PHOTARK-20 Applying patch from Suhothayan Sriskandarajah.This patch adds Authentication Feature using OpenId.
git-svn-id: https://svn.apache.org/repos/asf/incubator/photark/trunk@949197 13f79535-47bb-0310-9956-ffa450edef68
diff --git a/photark-security/pom.xml b/photark-security/pom.xml
new file mode 100644
index 0000000..8d5e4ab
--- /dev/null
+++ b/photark-security/pom.xml
@@ -0,0 +1,113 @@
+<?xml version="1.0"?>
+<!--
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+-->
+<project>
+ <modelVersion>4.0.0</modelVersion>
+ <parent>
+ <groupId>org.apache.photark</groupId>
+ <artifactId>photark-parent</artifactId>
+ <version>1.0-incubating-SNAPSHOT</version>
+ <relativePath>../pom.xml</relativePath>
+ </parent>
+ <artifactId>photark-security</artifactId>
+ <packaging>war</packaging>
+ <name>Apache PhotArk Security</name>
+
+ <dependencies>
+ <dependency>
+ <groupId>org.apache.photark</groupId>
+ <artifactId>photark</artifactId>
+ <version>1.0-incubating-SNAPSHOT</version>
+ </dependency>
+
+ <dependency>
+ <groupId>org.apache.tuscany.sca</groupId>
+ <artifactId>tuscany-data-api</artifactId>
+ <version>${tuscany.version}</version>
+ </dependency>
+
+ <dependency>
+ <groupId>org.apache.tuscany.sca</groupId>
+ <artifactId>tuscany-implementation-java-runtime</artifactId>
+ <version>${tuscany.version}</version>
+ <scope>runtime</scope>
+ <exclusions>
+ <exclusion>
+ <groupId>asm</groupId>
+ <artifactId>asm</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>cglib</groupId>
+ <artifactId>cglib</artifactId>
+ </exclusion>
+ </exclusions>
+ </dependency>
+
+ <dependency>
+ <groupId>org.apache.tuscany.sca</groupId>
+ <artifactId>tuscany-binding-jsonrpc-runtime</artifactId>
+ <version>${tuscany.version}</version>
+ <scope>runtime</scope>
+ <exclusions>
+ <exclusion>
+ <groupId>org.apache.ws.commons.axiom</groupId>
+ <artifactId>axiom-api</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>org.apache.ws.commons.axiom</groupId>
+ <artifactId>axiom-impl</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>org.slf4j</groupId>
+ <artifactId>slf4j-api</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>org.slf4j</groupId>
+ <artifactId>slf4j-log4j12</artifactId>
+ </exclusion>
+ </exclusions>
+ </dependency>
+
+ <dependency>
+ <groupId>javax.servlet</groupId>
+ <artifactId>servlet-api</artifactId>
+ <version>2.5</version>
+ <scope>provided</scope>
+ </dependency>
+
+ <dependency>
+ <groupId>com.dyuproject</groupId>
+ <artifactId>dyuproject-openid</artifactId>
+ <version>1.1.6</version>
+ </dependency>
+
+ <dependency>
+ <groupId>junit</groupId>
+ <artifactId>junit</artifactId>
+ <version>4.8.1</version>
+ <scope>test</scope>
+ </dependency>
+
+ </dependencies>
+
+ <build>
+ <finalName>${artifactId}</finalName>
+ </build>
+
+</project>
diff --git a/photark-security/src/main/java/org/apache/photark/security/authentication/AuthorizationFilter.java b/photark-security/src/main/java/org/apache/photark/security/authentication/AuthorizationFilter.java
new file mode 100644
index 0000000..3069a68
--- /dev/null
+++ b/photark-security/src/main/java/org/apache/photark/security/authentication/AuthorizationFilter.java
@@ -0,0 +1,104 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.photark.security.authentication;
+
+import java.io.IOException;
+import java.util.logging.Logger;
+
+import javax.servlet.Filter;
+import javax.servlet.FilterChain;
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.photark.security.authorization.AccessManager;
+import org.oasisopen.sca.annotation.Property;
+import org.oasisopen.sca.annotation.Scope;
+import org.oasisopen.sca.annotation.Service;
+
+/**
+ * Authorization Filter. This will only allow authenticated user
+ * to access to upload.html and redirect others to OpenID authentication
+ *
+ *
+ *
+ */
+//@Service(Filter.class)
+//@Scope("COMPOSITE")
+public class AuthorizationFilter implements Filter {
+ private static final Logger logger = Logger.getLogger(AuthorizationFilter.class.getName());
+
+ /**Default Name of the Redirect Page */
+ //private final String REDIRECT_PAGE_DEFAULT = "photark";
+
+ //@Property(name = "redirectPage", required = true)
+ private String redirectPage;
+
+ /*@Property
+ public void setRedirectPage(String redirectPage) {
+ if (redirectPage != null && !redirectPage.equals("")) {
+ this.redirectPage = redirectPage;
+ } else {
+ logger.log(Level.WARNING, "Setting Default Redirect Page to Upload.html:"
+ + REDIRECT_PAGE_DEFAULT);
+ this.redirectPage = REDIRECT_PAGE_DEFAULT;
+ }
+ }
+
+ public String getRedirectPage() {
+ return redirectPage;
+ }
+ */
+ /** Filter should be configured with an redirect page. */
+ public void init(FilterConfig FilterConfig) throws ServletException {
+ if (FilterConfig != null) {
+ redirectPage = FilterConfig.getInitParameter("redirect_page");
+ }
+ }
+
+ public void destroy() {
+ // TODO Auto-generated method stub
+ }
+
+ public void doFilter(ServletRequest request, ServletResponse response,
+ FilterChain chain) throws ServletException, IOException {
+
+ HttpServletRequest httpReq = (HttpServletRequest) request;
+ HttpServletResponse httpResp = (HttpServletResponse) response;
+
+ AccessManager am = new AccessManager();
+
+ if ((String)httpReq.getSession().getAttribute("accessList") != null && !((String)httpReq.getSession().getAttribute("accessList")).equals("")) {
+ System.err.println( (String)httpReq.getSession().getAttribute("accessList") +" Accessing Admin page");
+ chain.doFilter(request, response);
+ } else {
+ httpResp.sendRedirect(httpReq.getContextPath() + redirectPage);
+ }
+
+ }
+
+ /*public void init(FilterConfig filterConfig) throws ServletException {
+ // TODO Auto-generated method stub
+
+ }*/
+}
diff --git a/photark-security/src/main/java/org/apache/photark/security/authentication/services/FormAuthenticationServiceImpl.java b/photark-security/src/main/java/org/apache/photark/security/authentication/services/FormAuthenticationServiceImpl.java
new file mode 100644
index 0000000..f16672a
--- /dev/null
+++ b/photark-security/src/main/java/org/apache/photark/security/authentication/services/FormAuthenticationServiceImpl.java
@@ -0,0 +1,86 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.photark.security.authentication.services;
+
+import java.io.IOException;
+
+import javax.servlet.Servlet;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.photark.security.authorization.AccessManager;
+import org.oasisopen.sca.annotation.Scope;
+import org.oasisopen.sca.annotation.Service;
+
+import com.dyuproject.openid.RelyingParty;
+
+/**
+ * Form Authentication Service Impl authenticates Super Admin.
