* REST application used to manipulate the H2 database users table. The REST
* endpoint is /auth/v1/users.
*
*
* A wrapper script called idmtool is provided to manipulate AAA
* data.
- *
*/
@Path("/v1/users")
public class UserHandler {
private static final Logger LOG = LoggerFactory.getLogger(UserHandler.class);
-
+ private static final String PW_PATTERN = "/^(?![0-9]+$)(?![a-z]+$)(?![A-Z]+$)(?!([^(0-9a-zA-Z)])+$).{8,}$/";
/**
* If a user is created through the /auth/v1/users rest
* endpoint without a password, the default password is assigned to the
* user.
*/
- private static final String DEFAULT_PWD = "changeme";
+ private static final String DEFAULT_PWD = "changeme@10086";
/**
* When an HTTP GET is performed on /auth/v1/users, the
@@ -113,10 +109,9 @@ public class UserHandler {
* Extracts the user represented by id. The password and salt
* fields are redacted for security reasons.
*
- * @param id
- * the unique id of representing the user account
+ * @param id the unique id of representing the user account
* @return A response with the user information, or internal error if one
- * occurs
+ * occurs
*/
@GET
@Path("/{id}")
@@ -154,10 +149,8 @@ public class UserHandler {
* If a password is not provided, please ensure you change the default
* password ASAP for security reasons!
*
- * @param info
- * passed from Jersey
- * @param user
- * the user defined in the JSON payload
+ * @param info passed from Jersey
+ * @param user the user defined in the JSON payload
* @return A response stating success or failure of user creation
*/
@POST
@@ -221,14 +214,12 @@ public class UserHandler {
}
// TODO add a check on email format here.
- // The "password" field is optional and defaults to "changeme".
+ // The "password" field is optional and defaults to "changeme@10086".
final String userPassword = user.getPassword();
- if (userPassword == null) {
- user.setPassword(DEFAULT_PWD);
- } else if (userPassword.length() > IdmLightApplication.MAX_FIELD_LEN) {
- return providedFieldTooLong("password", IdmLightApplication.MAX_FIELD_LEN);
+ Response response = checkPasswordError(userPassword);
+ if (response.getStatus() != 200) {
+ return response;
}
-
try {
// At this point, fields have been properly verified. Create the
// user account
@@ -245,15 +236,28 @@ public class UserHandler {
return Response.status(201).entity(user).build();
}
+ private Response checkPasswordError(String userPassword) {
+ if (Objects.isNull(userPassword)) {
+ return providePasswordError("密码不能为空。");
+ } else if (userPassword.length() > IdmLightApplication.MAX_FIELD_LEN) {
+ return providePasswordError("密码的最大长度不能超过256个字节。");
+ } else if (userPassword.length() < IdmLightApplication.MIN_PASSWORD_LEN) {
+ return providePasswordError("密码的长度不能低于8个自己");
+ } else if (!userPassword.matches(PW_PATTERN)) {
+ return providePasswordError("密码必须包含大写字母、小写字母、特殊字符、数字中两种或多种组合");
+ }
+ return Response.status(200).build();
+ }
+
+ private Response providePasswordError(String s) {
+ return new IDMError(407, s).response();
+ }
/**
* REST endpoint to update a user account.
*
- * @param info
- * passed from Jersey
- * @param user
- * the user defined in the JSON payload
- * @param id
- * the unique id for the user that will be updated
+ * @param info passed from Jersey
+ * @param user the user defined in the JSON payload
+ * @param id the unique id for the user that will be updated
* @return A response stating success or failure of the user update
*/
@PUT
@@ -305,10 +309,8 @@ public class UserHandler {
/**
* REST endpoint to delete a user account.
*
- * @param info
- * passed from Jersey
- * @param id
- * the unique id of the user which is being deleted
+ * @param info passed from Jersey
+ * @param id the unique id of the user which is being deleted
* @return A response stating success or failure of user deletion
*/
@DELETE
@@ -335,10 +337,8 @@ public class UserHandler {
/**
* Creates a Response related to an internal server error.
*
- * @param verbal
- * such as "creating", "deleting", "updating"
- * @param ex
- * The exception, which is logged locally
+ * @param verbal such as "creating", "deleting", "updating"
+ * @param ex The exception, which is logged locally
* @return A response containing internal error with specific reasoning
*/
private Response internalError(final String verbal, final Exception ex) {
@@ -351,8 +351,7 @@ public class UserHandler {
* Creates a Response related to the user not providing a
* required field.
*
- * @param fieldName
- * the name of the field which is missing
+ * @param fieldName the name of the field which is missing
* @return A response explaining that the request is missing a field
*/
private Response missingRequiredField(final String fieldName) {
@@ -367,10 +366,8 @@ public class UserHandler {
* Creates a Response related to the user providing a field
* that is too long.
*
- * @param fieldName
- * the name of the field that is too long
- * @param maxFieldLength
- * the maximum length of fieldName
+ * @param fieldName the name of the field that is too long
+ * @param maxFieldLength the maximum length of fieldName
* @return A response containing the bad field and the maximum field length
*/
private Response providedFieldTooLong(final String fieldName, final int maxFieldLength) {
@@ -381,10 +378,8 @@ public class UserHandler {
* Creates the client-facing message related to the user providing a field
* that is too long.
*
- * @param fieldName
- * the name of the field that is too long
- * @param maxFieldLength
- * the maximum length of fieldName
+ * @param fieldName the name of the field that is too long
+ * @param maxFieldLength the maximum length of fieldName
* @return a response containing the too long field and its length
*/
private static String getProvidedFieldTooLongMessage(final String fieldName, final int maxFieldLength) {
@@ -397,8 +392,7 @@ public class UserHandler {
* Prepares a user account for output by redacting the appropriate fields.
* This method side-effects the user parameter.
*
- * @param user
- * the user account which will have fields redacted
+ * @param user the user account which will have fields redacted
*/
private static void redactUserPasswordInfo(final User user) {
user.setPassword(REDACTED_PASSWORD);
@@ -408,8 +402,7 @@ public class UserHandler {
/**
* Validate the input field length.
*
- * @param inputField
- * the field to check
+ * @param inputField the field to check
* @return true if input field bigger than the MAX_FIELD_LEN
*/
private boolean checkInputFieldLength(final String inputField) {
@@ -418,10 +411,10 @@ public class UserHandler {
}
/**
* Revision history
- *
+ *
* ------------------------------------------------------------------------- * Date Author Note - * + *
* ------------------------------------------------------------------------- * 2019/7/3 Dong Xiancun creat */ diff --git a/ControlPlatform/aaa/aaa-shiro/impl/src/test/java/org/opendaylight/aaa/shiro/idm/rest/test/HandlerTest.java b/ControlPlatform/aaa/aaa-shiro/impl/src/test/java/org/opendaylight/aaa/shiro/idm/rest/test/HandlerTest.java index f0c2dc24c..0b4cde8f7 100644 --- a/ControlPlatform/aaa/aaa-shiro/impl/src/test/java/org/opendaylight/aaa/shiro/idm/rest/test/HandlerTest.java +++ b/ControlPlatform/aaa/aaa-shiro/impl/src/test/java/org/opendaylight/aaa/shiro/idm/rest/test/HandlerTest.java @@ -48,7 +48,7 @@ public abstract class HandlerTest extends JerseyTest { SLF4JBridgeHandler.install(); super.setUp(); new StoreBuilder(testStore).init(); - AAAShiroProvider.setIdmStore(testStore); + AAAShiroProvider.getInstance().setIdmStore(testStore); } } /**