Ravi Nori has uploaded a new change for review. Change subject: aaa: Add SSO UI for Changing expired user passwd ......................................................................
aaa: Add SSO UI for Changing expired user passwd Add Change Password page and sso service to handle the request. The backend code is not yet in place Change-Id: I9923114954737ea49b8ccd3d8ee69072cb5e01d9 Bug-Url: https://bugzilla.redhat.com/1092744 Signed-off-by: Ravi Nori <rn...@redhat.com> --- A backend/manager/modules/enginesso/src/main/java/org/ovirt/engine/core/sso/servlets/LoginChangePasswdServlet.java M backend/manager/modules/enginesso/src/main/java/org/ovirt/engine/core/sso/servlets/LoginPhase3Servlet.java M backend/manager/modules/enginesso/src/main/java/org/ovirt/engine/core/sso/utils/AuthenticationUtils.java M backend/manager/modules/enginesso/src/main/java/org/ovirt/engine/core/sso/utils/AuthnMessageMapper.java M backend/manager/modules/enginesso/src/main/java/org/ovirt/engine/core/sso/utils/Credentials.java M backend/manager/modules/enginesso/src/main/java/org/ovirt/engine/core/sso/utils/SSOUtils.java A backend/manager/modules/enginesso/src/main/webapp/WEB-INF/changePasswd.jsp M backend/manager/modules/enginesso/src/main/webapp/WEB-INF/login.jsp M backend/manager/modules/enginesso/src/main/webapp/WEB-INF/web.xml 9 files changed, 203 insertions(+), 17 deletions(-) git pull ssh://gerrit.ovirt.org:29418/ovirt-engine refs/changes/45/40445/1 diff --git a/backend/manager/modules/enginesso/src/main/java/org/ovirt/engine/core/sso/servlets/LoginChangePasswdServlet.java b/backend/manager/modules/enginesso/src/main/java/org/ovirt/engine/core/sso/servlets/LoginChangePasswdServlet.java new file mode 100644 index 0000000..11bc5cd --- /dev/null +++ b/backend/manager/modules/enginesso/src/main/java/org/ovirt/engine/core/sso/servlets/LoginChangePasswdServlet.java @@ -0,0 +1,62 @@ +package org.ovirt.engine.core.sso.servlets; + +import org.ovirt.engine.core.sso.utils.AuthenticationException; +import org.ovirt.engine.core.sso.utils.Credentials; +import org.ovirt.engine.core.sso.utils.SSOUtils; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import javax.servlet.ServletException; +import javax.servlet.http.HttpServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; +import java.io.IOException; +import java.util.Map; + +public class LoginChangePasswdServlet extends HttpServlet { + + private static final long serialVersionUID = -88168919566901736L; + private static final String USERNAME = "username"; + private static final String OLD_PASSWORD = "oldPassword"; + private static final String NEW_PASSWORD1 = "newPassword1"; + private static final String NEW_PASSWORD2 = "newPassword2"; + private static final String PROFILE = "profile"; + + private static Logger log = LoggerFactory.getLogger(LoginChangePasswdServlet.class); + + @Override + protected void service(HttpServletRequest request, HttpServletResponse response) + throws ServletException, IOException { + HttpSession session = request.getSession(true); + try { + if (SSOUtils.isUserAuthenticated(session)) { + changeUserPasswd(request); + } + } catch (AuthenticationException ex) { + log.error("Password Change failed", ex.getMessage()); + log.debug("Password Change failed", ex); + request.getSession(true).setAttribute(SSOUtils.LOGIN_MSG, ex.getMessage()); + response.sendRedirect(request.getContextPath() + SSOUtils.PASSWORD_CHANGE_FORM_URI); + } finally { + session.removeAttribute(SSOUtils.PASSWD_EXPIRED_USER_NAME); + session.removeAttribute(SSOUtils.PASSWD_EXPIRED_USER_PROFILE); + } + } + + private void changeUserPasswd(HttpServletRequest request) throws AuthenticationException { + Credentials userCredentials = getUserCredentials(request); + if (userCredentials == null) { + throw new AuthenticationException(""); + } + // call to change passwd + } + + private Credentials getUserCredentials(HttpServletRequest request) { + Map<String, String[]> paramMap = request.getParameterMap(); + return paramMap.containsKey(USERNAME) && paramMap.containsKey(OLD_PASSWORD) && paramMap.containsKey(NEW_PASSWORD1) && paramMap.containsKey(NEW_PASSWORD2) && paramMap.containsKey(PROFILE) ? + new Credentials(request.getParameter(USERNAME), request.getParameter(OLD_PASSWORD), request.getParameter(NEW_PASSWORD1), request.getParameter(NEW_PASSWORD2), request.getParameter(PROFILE)) : + null; + } + +} diff --git a/backend/manager/modules/enginesso/src/main/java/org/ovirt/engine/core/sso/servlets/LoginPhase3Servlet.java b/backend/manager/modules/enginesso/src/main/java/org/ovirt/engine/core/sso/servlets/LoginPhase3Servlet.java index 46cb903..97d9062 100644 --- a/backend/manager/modules/enginesso/src/main/java/org/ovirt/engine/core/sso/servlets/LoginPhase3Servlet.java +++ b/backend/manager/modules/enginesso/src/main/java/org/ovirt/engine/core/sso/servlets/LoginPhase3Servlet.java @@ -31,6 +31,8 @@ throws ServletException, IOException { HttpSession session = request.getSession(true); try { + request.getSession(true).removeAttribute(SSOUtils.LOGIN_MSG); + request.getSession(true).removeAttribute(SSOUtils.LOGIN_PASSWD_CHANGE_URI_MSG); if (SSOUtils.isUserAuthenticated(session)) { request.getRequestDispatcher(SSOUtils.LOGIN_PHASE4_URI).forward(request, response); } else { @@ -53,6 +55,7 @@ throw new AuthenticationException(""); } try { + request.getSession().setAttribute(SSOUtils.USER_CREDENTIALS, userCredentials); AuthenticationUtils.handleCredentials( session, userCredentials.getUsername(), diff --git a/backend/manager/modules/enginesso/src/main/java/org/ovirt/engine/core/sso/utils/AuthenticationUtils.java b/backend/manager/modules/enginesso/src/main/java/org/ovirt/engine/core/sso/utils/AuthenticationUtils.java index 429fc33..937664f9 100644 --- a/backend/manager/modules/enginesso/src/main/java/org/ovirt/engine/core/sso/utils/AuthenticationUtils.java +++ b/backend/manager/modules/enginesso/src/main/java/org/ovirt/engine/core/sso/utils/AuthenticationUtils.java @@ -68,6 +68,13 @@ ); if (outputMap.<Integer>get(Base.InvokeKeys.RESULT) != Base.InvokeResult.SUCCESS || outputMap.<Integer>get(Authn.InvokeKeys.RESULT) != Authn.AuthResult.SUCCESS) { + int authResult = outputMap.<Integer>get(Authn.InvokeKeys.RESULT); + if (authResult == Authn.AuthResult.CREDENTIALS_EXPIRED) { + Credentials userCredentials = (Credentials) session.getAttribute(SSOUtils.USER_CREDENTIALS); + session.setAttribute(SSOUtils.LOGIN_PASSWD_CHANGE_URI_MSG, session.getServletContext().getContextPath() + SSOUtils.PASSWORD_CHANGE_FORM_URI); + session.setAttribute(SSOUtils.PASSWD_EXPIRED_USER_NAME, userCredentials.getUsername()); + session.setAttribute(SSOUtils.PASSWD_EXPIRED_USER_PROFILE, userCredentials.getProfile()); + } throw new AuthenticationException(AuthnMessageMapper.mapMessageErrorCode(outputMap)); } diff --git