+ *
+ *
+ */
+@Service(Servlet.class)
+@Scope("COMPOSITE")
+public class FormAuthenticationServiceImpl extends HttpServlet {
+
+ /**
+ *
+ */
+ private static final long serialVersionUID = -6462488654757190805L;
+
+ public FormAuthenticationServiceImpl() {
+
+ }
+
+ @Override
+ public void doGet(HttpServletRequest request, HttpServletResponse response)
+ throws IOException, ServletException {
+ doPost(request, response);
+ }
+
+ @Override
+ public void doPost(HttpServletRequest request, HttpServletResponse response)
+ throws IOException, ServletException {
+ AccessManager am = new AccessManager();
+
+ //check whether the Super Admin is authenticated
+ if (request.getUserPrincipal() != null) {
+
+ //Invalidating the OpenID authentication
+ RelyingParty.getInstance().invalidate(request, response);
+
+ //Creating the accessList
+ String accesList=am.creatAccessList("SuperAdmin");
+ request.getSession().setAttribute("accessList", accesList);
+ System.err.println("Super Admin authenticated");
+
+ response.sendRedirect(request.getContextPath() + "/admin/upload.html");
+
+ } else {
+ // if not Authenticated as Super Admin redirect to OpenID login
+ //But this is always false
+ response.sendRedirect(request.getContextPath() + "/home/authenticate");
+ }
+
+ }
+
+}
\ No newline at end of file
diff --git a/photark-security/src/main/java/org/apache/photark/security/authentication/services/LogoutServiceImpl.java b/photark-security/src/main/java/org/apache/photark/security/authentication/services/LogoutServiceImpl.java
new file mode 100644
index 0000000..efa85bd
--- /dev/null
+++ b/photark-security/src/main/java/org/apache/photark/security/authentication/services/LogoutServiceImpl.java
@@ -0,0 +1,78 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.photark.security.authentication.services;
+
+import java.io.IOException;
+
+import javax.servlet.Servlet;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.photark.security.authorization.AccessManager;
+import org.oasisopen.sca.annotation.Scope;
+import org.oasisopen.sca.annotation.Service;
+
+import com.dyuproject.openid.RelyingParty;
+
+/**
+ * Logout Service Impl. This will logout all kind of Authenticated users
+ *
+ *
+ */
+@Service(Servlet.class)
+@Scope("COMPOSITE")
+public class LogoutServiceImpl extends HttpServlet {
+
+ /**
+ *
+ */
+ private static final long serialVersionUID = 5282044123210612195L;
+
+ public LogoutServiceImpl() {
+
+ }
+
+ @Override
+ public void doGet(HttpServletRequest request, HttpServletResponse response)
+ throws IOException, ServletException {
+ doPost(request, response);
+ }
+
+ @Override
+ public void doPost(HttpServletRequest request, HttpServletResponse response)
+ throws IOException, ServletException {
+
+ System.err.print((String)request.getSession().getAttribute("accessList"));
+ // Removing the AccessList
+ request.getSession().setAttribute("accessList", "");
+ // invalidating the Authenticated OpenID User
+ RelyingParty.getInstance().invalidate(request, response);
+ // invalidating the Authenticated Super Admin User
+ request.getSession().invalidate();
+
+ System.err.println(" logged out");
+
+ // Redirect to Gallery
+ response.sendRedirect(request.getContextPath() + "/");
+ }
+
+}
\ No newline at end of file
diff --git a/photark-security/src/main/java/org/apache/photark/security/authentication/services/OpenIDAuthenticationServiceImpl.java b/photark-security/src/main/java/org/apache/photark/security/authentication/services/OpenIDAuthenticationServiceImpl.java
new file mode 100644
index 0000000..99a7b29
--- /dev/null
+++ b/photark-security/src/main/java/org/apache/photark/security/authentication/services/OpenIDAuthenticationServiceImpl.java
@@ -0,0 +1,238 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.photark.security.authentication.services;
+
+import java.io.FileNotFoundException;
+import java.io.IOException;
+import java.net.UnknownHostException;
+import java.util.Map;
+
+import javax.servlet.Servlet;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.photark.security.authorization.AccessManager;
+import org.oasisopen.sca.annotation.Scope;
+import org.oasisopen.sca.annotation.Service;
+
+import com.dyuproject.openid.OpenIdServletFilter;
+import com.dyuproject.openid.OpenIdUser;
+import com.dyuproject.openid.RelyingParty;
+import com.dyuproject.openid.YadisDiscovery;
+import com.dyuproject.openid.ext.AxSchemaExtension;
+import com.dyuproject.openid.ext.SRegExtension;
+import com.dyuproject.util.http.UrlEncodedParameterMap;
+
+/**
+ * OpenID Authentication Service Impl. If authenticated, goes to the home page. If not, goes to the login page.
