From 02c0902859a85a96243804759e6cfcb104fa44e7 Mon Sep 17 00:00:00 2001 From: John Oliver Date: Wed, 8 May 2013 11:39:04 +0100 Subject: [PATCH 1/7] Set mod auth manager to save a JsoObject as opposed to simply a username, so that additional data can be added to the auth response such as group membership, permissions etc --- src/main/java/org/vertx/mods/AuthManager.java | 43 +++++++++++-------- 1 file changed, 24 insertions(+), 19 deletions(-) diff --git a/src/main/java/org/vertx/mods/AuthManager.java b/src/main/java/org/vertx/mods/AuthManager.java index b926bba..cdc8ed2 100644 --- a/src/main/java/org/vertx/mods/AuthManager.java +++ b/src/main/java/org/vertx/mods/AuthManager.java @@ -37,7 +37,7 @@ public class AuthManager extends BusModBase { private Handler> logoutHandler; private Handler> authoriseHandler; - protected final Map sessions = new HashMap<>(); + protected final Map sessions = new HashMap<>(); protected final Map logins = new HashMap<>(); private static final long DEFAULT_SESSION_TIMEOUT = 30 * 60 * 1000; @@ -60,7 +60,8 @@ private LoginInfo(long timerID, String sessionID) { /** * Start the busmod */ - public void start() { + @Override +public void start() { super.start(); this.address = getOptionalStringConfig("address", "vertx.basicauthmanager"); @@ -78,19 +79,22 @@ public void start() { } loginHandler = new Handler>() { - public void handle(Message message) { + @Override + public void handle(Message message) { doLogin(message); } }; eb.registerHandler(address + ".login", loginHandler); logoutHandler = new Handler>() { - public void handle(Message message) { + @Override + public void handle(Message message) { doLogout(message); } }; eb.registerHandler(address + ".logout", logoutHandler); authoriseHandler = new Handler>() { - public void handle(Message message) { + @Override + public void handle(Message message) { doAuthorise(message); } }; @@ -113,10 +117,11 @@ private void doLogin(final Message message) { findMsg.putObject("matcher", matcher); eb.send(persistorAddress, findMsg, new Handler>() { - public void handle(Message reply) { - - if (reply.body.getString("status").equals("ok")) { - if (reply.body.getObject("result") != null) { + @Override + public void handle(Message reply) { + JsonObject authData = reply.body; + if (authData.getString("status").equals("ok")) { + if (authData.getObject("result") != null) { // Check if already logged in, if so logout of the old session LoginInfo info = logins.get(username); @@ -127,12 +132,16 @@ public void handle(Message reply) { // Found final String sessionID = UUID.randomUUID().toString(); long timerID = vertx.setTimer(sessionTimeout, new Handler() { - public void handle(Long timerID) { + @Override + public void handle(Long timerID) { sessions.remove(sessionID); logins.remove(username); } }); - sessions.put(sessionID, username); + + authData.removeField("password"); + + sessions.put(sessionID, authData); logins.put(username, new LoginInfo(timerID, sessionID)); JsonObject jsonReply = new JsonObject().putString("sessionID", sessionID); sendOK(message, jsonReply); @@ -160,7 +169,7 @@ protected void doLogout(final Message message) { } protected boolean logout(String sessionID) { - String username = sessions.remove(sessionID); + String username = sessions.remove(sessionID).getString("username"); if (username != null) { LoginInfo info = logins.remove(username); vertx.cancelTimer(info.timerID); @@ -175,14 +184,10 @@ protected void doAuthorise(Message message) { if (sessionID == null) { return; } - String username = sessions.get(sessionID); - - // In this basic auth manager we don't do any resource specific authorisation - // The user is always authorised if they are logged in + JsonObject authData = sessions.get(sessionID); - if (username != null) { - JsonObject reply = new JsonObject().putString("username", username); - sendOK(message, reply); + if (authData != null) { + sendOK(message, authData); } else { sendStatus("denied", message); } From b712c0db06bbe31487e43244b9720c5f48b1d057 Mon Sep 17 00:00:00 2001 From: John Oliver Date: Wed, 8 May 2013 11:54:07 +0100 Subject: [PATCH 2/7] fix white space --- src/main/java/org/vertx/mods/AuthManager.java | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/src/main/java/org/vertx/mods/AuthManager.java b/src/main/java/org/vertx/mods/AuthManager.java index 5847785..38bad2e 