a/backend/manager/modules/enginesso/src/main/java/org/ovirt/engine/core/sso/utils/AuthnMessageMapper.java b/backend/manager/modules/enginesso/src/main/java/org/ovirt/engine/core/sso/utils/AuthnMessageMapper.java index b806583..701955d 100644 --- a/backend/manager/modules/enginesso/src/main/java/org/ovirt/engine/core/sso/utils/AuthnMessageMapper.java +++ b/backend/manager/modules/enginesso/src/main/java/org/ovirt/engine/core/sso/utils/AuthnMessageMapper.java @@ -4,29 +4,14 @@ import org.ovirt.engine.api.extensions.aaa.Authn; public class AuthnMessageMapper { - public static final String USER_PASSWORD_EXPIRED_CHANGE_URL_PROVIDED = "Cannot Login. User Password has expired. Use the following URL to change the password: %s"; - public static final String USER_PASSWORD_EXPIRED_CHANGE_MSG_PROVIDED = "Cannot Login. User Password has expired. Use the following URL to change the password: %s"; - public static final String USER_PASSWORD_EXPIRED = "Cannot Login. User Password has expired, Please change your password."; + public static final String USER_PASSWORD_EXPIRED_CHANGE_URL_PROVIDED = "Cannot Login. User Password has expired."; public static final String USER_FAILED_TO_AUTHENTICATE = "Login failed. Please verify your login information or contact the system administrator."; public static final String mapMessageErrorCode(ExtMap outputMap) { String msg = USER_FAILED_TO_AUTHENTICATE; int authResult = outputMap.<Integer>get(Authn.InvokeKeys.RESULT); if (authResult == Authn.AuthResult.CREDENTIALS_EXPIRED) { - boolean addedUserPasswordExpired = false; - if (outputMap.<String> get(Authn.InvokeKeys.CREDENTIALS_CHANGE_URL) != null) { - msg = String.format(USER_PASSWORD_EXPIRED_CHANGE_URL_PROVIDED, - outputMap.<String>get(Authn.InvokeKeys.CREDENTIALS_CHANGE_URL)); - addedUserPasswordExpired = true; - } - if (outputMap.<String> get(Authn.InvokeKeys.USER_MESSAGE) != null) { - msg = String.format(USER_PASSWORD_EXPIRED_CHANGE_MSG_PROVIDED, - outputMap.<String>get(Authn.InvokeKeys.USER_MESSAGE)); - addedUserPasswordExpired = true; - } - if (!addedUserPasswordExpired) { - msg = USER_PASSWORD_EXPIRED; - } + msg = USER_PASSWORD_EXPIRED_CHANGE_URL_PROVIDED; } return msg; } diff --git a/backend/manager/modules/enginesso/src/main/java/org/ovirt/engine/core/sso/utils/Credentials.java b/backend/manager/modules/enginesso/src/main/java/org/ovirt/engine/core/sso/utils/Credentials.java index 559f356..845bc55 100644 --- a/backend/manager/modules/enginesso/src/main/java/org/ovirt/engine/core/sso/utils/Credentials.java +++ b/backend/manager/modules/enginesso/src/main/java/org/ovirt/engine/core/sso/utils/Credentials.java @@ -4,6 +4,8 @@ private String username; private String password; private String profile; + private String newPassword1; + private String newPassword2; public Credentials() { } @@ -11,6 +13,14 @@ public Credentials(String username, String password, String profile) { setUsername(username); setPassword(password); + setProfile(profile); + } + + public Credentials(String username, String password, String newPassword1, String newPassword2, String profile) { + setUsername(username); + setPassword(password); + setNewPassword1(newPassword1); + setNewPassword2(newPassword2); setProfile(profile); } @@ -37,4 +47,20 @@ public void setProfile(String profile) { this.profile = profile; } + + public String getNewPassword1() { + return newPassword1; + } + + public void setNewPassword1(String