+ *
+ *
+ */
+@Service(Servlet.class)
+@Scope("COMPOSITE")
+public class OpenIDAuthenticationServiceImpl extends HttpServlet implements Servlet
+{
+
+ private static final long serialVersionUID = -5304887357860915253L;
+
+ static
+ {
+ RelyingParty.getInstance()
+ .addListener(new SRegExtension()
+ .addExchange("email")
+ .addExchange("country")
+ .addExchange("language")
+ )
+ .addListener(new AxSchemaExtension()
+ .addExchange("email")
+ .addExchange("country")
+ .addExchange("language")
+ )
+ .addListener(new RelyingParty.Listener()
+ {
+ public void onDiscovery(OpenIdUser user, HttpServletRequest request)
+ {
+ System.err.println("discovered user: " + user.getClaimedId());
+ }
+ public void onPreAuthenticate(OpenIdUser user, HttpServletRequest request,
+ UrlEncodedParameterMap params)
+ {
+ System.err.println("pre-authenticate user: " + user.getClaimedId());
+ }
+
+ public void onAuthenticate(OpenIdUser user, HttpServletRequest request)
+ {
+ System.err.println("newly authenticated user: " + user.getIdentity());
+
+ AccessManager am= new AccessManager();
+
+ //Invalidating the Super Admin user
+ request.getSession().invalidate();
+ //Creating the accessList for the newly authenticated user
+ //Creating the accessList
+ String accesList=am.creatAccessList(user.getIdentity());
+ request.getSession().setAttribute("accessList", accesList);
+
+ Map<String,String> sreg = SRegExtension.remove(user);
+ Map<String,String> axschema = AxSchemaExtension.remove(user);
+ if(sreg!=null && !sreg.isEmpty())
+ {
+ System.err.println("sreg: " + sreg);
+ user.setAttribute("info", sreg);
+ }
+ else if(axschema!=null && !axschema.isEmpty())
+ {
+ System.err.println("axschema: " + axschema);
+ user.setAttribute("info", axschema);
+ }
+ }
+ public void onAccess(OpenIdUser user, HttpServletRequest request)
+ {
+ System.err.println("user access: " + user.getIdentity());
+ System.err.println("info: " + user.getAttribute("info"));
+ }
+ });
+ }
+
+ RelyingParty _relyingParty = RelyingParty.getInstance();
+
+ @Override
+ public void doGet(HttpServletRequest request, HttpServletResponse response)
+ throws IOException, ServletException
+ {
+ doPost(request, response);
+ }
+
+ @Override
+ public void doPost(HttpServletRequest request, HttpServletResponse response)
+ throws IOException, ServletException
+ {
+ String loginWith = request.getParameter("loginWith");
+ if(loginWith!=null)
+ {
+ // If the ui supplies a LoginWithGoogle or LoginWithYahoo link/button,
+ // this will speed up the openid process by skipping discovery.
+ // The override is done by adding the OpenIdUser to the request attribute.
+ if(loginWith.equals("google"))
+ {
+ OpenIdUser user = OpenIdUser.populate("https://www.google.com/accounts/o8/id",
+ YadisDiscovery.IDENTIFIER_SELECT,
+ "https://www.google.com/accounts/o8/ud");
+ request.setAttribute(OpenIdUser.ATTR_NAME, user);
+
+ }
+ else if(loginWith.equals("yahoo"))
+ {
+ OpenIdUser user = OpenIdUser.populate("http://yahoo.com/",
+ YadisDiscovery.IDENTIFIER_SELECT,
+ "https://open.login.yahooapis.com/openid/op/auth");
+ request.setAttribute(OpenIdUser.ATTR_NAME, user);
+ }
+ }
+
+ String errorMsg = OpenIdServletFilter.DEFAULT_ERROR_MSG;
+ try
+ {
+ OpenIdUser user = _relyingParty.discover(request);
+ if(user==null)
+ {
+ if(RelyingParty.isAuthResponse(request))
+ {
+ // authentication timeout
+ response.sendRedirect(request.getRequestURI());
+ }
+ else
+ {
+ // set error msg if the openid_identifier is not resolved.
