1) Optimized debug printing info.

2) Removed domain info from username when sent from client. Old Spark is now compatible again with Openfire. git-svn-id: http://svn.igniterealtime.org/svn/repos/openfire/trunk@9198 b35dd754-fafc-0310-a699-88a17e54d16e

1) Optimized debug printing info.
2) Removed domain info from username when sent from client. Old Spark is now compatible again with Openfire. git-svn-id: http://svn.igniterealtime.org/svn/repos/openfire/trunk@9198 b35dd754-fafc-0310-a699-88a17e54d16e
995b1446 · Gaston Dombiak · gato · e73df8ce · 995b1446 · 995b1446
Commit 995b1446 authored Sep 21, 2007 by Gaston Dombiak Committed by gato Sep 21, 2007
3 changed files
--- a/src/java/org/jivesoftware/openfire/auth/AuthorizationManager.java
+++ b/src/java/org/jivesoftware/openfire/auth/AuthorizationManager.java
@@ -11,13 +11,13 @@

 package org.jivesoftware.openfire.auth;

+import org.jivesoftware.openfire.user.UserAlreadyExistsException;
+import org.jivesoftware.openfire.user.UserManager;
+import org.jivesoftware.openfire.user.UserNotFoundException;
 import org.jivesoftware.util.ClassUtils;
 import org.jivesoftware.util.JiveGlobals;
 import org.jivesoftware.util.Log;
 import org.jivesoftware.util.StringUtils;
-import org.jivesoftware.openfire.user.UserManager;
-import org.jivesoftware.openfire.user.UserNotFoundException;
-import org.jivesoftware.openfire.user.UserAlreadyExistsException;

 import java.util.ArrayList;
 import java.util.Collection;
@@ -137,7 +137,9 @@ public class AuthorizationManager {

    public static boolean authorize(String username, String principal) {
        for (AuthorizationPolicy ap : authorizationPolicies) {
-            Log.debug("AuthorizationManager: Trying "+ap.name()+".authorize("+username+","+principal+")");
+            if (Log.isDebugEnabled()) {
+                Log.debug("AuthorizationManager: Trying "+ap.name()+".authorize("+username+" , "+principal+")");
+            }

            if (ap.authorize(username, principal)) {
                // Authorized..  but do you exist?
@@ -145,7 +147,9 @@ public class AuthorizationManager {
                    UserManager.getUserProvider().loadUser(username);
                }
                catch (UserNotFoundException nfe) {
-                    Log.debug("AuthorizationManager: User "+username+" not found "+nfe.toString());
+                    if (Log.isDebugEnabled()) {
+                        Log.debug("AuthorizationManager: User " + username + " not found " + nfe.toString());
+                    }
                    // Should we add the user?
                    if(JiveGlobals.getBooleanProperty("xmpp.auth.autoadd",false)) {
                        if (UserManager.getUserProvider().isReadOnly()) {
@@ -153,13 +157,18 @@ public class AuthorizationManager {
                        }
                        try {
                            UserManager.getUserProvider().createUser(username, StringUtils.randomString(8), null, null);
-                            Log.info("AuthorizationManager: User "+username+" created.");
+                            if (Log.isDebugEnabled()) {
+                                Log.info("AuthorizationManager: User "+username+" created.");
+                            }
                            return true;
                        }
                        catch (UserAlreadyExistsException uaee) {
                            // Somehow the user got created in this very short timeframe.. 
                            // To be safe, lets fail here. The user can always try again.
-                            Log.error("AuthorizationManager: User "+username+" already exists while attempting to add user.");
+                            if (Log.isDebugEnabled()) {
+                                Log.error("AuthorizationManager: User " + username +
+                                        " already exists while attempting to add user.");
+                            }
                            return false;
                        }
                    }
@@ -183,7 +192,9 @@ public class AuthorizationManager {

    public static String map(String principal) {
        for (AuthorizationMapping am : authorizationMapping) {
-            Log.debug("AuthorizationManager: Trying "+am.name()+".map("+principal+")");
+            if (Log.isDebugEnabled()) {
+                Log.debug("AuthorizationManager: Trying " + am.name() + ".map(" + principal + ")");
+            }
            String username = am.map(principal);
            if( ! username.equals(principal) ) {
                return username;