newPassword1) { + this.newPassword1 = newPassword1; + } + + public String getNewPassword2() { + return newPassword2; + } + + public void setNewPassword2(String newPassword2) { + this.newPassword2 = newPassword2; + } } diff --git a/backend/manager/modules/enginesso/src/main/java/org/ovirt/engine/core/sso/utils/SSOUtils.java b/backend/manager/modules/enginesso/src/main/java/org/ovirt/engine/core/sso/utils/SSOUtils.java index 9062413..605769a 100644 --- a/backend/manager/modules/enginesso/src/main/java/org/ovirt/engine/core/sso/utils/SSOUtils.java +++ b/backend/manager/modules/enginesso/src/main/java/org/ovirt/engine/core/sso/utils/SSOUtils.java @@ -26,6 +26,7 @@ public class SSOUtils { public static final String LOGIN_MSG = "loginMsg"; + public static final String LOGIN_PASSWD_CHANGE_URI_MSG = "passwordChangeUri"; public static final String PARAMS_MAP = "paramsMap"; public static final String SSO_AUTHZ_ATTR_NAME = "AUTHZ_NAME"; public static final String SSO_PROFILE_ATTR_NAME = "PROFILE_NAME"; @@ -49,6 +50,9 @@ public static final String LOGIN_PHASE3_URI = "/login-phase3"; public static final String LOGIN_PHASE4_URI = "/login-phase4"; public static final String LOGIN_FORM_URI = "/login.html"; + public static final String PASSWORD_CHANGE_FORM_URI = "/changePasswd.html"; + public static final String PASSWD_EXPIRED_USER_NAME = "username"; + public static final String PASSWD_EXPIRED_USER_PROFILE = "profile"; public static boolean isUserAuthenticated(HttpSession session) { Map<String, Object> sessionData = SSOUtils.getSessionData(session.getServletContext(), session.getId()); diff --git a/backend/manager/modules/enginesso/src/main/webapp/WEB-INF/changePasswd.jsp b/backend/manager/modules/enginesso/src/main/webapp/WEB-INF/changePasswd.jsp new file mode 100644 index 0000000..b8b33ec --- /dev/null +++ b/backend/manager/modules/enginesso/src/main/webapp/WEB-INF/changePasswd.jsp @@ -0,0 +1,75 @@ +<%@ page pageEncoding="UTF-8" session="true" %> +<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"; %> +<%@ taglib prefix="fmt" uri="http://java.sun.com/jsp/jstl/fmt"; %> +<%@ taglib prefix="obrand" uri="obrand" %> +<fmt:setLocale value="${locale}" /> +<!DOCTYPE html> +<html> +<head> + <meta http-equiv="Content-type" content="text/html; charset=utf-8" /> + <obrand:favicon /> + <title>Login Page</title> + <obrand:stylesheets /> +</head> +<body> +<div class="obrand_loginPageBackground"> + <a href="<obrand:messages key="obrand.common.vendor_url"/>" class="obrand_loginPageLogoImageLink"> + <span class="obrand_loginPageLogoImage"></span> + </a> + <div class="login-pf"> + <div class="container"> + <div class="row"> + + <div class="col-sm-12"> + <div id="brand"> + <div class="obrand_loginFormLogoImage"></div> + </div> + </div> + <div class="col-sm-12"> + <div style="width:300px;"> + <form id="login_form" name="login_form" method="post" + action="${pageContext.request.contextPath}/login-changePasswd" enctype="application/x-www-form-urlencoded"> + <center> + <p>Please login to proceed.