+ if(request.getParameter(_relyingParty.getIdentifierParameter())!=null){
+ request.setAttribute(OpenIdServletFilter.ERROR_MSG_ATTR, errorMsg);//TODO error pages, massage not passed to front end
+ request.getRequestDispatcher("/home/error.html").forward(request, response);
+ }else{
+ // new user
+ request.getRequestDispatcher("/home/login.html").forward(request, response);
+ //response.sendRedirect(request.getContextPath() + "/home/login.html");
+ }
+ }
+ return;
+ }
+
+ if(user.isAuthenticated())
+ {
+ // user already authenticated
+ // request.getRequestDispatcher("/home/home.jsp").forward(request, response);
+ //added by suho
+ response.sendRedirect(request.getContextPath() + "/admin/upload.html");
+
+ return;
+ }
+
+ if(user.isAssociated() && RelyingParty.isAuthResponse(request))
+ {
+ // verify authentication
+ if(_relyingParty.verifyAuth(user, request, response))
+ {
+ // authenticated
+ // redirect to home to remove the query params instead of doing:
+ // request.getRequestDispatcher("/home.jsp").forward(request, response);
+ response.sendRedirect(request.getContextPath() + "/home/authenticate");
+ }
+ else
+ {
+ // failed verification
+ //request.getRequestDispatcher("/home/login.jsp").forward(request, response);
+ request.getRequestDispatcher("/home/error.html").forward(request, response);
+ }
+ return;
+ }
+
+ // associate and authenticate user
+ StringBuffer url = request.getRequestURL();
+ String trustRoot = url.substring(0, url.indexOf("/", 9));
+ String realm = url.substring(0, url.lastIndexOf("/"));
+ String returnTo = url.toString();
+ if(_relyingParty.associateAndAuthenticate(user, request, response, trustRoot, realm,
+ returnTo))
+ {
+ // successful association
+ return;
+ }
+ }
+ catch(UnknownHostException uhe)
+ {
+ System.err.println("not found");
+ errorMsg = OpenIdServletFilter.ID_NOT_FOUND_MSG;//TODO error pages, massage not passed to front end
+ }
+ catch(FileNotFoundException fnfe)
+ {
+ System.err.println("could not be resolved");
+ errorMsg = OpenIdServletFilter.DEFAULT_ERROR_MSG;//TODO error pages, massage not passed to front end
+ }
+ catch(Exception e)
+ {
+ e.printStackTrace();
+ errorMsg = OpenIdServletFilter.DEFAULT_ERROR_MSG;//TODO error pages, massage not passed to front end
+ }
+ request.setAttribute(OpenIdServletFilter.ERROR_MSG_ATTR, errorMsg);//TODO error pages, massage not passed to front end
+ request.getRequestDispatcher("/home/login.html").forward(request, response);
+ }
+
+}
diff --git a/photark-security/src/main/java/org/apache/photark/security/authorization/AccessManager.java b/photark-security/src/main/java/org/apache/photark/security/authorization/AccessManager.java
new file mode 100644
index 0000000..5742416
--- /dev/null
+++ b/photark-security/src/main/java/org/apache/photark/security/authorization/AccessManager.java
@@ -0,0 +1,40 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.photark.security.authorization;
+
+import org.oasisopen.sca.annotation.Scope;
+
+@Scope("COMPOSITE")
+public class AccessManager {
+ private static String accessList;
+
+ /*
+ * public synchronized String getAccessList() { return accessList; }
+ *
+ *
+ * public synchronized void setAccessList(String accessList) {
+ * AccessManager.accessList = accessList; }
+ */
+
+ public synchronized String creatAccessList(String accessList) {
+ AccessManager.accessList = accessList;
+ return accessList;
+ }
+}
diff --git a/photark-security/src/main/resources/email_resolver.properties b/photark-security/src/main/resources/email_resolver.properties
new file mode 100644
index 0000000..c88e5ce
--- /dev/null
+++ b/photark-security/src/main/resources/email_resolver.properties
@@ -0,0 +1,2 @@
+gmail.com https://www.google.com/accounts/o8/id
+yahoo.com http://www.yahoo.com/
\ No newline at end of file
diff --git a/photark-security/src/main/resources/identifier_select.properties b/photark-security/src/main/resources/identifier_select.properties
new file mode 100644
index 0000000..52d3fe2
--- /dev/null
+++ b/photark-security/src/main/resources/identifier_select.properties
@@ -0,0 +1,13 @@
+providers = google,yahoo
+
+# the identifiers must be normalized
+google.openid_server = https://www.google.com/accounts/o8/ud
+google.identifier.0 = https://google.com/accounts/o8/id
+google.identifier.1 = https://www.google.com/accounts/o8/id
+google.identifier.2 = http://www.google.com/
+google.identifier.3 = http://google.com/
+
+yahoo.openid_server = https://open.login.yahooapis.com/openid/op/auth
+yahoo.identifier.0 = http://www.yahoo.com/
+yahoo.identifier.1 = http://yahoo.com/
+yahoo.identifier.2 = http://me.yahoo.com/
\ No newline at end of file
diff --git a/photark-security/src/main/resources/openid.properties b/photark-security/src/main/resources/openid.properties
new file mode 100644
index 0000000..af3815b
--- /dev/null
+++ b/photark-security/src/main/resources/openid.properties
@@ -0,0 +1,37 @@
+#defaults (No extra configuration)
+#openid.identifier.parameter = openid_identifier
+#openid.discovery = com.dyuproject.openid.DefaultDiscovery
+#openid.assocation = com.dyuproject.openid.DiffieHellmanAssociation
+#openid.httpconnector = com.dyuproject.openid.SimpleHttpConnector
+#openid.authredirection = com.dyuproject.openid.SimpleRedirection
+#openid.user.manager = com.dyuproject.openid.manager.HttpSessionUserManager
+
+# when the user is redirected to his provider and he somehow navigates away from his
+# provider and returns to your site ... the relying party will do an automatic redirect
+# back to his provider for authentication
+#openid.automatic_redirect = true
+
+# when the discovery fails, use the openid_identifer as the openid server/provider url.
+#openid.identifier_as_server = false
+
+# if identifier_select.properties is found in classpath, it will be loaded to the cache
+# this is especially usefull for google, yahoo where there is a generic id.
+# this cache bypasses the discovery w/c will make the openid process faster.
