diff --git a/scm-plugin-backend/pom.xml b/scm-plugin-backend/pom.xml deleted file mode 100644 index 1d3621b8ea..0000000000 --- a/scm-plugin-backend/pom.xml +++ /dev/null @@ -1,165 +0,0 @@ - - - - 4.0.0 - - - scm - sonia.scm - 1.55-SNAPSHOT - - - sonia.scm - scm-plugin-backend - war - 1.55-SNAPSHOT - ${project.artifactId} - - - - - javax.servlet - servlet-api - ${servlet.version} - provided - - - - - - javax.transaction - jta - 1.1 - provided - - - - - - org.slf4j - jcl-over-slf4j - ${slf4j.version} - - - - org.slf4j - log4j-over-slf4j - ${slf4j.version} - - - - ch.qos.logback - logback-classic - ${logback.version} - - - - org.freemarker - freemarker - ${freemarker.version} - - - - sonia.scm - scm-core - 1.55-SNAPSHOT - - - - com.sun.jersey.contribs - jersey-guice - ${jersey.version} - - - - rome - rome - 1.0 - - - - net.sf.ehcache - ehcache-core - ${ehcache.version} - - - - org.imgscalr - imgscalr-lib - 4.2 - - - - - - org.apache.shiro - shiro-web - ${shiro.version} - - - - org.apache.shiro - shiro-guice - ${shiro.version} - - - - org.apache.shiro - shiro-ehcache - ${shiro.version} - - - - - - src/main/webapp/template/** - - - - - - - - com.mycila.maven-license-plugin - maven-license-plugin - 1.9.0 - -
http://download.scm-manager.org/licenses/mvn-license.txt
- - src/** - **/test/** - - - target/** - .hg/** - **/html5.js - **/*.html - **/fancybox/** - - true - - - - - org.mortbay.jetty - jetty-maven-plugin - ${jetty.version} - - 8004 - STOP - - /scm-plugin-backend - - ${project.build.javaLevel} - ${project.build.javaLevel} - ${project.build.sourceEncoding} - 0 - - - - - - scm-plugin-backend - - - diff --git a/scm-plugin-backend/src/main/java/sonia/scm/plugin/AdminAccountConfiguration.java b/scm-plugin-backend/src/main/java/sonia/scm/plugin/AdminAccountConfiguration.java deleted file mode 100644 index 46bbc06c64..0000000000 --- a/scm-plugin-backend/src/main/java/sonia/scm/plugin/AdminAccountConfiguration.java +++ /dev/null @@ -1,231 +0,0 @@ -/** - * Copyright (c) 2010, Sebastian Sdorra - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions are met: - * - * 1. Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * 3. Neither the name of SCM-Manager; nor the names of its - * contributors may be used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY - * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - * - * http://bitbucket.org/sdorra/scm-manager - * - */ - - -package sonia.scm.plugin; - -//~--- non-JDK imports -------------------------------------------------------- - -import com.google.common.base.Objects; - -import org.apache.shiro.authc.SaltedAuthenticationInfo; -import org.apache.shiro.codec.Base64; -import org.apache.shiro.subject.PrincipalCollection; -import org.apache.shiro.subject.SimplePrincipalCollection; -import org.apache.shiro.util.ByteSource; - -//~--- JDK imports ------------------------------------------------------------ - -import javax.xml.bind.annotation.XmlAccessType; -import javax.xml.bind.annotation.XmlAccessorType; -import javax.xml.bind.annotation.XmlRootElement; - -/** - * - * @author Sebastian Sdorra - */ -@XmlRootElement(name = "admin-account") -@XmlAccessorType(XmlAccessType.FIELD) -public class AdminAccountConfiguration implements SaltedAuthenticationInfo -{ - - /** Field description */ - private static final long serialVersionUID = -8678832281151044462L; - - //~--- constructors --------------------------------------------------------- - - /** - * Constructs ... - * - */ - public AdminAccountConfiguration() {} - - /** - * Constructs ... - * - * - * @param username - * @param salt - * @param password - */ - public AdminAccountConfiguration(String username, String salt, - String password) - { - this.username = username; - this.salt = salt; - this.password = password; - } - - //~--- methods -------------------------------------------------------------- - - /** - * Method description - * - * - * @param obj - * - * @return - */ - @Override - public boolean equals(Object obj) - { - if (obj == null) - { - return false; - } - - if (getClass() != obj.getClass()) - { - return false; - } - - final AdminAccountConfiguration other = (AdminAccountConfiguration) obj; - - return Objects.equal(username, other.username) - && Objects.equal(salt, other.salt) - && Objects.equal(password, other.password); - } - - /** - * Method description - * - * - * @return - */ - @Override - public int hashCode() - { - return Objects.hashCode(username, salt, password); - } - - /** - * Method description - * - * - * @return - */ - @Override - @SuppressWarnings("squid:S2068") - public String toString() - { - //J- - return Objects.toStringHelper(this) - .add("username", username) - .add("salt", "xxx") - .add("password", "xxx") - .toString(); - //J+ - } - - //~--- get methods ---------------------------------------------------------- - - /** - * Method description - * - * - * @return - */ - @Override - public Object getCredentials() - { - return password; - } - - /** - * Method description - * - * - * @return - */ - @Override - public ByteSource getCredentialsSalt() - { - return ByteSource.Util.bytes(Base64.decode(salt)); - } - - /** - * Method description - * - * - * @return - */ - public String getPassword() - { - return password; - } - - /** - * Method description - * - * - * @return - */ - @Override - public PrincipalCollection getPrincipals() - { - - // TODO - return new SimplePrincipalCollection(username, "scm-backend"); - } - - /** - * Method description - * - * - * @return - */ - public String getSalt() - { - return salt; - } - - /** - * Method description - * - * - * @return - */ - public String getUsername() - { - return username; - } - - //~--- fields --------------------------------------------------------------- - - /** Field description */ - private String password; - - /** Field description */ - private String salt; - - /** Field description */ - private String username; -} diff --git a/scm-plugin-backend/src/main/java/sonia/scm/plugin/security/SecurityModule.java b/scm-plugin-backend/src/main/java/sonia/scm/plugin/security/SecurityModule.java deleted file mode 100644 index 9be130375e..0000000000 --- a/scm-plugin-backend/src/main/java/sonia/scm/plugin/security/SecurityModule.java +++ /dev/null @@ -1,204 +0,0 @@ -/** - * Copyright (c) 2010, Sebastian Sdorra - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions are met: - * - * 1. Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * 3. Neither the name of SCM-Manager; nor the names of its - * contributors may be used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY - * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - * - * http://bitbucket.org/sdorra/scm-manager - * - */ - - -package sonia.scm.plugin.security; - -//~--- non-JDK imports -------------------------------------------------------- - -import com.google.inject.name.Named; -import com.google.inject.name.Names; - -import org.apache.shiro.authc.credential.CredentialsMatcher; -import org.apache.shiro.authc.credential.HashedCredentialsMatcher; -import org.apache.shiro.cache.CacheManager; -import org.apache.shiro.crypto.RandomNumberGenerator; -import org.apache.shiro.crypto.SecureRandomNumberGenerator; -import org.apache.shiro.crypto.hash.SimpleHash; -import org.apache.shiro.guice.web.ShiroWebModule; -import org.apache.shiro.util.ByteSource; - -import sonia.scm.plugin.Roles; - -//~--- JDK imports ------------------------------------------------------------ - -import javax.servlet.ServletContext; - -import javax.swing.JOptionPane; - -/** - * - * @author Sebastian Sdorra - */ -public class SecurityModule extends ShiroWebModule -{ - - /** Field description */ - private static final String