diff options
author | Christina Fu <cfu@redhat.com> | 2014-07-24 11:31:10 -0700 |
---|---|---|
committer | Christina Fu <cfu@redhat.com> | 2014-07-24 16:00:04 -0700 |
commit | d088bab2e335d266c465c333dc3f7c316c30bd46 (patch) | |
tree | 014ed8a7adc037c2fbbb2606f6e1818e7b98d32e /base/tps-tomcat/src | |
parent | 16d4e314ba89a28668e04e3b6cf470ced5d0e360 (diff) | |
download | pki-d088bab2e335d266c465c333dc3f7c316c30bd46.tar.gz pki-d088bab2e335d266c465c333dc3f7c316c30bd46.tar.xz pki-d088bab2e335d266c465c333dc3f7c316c30bd46.zip |
authentication fix: fixed issue relating to authentication that
switching between ESC and tpsclient needs to change CS.cfg param
value and restart TPS. This fix makes the issue go away.
The actual issue is the differences between "loginRequest" and
"extendedLoginRequeest".
Diffstat (limited to 'base/tps-tomcat/src')
3 files changed, 55 insertions, 22 deletions
diff --git a/base/tps-tomcat/src/org/dogtagpki/server/tps/authentication/AuthenticationManager.java b/base/tps-tomcat/src/org/dogtagpki/server/tps/authentication/AuthenticationManager.java index 4cfee3e6f..e163bf6b1 100644 --- a/base/tps-tomcat/src/org/dogtagpki/server/tps/authentication/AuthenticationManager.java +++ b/base/tps-tomcat/src/org/dogtagpki/server/tps/authentication/AuthenticationManager.java @@ -48,11 +48,13 @@ public class AuthenticationManager * auths.instance.ldap1.ui.id.PASSWORD.description.en=LDAP Password * auths.instance.ldap1.ui.id.PASSWORD.name.en=LDAP Password * auths.instance.ldap1.ui.id.PASSWORD.credMap.authCred=pwd - * auths.instance.ldap1.ui.id.PASSWORD.credMap.msgCred=password + * auths.instance.ldap1.ui.id.PASSWORD.credMap.msgCred.extlogin=PASSWORD + * auths.instance.ldap1.ui.id.PASSWORD.credMap.msgCred.login=password * auths.instance.ldap1.ui.id.UID.description.en=LDAP User ID * auths.instance.ldap1.ui.id.UID.name.en=LDAP User ID * auths.instance.ldap1.ui.id.UID.credMap.authCred=uid - * auths.instance.ldap1.ui.id.UID.credMap.msgCred=screen_name + * auths.instance.ldap1.ui.id.UID.credMap.msgCred.extlogin=UID + * auths.instance.ldap1.ui.id.UID.credMap.msgCred.login=screen_name * auths.instance.ldap1.ui.retries=1 * * # the following are handled by the IAuthManager itself @@ -222,10 +224,11 @@ public class AuthenticationManager CMS.debug("AuthenticationManager: createAuthentication(): added param=" + id); + // map the auth mgr required cred to cred name in request message IConfigStore credMapSub = uiParamSub.getSubStore(id + ".credMap"); if (credMapSub == null) { CMS.debug("AuthenticationManager: createAuthentication(): conf " - + uiParamSub.getName() + ".credMapsub" + " null or empty."); + + uiParamSub.getName() + ".credMap" + " null or empty."); continue; } String authCred = credMapSub.getString("authCred"); @@ -234,17 +237,37 @@ public class AuthenticationManager + credMapSub.getName() + ".authCred" + " null or empty."); continue; } - String msgCred = credMapSub.getString("msgCred"); - if (msgCred.isEmpty()) { + + IConfigStore msgCredSub = credMapSub.getSubStore("msgCred"); + if (msgCredSub == null) { CMS.debug("AuthenticationManager: createAuthentication(): conf " - + credMapSub.getName() + ".msgCred" + " null or empty."); + + uiParamSub.getName() + ".msgCred" + " null or empty."); continue; } - // map the auth mgr required cred to cred name in request message - auth.setCredMap(authCred, msgCred); - CMS.debug("AuthenticationManager: createAuthentication(): added cred map=" - + authCred + ":" + msgCred); + String msgCred_login = msgCredSub.getString("login"); + if (msgCred_login.isEmpty()) { + CMS.debug("AuthenticationManager: createAuthentication(): conf " + + msgCredSub.getName() + ".login" + " null or empty."); + continue; + } + auth.setCredMap(authCred, msgCred_login, + false /* not extendedLogin*/); + CMS.debug("AuthenticationManager: createAuthentication(): added cred map_login=" + + authCred + ":" + msgCred_login); + + String msgCred_extlogin = msgCredSub.getString("extlogin"); + if (msgCred_extlogin.isEmpty()) { + CMS.debug("AuthenticationManager: createAuthentication(): conf " + + msgCredSub.getName() + ".extlogin" + " null or empty."); + continue; + } + + auth.setCredMap(authCred, msgCred_extlogin, + true /* extendedLogin*/); + CMS.debug("AuthenticationManager: createAuthentication(): added cred map_extlogin=" + + authCred + ":" + msgCred_extlogin); + } Integer retries = uiSub.getInteger("retries", 1); diff --git a/base/tps-tomcat/src/org/dogtagpki/server/tps/authentication/TPSAuthenticator.java b/base/tps-tomcat/src/org/dogtagpki/server/tps/authentication/TPSAuthenticator.java index 8083343f5..4c7bcef0f 100644 --- a/base/tps-tomcat/src/org/dogtagpki/server/tps/authentication/TPSAuthenticator.java +++ b/base/tps-tomcat/src/org/dogtagpki/server/tps/authentication/TPSAuthenticator.java @@ -54,7 +54,8 @@ public class TPSAuthenticator { * auths.instance.ldap1.ui.id.PASSWORD.credMap.authCred=pwd * auths.instance.ldap1.ui.id.PASSWORD.credMap.msgCred=password */ - private HashMap<String, String> credMap; + private HashMap<String, String> credMap_login; + private HashMap<String, String> credMap_extlogin; // retries if the user entered the wrong password/securid private int maxLoginRetries = 1; @@ -73,7 +74,8 @@ public class TPSAuthenticator { uiTitle = new HashMap<String, String>(); uiDescription = new HashMap<String, String>(); uiParameters = new HashMap<String, AuthUIParameter>(); - credMap = new HashMap<String, String>(); + credMap_login = new HashMap<String, String>(); + credMap_extlogin = new HashMap<String, String>(); } public String getID() { @@ -112,12 +114,18 @@ public class TPSAuthenticator { return uiParameters; } - public void setCredMap(String authCred, String msgCred) { - credMap.put(authCred, msgCred); + public void setCredMap(String authCred, String msgCred, boolean extLogin) { + if (extLogin) + credMap_extlogin.put(authCred, msgCred); + else + credMap_login.put(authCred, msgCred); } - public String getCredMap(String authCred) { - return credMap.get(authCred); + public String getCredMap(String authCred, boolean extLogin) { + if (extLogin) + return credMap_extlogin.get(authCred); + else + return credMap_login.get(authCred); } public int getNumOfRetries() { diff --git a/base/tps-tomcat/src/org/dogtagpki/server/tps/processor/TPSProcessor.java b/base/tps-tomcat/src/org/dogtagpki/server/tps/processor/TPSProcessor.java index 735ebc248..22fb5734b 100644 --- a/base/tps-tomcat/src/org/dogtagpki/server/tps/processor/TPSProcessor.java +++ b/base/tps-tomcat/src/org/dogtagpki/server/tps/processor/TPSProcessor.java @@ -748,17 +748,19 @@ public class TPSProcessor { * with mapped values from client * configuration example: * - * auths.instance.ldap1.ui.id.UID.credMap.msgCred=screen_name + * auths.instance.ldap1.ui.id.UID.credMap.msgCred.extlogin=UID + * auths.instance.ldap1.ui.id.UID.credMap.msgCred.login=screen_name * auths.instance.ldap1.ui.id.UID.credMap.authCred=uid * - * auths.instance.ldap1.ui.id.PASSWORD.credMap.msgCred=password + * auths.instance.ldap1.ui.id.PASSWORD.credMap.msgCred.extlogin=PASSWORD + * auths.instance.ldap1.ui.id.PASSWORD.credMap.msgCred.login=password * auths.instance.ldap1.ui.id.PASSWORD.credMap.authCred=pwd * * @param response the message response to be mapped * @param auth the authentication for mapping consultation * @return IAuthCredentials auth credential for auth manager */ - public IAuthCredentials mapCredFromMsgResponse(TPSMessage response, TPSAuthenticator auth) + public IAuthCredentials mapCredFromMsgResponse(TPSMessage response, TPSAuthenticator auth, boolean extendedLogin) throws EBaseException { CMS.debug("TPSProcessor.mapCredFromMsgResponse"); if (response == null || auth == null) { @@ -770,7 +772,7 @@ public class TPSProcessor { String[] requiredCreds = auth.getAuthManager().getRequiredCreds(); for (String cred : requiredCreds) { - String name = auth.getCredMap(cred); + String name = auth.getCredMap(cred, extendedLogin); login.set(cred, response.get(name)); } @@ -813,7 +815,7 @@ public class TPSProcessor { throw e; } - IAuthCredentials login = mapCredFromMsgResponse(loginResp, auth); + IAuthCredentials login = mapCredFromMsgResponse(loginResp, auth, true /*extendedLogin*/); return login; } @@ -849,7 +851,7 @@ public class TPSProcessor { throw e; } - IAuthCredentials login = mapCredFromMsgResponse(loginResp, auth); + IAuthCredentials login = mapCredFromMsgResponse(loginResp, auth, false /*not extendedLogin*/); return login; } |