.negotiate(req, rsp);
+ NegotiationResult result =
profile.getAuthenticator().negotiate(req, rsp);
// If the negotiation isn't finished then we assume that the
response has been populated by the
// authenticator and we just let the container sent it back to the
client:
diff --git
a/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/Authenticator.java
b/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/Authenticator.java
index da94dc8..55f9eb3 100644
---
a/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/Authenticator.java
+++
b/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/Authenticator.java
@@ -3,6 +3,9 @@
import java.util.Map;
import java.util.Properties;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
import org.ovirt.engine.api.extensions.Extension;
/**
@@ -35,6 +38,63 @@
return context;
}
+ /**
+ * Process the given request and return a new result object if the
negotiation has finished or {@code null} if it
+ * hasn't. If the process hasn't finished then the response must be
populated by the authenticator and it will be
+ * sent back to the client.
+ *
+ * @param request the HTTP request to be processed
+ * @param response the HTTP response to be processed by the application or
sent to back the browser if the
+ * authentication didn't finish yet
+ * @return a result object if the authentication process has finished or
{@code null} if it hasn't
+ */
+ public NegotiationResult negotiate(HttpServletRequest request,
HttpServletResponse response) {
+ // Override this in subclasses where needed
+ throw new RuntimeException("negotiate method is not supported");
+ }
+
+ /**
+ * Authenticates according to the given name and password. In case
authentication fails, the
+ * {@code AAAExtensionException will be thrown}
+ *
+ * @param name
+ * the name of user being authenticated
+ *
+ */
+ public void authenticate(String name, String password) {
+ // Override this in subclasses where needed
+ throw new RuntimeException("authenticate method is not supported");
+
+ }
+
+ /**
+ * Returns the URL to a management page the user can set its expired
password at
+ *
+ * @return the URL
+ */
+ public String getChangeExpiredPasswordURL() {
+ return (String)
context.get(ExtensionProperties.AAA_CHANGE_EXPIRED_PASSWORD_URL);
+ }
+
+ /**
+ * Returns a custom message that the user will get when its tries to login
with expired password
+ *
+ * @return the custom message
+ */
+ public String getChangeExpiredPasswordMsg() {
+ return (String)
context.get(ExtensionProperties.AAA_CHANGE_EXPIRED_PASSWORD_MSG);
+ }
+
+ public boolean isNegotiationAuth() {
+ return context.get(ExtensionProperties.AAA_IS_NEGOTIATION_AUTH) !=
null ? (Boolean) context.get(ExtensionProperties.AAA_IS_NEGOTIATION_AUTH)
+ : false;
+ }
+
+ public boolean isPasswordAuth() {
+ return context.get(ExtensionProperties.AAA_IS_NEGOTIATION_AUTH) !=
null ? (Boolean) context.get(ExtensionProperties.AAA_IS_PASSWORD_AUTH)
+ : false;
+
+ }
protected Authenticator() {
}
diff --git
a/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/NegotiatingAuthenticator.java
b/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/NegotiatingAuthenticator.java
deleted file mode 100644
index 1418e4b..0000000
---
a/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/NegotiatingAuthenticator.java
+++ /dev/null
@@ -1,25 +0,0 @@
-package org.ovirt.engine.core.aaa;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-/**
- * Some authenticators need to negotiate with the client, exchanging HTTP
requests and responses, in order to determine
- * the name of the entity being authenticated and to verify its credentials.
The result of this negotiation is an
- * instance of the {@link NegotiationResult} class containing the result of
the authentication (succeeded or not) and
- * the name of the authenticated entity.
- */
-public abstract class NegotiatingAuthenticator extends Authenticator {
-
- /**
- * Process the given request and return a new result object if the
negotiation has finished or {@code null} if it
- * hasn't. If the process hasn't finished then the response must be
populated by the authenticator and it will be
- * sent back to the client.