</p> + </center> + <c:if test="${sessionScope.loginMsg != null}"> + <center> + <p style="color: red"><c:out value="${sessionScope.loginMsg}" /></p> + </center> + </c:if> + <div style="margin-left: 15px;width:250px;"> + <p> + <label for="username" style="width:120px;"> Username</label><input id="username" + type="text" name="username" size="20" style="color:black;" value="${sessionScope.username}" readonly/> + </p> + <p> + <label for="oldPassword" style="width:120px;">Old Password</label><input id="oldPassword" + type="password" name="oldPassword" value="" size="20" style="color:black;"/> + </p> + <p> + <label for="newPassword1" style="width:120px;">New Password</label><input id="newPassword1" + type="password" name="newPassword1" value="" size="20" style="color:black;"/> + </p> + <p> + <label for="newPassword2" style="width:120px;">Retype Password</label><input id="newPassword2" + type="password" name="newPassword2" value="" size="20" style="color:black;"/> + </p> + <p> + <label for="profile" style="width:120px;"> Profile</label><input id="profile" + type="text" name="profile" size="20" style="color:black;" value="${sessionScope.profile}" readonly/> + </p> + + <center> + <input id="submit" type="submit" name="submit" value="Submit" + class="buttonmed" /> + </center> + </div> + </form> + </div> + </div> + </div> + </div> + </div> + </div> +</body> +</html> diff --git a/backend/manager/modules/enginesso/src/main/webapp/WEB-INF/login.jsp b/backend/manager/modules/enginesso/src/main/webapp/WEB-INF/login.jsp index 4d3552c..01f0f4a 100644 --- a/backend/manager/modules/enginesso/src/main/webapp/WEB-INF/login.jsp +++ b/backend/manager/modules/enginesso/src/main/webapp/WEB-INF/login.jsp @@ -37,6 +37,11 @@ <center> <p style="color: red"><c:out value="${sessionScope.loginMsg}" /></p> </center> + <c:if test="${sessionScope.passwordChangeUri != null}"> + <center> + <p style="color: red">Use the following <a href='<c:out value="${sessionScope.passwordChangeUri}"/>' > URL </a> to change password.</p> + </center> + </c:if> </c:if> <div style="margin-left: 15px;width:250px;"> <p> diff --git a/backend/manager/modules/enginesso/src/main/webapp/WEB-INF/web.xml b/backend/manager/modules/enginesso/src/main/webapp/WEB-INF/web.xml index a06c372..cadcd62 100644 --- a/backend/manager/modules/enginesso/src/main/webapp/WEB-INF/web.xml +++ b/backend/manager/modules/enginesso/src/main/webapp/WEB-INF/web.xml @@ -122,6 +122,15 @@ </servlet-mapping> <servlet> + <servlet-name>LoginChangePasswdServlet</servlet-name> + <servlet-class>org.ovirt.engine.core.sso.servlets.LoginChangePasswdServlet</servlet-class> + </servlet> + <servlet-mapping> + <servlet-name>LoginChangePasswdServlet</servlet-name> + <url-pattern>/login-changePasswd</url-pattern> + </servlet-mapping> + + <servlet> <servlet-name>BasicAuthServlet</servlet-name> <servlet-class>org.ovirt.engine.core.sso.servlets.BasicAuthServlet</servlet-class> </servlet> @@ -181,6 +190,16 @@ <url-pattern>/login.html</url-pattern> </servlet-mapping> + <servlet> + <servlet-name>ChangePasswdForm</servlet-name> + <jsp-file>/WEB-INF/changePasswd.jsp</jsp-file> + </servlet> + + <servlet-mapping> + <servlet-name>ChangePasswdForm</servlet-name> + <url-pattern>/changePasswd.html</url-pattern> + </servlet-mapping> + <welcome-file-list> <welcome-file>login</welcome-file> </welcome-file-list> -- To view, visit https://gerrit.ovirt.org/40445 To unsubscribe, visit https://gerrit.ovirt.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I9923114954737ea49b8ccd3d8ee69072cb5e01d9 Gerrit-PatchSet: 1 Gerrit-Project: ovirt-engine Gerrit-Branch: master Gerrit-Owner: Ravi Nori <rn...@redhat.com> _______________________________________________ Engine-patches mailing list Engine-patches@ovirt.org http://lists.ovirt.org/mailman/listinfo/engine-patches