+#openid.user.cache = com.dyuproject.openid.IdentifierSelectUserCache
+
+#optional (comma-or-semicolon-separated values)
+openid.identifier.resolvers = com.dyuproject.openid.ext.EmailResolver
+
+#if this is used, add dyuproject-json to the classpath and provide the required params below
+#openid.user.manager = com.dyuproject.openid.manager.CookieBasedUserManager
+
+#then these are required:
+#openid.user.manager.cookie.name = openidservlet1
+#openid.user.manager.cookie.security.secret_key = secret
+
+#and these are optional:
+#openid.user.manager.cookie.path = /
+#openid.user.manager.cookie.domain = http://www.example.com
+#openid.user.manager.cookie.security_type = md5Signed (default: encrypted)
+#openid.user.manager.cookie.max_age = 900 (default: 600 seconds)
+#openid.user.manager.cookie.login_timeout = 90 (default: 60 seconds)
\ No newline at end of file
diff --git a/photark-security/src/main/webapp/WEB-INF/web.xml b/photark-security/src/main/webapp/WEB-INF/web.xml
new file mode 100644
index 0000000..0aa13eb
--- /dev/null
+++ b/photark-security/src/main/webapp/WEB-INF/web.xml
@@ -0,0 +1,29 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+-->
+
+<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns="http://java.sun.com/xml/ns/javaee"
+ xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
+ xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
+ id="WebApp_ID" version="2.5">
+
+ <display-name>PhotArk photo gallery web application security resources</display-name>
+
+</web-app>
diff --git a/photark-security/src/main/webapp/admin/error.html b/photark-security/src/main/webapp/admin/error.html
new file mode 100644
index 0000000..8f3c480
--- /dev/null
+++ b/photark-security/src/main/webapp/admin/error.html
@@ -0,0 +1,54 @@
+<!--
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+-->
+<!DOCTYPE html>
+<html>
+ <head>
+ <title>Super Admin Login</title>
+ <style type="text/css">
+ #container {
+ padding: 1em;
+ }
+ </style>
+ </head>
+ <body>
+ <div id="container">
+ <div style="float:right;width:50%;font-size:0.8em;text-align:right;">
+ <div><span><a href="../">Gallery</a></span></div>
+ </div>
+ <div style="clear:both"></div>
+ <div style="color:red;font-size:1.4em"> The username or password you entered is incorrect. </div>
+ <p>Login as <span style="color:green">Super Admin</span></p>
+ <form method="post" action="j_security_check">
+ <table cellspacing="3">
+ <tr>
+ <th align="right">Username:</th>
+ <td align="left"><input type="text" name="j_username"/></td>
+ </tr>
+ <tr>
+ <th align="right">Password:</th>
+ <td align="left"><input type="password" name="j_password"/></td>
+ </tr>
+ <tr>
+ <th align="right"> </th>
+ <td align="left"><input type="submit" value="Log In"/></td>
+ </tr>
+ </table>
+ </form>
+ </body>
+</html>
\ No newline at end of file
diff --git a/photark-security/src/main/webapp/admin/login.html b/photark-security/src/main/webapp/admin/login.html
new file mode 100644
index 0000000..0d4d993
--- /dev/null
+++ b/photark-security/src/main/webapp/admin/login.html
@@ -0,0 +1,53 @@
+<!--
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+-->
+<!DOCTYPE html>
+<html>
+ <head>
+ <title>Super Admin Login</title>
+<style type="text/css">
+ #container {
+ padding: 1em;
+ }
+</style>
+</head>
+<body>
+<div id="container">
+ <div style="float:right;width:50%;font-size:0.8em;text-align:right;">
+ <div><span><a href="../">Gallery</a></span></div>
+ </div>
+ <div style="clear:both"></div>
+ <p>Login as <span style="color:green">Super Admin</span></p>
+ <form method="post" action="j_security_check">
+ <table cellspacing="3">
+ <tr>
+ <th align="right">Username:</th>
+ <td align="left"><input type="text" name="j_username"/></td>
+ </tr>
+ <tr>
+ <th align="right">Password:</th>
+ <td align="left"><input type="password" name="j_password"/></td>
+ </tr>
+ <tr>
+ <th align="right"> </th>
+ <td align="left"><input type="submit" value="Log In"/></td>
+ </tr>
+ </table>
+ </form>
+ </body>
+</html>
\ No newline at end of file
diff --git a/photark-security/src/main/webapp/home/error.html b/photark-security/src/main/webapp/home/error.html
new file mode 100644
index 0000000..0365850
--- /dev/null
+++ b/photark-security/src/main/webapp/home/error.html
@@ -0,0 +1,70 @@
+ <!--
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+-->
+<!DOCTYPE html>
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
+<head>
+<title>Login</title>
+
+ <script type="text/javascript" src="js/login.js"></script>
+
+<style type="text/css">
+ #container {
+ padding: 1em;
+ }
+
+ #container p {
+ font-size: 1.2em;
+ font-family: Tahoma,Verdana;
+ }
+
+ #openid_identifier {
+ background-image: url(images/openid.ico);
+ background-position: 3px 2px;
+ background-repeat: no-repeat;
+ margin: 0;
+ padding: 0.2em 0.2em 0.2em 20px;
+ vertical-align: middle;
+ width: 400px;
+ }
+</style>
+</head>
+<body onload="initOpenIDPage();">
+<div id="container">
+ <div style="float:right;width:50%;font-size:0.8em;text-align:right;">
+ <div><span><a href="../">Gallery</a></span></div>
+ </div>
+ <div style="clear:both"></div>
+ <div style="color:red;font-size:1.4em"> Your openid could not be resolved.</div>
+ <p>Login with your <span style="color:orange">openid</span></p>
+ <form method="POST">
+ <input id="openid_identifier" name="openid_identifier" type="text" size=80/>
+ <input class="btn" type="submit" value="send"/>
+ </form>
+ <br>