- *
- * @param request the HTTP request to be processed
- * @param response the HTTP response to be processed by the application or
sent to back the browser if the
- * authentication didn't finish yet
- * @return a result object if the authentication process has finished or
{@code null} if it hasn't
- */
- public abstract NegotiationResult negotiate(HttpServletRequest request,
HttpServletResponse response);
-}
diff --git
a/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/header/HeaderAuthenticator.java
b/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/header/HeaderAuthenticator.java
index 28b10e1..b62ed5b 100644
---
a/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/header/HeaderAuthenticator.java
+++
b/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/header/HeaderAuthenticator.java
@@ -5,7 +5,8 @@
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import org.ovirt.engine.core.aaa.NegotiatingAuthenticator;
+import org.ovirt.engine.api.extensions.Extension.ExtensionProperties;
+import org.ovirt.engine.core.aaa.Authenticator;
import org.ovirt.engine.core.aaa.NegotiationResult;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -53,7 +54,7 @@
* directory.type=nop
* </pre>
*/
-public class HeaderAuthenticator extends NegotiatingAuthenticator {
+public class HeaderAuthenticator extends Authenticator {
private static final Logger log =
LoggerFactory.getLogger(HeaderAuthenticator.class);
/**
@@ -84,5 +85,11 @@
@Override
public void init() {
+ context.put(ExtensionProperties.AUTHOR, "The oVirt Project");
+ context.put(ExtensionProperties.EXTENSION_NAME, "Header authentication
(Built-in)");
+ context.put(ExtensionProperties.LICENSE, "ASL 2.0");
+ context.put(ExtensionProperties.HOME, "http://www.ovirt.org";);
+ context.put(ExtensionProperties.VERSION, "N/A");
+ context.put(ExtensionProperties.AAA_IS_NEGOTIATION_AUTH, true);
}
}
diff --git
a/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/internal/InternalAuthenticator.java
b/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/internal/InternalAuthenticator.java
index 6d9ec5d..6afe865 100644
---
a/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/internal/InternalAuthenticator.java
+++
b/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/internal/InternalAuthenticator.java
@@ -2,7 +2,7 @@
import org.apache.commons.lang.ObjectUtils;
import org.ovirt.engine.api.extensions.AAAExtensionException;
-import org.ovirt.engine.core.aaa.PasswordAuthenticator;
+import org.ovirt.engine.core.aaa.Authenticator;
import org.ovirt.engine.core.common.config.Config;
import org.ovirt.engine.core.common.config.ConfigValues;
import org.slf4j.Logger;
@@ -12,7 +12,7 @@
* This authenticator authenticates the internal user as specified in the
{@code AdminUser} and {@code AdminPassword}
* configuration parameters stored in the database.
*/
-public class InternalAuthenticator extends PasswordAuthenticator {
+public class InternalAuthenticator extends Authenticator {
private static final Logger log =
LoggerFactory.getLogger(InternalAuthenticator.class);
@@ -33,5 +33,6 @@
context.put(ExtensionProperties.LICENSE, "ASL 2.0");
context.put(ExtensionProperties.HOME, "http://www.ovirt.org";);
context.put(ExtensionProperties.VERSION, "N/A");
+ context.put(ExtensionProperties.AAA_IS_PASSWORD_AUTH, true);
}
}
diff --git
a/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/nop/NopAuthenticator.java
b/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/nop/NopAuthenticator.java
index 0542a2f..85c98b9 100644
---
a/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/nop/NopAuthenticator.java
+++
b/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/nop/NopAuthenticator.java
@@ -1,13 +1,13 @@
package org.ovirt.engine.core.aaa.nop;
-import org.ovirt.engine.core.aaa.PasswordAuthenticator;
+import org.ovirt.engine.core.aaa.Authenticator;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
/**
* This authenticator blindly accepts any user, without any check, useful only
for testing environments.
*/
-public class NopAuthenticator extends PasswordAuthenticator {
+public class NopAuthenticator extends Authenticator {
private static final Logger log =
LoggerFactory.getLogger(NopAuthenticator.class);
public NopAuthenticator() {
diff --git
a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/aaa/provisional/ProvisionalAuthenticator.java
b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/aaa/provisional/ProvisionalAuthenticator.java
index bce773c..0636e77 100644
---
a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/aaa/provisional/ProvisionalAuthenticator.java
+++
b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/aaa/provisional/ProvisionalAuthenticator.java
@@ -7,7 +7,7 @@
import org.ovirt.engine.api.extensions.AAAExtensionException;
import org.ovirt.engine.api.extensions.AAAExtensionException.AAAExtensionError;
-import org.ovirt.engine.core.aaa.PasswordAuthenticator;
+import org.ovirt.engine.core.aaa.Authenticator;
import org.ovirt.engine.core.bll.adbroker.AdActionType;
import org.ovirt.engine.core.bll.adbroker.LdapBroker;
import org.ovirt.engine.core.bll.adbroker.LdapFactory;
@@ -20,7 +20,7 @@
* infrastructure. It will exist only while the engine is migrated to use the
new authentication interfaces, then it
* will be removed.
*/
-public class ProvisionalAuthenticator extends PasswordAuthenticator {
+public class ProvisionalAuthenticator extends Authenticator {
/**
* The reference to the LDAP broker that implements the authentication.