ATTRIBUTE_FAILURE = "shiroLoginFailure"; - - /** Field description */ - private static final String HASH_ALGORITHM = "SHA-256"; - - /** Field description */ - private static final int HASH_ITERATIONS = 1024; - - /** Field description */ - private static final String PAGE_LOGIN = "/page/login.html"; - - /** Field description */ - private static final String PAGE_SUCCESS = "/admin/index.html"; - - /** Field description */ - private static final String PAGE_UNAUTHORIZED = "/error/unauthorized.html"; - - /** Field description */ - @SuppressWarnings("squid:S2068") - private static final String PARAM_PASSWORD = "password"; - - /** Field description */ - private static final String PARAM_REMEMBERME = "rememberme"; - - /** Field description */ - private static final String PARAM_USERNAME = "username"; - - /** Field description */ - private static final String PATTERN_ADMIN = "/admin/**"; - - /** Field description */ - private static final Named NAMED_USERNAMEPARAM = - Names.named("shiro.usernameParam"); - - /** Field description */ - private static final Named NAMED_UNAUTHORIZEDURL = - Names.named("shiro.unauthorizedUrl"); - - /** Field description */ - private static final Named NAMED_SUCCESSURL = Names.named("shiro.successUrl"); - - /** Field description */ - private static final Named NAMED_REMEMBERMEPARAM = - Names.named("shiro.rememberMeParam"); - - /** Field description */ - private static final Named NAMED_PASSWORDPARAM = - Names.named("shiro.passwordParam"); - - /** Field description */ - private static final Named NAMED_LOGINURL = Names.named("shiro.loginUrl"); - - /** Field description */ - private static final Named NAMED_FAILUREKEYATTRIBUTE = - Names.named("shiro.failureKeyAttribute"); - - //~--- constructors --------------------------------------------------------- - - /** - * Constructs ... - * - * - * @param servletContext - */ - public SecurityModule(ServletContext servletContext) - { - super(servletContext); - } - - //~--- methods -------------------------------------------------------------- - - /** - * Method description - * - * - * @param args - */ - public static void main(String[] args) - { - String value = JOptionPane.showInputDialog("Password"); - RandomNumberGenerator rng = new SecureRandomNumberGenerator(); - ByteSource salt = rng.nextBytes(); - SimpleHash hash = new SimpleHash(HASH_ALGORITHM, value, salt, - HASH_ITERATIONS); - - System.out.append("Salt: ").println(salt.toBase64()); - System.out.append("Hash: ").println(hash.toBase64()); - } - - /** - * Method description - * - */ - @Override - protected void configureShiroWeb() - { - bindConstants(); - bindCredentialsMatcher(); - - // bind cache manager - bind(CacheManager.class).toProvider(CacheManagerProvider.class); - - // bind realm - bindRealm().to(DefaultAdminRealm.class); - - // add filters - addFilterChain(PAGE_LOGIN, AUTHC); - addFilterChain(PATTERN_ADMIN, AUTHC, config(ROLES, Roles.ADMIN)); - } - - /** - * Method description - * - */ - private void bindConstants() - { - bindConstant().annotatedWith(NAMED_LOGINURL).to(PAGE_LOGIN); - bindConstant().annotatedWith(NAMED_USERNAMEPARAM).to(PARAM_USERNAME); - bindConstant().annotatedWith(NAMED_PASSWORDPARAM).to(PARAM_PASSWORD); - bindConstant().annotatedWith(NAMED_REMEMBERMEPARAM).to(PARAM_REMEMBERME); - bindConstant().annotatedWith(NAMED_SUCCESSURL).to(PAGE_SUCCESS); - bindConstant().annotatedWith(NAMED_UNAUTHORIZEDURL).to(PAGE_UNAUTHORIZED); - bindConstant().annotatedWith(NAMED_FAILUREKEYATTRIBUTE).to( - ATTRIBUTE_FAILURE); - } - - /** - * Method description - * - */ - private void bindCredentialsMatcher() - { - HashedCredentialsMatcher matcher = - new HashedCredentialsMatcher(HASH_ALGORITHM); - - matcher.setHashIterations(HASH_ITERATIONS); - matcher.setStoredCredentialsHexEncoded(false); - bind(CredentialsMatcher.class).toInstance(matcher); - } -}