[CS-3766] Implement SSO between admin console of OF and CS. Reviewer Daniel Henninger.

git-svn-id: http://svn.igniterealtime.org/svn/repos/openfire/trunk@10176 b35dd754-fafc-0310-a699-88a17e54d16e

src/i18n/openfire_i18n_cs_CZ.properties

@@ -139,6 +139,13 @@ tab.tab-plugins.descr=Klikn\u011bte pro spr\u00e1vu v\u0161ech dopl\u0148k\u016f
         sidebar.plugin-settings.descr=Klikn\u011bte pro spr\u00e1vu instalovan\u00fdch dopl\u0148k\u016f
         sidebar.available-plugins=Dostupn\u00e9 dopl\u0148ky
         sidebar.available-plugins.descr=Klikn\u011bte pro zobrazen\u00ed dostupn\u00fdch dopl\u0148k\u016f
+tab.tab-clearspace=Clearspace
+tab.tab-clearspace.descr=Click manage Clearspace integration
+    sidebar.sidebar-clearspace-admin=Clearspace Admin
+        sidebar.clearspace-info=Clearspace Information
+        sidebar.clearspace-info.descr=Information about Clearspace integration
+        sidebar.clearspace-admin=Admin Clearspace
+        sidebar.clearspace-admin.descr=Login into Clearspace admin console
 
 # Log messages
 log.marker_inserted_by=--- Zna\u010dka vlo\u017eena u\u017eivatelem {0} - {1} ---
@@ -2352,3 +2359,10 @@ muc.room.edit.form.edit.title=Room Settings
 user.create.isadmin=Is Administrator?
 user.create.admin_info=Grants admin access to Openfire
 user.properties.isadmin=User has administrative privileges.
+clearspace.info.title=Clearspace information
+clearspace.info.status.title=Connection status
+clearspace.info.status.connected=Connected
+clearspace.info.status.disconnected=Disconnected
+clearspace.admin.title=Configuration problems
+clearspace.admin.notconnected.title=Openfire and Clearspace are not connected
+clearspace.admin.notconnected.description=Check the real time integration configuration in Clearspace and Openfire.
\ No newline at end of file

src/i18n/openfire_i18n_de.properties

@@ -138,6 +138,13 @@ tab.tab-plugins.descr=Click to manage all plugins
         sidebar.plugin-settings.descr=Hier klicken um die Plugins anzuzeigen
         sidebar.available-plugins=Available Plugins
         sidebar.available-plugins.descr=Click to browse available plugins
+tab.tab-clearspace=Clearspace
+tab.tab-clearspace.descr=Click manage Clearspace integration
+    sidebar.sidebar-clearspace-admin=Clearspace Admin
+        sidebar.clearspace-info=Clearspace Information
+        sidebar.clearspace-info.descr=Information about Clearspace integration
+        sidebar.clearspace-admin=Admin Clearspace
+        sidebar.clearspace-admin.descr=Login into Clearspace admin console
 
 # Log messages
 log.marker_inserted_by=--- Markerung eingef\u00fcgt von {0} am {1} ---
@@ -2338,3 +2345,10 @@ muc.room.edit.form.edit.title=Room Settings
 user.create.isadmin=Is Administrator?
 user.create.admin_info=Grants admin access to Openfire
 user.properties.isadmin=User has administrative privileges.
+clearspace.info.title=Clearspace information
+clearspace.info.status.title=Connection status
+clearspace.info.status.connected=Connected
+clearspace.info.status.disconnected=Disconnected
+clearspace.admin.title=Configuration problems
+clearspace.admin.notconnected.title=Openfire and Clearspace are not connected
+clearspace.admin.notconnected.description=Check the real time integration configuration in Clearspace and Openfire.
\ No newline at end of file

src/i18n/openfire_i18n_en.properties

@@ -404,6 +404,13 @@
 ##      Added key: 'user.create.isadmin'
 ##      Added key: 'user.create.admin_info'
 ##      Added key: 'user.properties.isadmin'
+##      Added key: 'clearspace.info.title'
+##      Added key: 'clearspace.info.status.title'
+##      Added key: 'clearspace.info.status.connected'
+##      Added key: 'clearspace.info.status.disconnected'
+##      Added key: 'clearspace.admin.title
+##      Added key: 'clearspace.admin.notconnected.title
+##      Added key: 'clearspace.admin.notconnected.description
 
 
 # Openfire
@@ -553,6 +560,13 @@ tab.tab-plugins.descr=Click to manage all plugins
         sidebar.plugin-settings.descr=Click to manage installed plugins
         sidebar.available-plugins=Available Plugins
         sidebar.available-plugins.descr=Click to browse available plugins
+tab.tab-clearspace=Clearspace
+tab.tab-clearspace.descr=Click manage Clearspace integration
+    sidebar.sidebar-clearspace-admin=Clearspace Admin
+        sidebar.clearspace-info=Clearspace Information
+        sidebar.clearspace-info.descr=Information about Clearspace integration
+        sidebar.clearspace-admin=Admin Clearspace
+        sidebar.clearspace-admin.descr=Login into Clearspace admin console
 
