From: Erik Brakkee Date: Mon, 5 Jul 2010 10:38:20 +0000 (+0000) Subject: (no commit message) X-Git-Tag: wamblee-utils-0.7~385 X-Git-Url: http://wamblee.org/gitweb/?a=commitdiff_plain;h=23ca9874c550574de814c01407673b485470d56c;p=utils --- diff --git a/security/usermgt/src/main/java/org/wamblee/security/authentication/AbstractUserSet.java b/security/usermgt/src/main/java/org/wamblee/security/authentication/AbstractUserSet.java index e629d0bb..04f59edc 100644 --- a/security/usermgt/src/main/java/org/wamblee/security/authentication/AbstractUserSet.java +++ b/security/usermgt/src/main/java/org/wamblee/security/authentication/AbstractUserSet.java @@ -15,7 +15,6 @@ */ package org.wamblee.security.authentication; -import org.wamblee.security.encryption.MessageDigester; import static org.wamblee.security.authentication.UserMgtException.Reason.*; diff --git a/security/usermgt/src/main/java/org/wamblee/security/authentication/InMemoryUserSet.java b/security/usermgt/src/main/java/org/wamblee/security/authentication/InMemoryUserSet.java index 59129213..5988b40b 100644 --- a/security/usermgt/src/main/java/org/wamblee/security/authentication/InMemoryUserSet.java +++ b/security/usermgt/src/main/java/org/wamblee/security/authentication/InMemoryUserSet.java @@ -15,7 +15,6 @@ */ package org.wamblee.security.authentication; -import org.wamblee.security.encryption.MessageDigester; import java.util.Set; import java.util.TreeSet; diff --git a/security/usermgt/src/main/java/org/wamblee/security/authentication/Md5HexMessageDigester.java b/security/usermgt/src/main/java/org/wamblee/security/authentication/Md5HexMessageDigester.java new file mode 100644 index 00000000..b992f5d7 --- /dev/null +++ b/security/usermgt/src/main/java/org/wamblee/security/authentication/Md5HexMessageDigester.java @@ -0,0 +1,53 @@ +/* + * Copyright 2005-2010 the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.wamblee.security.authentication; + +import org.apache.commons.codec.binary.Hex; + +import java.security.MessageDigest; +import java.security.NoSuchAlgorithmException; + +/** + * MD5 Hex encoder. + * + * @author Erik Brakkee + */ +public class Md5HexMessageDigester implements MessageDigester { + /** + * Constructs the message digester. + * + */ + public Md5HexMessageDigester() { + // Empty + } + + /* + * (non-Javadoc) + * + * @see org.wamblee.security.MessageDigester#hash(java.lang.String) + */ + public String hash(String aValue) { + try { + MessageDigest digest = MessageDigest.getInstance("MD5"); + byte[] result = digest.digest(aValue.getBytes()); + char[] charResult = Hex.encodeHex(result); + + return new String(charResult); + } catch (NoSuchAlgorithmException e) { + throw new IllegalArgumentException("MD5 not supported????"); + } + } +} diff --git a/security/usermgt/src/main/java/org/wamblee/security/authentication/MessageDigester.java b/security/usermgt/src/main/java/org/wamblee/security/authentication/MessageDigester.java new file mode 100644 index 00000000..6e3b1f03 --- /dev/null +++ b/security/usermgt/src/main/java/org/wamblee/security/authentication/MessageDigester.java @@ -0,0 +1,31 @@ +/* + * Copyright 2005-2010 the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.wamblee.security.authentication; + +/** + * Utility class that encapsulates a message digest method. + */ +public interface MessageDigester { + /** + * Computes a message digest for a value and encodes it in some way. + * + * @param aValue + * Value to compute digest for. + * + * @return Encoded digest. + */ + String hash(String aValue); +} diff --git a/security/usermgt/src/main/java/org/wamblee/security/authentication/User.java b/security/usermgt/src/main/java/org/wamblee/security/authentication/User.java index 12db71a3..99774832 100644 --- a/security/usermgt/src/main/java/org/wamblee/security/authentication/User.java +++ b/security/usermgt/src/main/java/org/wamblee/security/authentication/User.java @@ -35,7 +35,6 @@ import javax.persistence.Transient; import javax.persistence.Version; import org.wamblee.security.authentication.UserMgtException.Reason; -import org.wamblee.security.encryption.MessageDigester; /** * Represents a user. The methods for managing the groups of the user have diff --git a/security/usermgt/src/main/java/org/wamblee/security/authentication/package-info.java b/security/usermgt/src/main/java/org/wamblee/security/authentication/package-info.java new file mode 100644 index 00000000..950c859d --- /dev/null +++ b/security/usermgt/src/main/java/org/wamblee/security/authentication/package-info.java @@ -0,0 +1,77 @@ +/* + * Copyright 2005-2010 the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/** + * This package provides support for managing users and their authentication. + * + *

Supported use cases

+ * + * in particular, it supports the following use cases: + * + * + * An overview is given below: + *
+ * overview + *
+ * + * The user of the package interacts with the {@link UserAdministration} interface for the following tasks: + * + * In addition, it provides methods for authenticating the user. Note however that it is also possible + * to use declarative Java EE security using the appropriate security realm. See for instance, + * flexible JDBC realm for a Glassfish based solution. + * + * {@link UserAdminInitializer} can be used to automatically initialize the user administration with + * initial users and groups when there are no users defined yet. + * + * To use the user administration interface, several implementation classes must be wired together. This is + * explained below. + * + * There is one implementation {@link UserAdministrationImpl} of this interface that must be constructed + * with a {@link UserSet} and {@link GroupSet} implementation, together with two validators: one for + * user names and another for group names. + * + * For user and groups sets there are two implementations, one inmemory and another with database persistence. + * Typically the one with database persistence is used but for testing other code, the inmemory implementation + * can be used. + *
+ * + *
+ * + * At construction of the userset, a password validator is required as well as a digest algorithm to + * compute a digest of the password to store in the database and also to validate users against. + *
+ * + *
+ * + * Finally, there is the basic model for users and groups that is used under the covers. As a user + * of the security library these objects will typically not be used. + *
+ * + *
+ */ +package org.wamblee.security.authentication; \ No newline at end of file