@@ -41,6 +41,7 @@
context.put(ExtensionProperties.LICENSE, "ASL 2.0");
context.put(ExtensionProperties.HOME, "http://www.ovirt.org";);
context.put(ExtensionProperties.VERSION, "N/A");
+ context.put(ExtensionProperties.AAA_IS_PASSWORD_AUTH, true);
if (passwordChangeMsgPerDomain == null) {
synchronized (ProvisionalAuthenticator.class) {
diff --git
a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/LoginBaseCommand.java
b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/LoginBaseCommand.java
index 4ec49dd..f84ccf7 100644
---
a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/LoginBaseCommand.java
+++
b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/LoginBaseCommand.java
@@ -13,7 +13,6 @@
import org.ovirt.engine.core.aaa.Directory;
import org.ovirt.engine.core.aaa.DirectoryUser;
import org.ovirt.engine.core.aaa.DirectoryUtils;
-import org.ovirt.engine.core.aaa.PasswordAuthenticator;
import org.ovirt.engine.core.bll.adbroker.LdapBrokerUtils;
import org.ovirt.engine.core.bll.session.SessionDataContainer;
import org.ovirt.engine.core.bll.utils.PermissionSubject;
@@ -149,7 +148,7 @@
// Check that the authenticator provided by the profile supports
password authentication:
Authenticator authenticator = profile.getAuthenticator();
- if (!(authenticator instanceof PasswordAuthenticator)) {
+ if (!(authenticator.isPasswordAuth())) {
log.errorFormat(
"Can't login user \"{0}\" because the authentication profile
\"{1}\" doesn't support password " +
"authentication.",
@@ -158,8 +157,6 @@
addCanDoActionMessage(VdcBllMessages.USER_FAILED_TO_AUTHENTICATE);
return false;
}
- PasswordAuthenticator passwordAuthenticator = (PasswordAuthenticator)
authenticator;
-
DbUser curUser = null;
String curPassword = null;
SessionDataContainer sessionDataContainer =
SessionDataContainer.getInstance();
@@ -177,7 +174,7 @@
}
// Perform the actual authentication:
try {
- passwordAuthenticator.authenticate(loginName, password);
+ authenticator.authenticate(loginName, password);
} catch (AAAExtensionException ex) {
log.infoFormat(
"Can't login user \"{0}\" with authentication profile
\"{1}\" because the authentication failed.",
@@ -194,14 +191,14 @@
getReturnValue().setSucceeded(false);
if (canDoActionMsg == VdcBllMessages.USER_PASSWORD_EXPIRED) {
boolean addedUserPasswordExpiredCDA = false;
- if (passwordAuthenticator.getChangeExpiredPasswordMsg() !=
null) {
+ if (authenticator.getChangeExpiredPasswordMsg() != null) {
addCanDoActionMessage(VdcBllMessages.USER_PASSWORD_EXPIRED_CHANGE_MSG_PROVIDED);
-
getReturnValue().getCanDoActionMessages().add(String.format("$MSG %1$s",
passwordAuthenticator.getChangeExpiredPasswordMsg()));
+
getReturnValue().getCanDoActionMessages().add(String.format("$MSG %1$s",
authenticator.getChangeExpiredPasswordMsg()));
addedUserPasswordExpiredCDA = true;
}
- if (passwordAuthenticator.getChangeExpiredPasswordURL() !=
null) {
+ if (authenticator.getChangeExpiredPasswordURL() != null) {
addCanDoActionMessage(VdcBllMessages.USER_PASSWORD_EXPIRED_CHANGE_URL_PROVIDED);
-
getReturnValue().getCanDoActionMessages().add(String.format("$URL %1$s",
passwordAuthenticator.getChangeExpiredPasswordURL()));
+
getReturnValue().getCanDoActionMessages().add(String.format("$URL %1$s",
authenticator.getChangeExpiredPasswordURL()));
addedUserPasswordExpiredCDA = true;
}
if (!addedUserPasswordExpiredCDA) {
diff --git
a/backend/manager/modules/extensions-api-root/extensions-api/src/main/java/org/ovirt/engine/api/extensions/Extension.java
b/backend/manager/modules/extensions-api-root/extensions-api/src/main/java/org/ovirt/engine/api/extensions/Extension.java
index 9ee2e92..1435483 100644
---
a/backend/manager/modules/extensions-api-root/extensions-api/src/main/java/org/ovirt/engine/api/extensions/Extension.java
+++
b/backend/manager/modules/extensions-api-root/extensions-api/src/main/java/org/ovirt/engine/api/extensions/Extension.java
@@ -17,7 +17,9 @@
HOME,
EXTENSION_NAME,
AAA_CHANGE_EXPIRED_PASSWORD_URL,
- AAA_CHANGE_EXPIRED_PASSWORD_MSG;
+ AAA_CHANGE_EXPIRED_PASSWORD_MSG,
+ AAA_IS_PASSWORD_AUTH,
+ AAA_IS_NEGOTIATION_AUTH;
};
/**
--
To view, visit http://gerrit.ovirt.org/25571
To unsubscribe, visit http://gerrit.ovirt.org/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: If3a6f8586bdb14fcc6c09c77dc1b761b795fce07
Gerrit-PatchSet: 1
Gerrit-Project: ovirt-engine
Gerrit-Branch: master
Gerrit-Owner: Yair Zaslavsky <yzasl...@redhat.com>
_______________________________________________
Engine-patches mailing list
Engine-patches@ovirt.org
http://lists.ovirt.org/mailman/listinfo/engine-patches