100644 --- a/src/main/java/org/vertx/mods/AuthManager.java +++ b/src/main/java/org/vertx/mods/AuthManager.java @@ -60,7 +60,7 @@ private LoginInfo(long timerID, String sessionID) { /** * Start the busmod */ -public void start() { + public void start() { super.start(); this.address = getOptionalStringConfig("address", "vertx.basicauthmanager"); @@ -78,19 +78,19 @@ public void start() { } loginHandler = new Handler>() { - public void handle(Message message) { + public void handle(Message message) { doLogin(message); } }; eb.registerHandler(address + ".login", loginHandler); logoutHandler = new Handler>() { - public void handle(Message message) { + public void handle(Message message) { doLogout(message); } }; eb.registerHandler(address + ".logout", logoutHandler); authoriseHandler = new Handler>() { - public void handle(Message message) { + public void handle(Message message) { doAuthorise(message); } }; @@ -115,7 +115,7 @@ private void doLogin(final Message message) { eb.send(persistorAddress, findMsg, new Handler>() { public void handle(Message reply) { - JsonObject authData = reply.body; + JsonObject authData = reply.body(); if (authData.getString("status").equals("ok")) { if (authData.getObject("result") != null) { // Check if already logged in, if so logout of the old session @@ -133,7 +133,8 @@ public void handle(Long timerID) { logins.remove(username); } }); - + + //remove password so that we dont send it back over the wire authData.removeField("password"); sessions.put(sessionID, authData); From dd67fcc48b6a3cd2f899e732cd0cb15fb993d2ac Mon Sep 17 00:00:00 2001 From: John Oliver Date: Wed, 8 May 2013 13:19:49 +0100 Subject: [PATCH 3/7] Tidy up and flatten session data --- src/main/java/org/vertx/mods/AuthManager.java | 21 ++++++++++++------- 1 file changed, 14 insertions(+), 7 deletions(-) diff --git a/src/main/java/org/vertx/mods/AuthManager.java b/src/main/java/org/vertx/mods/AuthManager.java index 38bad2e..53d6773 100644 --- a/src/main/java/org/vertx/mods/AuthManager.java +++ b/src/main/java/org/vertx/mods/AuthManager.java @@ -115,9 +115,8 @@ private void doLogin(final Message message) { eb.send(persistorAddress, findMsg, new Handler>() { public void handle(Message reply) { - JsonObject authData = reply.body(); - if (authData.getString("status").equals("ok")) { - if (authData.getObject("result") != null) { + if (reply.body().getString("status").equals("ok")) { + if (reply.body().getObject("result") != null) { // Check if already logged in, if so logout of the old session LoginInfo info = logins.get(username); if (info != null) { @@ -134,10 +133,14 @@ public void handle(Long timerID) { } }); + //Put record returned from the db as session data + JsonObject sessionData = reply.body().getObject("result"); + sessionData.putString("status", "ok"); + //remove password so that we dont send it back over the wire - authData.removeField("password"); - - sessions.put(sessionID, authData); + sessionData.removeField("password"); + + sessions.put(sessionID, sessionData); logins.put(username, new LoginInfo(timerID, sessionID)); JsonObject jsonReply = new JsonObject().putString("sessionID", sessionID); sendOK(message, jsonReply); @@ -165,7 +168,11 @@ protected void doLogout(final Message message) { } protected boolean logout(String sessionID) { - String username = sessions.remove(sessionID).getString("username"); + JsonObject session = sessions.remove(sessionID); + if (session == null) + return false; + + String username = session.getString("username"); if (username != null) { LoginInfo info = logins.remove(username); vertx.cancelTimer(info.timerID); From 08abeb1318564de81c29a52a707b47c95e0de1b8 Mon Sep 17 00:00:00 2001 From: John Oliver Date: Wed, 8 May 2013 13:41:15 +0100 Subject: [PATCH 4/7] remove _id field and make sure to add data to reply --- src/main/java/org/vertx/mods/AuthManager.java | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/src/main/java/org/vertx/mods/AuthManager.java b/src/main/java/org/vertx/mods/AuthManager.java index 53d6773..c8cf7f9 100644 --- a/src/main/java/org/vertx/mods/AuthManager.java +++ b/src/main/java/org/vertx/mods/AuthManager.java @@ -126,7 +126,6 @@ public void handle(Message reply) { // Found final String sessionID = UUID.randomUUID().toString(); long timerID = vertx.setTimer(sessionTimeout, new Handler() { - @Override public void