+ <div style="float:left;font-size:0.8em;text-align:left;">
+ <div id="provider_space" style="width:430px"></div>
+
+ <!-- <p><span style="color:green;font-size:1em">https://www.google.com/accounts/o8/id</span><span> for google accounts</span></p>
+ <p>or enter <span style="color:green;font-size:1em">your_username@gmail.com</span></p> -->
+ </div>
+
+ </div>
+</body>
+</html>
+
\ No newline at end of file
diff --git a/photark-security/src/main/webapp/home/js/login.js b/photark-security/src/main/webapp/home/js/login.js
new file mode 100644
index 0000000..27661d4
--- /dev/null
+++ b/photark-security/src/main/webapp/home/js/login.js
@@ -0,0 +1,117 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+
+var provider= [ [["Google","google",,,"https://www.google.com/accounts/o8/id",""],["Yahoo!","yahoo",,,"http://yahoo.com/",""],["AOL","aol","http://openid.aol.com/",,,"America Online/AIM screenname:"]],
+ [["Blogger","blogger","http://",".blogspot.com/",,"Google Blogger blog name:"],["Flickr","flickr",,,"http://www.flickr.com/",""],["Livejournal","lj","http://",".livejournal.com/",,"Livejournal username:"]],
+ [["myOpenID","myopenid","http://",".myopenid.com/",,"myOpenID username:"],["Verisign","verisign","http://",".pip.verisignlabs.com/",,"Verisign PIP username:"],["Vidoop","vidoop","http://",".myvidoop.com/",,"Vidoop username:"]],
+ [["claimID","claimid","http://claimid.com/",,,"claimID username:"],["Technorati","technorati","http://technorati.com/people/technorati/",,,"Technorati username:"],["Vox","vox","http://",".vox.com/",,"Vox username:"]],
+ [["Other OpenID","openid",,,"http://",]]
+ ];
+
+var bgcolor = "#ffffff";
+var change_color = "#A4D1AA"
+var active_color= "#42A44F";
+
+var active_cell=null;
+var active_cell_row=null;
+var active_cell_col=null;
+var username="username";
+var openid_input=null;
+var input_info="";
+
+function initOpenIDPage(){
+openid_input=document.getElementById("openid_identifier");
+providerSpace=document.getElementById("provider_space");
+username_input="<span style=\"color:green;font-size:1em\">Sign in using;</span><br><div id=\"input_space\" style=\"float: right;\">"+input_info+"<input id =\"input_field\"type=\"text\" size=\"20\" style=\"vertical-align: middle; padding: 2px 2px 2px 20px; background-repeat: no-repeat; background-position: 2px 2px; background-image: url("images/"+provider[4][0][1]+".ico");\" onchange=\"enter_username(this);\"onkeyup=\"enter_username(this);\" value=\"username\"></input></div><br>";
+provider_table= "<table border=\"0\" style=\"background-color: rgb(224,238,238); width: 100%; border: 0 solid rgb(110, 145, 175);\">";
+for(var i =0; i<4;i++){
+provider_table+="<tr>";
+for(var j =0; j<3;j++){
+provider_table+="<td style=\"background-color: rgb(255,255,255);font-weight: bold; padding: 4px; vertical-align: middle; cursor: pointer;\" onclick=\"click(this,"+i+","+j+")\" onmouseover=\"mover(this);\" onmouseout=\"mout(this);\"><img src=\"images/"+provider[i][j][1]+".ico\" style=\"width: 16px; height: 16px; vertical-align: middle;\">"+provider[i][j][0]+"</td>";
+}
+provider_table+="</tr>";
+}
+provider_table+="<tr>\
+ <td colspan=\"3\" style=\"background-color: rgb(255,255,255);font-weight: bold; padding: 4px; vertical-align: middle; cursor: pointer;\" onclick=\"click(this,"+4+","+0+")\" onmouseover=\"mover(this);\" onmouseout=\"mout(this);\"><img src=\"images/"+provider[4][0][1]+".ico\" style=\"width: 16px; height: 16px; vertical-align: middle;\">"+provider[4][0][0]+"</td>\
+ </tr>\
+ </table>";
+
+providerSpace.innerHTML=username_input+provider_table;
+document.getElementById("input_space").style.display = "none";
+};
+
+function click(cell,row,col) {
+ active_cell_row=row;
+ active_cell_col=col;
+
+ if (active_cell!==null){
+ active_cell.style.backgroundColor = bgcolor;
+ }
+
+ cell.style.backgroundColor = active_color;
+ active_cell=cell;
+
+document.getElementById("input_space").innerHTML=provider[active_cell_row][active_cell_col][5]+"<input id =\"input_field\" type=\"text\" size=\"20\" style=\"vertical-align: middle; padding: 2px 2px 2px 20px; background-repeat: no-repeat; background-position: 2px 2px; background-image: url("images/"+provider[active_cell_row][active_cell_col][1]+".ico");\" onchange=\"enter_username(this);\"onkeyup=\"enter_username(this);\" value="+username+"></input>";
+ if(provider[row][col][4]!=undefined){
+ openid_input.value=provider[row][col][4];
+ document.getElementById("input_space").style.display = "none";
+ document.getElementById("openid_identifier").focus();
+ }else {
+ formet_input_name(row,col);
+ document.getElementById("input_space").style.display = "";
+ document.getElementById("input_field").focus();
+ document.getElementById("input_field").select();
+ }
+
+
+
+};
+
+function formet_input_name(row,col){
+ if(provider[row][col][2]!=undefined){
+ openid_input.value=provider[row][col][2];
+ }
+ if(username!=""){
+ openid_input.value+=username;
+ }else {
+ openid_input.value+="username";
+ }
+ if(provider[row][col][3]!=undefined){
+ openid_input.value+=provider[row][col][3];
+ }
+};
+
+function mover(cell) {
+ if(cell!==active_cell){
+ cell.style.backgroundColor = change_color;
+ }
+};
+
+function mout(cell) {
+ if(cell!==active_cell){
+ cell.style.backgroundColor = bgcolor;
+ }
+};
+
+function enter_username(cell){
+ username=cell.value;
+ formet_input_name(active_cell_row,active_cell_col);
+};
\ No newline at end of file