--- a/src/java/org/jivesoftware/openfire/auth/DefaultAuthorizationPolicy.java
+++ b/src/java/org/jivesoftware/openfire/auth/DefaultAuthorizationPolicy.java
@@ -13,8 +13,9 @@ package org.jivesoftware.openfire.auth;

 import org.jivesoftware.util.JiveGlobals;
 import org.jivesoftware.util.Log;
-import java.util.Vector;
+
 import java.util.StringTokenizer;
+import java.util.Vector;

 /**
 * Different clients perform authentication differently, so this policy 
@@ -91,7 +92,9 @@ public class DefaultAuthorizationPolicy implements AuthorizationPolicy {
            //for this policy the user portion of both must match, so lets short circut here if we can
            if(JiveGlobals.getBooleanProperty("xmpp.auth.ignorecase",true)) {
                if(!userUser.toLowerCase().equals(authenUser.toLowerCase())){
-                    Log.debug("DefaultAuthorizationPolicy: usernames don't match ("+userUser+" "+authenUser+")");
+                    if (Log.isDebugEnabled()) {
+                        Log.debug("DefaultAuthorizationPolicy: usernames don't match ("+userUser+" "+authenUser+")");
+                    }
                    return false;
                }
            } else {
@@ -111,10 +114,14 @@ public class DefaultAuthorizationPolicy implements AuthorizationPolicy {
            } else { 
                for(String realm : approvedRealms) {
                    if(authenRealm.equals(realm)) {
-                        Log.debug("DefaultAuthorizationPolicy: authenRealm = "+realm+" which is approved");
+                        if (Log.isDebugEnabled()) {
+                            Log.debug("DefaultAuthorizationPolicy: authenRealm = "+realm+" which is approved");
+                        }
                        authorized = true;
                    } else {
-                        Log.debug("DefaultAuthorizationPolicy: authenRealm != "+realm+" which is approved");
+                        if (Log.isDebugEnabled()) {
+                            Log.debug("DefaultAuthorizationPolicy: authenRealm != "+realm+" which is approved");
+                        }
                    }
                }
            }
@@ -137,7 +144,9 @@ public class DefaultAuthorizationPolicy implements AuthorizationPolicy {
            } else {
                if(authenRealm != null && authenRealm.equals(userRealm)) {
                    //authen and username are identical
-                    Log.debug("DefaultAuthorizationPolicy: userRealm = "+authenRealm+" which is approved");
+                    if (Log.isDebugEnabled()) {
+                        Log.debug("DefaultAuthorizationPolicy: userRealm = "+authenRealm+" which is approved");
+                    }
                    authorized = true;
                }
            }

--- a/src/java/org/jivesoftware/openfire/net/XMPPCallbackHandler.java
+++ b/src/java/org/jivesoftware/openfire/net/XMPPCallbackHandler.java
@@ -10,13 +10,13 @@

 package org.jivesoftware.openfire.net;

-import org.jivesoftware.util.Log;
 import org.jivesoftware.openfire.auth.AuthFactory;
 import org.jivesoftware.openfire.auth.AuthToken;
 import org.jivesoftware.openfire.auth.AuthorizationManager;
-import org.jivesoftware.openfire.user.UserNotFoundException;
 import org.jivesoftware.openfire.auth.UnauthorizedException;
 import org.jivesoftware.openfire.sasl.VerifyPasswordCallback;
+import org.jivesoftware.openfire.user.UserNotFoundException;
+import org.jivesoftware.util.Log;

 import javax.security.auth.callback.*;
 import javax.security.sasl.AuthorizeCallback;
@@ -47,26 +47,26 @@ public class XMPPCallbackHandler implements CallbackHandler {
        String realm;
        String name = null;

-        for (int i = 0; i < callbacks.length; i++) {
-            if (callbacks[i] instanceof RealmCallback) {
-                realm = ((RealmCallback) callbacks[i]).getText();
+        for (Callback callback : callbacks) {
+            if (callback instanceof RealmCallback) {
+                realm = ((RealmCallback) callback).getText();
                if (realm == null) {
-                    realm = ((RealmCallback) callbacks[i]).getDefaultText();
+                    realm = ((RealmCallback) callback).getDefaultText();
                }
-                Log.debug("XMPPCallbackHandler: RealmCallback: "+realm);
+                Log.debug("XMPPCallbackHandler: RealmCallback: " + realm);
            }
-            else if (callbacks[i] instanceof NameCallback) {
-                name = ((NameCallback) callbacks[i]).getName();
+            else if (callback instanceof NameCallback) {
+                name = ((NameCallback) callback).getName();
                if (name == null) {
-                    name = ((NameCallback) callbacks[i]).getDefaultName();
+                    name = ((NameCallback) callback).getDefaultName();
                }
-                Log.debug("XMPPCallbackHandler: NameCallback: "+name);
+                Log.debug("XMPPCallbackHandler: NameCallback: " + name);
            }
-            else if (callbacks[i] instanceof PasswordCallback) {
+            else if (callback instanceof PasswordCallback) {
                try {
                    // Get the password from the UserProvider. Some UserProviders may not support
                    // this operation
-                    ((PasswordCallback) callbacks[i])
+                    ((PasswordCallback) callback)
                            .setPassword(AuthFactory.getPassword(name).toCharArray());