 # Log messages
 log.marker_inserted_by=--- Marker inserted by {0} at {1} ---
@@ -2836,3 +2850,16 @@ security.audit.viewer.search=Search
 security.audit.viewer.write_only=The security audit provider configured for this server only accepts log events, and does not provide them for viewing from this interface.
 security.audit.viewer.view_url=The following URL refers to where you can view the logs.  Depending on the interface, you may need to log in again to view the logs.
 security.audit.viewer.view_url.url=URL
+
+# Clearspace info page
+
+clearspace.info.title=Clearspace information
+clearspace.info.status.title=Connection status
+clearspace.info.status.connected=Connected
+clearspace.info.status.disconnected=Disconnected
+
+# Clearspace admin page
+
+clearspace.admin.title=Configuration problems
+clearspace.admin.notconnected.title=Openfire and Clearspace are not connected
+clearspace.admin.notconnected.description=Check the real time integration configuration in Clearspace and Openfire.
\ No newline at end of file

src/i18n/openfire_i18n_es.properties

@@ -135,6 +135,13 @@ tab.tab-plugins.descr=Presione para administrar los plugins
         sidebar.plugin-settings.descr=Presione para administrar plugins instalados
         sidebar.available-plugins=Plugins Disponibles
         sidebar.available-plugins.descr=Presione para ver plugins disponibles
+tab.tab-clearspace=Clearspace
+tab.tab-clearspace.descr=Click manage Clearspace integration
+    sidebar.sidebar-clearspace-admin=Clearspace Admin
+        sidebar.clearspace-info=Clearspace Information
+        sidebar.clearspace-info.descr=Information about Clearspace integration
+        sidebar.clearspace-admin=Admin Clearspace
+        sidebar.clearspace-admin.descr=Login into Clearspace admin console
 
 # Log messages
 log.marker_inserted_by=--- Marcador insertado por {0} en {1} ---
@@ -2389,3 +2396,10 @@ muc.room.edit.form.edit.title=Room Settings
 user.create.isadmin=Is Administrator?
 user.create.admin_info=Grants admin access to Openfire
 user.properties.isadmin=User has administrative privileges.
+clearspace.info.title=Clearspace information
+clearspace.info.status.title=Connection status
+clearspace.info.status.connected=Connected
+clearspace.info.status.disconnected=Disconnected
+clearspace.admin.title=Configuration problems
+clearspace.admin.notconnected.title=Openfire and Clearspace are not connected
+clearspace.admin.notconnected.description=Check the real time integration configuration in Clearspace and Openfire.
\ No newline at end of file

src/i18n/openfire_i18n_fr.properties

@@ -117,6 +117,14 @@ sidebar.plugin-settings = Plugins
 sidebar.plugin-settings.descr = Click to manage installed plugins
 sidebar.available-plugins = Plugins Disponibles
 sidebar.available-plugins.descr = Cliquez pour voir les plugins disponibles
+tab.tab-clearspace=Clearspace
+tab.tab-clearspace.descr=Click manage Clearspace integration
+    sidebar.sidebar-clearspace-admin=Clearspace Admin
+        sidebar.clearspace-info=Clearspace Information
+        sidebar.clearspace-info.descr=Information about Clearspace integration
+        sidebar.clearspace-admin=Admin Clearspace
+        sidebar.clearspace-admin.descr=Login into Clearspace admin console
+
 # Log messages
 log.marker_inserted_by = --- Marqueur ajout\u00E9 par {0} le {1} ---
 # Server startup messages
@@ -1959,3 +1967,10 @@ muc.room.edit.form.edit.title=Room Settings
 user.create.isadmin=Is Administrator?
 user.create.admin_info=Grants admin access to Openfire
 user.properties.isadmin=User has administrative privileges.
+clearspace.info.title=Clearspace information
+clearspace.info.status.title=Connection status
+clearspace.info.status.connected=Connected
+clearspace.info.status.disconnected=Disconnected
+clearspace.admin.title=Configuration problems
+clearspace.admin.notconnected.title=Openfire and Clearspace are not connected
+clearspace.admin.notconnected.description=Check the real time integration configuration in Clearspace and Openfire.
\ No newline at end of file

src/i18n/openfire_i18n_ja_JP.properties

@@ -318,6 +318,13 @@ tab.tab-plugins.descr=\u3059\u3079\u3066\u306e\u30d7\u30e9\u30b0\u30a4\u30f3\u30
         sidebar.plugin-settings.descr=\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3055\u308c\u305f\u30d7\u30e9\u30b0\u30a4\u30f3\u306e\u7ba1\u7406\u3092\u3059\u308b\u5834\u5408\u306b\u30af\u30ea\u30c3\u30af\u3057\u3066\u304f\u3060\u3055\u3044\u3002
         sidebar.available-plugins=\u5229\u7528\u53ef\u80fd\u30d7\u30e9\u30b0\u30a4\u30f3
         sidebar.available-plugins.descr=\u5229\u7528\u53ef\u80fd\u30d7\u30e9\u30b0\u30a4\u30f3\u3092\u53c2\u7167\u3059\u308b\u5834\u5408\u306b\u30af\u30ea\u30c3\u30af\u3057\u3066\u304f\u3060\u3055\u3044\u3002
+tab.tab-clearspace=Clearspace
+tab.tab-clearspace.descr=Click manage Clearspace integration
+    sidebar.sidebar-clearspace-admin=Clearspace Admin
+        sidebar.clearspace-info=Clearspace Information
+        sidebar.clearspace-info.descr=Information about Clearspace integration
+        sidebar.clearspace-admin=Admin Clearspace
+        sidebar.clearspace-admin.descr=Login into Clearspace admin console
 
