diff --git a/plugins/scm-hg-plugin/src/main/java/sonia/scm/api/rest/resources/HgConfigResource.java b/plugins/scm-hg-plugin/src/main/java/sonia/scm/api/rest/resources/HgConfigResource.java
index 684a8fd734..145949dc66 100644
--- a/plugins/scm-hg-plugin/src/main/java/sonia/scm/api/rest/resources/HgConfigResource.java
+++ b/plugins/scm-hg-plugin/src/main/java/sonia/scm/api/rest/resources/HgConfigResource.java
@@ -14,7 +14,6 @@ import com.google.inject.Singleton;
import sonia.scm.repository.HgConfig;
import sonia.scm.repository.HgRepositoryHandler;
-import sonia.scm.repository.RepositoryManager;
import sonia.scm.web.HgWebConfigWriter;
//~--- JDK imports ------------------------------------------------------------
diff --git a/scm-core/src/main/java/sonia/scm/User.java b/scm-core/src/main/java/sonia/scm/User.java
index fd2c5bf7c3..8b154be6f0 100644
--- a/scm-core/src/main/java/sonia/scm/User.java
+++ b/scm-core/src/main/java/sonia/scm/User.java
@@ -24,7 +24,10 @@ import javax.xml.bind.annotation.XmlType;
*/
@XmlRootElement(name = "users")
@XmlAccessorType(XmlAccessType.FIELD)
-@XmlType(propOrder = { "name", "displayName", "mail" })
+@XmlType(propOrder =
+{
+ "name", "displayName", "mail", "password"
+})
public class User implements Principal, Serializable
{
@@ -90,6 +93,17 @@ public class User implements Principal, Serializable
return name;
}
+ /**
+ * Method description
+ *
+ *
+ * @return
+ */
+ public String getPassword()
+ {
+ return password;
+ }
+
//~--- set methods ----------------------------------------------------------
/**
@@ -126,6 +140,17 @@ public class User implements Principal, Serializable
this.name = name;
}
+ /**
+ * Method description
+ *
+ *
+ * @param password
+ */
+ public void setPassword(String password)
+ {
+ this.password = password;
+ }
+
//~--- fields ---------------------------------------------------------------
/** Field description */
@@ -136,4 +161,7 @@ public class User implements Principal, Serializable
/** Field description */
private String name;
+
+ /** Field description */
+ private String password;
}
diff --git a/scm-web-api/src/main/java/sonia/scm/web/security/Authenticator.java b/scm-web-api/src/main/java/sonia/scm/web/security/Authenticator.java
index abe9904f85..cdea22311c 100644
--- a/scm-web-api/src/main/java/sonia/scm/web/security/Authenticator.java
+++ b/scm-web-api/src/main/java/sonia/scm/web/security/Authenticator.java
@@ -9,10 +9,13 @@ package sonia.scm.web.security;
//~--- non-JDK imports --------------------------------------------------------
+import sonia.scm.Initable;
import sonia.scm.User;
//~--- JDK imports ------------------------------------------------------------
+import java.io.Closeable;
+
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
@@ -20,7 +23,7 @@ import javax.servlet.http.HttpServletResponse;
*
* @author Sebastian Sdorra
*/
-public interface Authenticator
+public interface Authenticator extends Initable, Closeable
{
/**
diff --git a/scm-webapp/pom.xml b/scm-webapp/pom.xml
index 82c2ba31cd..502e56b4ce 100644
--- a/scm-webapp/pom.xml
+++ b/scm-webapp/pom.xml
@@ -119,7 +119,7 @@
org.apache.commons.logging.Log
- org.apache.commons.logging.impl.Jdk14Logger
+ org.apache.commons.logging.impl.Log4JLogger
${project.build.javaLevel}
diff --git a/scm-webapp/src/main/java/sonia/scm/ContextListener.java b/scm-webapp/src/main/java/sonia/scm/ContextListener.java
index 3076f0710c..1ce295edde 100644
--- a/scm-webapp/src/main/java/sonia/scm/ContextListener.java
+++ b/scm-webapp/src/main/java/sonia/scm/ContextListener.java
@@ -27,6 +27,7 @@ import java.util.Collection;
import java.util.List;
import javax.servlet.ServletContextEvent;
+import sonia.scm.web.security.Authenticator;
/**
*
@@ -103,6 +104,9 @@ public class ContextListener extends GuiceServletContextListener
// init RepositoryManager
injector.getInstance(RepositoryManager.class).init(SCMContext.getContext());
+ // init Authenticator
+ injector.getInstance(Authenticator.class).init(SCMContext.getContext());
+
return injector;
}
diff --git a/scm-webapp/src/main/java/sonia/scm/ScmServletModule.java b/scm-webapp/src/main/java/sonia/scm/ScmServletModule.java
index aca16b5809..a4dab4249e 100644
--- a/scm-webapp/src/main/java/sonia/scm/ScmServletModule.java
+++ b/scm-webapp/src/main/java/sonia/scm/ScmServletModule.java
@@ -25,12 +25,14 @@ import sonia.scm.plugin.ScriptResourceServlet;
import sonia.scm.repository.BasicRepositoryManager;
import sonia.scm.repository.RepositoryHandler;
import sonia.scm.repository.RepositoryManager;
+import sonia.scm.security.EncryptionHandler;
+import sonia.scm.security.MessageDigestEncryptionHandler;
import sonia.scm.util.DebugServlet;
import sonia.scm.web.ScmWebPluginContext;
import sonia.scm.web.security.Authenticator;
import sonia.scm.web.security.BasicSecurityContext;
-import sonia.scm.web.security.DemoAuthenticator;
import sonia.scm.web.security.SecurityContext;
+import sonia.scm.web.security.XmlAuthenticator;
//~--- JDK imports ------------------------------------------------------------
@@ -111,7 +113,8 @@ public class ScmServletModule extends ServletModule
SCMContextProvider context = SCMContext.getContext();
bind(SCMContextProvider.class).toInstance(context);
- bind(Authenticator.class).to(DemoAuthenticator.class);
+ bind(EncryptionHandler.class).to(MessageDigestEncryptionHandler.class);
+ bind(Authenticator.class).to(XmlAuthenticator.class);
bind(SecurityContext.class).to(BasicSecurityContext.class);
Multibinder repositoryHandlerBinder =
diff --git a/scm-webapp/src/main/java/sonia/scm/web/security/DemoAuthenticator.java b/scm-webapp/src/main/java/sonia/scm/web/security/DemoAuthenticator.java
deleted file mode 100644
index 4657d4b76d..0000000000
--- a/scm-webapp/src/main/java/sonia/scm/web/security/DemoAuthenticator.java
+++ /dev/null
@@ -1,65 +0,0 @@
-/*
- * To change this template, choose Tools | Templates
- * and open the template in the editor.
