cmhi
/
secgateway
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

MOD aaa-12 添加用户密码校验 

SOL  密码不能低于8为且应该小于256位,密码应该是不同类型(大写、小写、特殊字符、数字)字节的组合。
修改人:maxiaonan
检视人:maxiaonan
This commit is contained in:
maxiaonan 2019-07-11 15:14:53 +08:00
parent 85aed39296
commit 01b3b85784
5 changed files with 53 additions and 59 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
ControlPlatform/aaa/.gitignore vendored
View File

@ -4,7 +4,7 @@
# Mobile Tools for Java (J2ME)
.mtj.tmp/
mvnExe.bat
# Package Files #
*.jar
*.war

4
ControlPlatform/aaa/aaa-shiro/impl/src/main/java/org/opendaylight/aaa/AAAShiroProvider.java
View File

@ -163,7 +163,7 @@ public class AAAShiroProvider {
*
* @return IIDMStore data store
*/
public static IIDMStore getIdmStore() {
public IIDMStore getIdmStore() {
return iidmStore;
}
@ -172,7 +172,7 @@ public class AAAShiroProvider {
*
* @param store data store
*/
public static void setIdmStore(final IIDMStore store) {
public void setIdmStore(final IIDMStore store) {
iidmStore = store;
}

1
ControlPlatform/aaa/aaa-shiro/impl/src/main/java/org/opendaylight/aaa/shiro/idm/IdmLightApplication.java
View File

@ -43,6 +43,7 @@ import java.util.Set;
*/
public class IdmLightApplication extends Application {
public static final int MIN_PASSWORD_LEN = 8;
private static final Logger LOG = LoggerFactory.getLogger(IdmLightApplication.class);
// TODO create a bug to address the fact that the implementation assumes 128