 # Log messages
 log.marker_inserted_by=--- Marker inserted by {0} at {1} ---
@@ -2485,3 +2492,10 @@ muc.room.edit.form.edit.title=Room Settings
 user.create.isadmin=Is Administrator?
 user.create.admin_info=Grants admin access to Openfire
 user.properties.isadmin=User has administrative privileges.
+clearspace.info.title=Clearspace information
+clearspace.info.status.title=Connection status
+clearspace.info.status.connected=Connected
+clearspace.info.status.disconnected=Disconnected
+clearspace.admin.title=Configuration problems
+clearspace.admin.notconnected.title=Openfire and Clearspace are not connected
+clearspace.admin.notconnected.description=Check the real time integration configuration in Clearspace and Openfire.
\ No newline at end of file

src/i18n/openfire_i18n_nl.properties

@@ -136,6 +136,13 @@ tab.tab-plugins.descr=Click to manage all plugins
         sidebar.plugin-settings.descr=Klik hier om de plug-ins te bekijken
         sidebar.available-plugins=Available Plugins
         sidebar.available-plugins.descr=Click to browse available plugins
+tab.tab-clearspace=Clearspace
+tab.tab-clearspace.descr=Click manage Clearspace integration
+    sidebar.sidebar-clearspace-admin=Clearspace Admin
+        sidebar.clearspace-info=Clearspace Information
+        sidebar.clearspace-info.descr=Information about Clearspace integration
+        sidebar.clearspace-admin=Admin Clearspace
+        sidebar.clearspace-admin.descr=Login into Clearspace admin console
 
 # Log messages
 log.marker_inserted_by=--- Markering ingevoegd door {0} om {1} ---
@@ -2349,3 +2356,10 @@ muc.room.edit.form.edit.title=Room Settings
 user.create.isadmin=Is Administrator?
 user.create.admin_info=Grants admin access to Openfire
 user.properties.isadmin=User has administrative privileges.
+clearspace.info.title=Clearspace information
+clearspace.info.status.title=Connection status
+clearspace.info.status.connected=Connected
+clearspace.info.status.disconnected=Disconnected
+clearspace.admin.title=Configuration problems
+clearspace.admin.notconnected.title=Openfire and Clearspace are not connected
+clearspace.admin.notconnected.description=Check the real time integration configuration in Clearspace and Openfire.
\ No newline at end of file

src/i18n/openfire_i18n_pl_PL.properties

@@ -140,6 +140,13 @@ tab.tab-plugins.descr=Kliknij aby zarz\u0105dza\u0107 wszystkimi wtyczkami
         sidebar.plugin-settings.descr=Kliknij aby zarz\u0105dza\u0107 zainstalowanymi wtyczkami
         sidebar.available-plugins=Dost\u0119pne wtyczki
         sidebar.available-plugins.descr=Kliknij aby przegl\u0105da\u0107 dost\u0119pne wtyczki
+tab.tab-clearspace=Clearspace
+tab.tab-clearspace.descr=Click manage Clearspace integration
+    sidebar.sidebar-clearspace-admin=Clearspace Admin
+        sidebar.clearspace-info=Clearspace Information
+        sidebar.clearspace-info.descr=Information about Clearspace integration
+        sidebar.clearspace-admin=Admin Clearspace
+        sidebar.clearspace-admin.descr=Login into Clearspace admin console
 
 # Log messages
 log.marker_inserted_by=--- Zaznaczenie utworzone przez {0} w {1} ---
@@ -2318,3 +2325,10 @@ muc.room.edit.form.edit.title=Room Settings
 user.create.isadmin=Is Administrator?
 user.create.admin_info=Grants admin access to Openfire
 user.properties.isadmin=User has administrative privileges.
+clearspace.info.title=Clearspace information
+clearspace.info.status.title=Connection status
+clearspace.info.status.connected=Connected
+clearspace.info.status.disconnected=Disconnected
+clearspace.admin.title=Configuration problems
+clearspace.admin.notconnected.title=Openfire and Clearspace are not connected
+clearspace.admin.notconnected.description=Check the real time integration configuration in Clearspace and Openfire.
\ No newline at end of file

src/i18n/openfire_i18n_pt_BR.properties

@@ -138,6 +138,13 @@ tab.tab-plugins.descr=Clique para gerenciar todos os plugins
         sidebar.plugin-settings.descr=Clique para gerenciar os plugins instalados
         sidebar.available-plugins=Plugins dispon\u00edveis
         sidebar.available-plugins.descr=Clique para listar plugins dispon\u00edveis
+tab.tab-clearspace=Clearspace
+tab.tab-clearspace.descr=Click manage Clearspace integration
+    sidebar.sidebar-clearspace-admin=Clearspace Admin
+        sidebar.clearspace-info=Clearspace Information
+        sidebar.clearspace-info.descr=Information about Clearspace integration
+        sidebar.clearspace-admin=Admin Clearspace
+        sidebar.clearspace-admin.descr=Login into Clearspace admin console
 
 # Log messages
 log.marker_inserted_by=--- Marca inserida por {0} em {1} ---
@@ -2352,3 +2359,10 @@ muc.room.edit.form.edit.title=Room Settings
 user.create.isadmin=Is Administrator?
 user.create.admin_info=Grants admin access to Openfire
 user.properties.isadmin=User has administrative privileges.
+clearspace.info.title=Clearspace information
+clearspace.info.status.title=Connection status
+clearspace.info.status.connected=Connected
+clearspace.info.status.disconnected=Disconnected
+clearspace.admin.title=Configuration problems
+clearspace.admin.notconnected.title=Openfire and Clearspace are not connected
+clearspace.admin.notconnected.description=Check the real time integration configuration in Clearspace and Openfire.
\ No newline at end of file

src/i18n/openfire_i18n_zh_CN.properties

@@ -139,6 +139,13 @@ tab.tab-plugins.descr=\u5355\u51fb\u7ba1\u7406\u6240\u6709\u7684\u63d2\u4ef6
         sidebar.plugin-settings.descr=\u5355\u51fb\u7ba1\u7406\u5b89\u88c5\u7684\u63d2\u4ef6
         sidebar.available-plugins=\u6709\u6548\u7684\u63d2\u4ef6
         sidebar.available-plugins.descr=\u5355\u51fb\u6d4f\u89c8\u6709\u6548\u7684\u63d2\u4ef6
+tab.tab-clearspace=Clearspace
+tab.tab-clearspace.descr=Click manage Clearspace integration
+    sidebar.sidebar-clearspace-admin=Clearspace Admin
+        sidebar.clearspace-info=Clearspace Information
+        sidebar.clearspace-info.descr=Information about Clearspace integration
+        sidebar.clearspace-admin=Admin Clearspace
+        sidebar.clearspace-admin.descr=Login into Clearspace admin console
 