handle(Long timerID) { sessions.remove(sessionID); logins.remove(username); @@ -135,14 +134,16 @@ public void handle(Long timerID) { //Put record returned from the db as session data JsonObject sessionData = reply.body().getObject("result"); - sessionData.putString("status", "ok"); - //remove password so that we dont send it back over the wire + //remove id and password so that we dont send it back over the wire + sessionData.removeField("_id"); sessionData.removeField("password"); sessions.put(sessionID, sessionData); logins.put(username, new LoginInfo(timerID, sessionID)); - JsonObject jsonReply = new JsonObject().putString("sessionID", sessionID); + + JsonObject jsonReply = sessionData.copy(); + jsonReply.putString("sessionID", sessionID); sendOK(message, jsonReply); } else { // Not found From 207bf7061a49cb9ed7120b9c7470881a13909903 Mon Sep 17 00:00:00 2001 From: John Oliver Date: Wed, 8 May 2013 13:41:57 +0100 Subject: [PATCH 5/7] whitespace --- src/main/java/org/vertx/mods/AuthManager.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/java/org/vertx/mods/AuthManager.java b/src/main/java/org/vertx/mods/AuthManager.java index c8cf7f9..5ef68b9 100644 --- a/src/main/java/org/vertx/mods/AuthManager.java +++ b/src/main/java/org/vertx/mods/AuthManager.java @@ -126,7 +126,7 @@ public void handle(Message reply) { // Found final String sessionID = UUID.randomUUID().toString(); long timerID = vertx.setTimer(sessionTimeout, new Handler() { - public void handle(Long timerID) { + public void handle(Long timerID) { sessions.remove(sessionID); logins.remove(username); } From d396fac8a4a74ce26d9f7c8c4405f1da608f284d Mon Sep 17 00:00:00 2001 From: John Oliver Date: Wed, 8 May 2013 13:45:11 +0100 Subject: [PATCH 6/7] tidy more whitespace --- src/main/java/org/vertx/mods/AuthManager.java | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/main/java/org/vertx/mods/AuthManager.java b/src/main/java/org/vertx/mods/AuthManager.java index 5ef68b9..42b6930 100644 --- a/src/main/java/org/vertx/mods/AuthManager.java +++ b/src/main/java/org/vertx/mods/AuthManager.java @@ -114,8 +114,9 @@ private void doLogin(final Message message) { eb.send(persistorAddress, findMsg, new Handler>() { - public void handle(Message reply) { + public void handle(Message reply) { if (reply.body().getString("status").equals("ok")) { + if (reply.body().getObject("result") != null) { // Check if already logged in, if so logout of the old session LoginInfo info = logins.get(username); From 00224af9ac7acff27fa17ec6cd0e7bde6a2de3e3 Mon Sep 17 00:00:00 2001 From: John Oliver Date: Wed, 8 May 2013 14:34:31 +0100 Subject: [PATCH 7/7] extract method to form a session object --- src/main/java/org/vertx/mods/AuthManager.java | 22 +++++++++++-------- 1 file changed, 13 insertions(+), 9 deletions(-) diff --git a/src/main/java/org/vertx/mods/AuthManager.java b/src/main/java/org/vertx/mods/AuthManager.java index 42b6930..99cd6e6 100644 --- a/src/main/java/org/vertx/mods/AuthManager.java +++ b/src/main/java/org/vertx/mods/AuthManager.java @@ -133,19 +133,12 @@ public void handle(Long timerID) { } }); - //Put record returned from the db as session data - JsonObject sessionData = reply.body().getObject("result"); - - //remove id and password so that we dont send it back over the wire - sessionData.removeField("_id"); - sessionData.removeField("password"); + JsonObject sessionData = formSessionData(reply, sessionID); sessions.put(sessionID, sessionData); logins.put(username, new LoginInfo(timerID, sessionID)); - JsonObject jsonReply = sessionData.copy(); - jsonReply.putString("sessionID", sessionID); - sendOK(message, jsonReply); + sendOK(message, sessionData); } else { // Not found sendStatus("denied", message); @@ -158,6 +151,17 @@ public void handle(Long timerID) { }); } + private JsonObject formSessionData(Message dbReply, final String sessionID) { + //Put record returned from the db as session data + JsonObject sessionData = dbReply.body().getObject("result"); + + //remove id and password so that we dont send it back over the wire + sessionData.removeField("_id"); + sessionData.removeField("password"); + sessionData.putString("sessionID", sessionID); + return sessionData; + } + protected void doLogout(final Message message) { final String sessionID = getMandatoryString("sessionID", message); if (sessionID != null) {