diff --git a/photark-security/src/main/webapp/home/login.html b/photark-security/src/main/webapp/home/login.html
new file mode 100644
index 0000000..1bfb16b
--- /dev/null
+++ b/photark-security/src/main/webapp/home/login.html
@@ -0,0 +1,69 @@
+<!--
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+-->
+<!DOCTYPE html>
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
+<head>
+<title>Login</title>
+
+ <script type="text/javascript" src="js/login.js"></script>
+
+<style type="text/css">
+ #container {
+ padding: 1em;
+ }
+
+ #container p {
+ font-size: 1.2em;
+ font-family: Tahoma,Verdana;
+ }
+
+ #openid_identifier {
+ background-image: url(images/openid.ico);
+ background-position: 3px 2px;
+ background-repeat: no-repeat;
+ margin: 0;
+ padding: 0.2em 0.2em 0.2em 20px;
+ vertical-align: middle;
+ width: 400px;
+ }
+</style>
+</head>
+<body onload="initOpenIDPage();">
+<div id="container">
+ <div style="float:right;width:50%;font-size:0.8em;text-align:right;">
+ <div><span><a href="../">Gallery</a></span></div>
+ </div>
+ <div style="clear:both"></div>
+ <!-- <div style="color:red;font-size:1.4em"> Your openid could not be resolved.</div>-->
+ <p>Login with your <span style="color:orange">openid</span></p>
+ <form method="POST">
+ <input id="openid_identifier" name="openid_identifier" type="text" size=80/>
+ <input class="btn" type="submit" value="send"/>
+ </form>
+ <br>
+ <div style="float:left;font-size:0.8em;text-align:left;">
+ <div id="provider_space" style="width:430px"></div>
+
+ <!-- <p><span style="color:green;font-size:1em">https://www.google.com/accounts/o8/id</span><span> for google accounts</span></p>
+ <p>or enter <span style="color:green;font-size:1em">your_username@gmail.com</span></p> -->
+ </div>
+
+ </div>
+</body>
+</html>
diff --git a/photark-ui-admin/pom.xml b/photark-ui-admin/pom.xml
index fbe7e2b..1ca21fa 100644
--- a/photark-ui-admin/pom.xml
+++ b/photark-ui-admin/pom.xml
@@ -89,8 +89,8 @@
<artifactId>servlet-api</artifactId>
<version>2.5</version>
<scope>provided</scope>
- </dependency>
-
+ </dependency>
+
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
diff --git a/photark-ui-admin/src/main/webapp/admin/upload.html b/photark-ui-admin/src/main/webapp/admin/upload.html
index 7826260..7247435 100644
--- a/photark-ui-admin/src/main/webapp/admin/upload.html
+++ b/photark-ui-admin/src/main/webapp/admin/upload.html
@@ -35,9 +35,14 @@
</head>
<body>
+
<div id="newAlbum">
<fieldset id="newAlbumDetails" style="text-align:left;">
<legend>Album Details</legend>
+ <div style="float:right;width:50%;font-size:0.8em;text-align:right;">
+ <div><span><a href="../">Gallery</a></span> <span><a href="../logout/">Logout</a></span></div>
+ </div>
+ <div style="clear:both"></div>
<ol>
<li>
<label id="selectAlbumLabel" for="selectAlbum">Select Album:</label>
diff --git a/photark-ui/src/main/webapp/gallery.html b/photark-ui/src/main/webapp/gallery.html
index 6b4efa4..b8b56dc 100644
--- a/photark-ui/src/main/webapp/gallery.html
+++ b/photark-ui/src/main/webapp/gallery.html
@@ -20,7 +20,7 @@
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
-
+
<title>Apache PhotArk - Photo Gallery</title>
<link href="css/styles.css" rel="stylesheet">
@@ -31,6 +31,11 @@
</head>
<body onload="initGallery()">
+ <div style="float:right;width:50%;font-size:1em;text-align:right;">
+ <div> </div>
+ <div><span><a href="./admin/authenticate"><u>Super Admin</u></a></span> <span><a href="./home/authenticate"><u>login</u></a></span> <span><a href="./logout/"><u>logout</u></a></span></div>
+ </div>
+ <div style="clear:both"></div>
<div>
<h1>Apache PhotArk Gallery</h1>
</div>
diff --git a/photark-webapp/pom.xml b/photark-webapp/pom.xml
index a7df8e7..bdaa7a0 100644
--- a/photark-webapp/pom.xml
+++ b/photark-webapp/pom.xml
@@ -63,6 +63,14 @@
<version>1.0-incubating-SNAPSHOT</version>
<type>war</type>
</dependency>
+
+ <dependency>
+ <groupId>org.apache.photark</groupId>
+ <artifactId>photark-security</artifactId>
+ <version>1.0-incubating-SNAPSHOT</version>
+ <type>war</type>
+ </dependency>
+
<dependency>
<groupId>org.apache.tuscany.sca</groupId>
@@ -167,6 +175,14 @@
<version>2.5</version>
<scope>provided</scope>
</dependency>
+
+ <!--<dependency>
+ <groupId>org.mortbay.jetty</groupId>
+ <artifactId>jsp-2.1</artifactId>
+ <version>7.0.0pre2</version>
+ <type>jar</type>
+ <scope>runtime</scope>
+ </dependency>-->
<dependency>
<groupId>junit</groupId>
diff --git a/photark-webapp/src/main/webapp/WEB-INF/web.composite b/photark-webapp/src/main/webapp/WEB-INF/web.composite
index 0b1734b..e5997c9 100644
--- a/photark-webapp/src/main/webapp/WEB-INF/web.composite
+++ b/photark-webapp/src/main/webapp/WEB-INF/web.composite
@@ -59,5 +59,43 @@
<component name="RepositoryManager">
<implementation.java class="org.apache.photark.jcr.JCRRepositoryManager"/>
<property name="repositoryHome">photark</property>
- </component>
+ </component>
+
+ <!-- Component responsible for providing OpenID Authentication for PhotArk -->
+ <component name="OpenIdAuthenticationServiceComponent">
+ <implementation.java class="org.apache.photark.security.authentication.services.OpenIDAuthenticationServiceImpl"/>
+ <service name="Servlet">
+ <tuscany:binding.http uri="/home/authenticate"/>
+ </service>
+ </component>
+
+ <!-- Component responsible for providing FORM Authentication for PhotArk -->
+ <component name="FormAuthenticationServiceComponent">