 # Log messages
 log.marker_inserted_by=--- \u7531 {0} \u5728 {1} \u63d2\u5165\u7684\u6807\u8bb0 ---
@@ -2130,3 +2137,10 @@ muc.room.edit.form.edit.title=Room Settings
 user.create.isadmin=Is Administrator?
 user.create.admin_info=Grants admin access to Openfire
 user.properties.isadmin=User has administrative privileges.
+clearspace.info.title=Clearspace information
+clearspace.info.status.title=Connection status
+clearspace.info.status.connected=Connected
+clearspace.info.status.disconnected=Disconnected
+clearspace.admin.title=Configuration problems
+clearspace.admin.notconnected.title=Openfire and Clearspace are not connected
+clearspace.admin.notconnected.description=Check the real time integration configuration in Clearspace and Openfire.
\ No newline at end of file

src/java/org/jivesoftware/admin/AdminConsole.java

@@ -11,16 +11,22 @@
 
 package org.jivesoftware.admin;
 
-import org.jivesoftware.util.*;
-import org.jivesoftware.openfire.XMPPServer;
 import org.dom4j.Document;
-import org.dom4j.Element;
 import org.dom4j.DocumentFactory;
+import org.dom4j.Element;
 import org.dom4j.io.SAXReader;
+import org.jivesoftware.openfire.XMPPServer;
+import org.jivesoftware.openfire.clearspace.ClearspaceManager;
+import org.jivesoftware.util.ClassUtils;
+import org.jivesoftware.util.LocaleUtils;
+import org.jivesoftware.util.Log;
 
-import java.util.*;
 import java.io.InputStream;
 import java.net.URL;
+import java.util.Enumeration;
+import java.util.Iterator;
+import java.util.LinkedHashMap;
+import java.util.Map;
 
 /**
  * A model for admin tab and sidebar info. This class loads in XML definitions of the
@@ -334,6 +340,31 @@ public class AdminConsole {
                 }
             }
         }
+
+        // Special case: show a link to Clearspace admin console if it is integrated with
+        // Openfire.
+        if (ClearspaceManager.isEnabled()) {
+            Element clearspace = generatedModel.addElement("tab");
+            clearspace.addAttribute("id", "tab-clearspace");
+            clearspace.addAttribute("name", LocaleUtils.getLocalizedString("tab.tab-clearspace"));
+            clearspace.addAttribute("url", "clearspace-info.jsp");
+            clearspace.addAttribute("description", LocaleUtils.getLocalizedString("tab.tab-clearspace.descr"));
+            Element sidebar = clearspace.addElement("sidebar");
+            sidebar.addAttribute("id", "sidebar-clearspace-admin");
+            sidebar.addAttribute("name", LocaleUtils.getLocalizedString("sidebar.sidebar-clearspace-admin"));
+
+            Element item = sidebar.addElement("item");
+            item.addAttribute("id", "clearspace-info");
+            item.addAttribute("name", LocaleUtils.getLocalizedString("sidebar.clearspace-info"));
+            item.addAttribute("url", "clearspace-info.jsp");
+            item.addAttribute("description", LocaleUtils.getLocalizedString("sidebar.clearspace-info.descr"));
+
+            item = sidebar.addElement("item");
+            item.addAttribute("id", "clearspace-admin");
+            item.addAttribute("name", LocaleUtils.getLocalizedString("sidebar.clearspace-admin"));
+            item.addAttribute("url", "clearspace-admin.jsp");
+            item.addAttribute("description", LocaleUtils.getLocalizedString("sidebar.clearspace-admin.descr"));
+        }
     }
 
     private static void overrideTab(Element tab, Element overrideTab) {

src/java/org/jivesoftware/openfire/clearspace/ClearspaceLockOutProvider.java

@@ -190,7 +190,7 @@ public class ClearspaceLockOutProvider implements LockOutProvider {
      *
      * @param username Username to look up.
      * @return XML Element including information about the user.
-     * @throws UserNotFoundException The user was not found in the Clearspace database.
+     * @throws UserNotFoundException The user was not found in the Clearspace database or there was an error.
      */
     private Element getUserByUsername(String username) throws UserNotFoundException {
         try {
@@ -199,6 +199,9 @@ public class ClearspaceLockOutProvider implements LockOutProvider {
             // return the response
             return ClearspaceManager.getInstance().executeRequest(GET, path);
         }
+        catch (UserNotFoundException e) {
+            throw e;
+        }
         catch (Exception e) {
             // It is not supported exception, wrap it into an UserNotFoundException
             throw new UserNotFoundException("Error loading the user from Clearspace: ", e);

src/java/org/jivesoftware/openfire/clearspace/ClearspaceManager.java

@@ -31,6 +31,8 @@ import org.jivesoftware.openfire.muc.spi.MultiUserChatServiceImpl;
 import org.jivesoftware.openfire.net.MXParser;
 import org.jivesoftware.openfire.user.UserNotFoundException;
 import org.jivesoftware.util.*;
+import org.jivesoftware.util.cache.Cache;
+import org.jivesoftware.util.cache.CacheFactory;
 import org.jivesoftware.util.cache.DefaultCache;
 import org.xmlpull.v1.XmlPullParserException;
 import org.xmlpull.v1.XmlPullParserFactory;
@@ -113,6 +115,11 @@ public class ClearspaceManager extends BasicModule implements ExternalComponentM
     private Map<String, Long> userIDCache;
     private Map<Long, String> usernameCache;
     private Map<String, Long> groupIDCache;
+
+    // Current nonce storage
+    private Cache<String, Long> nonceCache;
+    // Nonce generator
+    private Random nonceGenerator;
     /**
      * Records transcripts for group chat rooms in Clearspace.
      */
@@ -239,6 +246,11 @@ public class ClearspaceManager extends BasicModule implements ExternalComponentM
 