103
ControlPlatform/aaa/aaa-shiro/impl/src/main/java/org/opendaylight/aaa/shiro/idm/UserHandler.java
View File

@ -14,6 +14,8 @@
package org.opendaylight.aaa.shiro.idm;
import org.apache.shiro.crypto.hash.Md5Hash;
import org.immutables.value.internal.$processor$.meta.$ValueMirrors;
import org.opendaylight.aaa.AAAShiroProvider;
import org.opendaylight.aaa.api.IDMStoreException;
import org.opendaylight.aaa.api.model.IDMError;
@ -21,42 +23,36 @@ import org.opendaylight.aaa.api.model.User;
import org.opendaylight.aaa.api.model.Users;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import sun.security.provider.MD5;
import javax.ws.rs.Consumes;
import javax.ws.rs.DELETE;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.PUT;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.*;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriInfo;
import java.util.Collection;
import java.util.Objects;
/**
* @author Dong Xiancun
*
* <p>
* REST application used to manipulate the H2 database users table. The REST
* endpoint is <code>/auth/v1/users</code>.
*
* <p>
* A wrapper script called <code>idmtool</code> is provided to manipulate AAA
* data.
*
*/
@Path("/v1/users")
public class UserHandler {
private static final Logger LOG = LoggerFactory.getLogger(UserHandler.class);
private static final String PW_PATTERN = "/^(?![0-9]+$)(?![a-z]+$)(?![A-Z]+$)(?!([^(0-9a-zA-Z)])+$).{8,}$/";
/**
* If a user is created through the <code>/auth/v1/users</code> rest
* endpoint without a password, the default password is assigned to the
* user.
*/
private static final String DEFAULT_PWD = "changeme";
private static final String DEFAULT_PWD = "changeme@10086";
/**
* When an HTTP GET is performed on <code>/auth/v1/users</code>, the
@ -113,10 +109,9 @@ public class UserHandler {
* Extracts the user represented by <code>id</code>. The password and salt
* fields are redacted for security reasons.
*
* @param id
* the unique id of representing the user account
* @param id the unique id of representing the user account
* @return A response with the user information, or internal error if one
* occurs
* occurs
*/
@GET
@Path("/{id}")
@ -154,10 +149,8 @@ public class UserHandler {
* If a password is not provided, please ensure you change the default
* password ASAP for security reasons!
*
* @param info
* passed from Jersey
* @param user
* the user defined in the JSON payload
* @param info passed from Jersey
* @param user the user defined in the JSON payload
* @return A response stating success or failure of user creation
*/
@POST
@ -221,14 +214,12 @@ public class UserHandler {
}
// TODO add a check on email format here.
// The "password" field is optional and defaults to "changeme".
// The "password" field is optional and defaults to "changeme@10086".
final String userPassword = user.getPassword();
if (userPassword == null) {
user.setPassword(DEFAULT_PWD);
} else if (userPassword.length() > IdmLightApplication.MAX_FIELD_LEN) {
return providedFieldTooLong("password", IdmLightApplication.MAX_FIELD_LEN);
Response response = checkPasswordError(userPassword);
if (response.getStatus() != 200) {
return response;
}
try {
// At this point, fields have been properly verified. Create the
// user account
@ -245,15 +236,28 @@ public class UserHandler {
return Response.status(201).entity(user).build();
}
private Response checkPasswordError(String userPassword) {
if (Objects.isNull(userPassword)) {
return providePasswordError("密码不能为空。");
} else if (userPassword.length() > IdmLightApplication.MAX_FIELD_LEN) {
return providePasswordError("密码的最大长度不能超过256个字节。");
} else if (userPassword.length() < IdmLightApplication.MIN_PASSWORD_LEN) {
return providePasswordError("密码的长度不能低于8个自己");
} else if (!userPassword.matches(PW_PATTERN)) {
return providePasswordError("密码必须包含大写字母、小写字母、特殊字符、数字中两种或多种组合");
}
return Response.status(200).build();
}
private Response providePasswordError(String s) {
return new IDMError(407, s).response();
}
/**
* REST endpoint to update a user account.
*
* @param info
* passed from Jersey
* @param user
* the user defined in the JSON payload
* @param id
* the unique id for the user that will be updated
* @param info passed from Jersey
* @param user the user defined in the JSON payload
* @param id the unique id for the user that will be updated
* @return A response stating success or failure of the user update
*/
@PUT
@ -305,10 +309,8 @@ public class UserHandler {
/**
* REST endpoint to delete a user account.
*
* @param info
* passed from Jersey
* @param id
* the unique id of the user which is being deleted
* @param info passed from Jersey
* @param id the unique id of the user which is being deleted
* @return A response stating success or failure of user deletion
*/
@DELETE
@ -335,10 +337,8 @@ public class UserHandler {
/**
* Creates a <code>Response</code> related to an internal server error.
*
* @param verbal
* such as "creating", "deleting", "updating"
* @param ex
* The exception, which is logged locally
* @param verbal such as "creating", "deleting", "updating"
* @param ex The exception, which is logged locally
* @return A response containing internal error with specific reasoning
*/
private Response internalError(final String verbal, final Exception ex) {
@ -351,8 +351,7 @@ public class UserHandler {
* Creates a <code>Response</code> related to the user not providing a
* required field.
*
* @param fieldName
* the name of the field which is missing
* @param fieldName the name of the field which is missing
* @return A response explaining that the request is missing a field
*/
private Response missingRequiredField(final String fieldName) {
@ -367,10 +366,8 @@ public class UserHandler {
* Creates a <code>Response</code> related to the user providing a field
* that is too long.
*
* @param fieldName
* the name of the field that is too long
* @param maxFieldLength
* the maximum length of <code>fieldName</code>
* @param fieldName the name of the field that is too long
* @param maxFieldLength the maximum length of <code>fieldName</code>
* @return A response containing the bad field and the maximum field length
*/
private Response providedFieldTooLong(final String fieldName, final int maxFieldLength) {
@ -381,10 +378,8 @@ public class UserHandler {
* Creates the client-facing message related to the user providing a field
* that is too long.
*
* @param fieldName
* the name of the field that is too long
* @param maxFieldLength
* the maximum length of <code>fieldName</code>
* @param fieldName the name of the field that is too long
* @param maxFieldLength the maximum length of <code>fieldName</code>
* @return a response containing the too long field and its length
*/
private static String getProvidedFieldTooLongMessage(final String fieldName, final int maxFieldLength) {
@ -397,8 +392,7 @@ public class UserHandler {
* Prepares a user account for output by redacting the appropriate fields.
* This method side-effects the <code>user</code> parameter.
*
* @param user
* the user account which will have fields redacted
* @param user the user account which will have fields redacted
*/
private static void redactUserPasswordInfo(final User user) {
user.setPassword(REDACTED_PASSWORD);
@ -408,8 +402,7 @@ public class UserHandler {
/**
* Validate the input field length.
*
* @param inputField
* the field to check
* @param inputField the field to check
* @return true if input field bigger than the MAX_FIELD_LEN
*/
private boolean checkInputFieldLength(final String inputField) {
@ -418,10 +411,10 @@ public class UserHandler {
}
/**
* Revision history
*
* <p>
* -------------------------------------------------------------------------
* Date Author Note
*
* <p>
* -------------------------------------------------------------------------
* 2019/7/3 Dong Xiancun creat
*/

2
ControlPlatform/aaa/aaa-shiro/impl/src/test/java/org/opendaylight/aaa/shiro/idm/rest/test/HandlerTest.java
View File

@ -48,7 +48,7 @@ public abstract class HandlerTest extends JerseyTest {
SLF4JBridgeHandler.install();
super.setUp();
new StoreBuilder(testStore).init();
AAAShiroProvider.setIdmStore(testStore);
AAAShiroProvider.getInstance().setIdmStore(testStore);
}
}
/**