- */
-
-
-
-package sonia.scm.web.security;
-
-//~--- non-JDK imports --------------------------------------------------------
-
-import sonia.scm.User;
-
-//~--- JDK imports ------------------------------------------------------------
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-/**
- *
- * @author Sebastian Sdorra
- */
-public class DemoAuthenticator implements Authenticator
-{
-
- /** Field description */
- private static final String DEMO_DISPLAYNAME = "Hans am Schalter";
-
- /** Field description */
- private static final String DEMO_MAIL = "hans@schalter.de";
-
- /** Field description */
- private static final String DEMO_PASSWORD = "hans123";
-
- /** Field description */
- private static final String DEMO_USERNAME = "hans";
-
- //~--- methods --------------------------------------------------------------
-
- /**
- * Method description
- *
- *
- * @param request
- * @param response
- * @param username
- * @param password
- *
- * @return
- */
- @Override
- public User authenticate(HttpServletRequest request,
- HttpServletResponse response, String username,
- String password)
- {
- User user = null;
-
- if (DEMO_USERNAME.equals(username) && DEMO_PASSWORD.equals(password))
- {
- user = new User(username, DEMO_DISPLAYNAME, DEMO_MAIL);
- }
-
- return user;
- }
-}
diff --git a/scm-webapp/src/main/java/sonia/scm/web/security/XmlAuthenticator.java b/scm-webapp/src/main/java/sonia/scm/web/security/XmlAuthenticator.java
new file mode 100644
index 0000000000..ea19d7f5e3
--- /dev/null
+++ b/scm-webapp/src/main/java/sonia/scm/web/security/XmlAuthenticator.java
@@ -0,0 +1,138 @@
+/*
+ * To change this template, choose Tools | Templates
+ * and open the template in the editor.
+ */
+
+
+
+package sonia.scm.web.security;
+
+//~--- non-JDK imports --------------------------------------------------------
+
+import com.google.inject.Inject;
+import com.google.inject.Singleton;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import sonia.scm.SCMContextProvider;
+import sonia.scm.User;
+import sonia.scm.security.EncryptionHandler;
+
+//~--- JDK imports ------------------------------------------------------------
+
+import java.io.File;
+import java.io.IOException;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import javax.xml.bind.JAXB;
+
+/**
+ *
+ * @author Sebastian Sdorra
+ */
+@Singleton
+public class XmlAuthenticator implements Authenticator
+{
+
+ /** Field description */
+ public static final String NAME_DIRECTORY = "users";
+
+ /** the logger for XmlAuthenticator */
+ private static final Logger logger =
+ LoggerFactory.getLogger(XmlAuthenticator.class);
+
+ //~--- methods --------------------------------------------------------------
+
+ /**
+ * Method description
+ *
+ *
+ * @param request
+ * @param response
+ * @param username
+ * @param password
+ *
+ * @return
+ */
+ @Override
+ public User authenticate(HttpServletRequest request,
+ HttpServletResponse response, String username,
+ String password)
+ {
+ User user = null;
+ File userFile = new File(baseDirectory, username.concat(".xml"));
+
+ if ((userFile != null) && userFile.exists())
+ {
+ user = JAXB.unmarshal(userFile, User.class);
+
+ String encryptedPassword = encryptionHandler.encrypt(password);
+
+ System.out.println(encryptedPassword);
+ System.out.println(user.getPassword());
+
+ if (!encryptedPassword.equalsIgnoreCase(user.getPassword()))
+ {
+ user = null;
+
+ if (logger.isDebugEnabled())
+ {
+ logger.debug("password for user {} is wrong", username);
+ }
+ }
+ else
+ {
+ user.setPassword(null);
+ }
+ }
+ else if (logger.isDebugEnabled())
+ {
+ logger.debug("could not find user {}", username);
+ }
+
+ return user;
+ }
+
+ /**
+ * Method description
+ *
+ *
+ * @throws IOException
+ */
+ @Override
+ public void close() throws IOException
+ {
+
+ // do nothing
+ }
+
+ /**
+ * Method description
+ *
+ *
+ * @param provider
+ */
+ @Override
+ public void init(SCMContextProvider provider)
+ {
+ baseDirectory = new File(provider.getBaseDirectory(), NAME_DIRECTORY);
+
+ if (logger.isInfoEnabled())
+ {
+ logger.info("init XmlAuthenticator with directory {}",
+ baseDirectory.getAbsolutePath());
+ }
+ }
+
+ //~--- fields ---------------------------------------------------------------
+
+ /** Field description */
+ private File baseDirectory;
+
+ /** Field description */
+ @Inject
+ private EncryptionHandler encryptionHandler;
+}