Skip to content

Riina Antikainen / Moya

Go to a project
Commit f5f6946a by Tuomas Riihimäki
Options

Whoops. Remove password logging.

1 parent 5fe73e18
Inline Side-by-side
Showing with 2 additions and 8 deletions
code/MoyaAuthModule/src/fi/codecrew/moya/MoyaRealm.java
...@@ -89,7 +89,7 @@ public class MoyaRealm extends AppservRealm { ...@@ -89,7 +89,7 @@ public class MoyaRealm extends AppservRealm {
*/ */
@Override @Override
public String getAuthType() { public String getAuthType() {
return "Omnia Lan system authentication Realm"; return "Moya authentication Realm";
} }
/** /**
......
code/MoyaBeans/ejbModule/fi/codecrew/moya/beans/JaasBean.java
...@@ -117,13 +117,11 @@ public class JaasBean implements MoyaRealmBeanRemote { ...@@ -117,13 +117,11 @@ public class JaasBean implements MoyaRealmBeanRemote {
@Override @Override
public AuthenticationResult authUsername(String username, String password) { public AuthenticationResult authUsername(String username, String password) {
logger.info("Trying jaas auth with '{}', '{}'", username, password);
AuthenticationResult ret = new AuthenticationResult(); AuthenticationResult ret = new AuthenticationResult();
ret.setUsertype(UserType.USER.name()); ret.setUsertype(UserType.USER.name());
if ((username == null || username.isEmpty()) && password.startsWith("rest:")) { if ((username == null || username.isEmpty()) && password.startsWith("rest:")) {
logger.info("Trying to jaas auth rest call");
ret.setUsertype(UserType.REST.name()); ret.setUsertype(UserType.REST.name());
ret.setUsername(restAuth(password)); ret.setUsername(restAuth(password));
...@@ -143,7 +141,6 @@ public class JaasBean implements MoyaRealmBeanRemote { ...@@ -143,7 +141,6 @@ public class JaasBean implements MoyaRealmBeanRemote {
private String restAuth(String restauth) { private String restAuth(String restauth) {
String[] authsplit = restauth.split(":"); String[] authsplit = restauth.split(":");
logger.info("Auth split len {}, {}", authsplit.length, authsplit);
if (authsplit.length != 6 || !authsplit[0].equals("rest")) { if (authsplit.length != 6 || !authsplit[0].equals("rest")) {
return null; return null;
} }
...@@ -152,7 +149,6 @@ public class JaasBean implements MoyaRealmBeanRemote { ...@@ -152,7 +149,6 @@ public class JaasBean implements MoyaRealmBeanRemote {
@Override @Override
public Enumeration<String> getGroupNames(String user, String usertype) { public Enumeration<String> getGroupNames(String user, String usertype) {
logger.info("Fetching groupNames for user {} event {}", user, eventbean.getCurrentEvent().getName());
EventUser usr = eventUserFacade.findByLogin(user.toLowerCase().trim()); EventUser usr = eventUserFacade.findByLogin(user.toLowerCase().trim());
HashSet<String> roleset = new HashSet<String>(); HashSet<String> roleset = new HashSet<String>();
roleset.add(UserPermission.ANYUSER.getFullName()); roleset.add(UserPermission.ANYUSER.getFullName());
...@@ -216,7 +212,7 @@ public class JaasBean implements MoyaRealmBeanRemote { ...@@ -216,7 +212,7 @@ public class JaasBean implements MoyaRealmBeanRemote {
Vector<String> retvect = new Vector<String>(); Vector<String> retvect = new Vector<String>();
retvect.addAll(roleset); retvect.addAll(roleset);
logger.info("group names for user {}: {}", user, retvect); logger.debug("group names for user {}: {}", user, retvect);
return retvect.elements(); return retvect.elements();
} }
...@@ -227,7 +223,6 @@ public class JaasBean implements MoyaRealmBeanRemote { ...@@ -227,7 +223,6 @@ public class JaasBean implements MoyaRealmBeanRemote {
} }
public String authenticateApp(String pathInfo, String appId, String userId, String appStamp, String mac) { public String authenticateApp(String pathInfo, String appId, String userId, String appStamp, String mac) {
logger.info("pathInfo {}, appid {}, userId {}, appStamp {}, mac {}", pathInfo, appId, userId, appStamp, mac);
if (mac == null) if (mac == null)
return null; return null;
ApiApplication app = appfacade.findByAppid(appId); ApiApplication app = appfacade.findByAppid(appId);
...@@ -242,7 +237,6 @@ public class JaasBean implements MoyaRealmBeanRemote { ...@@ -242,7 +237,6 @@ public class JaasBean implements MoyaRealmBeanRemote {
String ret = null; String ret = null;
String macSource = PasswordFunctions.mkSeparatedString("+", pathInfo, appId, userId, appStamp, apiInstance.getSecretKey()); String macSource = PasswordFunctions.mkSeparatedString("+", pathInfo, appId, userId, appStamp, apiInstance.getSecretKey());
String macHash = PasswordFunctions.calculateSha1(macSource); String macHash = PasswordFunctions.calculateSha1(macSource);
logger.info("Calculated mac hash {} from mac source {}. Sould match {}", macHash, macSource, mac);
if (mac.equalsIgnoreCase(macHash)) if (mac.equalsIgnoreCase(macHash))
{ {
switch (app.getAuthtype()) { switch (app.getAuthtype()) {
......
Markdown is supported
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!