This project has retired. For details please refer to its Attic page.
PasswordValidator xref
View Javadoc

1   package org.apache.archiva.redback.rest.services.utils;
2   /*
3    * Licensed to the Apache Software Foundation (ASF) under one
4    * or more contributor license agreements.  See the NOTICE file
5    * distributed with this work for additional information
6    * regarding copyright ownership.  The ASF licenses this file
7    * to you under the Apache License, Version 2.0 (the
8    * "License"); you may not use this file except in compliance
9    * with the License.  You may obtain a copy of the License at
10   *
11   *   http://www.apache.org/licenses/LICENSE-2.0
12   *
13   * Unless required by applicable law or agreed to in writing,
14   * software distributed under the License is distributed on an
15   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
16   * KIND, either express or implied.  See the License for the
17   * specific language governing permissions and limitations
18   * under the License.
19   */
20  
21  import org.apache.archiva.redback.policy.PasswordRuleViolations;
22  import org.apache.archiva.redback.users.User;
23  import org.apache.archiva.redback.users.UserManagerException;
24  import org.apache.archiva.redback.users.UserNotFoundException;
25  import org.apache.archiva.redback.policy.PasswordEncoder;
26  import org.apache.archiva.redback.policy.PasswordRuleViolationException;
27  import org.apache.archiva.redback.system.SecuritySystem;
28  import org.apache.archiva.redback.rest.api.model.ErrorMessage;
29  import org.apache.archiva.redback.rest.api.services.RedbackServiceException;
30  import org.slf4j.Logger;
31  import org.slf4j.LoggerFactory;
32  import org.springframework.stereotype.Service;
33  
34  import javax.inject.Inject;
35  import java.util.ArrayList;
36  import java.util.Arrays;
37  import java.util.List;
38  
39  /**
40   * @author Olivier Lamy
41   * @since 1.4
42   */
43  @Service("passwordValidator#rest")
44  public class PasswordValidator
45  {
46  
47      private Logger log = LoggerFactory.getLogger( getClass() );
48  
49      @Inject
50      private SecuritySystem securitySystem;
51  
52      /**
53       * @param password
54       * @param principal
55       * @return encoded password
56       * @throws RedbackServiceException
57       */
58      public String validatePassword( String password, String principal )
59          throws RedbackServiceException
60      {
61          try
62          {
63              // password validation with a tmp user
64              User tempUser = securitySystem.getUserManager().createUser( "temp", "temp", "temp" );
65              tempUser.setPassword( password );
66              securitySystem.getPolicy().validatePassword( tempUser );
67  
68              PasswordEncoder encoder = securitySystem.getPolicy().getPasswordEncoder();
69  
70              User user = securitySystem.getUserManager().findUser( principal );
71              String encodedPassword = encoder.encodePassword( password );
72              user.setEncodedPassword( encodedPassword );
73              user.setPassword( password );
74  
75              securitySystem.getPolicy().validatePassword( user );
76  
77              return encodedPassword;
78          }
79          catch ( UserNotFoundException e )
80          {
81              log.info( "user {} not found", e.getMessage() );
82              List<ErrorMessage> errorMessages = new ArrayList<ErrorMessage>( 2 );
83              ErrorMessage errorMessage = new ErrorMessage( "cannot.update.user.not.found", new String[]{ principal } );
84              errorMessages.add( errorMessage );
85              errorMessage = new ErrorMessage( "admin.deleted.account" );
86              errorMessages.add( errorMessage );
87              throw new RedbackServiceException( errorMessages );
88          }
89          catch ( PasswordRuleViolationException e )
90          {
91              PasswordRuleViolations violations = e.getViolations();
92              List<ErrorMessage> errorMessages = new ArrayList<ErrorMessage>( violations.getViolations().size() );
93              if ( violations != null )
94              {
95                  for ( String violation : violations.getLocalizedViolations() )
96                  {
97                      errorMessages.add( new ErrorMessage( violation ) );
98                  }
99              }
100             throw new RedbackServiceException( errorMessages );
101         }
102         catch ( UserManagerException e )
103         {
104             log.info( "UserManagerException: {}", e.getMessage() );
105             List<ErrorMessage> errorMessages =
106                 Arrays.asList( new ErrorMessage().message( "UserManagerException: " + e.getMessage() ) );
107             throw new RedbackServiceException( errorMessages );
108         }
109 
110     }
111 }