+ <implementation.java class="org.apache.photark.security.authentication.services.FormAuthenticationServiceImpl"/>
+ <service name="Servlet">
+ <tuscany:binding.http uri="/admin/authenticate"/>
+ </service>
+ </component>
+
+ <!-- Component responsible for providing logging out from the active user-->
+ <component name="LogoutAuthenticationServiceComponent">
+ <implementation.java class="org.apache.photark.security.authentication.services.LogoutServiceImpl"/>
+ <service name="Servlet">
+ <tuscany:binding.http uri="/logout"/>
+ </service>
+ </component>
+
+ <!-- Component responsible for providing filter support for uploading -->
+ <!--<component name="UploadFilterAuthenticationServiceComponent">
+ <implementation.java class="org.apache.photark.security.authentication.AuthorizationFilter"/>
+ <service name="Filter">
+ <tuscany:binding.http uri="/admin/upload"/>
+ </service>
+ <property name="redirectPage">/home/authenticate</property>
+ </component> -->
+
+ <!-- Component responsible for providing Access Management for gallery/album -->
+ <component name="AccessManager">
+ <implementation.java class="org.apache.photark.security.authorization.AccessManager"/>
+ </component>
</composite>
diff --git a/photark-webapp/src/main/webapp/WEB-INF/web.xml b/photark-webapp/src/main/webapp/WEB-INF/web.xml
index 4e1b35e..f7afa32 100644
--- a/photark-webapp/src/main/webapp/WEB-INF/web.xml
+++ b/photark-webapp/src/main/webapp/WEB-INF/web.xml
@@ -41,24 +41,67 @@
<welcome-file>gallery.html</welcome-file>
</welcome-file-list>
- <security-role>
- <description>Administrator</description>
- <role-name>photark-admin</role-name>
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>Areas with authentication required</web-resource-name>
+ <web-resource-name>Secured Area</web-resource-name>
+ <url-pattern>/admin/login.html</url-pattern>
+ <url-pattern>/admin/error.html</url-pattern>
+ <url-pattern>/admin/authenticate</url-pattern>
+ </web-resource-collection>
+ <auth-constraint>
+ <role-name>photark-admin</role-name>
+ </auth-constraint>
+ </security-constraint>
+
+ <login-config>
+ <auth-method>FORM</auth-method>
+ <realm-name>Secured Application Area</realm-name>
+ <form-login-config>
+ <form-login-page>/admin/login.html</form-login-page>
+ <form-error-page>/admin/error.html</form-error-page>
+ </form-login-config>
+ </login-config>
+
+ <security-role>
+ <role-name>photark-admin</role-name>
</security-role>
- <security-constraint>
- <web-resource-collection>
- <web-resource-name>Areas with authentication required</web-resource-name>
- <url-pattern>/admin/*</url-pattern>
- <http-method>GET</http-method>
- </web-resource-collection>
- <auth-constraint>
- <role-name>photark-admin</role-name>
- </auth-constraint>
- </security-constraint>
+ <error-page>
+ <error-code>403</error-code>
+ <location>/admin/error.html</location>
+ </error-page>
- <login-config>
- <auth-method>BASIC</auth-method>
- <realm-name>photark-admin-realm</realm-name>
- </login-config>
+ <filter>
+ <filter-name>login-Filter</filter-name>
+ <filter-class>org.apache.photark.security.authentication.AuthorizationFilter</filter-class>
+ <description>This Filter authorizes user access to application
+ components based upon request URI.</description>
+ <init-param>
+ <param-name>redirect_page</param-name>
+ <param-value>/home/authenticate</param-value>
+ </init-param>
+ </filter>
+
+ <filter-mapping>
+ <filter-name>login-Filter</filter-name>
+ <url-pattern>/admin/upload.html</url-pattern>
+ </filter-mapping>
+
+ <filter>
+ <filter-name>openid-filter</filter-name>
+ <filter-class>com.dyuproject.openid.OpenIdServletFilter</filter-class>
+ <load-on-startup>1</load-on-startup>
+ <init-param>
+ <param-name>forwardUri</param-name>
+ <param-value>/login.html</param-value>
+ </init-param>
+ </filter>
+
+ <filter-mapping>
+ <filter-name>openid-filter</filter-name>
+ <url-pattern>/home/login.html</url-pattern>
+ <url-pattern>/home/error.html</url-pattern>
+ </filter-mapping>
+
</web-app>
diff --git a/pom.xml b/pom.xml
index 17ae9aa..3c83be1 100644
--- a/pom.xml
+++ b/pom.xml
@@ -90,7 +90,7 @@
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
<tuscany.version>2.0-M4</tuscany.version>
- </properties>
+ </properties>
@@ -112,6 +112,11 @@
<enabled>false</enabled>
</snapshots>
</repository>
+ <repository>
+ <id>dyuproject-repo</id>
+ <name>dyuproject-repo</name>
+ <url>http://dyuproject.googlecode.com/svn/repos/maven2</url>
+ </repository>
</repositories>
<!-- ====================================================================== -->
@@ -189,6 +194,7 @@
<module>photark</module>
<module>photark-filesystem</module>
<module>photark-jcr</module>
+ <module>photark-security</module>
<module>photark-ui</module>
<module>photark-ui-admin</module>
<module>photark-appengine-webapp</module>
@@ -206,6 +212,7 @@
<module>photark</module>
<module>photark-filesystem</module>
<module>photark-jcr</module>
+ <module>photark-security</module>
<module>photark-ui</module>
<module>photark-ui-admin</module>
<module>photark-appengine-webapp</module>
@@ -223,6 +230,7 @@
<module>photark</module>
<module>photark-filesystem</module>
<module>photark-jcr</module>
+ <module>photark-security</module>
<module>photark-ui</module>
<module>photark-ui-admin</module>
<module>photark-ui-test</module>
@@ -407,4 +415,4 @@
</plugins>
</pluginManagement>
</build>
-</project>
\ No newline at end of file
+</project>