             Log.debug("ClearspaceManager: " + buf.toString());
         }
+
+        // Init nonce cache
+        nonceCache = CacheFactory.createCache("cache.clearspace.nonce");
+        // Init nonce generator
+        nonceGenerator = new Random();
     }
 
     /**
@@ -366,7 +378,7 @@ public class ClearspaceManager extends BasicModule implements ExternalComponentM
      *
      * @return true if Clearspace is being used as the backend of Openfire.
      */
-    public boolean isEnabled() {
+    public static boolean isEnabled() {
         return AuthFactory.getAuthProvider() instanceof ClearspaceAuthProvider;
     }
 
@@ -615,9 +627,11 @@ public class ClearspaceManager extends BasicModule implements ExternalComponentM
     }
 
     /**
-     * Makes a rest request of either type GET or DELETE at the specified urlSuffix.
-     * <p/>
-     * urlSuffix should be of the form /userService/users
+     * Makes a rest request of either type GET or DELETE at the specified urlSuffix. The
+     * urlSuffix should be of the form /userService/users.
+     * If CS throws an exception it handled and transalated to a Openfire exception if possible.
+     * This is done using the check fault method that has an exception mapping from CS to OF. If
+     * no mapping is found then it throws a <code>Exception</code> with the message of the CS exception.
      *
      * @param type      Must be GET or DELETE
      * @param urlSuffix The url suffix of the rest request
@@ -630,6 +644,19 @@ public class ClearspaceManager extends BasicModule implements ExternalComponentM
         return executeRequest(type, urlSuffix, null);
     }
 
+    /**
+     * Makes a rest request of any type at the specified urlSuffix. The urlSuffix should be of the
+     * form /userService/users.
+     * If CS throws an exception it handled and transalated to a Openfire exception if possible.
+     * This is done using the check fault method that tries to throw the best maching exception.
+     *
+     * @param type      Must be GET or DELETE
+     * @param urlSuffix The url suffix of the rest request
+     * @param xmlParams The xml with the request params, must be null if type is GET or DELETE only
+     * @return The response as a xml doc.
+     * @throws ConnectException Thrown if there are issues perfoming the request.
+     * @throws Exception Thrown if the response from Clearspace contains an exception.
+     */
     public Element executeRequest(HttpType type, String urlSuffix, String xmlParams)
             throws ConnectException, Exception {
         if (Log.isDebugEnabled()) {
@@ -709,6 +736,15 @@ public class ClearspaceManager extends BasicModule implements ExternalComponentM
         }
     }
 
+    /**
+     * If CS throws an exception it handled and transalated to a Openfire exception if possible.
+     * This is done using <code>exceptionMap</code> that has a mapping from CS to OF. If
+     * no mapping is found then it tries to instantiete the original exception. If this fails
+     * it throws a <code>Exception</code> with the message of the CS exception.
+     *
+     * @param response the response from CS to check if it is an exception message.
+     * @throws Exception if the response is an exception message.
+     */
     private void checkFault(Element response) throws Exception {
         Node node = response.selectSingleNode("ns1:faultstring");
         if (node != null) {
@@ -961,6 +997,49 @@ public class ClearspaceManager extends BasicModule implements ExternalComponentM
         }
     }
 
+    /**
+     * Returns a nonce generated by Clearspace to be used in a SSO login.
+     *
+     * @return a unique nonce.
+     */
+    public String getNonce() {
+        try {
+            String path = IM_URL_PREFIX + "generateNonce";
+            Element element = executeRequest(GET, path);
+
+            return WSUtils.getReturn(element);
+        } catch (Exception e) {}
+
+        return null;
+    }
+
+    /**
+     * Generates a new nonce. The <code>isValidNonce</code> method will return
+     * true when using nonces generated by this method.
+     *
+     * @return a unique nonce
+     */
+    public String generateNonce() {
+        String nonce = String.valueOf(nonceGenerator.nextLong());
+        nonceCache.put(nonce, System.currentTimeMillis());
+        return nonce;
+    }
+
+    /**
+     * Returns true if the nonce was generated usig <code>generateNonce</code>
+     * and if this is the first check for that nonce.
+     *
+     * @param nonce the nonce to be checked
+     * @return true if the nonce if the nonce was generated and this is the first check for that nonce
+     */
+    public boolean isValidNonce(String nonce) {
+        Long time = nonceCache.remove(nonce);
+        if (time == null) {
+            return false;
+        }
+        return System.currentTimeMillis() - time < JiveConstants.MINUTE;
+    }
+
     private class ConfigClearspaceTask extends TimerTask {
 
         public void run() {

src/java/org/jivesoftware/openfire/clearspace/ClearspaceUserProvider.java

@@ -560,7 +560,7 @@ public class ClearspaceUserProvider implements UserProvider {
      *
      * @param username the username of the user
      * @return the user xml response
-     * @throws UserNotFoundException if the user could not be found
+     * @throws UserNotFoundException The user was not found in the Clearspace database or there was an error.
      */
     private Element getUserByUsername(String username) throws UserNotFoundException {
         try {