                    Log.debug("XMPPCallbackHandler: PasswordCallback");
@@ -79,42 +79,55 @@ public class XMPPCallbackHandler implements CallbackHandler {
                }

            }
-            else if (callbacks[i] instanceof VerifyPasswordCallback) {
+            else if (callback instanceof VerifyPasswordCallback) {
                Log.debug("XMPPCallbackHandler: VerifyPasswordCallback");
-                VerifyPasswordCallback vpcb = (VerifyPasswordCallback) callbacks[i];
+                VerifyPasswordCallback vpcb = (VerifyPasswordCallback) callback;
                try {
-                    AuthToken at = AuthFactory.authenticate(name,new String(vpcb.getPassword()));
-                    vpcb.setVerified( (at != null) );
+                    AuthToken at = AuthFactory.authenticate(name, new String(vpcb.getPassword()));
+                    vpcb.setVerified((at != null));
                }
                catch (UnauthorizedException e) {
                    vpcb.setVerified(false);
                }
            }
-            else if (callbacks[i] instanceof AuthorizeCallback) {
+            else if (callback instanceof AuthorizeCallback) {
                Log.debug("XMPPCallbackHandler: AuthorizeCallback");
-                AuthorizeCallback authCallback = ((AuthorizeCallback) callbacks[i]);
-                String principal =
-                        authCallback.getAuthenticationID(); // Principal that authenticated
-                String username =
-                        authCallback.getAuthorizationID();  // Username requested (not full JID)
-                if(principal.equals(username)) {
+                AuthorizeCallback authCallback = ((AuthorizeCallback) callback);
+                // Principal that authenticated
+                String principal = authCallback.getAuthenticationID();
+                // Username requested (not full JID)
+                String username = authCallback.getAuthorizationID();
+                // Remove any REALM from the username. This is optional in the spec and it may cause
+                // a lot of users to fail to log in if their clients is sending an incorrect value
+                if (username != null && username.contains("@")) {
+                    username = username.substring(0, username.lastIndexOf("@"));
+                }
+                if (principal.equals(username)) {
                    //client perhaps made no request, get default username
                    username = AuthorizationManager.map(principal);
-                    Log.debug("XMPPCallbackHandler: no username requested, using "+username);
+                    if (Log.isDebugEnabled()) {
+                        Log.debug("XMPPCallbackHandler: no username requested, using " + username);
+                    }
                }
                if (AuthorizationManager.authorize(username, principal)) {
-                    Log.debug("XMPPCallbackHandler: "+ principal + " authorized to " + username);
+                    if (Log.isDebugEnabled()) {
+                        Log.debug("XMPPCallbackHandler: " + principal + " authorized to " + username);
+                    }
                    authCallback.setAuthorized(true);
                    authCallback.setAuthorizedID(username);
                }
                else {
-                    Log.debug("XMPPCallbackHandler: "+principal + " not authorized to " + username);
+                    if (Log.isDebugEnabled()) {
+                        Log.debug("XMPPCallbackHandler: " + principal + " not authorized to " + username);
+                    }
                    authCallback.setAuthorized(false);
                }
            }
            else {
-                Log.debug("XMPPCallbackHandler: Callback: " + callbacks[i].getClass().getSimpleName());
-                throw new UnsupportedCallbackException(callbacks[i], "Unrecognized Callback");
+                if (Log.isDebugEnabled()) {
+                    Log.debug("XMPPCallbackHandler: Callback: " + callback.getClass().getSimpleName());
+                }
+                throw new UnsupportedCallbackException(callback, "Unrecognized Callback");
            }
        }
    }