src/java/org/jivesoftware/openfire/commands/AdHocCommandHandler.java

@@ -22,6 +22,7 @@ import org.jivesoftware.openfire.commands.admin.user.AuthenticateUser;
 import org.jivesoftware.openfire.commands.admin.user.ChangeUserPassword;
 import org.jivesoftware.openfire.commands.admin.user.UserProperties;
 import org.jivesoftware.openfire.commands.clearspace.ChangeSharedSecret;
+import org.jivesoftware.openfire.commands.clearspace.GenerateNonce;
 import org.jivesoftware.openfire.commands.event.*;
 import org.jivesoftware.openfire.disco.*;
 import org.jivesoftware.openfire.forms.spi.XDataFormImpl;
@@ -216,6 +217,8 @@ public class AdHocCommandHandler extends IQHandler
         addCommand(new VCardCreated());
         addCommand(new VCardDeleting());
         addCommand(new VCardModified());
+        addCommand(new GetAdminConsoleInfo());
+        addCommand(new GenerateNonce());
     }
 
     private void startCommand(AdHocCommand command) {

src/java/org/jivesoftware/openfire/commands/admin/GetAdminConsoleInfo.java

+/**
+ * $Revision: $
+ * $Date: $
+ *
+ * Copyright (C) 2007 Jive Software. All rights reserved.
+ *
+ * This software is published under the terms of the GNU Public License (GPL),
+ * a copy of which is included in this distribution.
+ */
+
+package org.jivesoftware.openfire.commands.admin;
+
+import org.dom4j.Element;
+import org.jivesoftware.openfire.XMPPServer;
+import org.jivesoftware.openfire.commands.AdHocCommand;
+import org.jivesoftware.openfire.commands.SessionData;
+import org.jivesoftware.openfire.component.InternalComponentManager;
+import org.jivesoftware.openfire.container.AdminConsolePlugin;
+import org.jivesoftware.openfire.container.PluginManager;
+import org.xmpp.forms.DataForm;
+import org.xmpp.forms.FormField;
+import org.xmpp.packet.JID;
+
+import java.io.IOException;
+import java.net.*;
+import java.util.Collections;
+import java.util.Enumeration;
+import java.util.List;
+
+/**
+ * Command that returns information about the admin console. This command
+ * can only be executed by administrators or components of the server.
+ *
+ * @author Gabriel Guardincerri
+ */
+public class GetAdminConsoleInfo extends AdHocCommand {
+
+    protected void addStageInformation(SessionData data, Element command) {
+        //Do nothing since there are no stages
+    }
+
+    public void execute(SessionData data, Element command) {
+        DataForm form = new DataForm(DataForm.Type.result);
+
+        FormField field = form.addField();
+        field.setType(FormField.Type.hidden);
+        field.setVariable("FORM_TYPE");
+        field.addValue("http://jabber.org/protocol/admin");
+
+
+        // Gets a valid bind interface
+        PluginManager pluginManager = XMPPServer.getInstance().getPluginManager();
+        AdminConsolePlugin adminConsolePlugin = ((AdminConsolePlugin) pluginManager.getPlugin("admin"));
+
+        String bindInterface = adminConsolePlugin.getBindInterface();
+        int adminPort = adminConsolePlugin.getAdminUnsecurePort();
+        int adminSecurePort = adminConsolePlugin.getAdminSecurePort();
+
+        if (bindInterface == null) {
+            Enumeration<NetworkInterface> nets = null;
+            try {
+                nets = NetworkInterface.getNetworkInterfaces();
+            } catch (SocketException e) {
+                // We failed to discover a valid IP address where the admin console is running
+                return;
+            }
+            for (NetworkInterface netInterface : Collections.list(nets)) {
+                boolean found = false;
+                Enumeration<InetAddress> addresses = netInterface.getInetAddresses();
+                for (InetAddress address : Collections.list(addresses)) {
+                    if ("127.0.0.1".equals(address.getHostAddress()) || "0:0:0:0:0:0:0:1".equals(address.getHostAddress())) {
+                        continue;
+                    }
+                    Socket socket = new Socket();
+                    InetSocketAddress remoteAddress = new InetSocketAddress(address, adminPort > 0 ? adminPort : adminSecurePort);
+                    try {
+                        socket.connect(remoteAddress);
+                        bindInterface = address.getHostAddress();
+                        found = true;
+                        break;
+                    } catch (IOException e) {
+                        // Ignore this address. Let's hope there is more addresses to validate
+                    }
+                }
+                if (found) {
+                    break;
+                }
+            }
+        }
+
+        // If there is no valid bind interface, return an error
+        if (bindInterface == null) {
+            Element note = command.addElement("note");
+            note.addAttribute("type", "error");
+            note.setText("Couldn't find a valid interface.");
+            return;            
+        }
+
+        // Add the bind interface
+        field = form.addField();
+        field.setLabel("Bind interface");
+        field.setVariable("bindInterface");
+        field.addValue(bindInterface);
+
+        // Add the port
+        field = form.addField();
+        field.setLabel("Port");
+        field.setVariable("adminPort");
+        field.addValue(adminPort);
+
+        // Add the secure port
+        field = form.addField();
+        field.setLabel("Secure port");
+        field.setVariable("adminSecurePort");
+        field.addValue(adminSecurePort);
+
+        command.add(form.getElement());
+    }
+
+    protected List<Action> getActions(SessionData data) {
+        //Do nothing since there are no stages
+        return null;
+    }
+
+    public String getCode() {
+        return "http://jabber.org/protocol/admin#get-console-info";
+    }
+
+    public String getDefaultLabel() {
+        return "Get admin console info.";
+    }
+
+    protected Action getExecuteAction(SessionData data) {
+        //Do nothing since there are no stages
+        return null;
+    }
+
+    public int getMaxStages(SessionData data) {
+        return 0;
+    }
+
+    /**
+     * Returns if the requester can access this command. Only admins and components
+     * are allowed to execute this command.
+     *
+     * @param requester the JID of the user requesting to execute this command.
+     * @return true if the requester can access this command.
+     */
+    public boolean hasPermission(JID requester) {
+        return super.hasPermission(requester) || InternalComponentManager.getInstance().hasComponent(requester);
+    }
+}
\ No newline at end of file

src/java/org/jivesoftware/openfire/commands/clearspace/GenerateNonce.java

+/**
+ * $Revision: $
+ * $Date: $
+ *
+ * Copyright (C) 2007 Jive Software. All rights reserved.
+ *
+ * This software is published under the terms of the GNU Public License (GPL),
+ * a copy of which is included in this distribution.
+ */
+
+package org.jivesoftware.openfire.commands.clearspace;
+
+import org.dom4j.Element;
+import org.jivesoftware.openfire.clearspace.ClearspaceManager;
+import org.jivesoftware.openfire.commands.AdHocCommand;
+import org.jivesoftware.openfire.commands.SessionData;
+import org.jivesoftware.openfire.component.InternalComponentManager;
+import org.xmpp.forms.DataForm;
+import org.xmpp.forms.FormField;
+import org.xmpp.packet.JID;
+
+import java.util.List;
+
+/**
+ * Command that generates a new nonce to be used to SSO between OF and CS.
+ *
+ * @author Gabriel Guardincerri
+ */
+public class GenerateNonce extends AdHocCommand {
+
+    protected void addStageInformation(SessionData data, Element command) {
+        //Do nothing since there are no stages
+    }
+
+    public void execute(SessionData data, Element command) {
+        DataForm form = new DataForm(DataForm.Type.result);
+
+        FormField field = form.addField();
+        field.setType(FormField.Type.hidden);
+        field.setVariable("FORM_TYPE");
+        field.addValue("http://jabber.org/protocol/admin");
+
+        field = form.addField();
+        field.setLabel(getLabel());
+        field.setVariable("nonce");
+        field.addValue(ClearspaceManager.getInstance().generateNonce());
+
+        command.add(form.getElement());
+    }
+
+    protected List<Action> getActions(SessionData data) {
+        //Do nothing since there are no stages
+        return null;
+    }
+
+    public String getCode() {
+        return "http://jabber.org/protocol/clearspace#generate-nonce";
+    }
+
+    public String getDefaultLabel() {
+        // TODO Use i18n
+        return "New nonce";
+    }
+
+    protected Action getExecuteAction(SessionData data) {
+        //Do nothing since there are no stages
+        return null;
+    }
+
+    public int getMaxStages(SessionData data) {
+        return 0;
+    }
+
+    public boolean hasPermission(JID requester) {
+        return (super.hasPermission(requester) || InternalComponentManager.getInstance().hasComponent(requester));
+    }
+    
+}
\ No newline at end of file

src/java/org/jivesoftware/openfire/container/GetAdminConsoleInfoTask.java

@@ -61,9 +61,10 @@ public class GetAdminConsoleInfoTask implements ClusterTask {
                 return;
             }
             for (NetworkInterface netInterface : Collections.list(nets)) {
+                boolean found = false;
                 Enumeration<InetAddress> addresses = netInterface.getInetAddresses();
                 for (InetAddress address : Collections.list(addresses)) {
-                    if ("127.0.0.1".equals(address.getHostAddress())) {
+                    if ("127.0.0.1".equals(address.getHostAddress()) || "0:0:0:0:0:0:0:1".equals(address.getHostAddress())) {
                         continue;
                     }
                     Socket socket = new Socket();
@@ -71,11 +72,15 @@ public class GetAdminConsoleInfoTask implements ClusterTask {
                     try {
                         socket.connect(remoteAddress);
                         bindInterface = address.getHostAddress();
+                        found = true;
                         break;
                     } catch (IOException e) {
                         // Ignore this address. Let's hope there is more addresses to validate
                     }
                 }
+                if (found) {
+                    break;
+                }
             }
         }
     }

src/java/org/jivesoftware/util/cache/CacheFactory.java

@@ -177,6 +177,7 @@ public class CacheFactory {
         cacheProps.put("cache.entityCapabilitiesPendingHashes.maxLifetime", JiveConstants.DAY * 2);
         cacheProps.put("cache.pluginCacheInfo.size", -1l);
         cacheProps.put("cache.pluginCacheInfo.maxLifetime", -1l);
+        cacheProps.put("cache.clearspace.nonce", JiveConstants.MINUTE * 2);
     }
 
     private CacheFactory() {

src/web/clearspace-admin.jsp

+<%--
+  - Copyright (C) 2005-2007 Jive Software. All rights reserved.
+  -
+  - This software is published under the terms of the GNU Public License (GPL),
+  - a copy of which is included in this distribution.
+--%>
+
+<%@ page import="org.jivesoftware.openfire.clearspace.ClearspaceManager,
+                 org.jivesoftware.util.StringUtils"
+    errorPage="error.jsp"
+%>
+
+<%@ taglib uri="http://java.sun.com/jstl/core_rt" prefix="c" %>
+<%@ taglib uri="http://java.sun.com/jstl/fmt_rt" prefix="fmt" %>
+
+<jsp:useBean id="webManager" class="org.jivesoftware.util.WebManager"  />
+<% webManager.init(request, response, session, application, out ); %>
+
+<%
+
+    boolean connected = ClearspaceManager.getInstance().testConnection();
+
+    String username = webManager.getUser().getUsername();
+    String secret = ClearspaceManager.getInstance().getSharedSecret();
+    String uri = ClearspaceManager.getInstance().getConnectionURI();
+    String nonce = ClearspaceManager.getInstance().getNonce();
+
+    if (connected && username != null && secret != null && uri != null) {
+        // Redirect to the admin console of Clearspace.
+        response.sendRedirect(uri + "admin/login.jsp?login=true&username=" + username + "&secret=" +
+                StringUtils.hash(username + ":" + secret + ":" + nonce) + "&nonce=" + nonce);
+        return;
+    }
+
+%>
+
+<html>
+<head>
+<title><fmt:message key="clearspace.admin.title"/></title>
+<meta name="pageID" content="clearspace-admin"/>
+
+<script src="dwr/engine.js" type="text/javascript"></script>
+<script src="dwr/util.js" type="text/javascript"></script>
+</head>
+
+<style type="text/css">
+
+.light-gray-border {
+    border-color: #ccc;
+    border-style: solid;
+    border-width: 1px 1px 1px 1px;
+    padding: 5px;
+	-moz-border-radius: 3px;
+}
+
+.table-header {
+    text-align: left;
+    font-family: verdana, arial, helvetica, sans-serif;
+    font-size: 8pt;
+    font-weight: bold;
+    border-color: #ccc;
+    border-style: solid;
+    border-width: 1px 0 1px 0;
+    padding: 5px;
+}
+
+.table-header-align-right {
+    text-align: right;
+    font-family: verdana, arial, helvetica, sans-serif;
+    font-size: 8pt;
+    font-weight: bold;
+    border-color: #ccc;
+    border-style: solid;
+    border-width: 1px 0 1px 0;
+    padding: 5px;
+}
+
+.row-header {
+    text-align: left;
+    font-family: verdana, arial, helvetica, sans-serif;
+    font-size: 8pt;
+    font-weight: bold;
+    border-color: #ccc;
+    border-style: solid;
+    border-width: 1px 1px 1px 0;
+    padding: 5px;
+}
+
+.table-header-left {
+    text-align: left;
+    font-family: verdana, arial, helvetica, sans-serif;
+    font-size: 8pt;
+    font-weight: bold;
+    border-color: #ccc;
+    border-style: solid;
+    border-width: 1px 0 1px 1px;
+    padding: 5px;
+
+}
+
+.table-header-right {
+    text-align: left;
+    font-family: verdana, arial, helvetica, sans-serif;
+    font-size: 8pt;
+    font-weight: bold;
+    border-color: #ccc;
+    border-style: solid;
+    border-width: 1px 1px 1px 0;
+    padding: 5px;
+}
+
+.line-bottom-border {
+    font-family: verdana, arial, helvetica, sans-serif;
+    font-size: 9pt;
+    border-color: #e3e3e3;
+    border-style: solid;
+    border-width: 0 0 1px 0;
+    padding: 5px;
+}
+</style>
+<body>
+
+    <h3><fmt:message key="clearspace.admin.notconnected.title"/></h3>
+    <p><fmt:message key="clearspace.admin.notconnected.description"/></p>
+
+</body>
+</html>
\ No newline at end of file

src/web/clearspace-info.jsp

+<%--
+  - Copyright (C) 2005-2007 Jive Software. All rights reserved.
+  -
+  - This software is published under the terms of the GNU Public License (GPL),
+  - a copy of which is included in this distribution.
+--%>
+
+<%@ page import="org.jivesoftware.openfire.clearspace.ClearspaceManager"
+    errorPage="error.jsp"
+%>
+
+<%@ taglib uri="http://java.sun.com/jstl/core_rt" prefix="c" %>
+<%@ taglib uri="http://java.sun.com/jstl/fmt_rt" prefix="fmt" %>
+
+<jsp:useBean id="webManager" class="org.jivesoftware.util.WebManager"  />
+<% webManager.init(request, response, session, application, out ); %>
+
+<%
+
+    boolean connected = ClearspaceManager.getInstance().testConnection();
+%>
+
+<html>
+<head>
+<title><fmt:message key="clearspace.info.title"/></title>
+<meta name="pageID" content="clearspace-info"/>
+
+<script src="dwr/engine.js" type="text/javascript"></script>
+<script src="dwr/util.js" type="text/javascript"></script>
+</head>
+
+<style type="text/css">
+
+.light-gray-border {
+    border-color: #ccc;
+    border-style: solid;
+    border-width: 1px 1px 1px 1px;
+    padding: 5px;
+	-moz-border-radius: 3px;
+}
+
+.table-header {
+    text-align: left;
+    font-family: verdana, arial, helvetica, sans-serif;
+    font-size: 8pt;
+    font-weight: bold;
+    border-color: #ccc;
+    border-style: solid;
+    border-width: 1px 0 1px 0;
+    padding: 5px;
+}
+
+.table-header-align-right {
+    text-align: right;
+    font-family: verdana, arial, helvetica, sans-serif;
+    font-size: 8pt;
+    font-weight: bold;
+    border-color: #ccc;
+    border-style: solid;
+    border-width: 1px 0 1px 0;
+    padding: 5px;
+}
+
+.row-header {
+    text-align: left;
+    font-family: verdana, arial, helvetica, sans-serif;
+    font-size: 8pt;
+    font-weight: bold;
+    border-color: #ccc;
+    border-style: solid;
+    border-width: 1px 1px 1px 0;
+    padding: 5px;
+}
+
+.table-header-left {
+    text-align: left;
+    font-family: verdana, arial, helvetica, sans-serif;
+    font-size: 8pt;
+    font-weight: bold;
+    border-color: #ccc;
+    border-style: solid;
+    border-width: 1px 0 1px 1px;
+    padding: 5px;
+
+}
+
+.table-header-right {
+    text-align: left;
+    font-family: verdana, arial, helvetica, sans-serif;
+    font-size: 8pt;
+    font-weight: bold;
+    border-color: #ccc;
+    border-style: solid;
+    border-width: 1px 1px 1px 0;
+    padding: 5px;
+}
+
+.line-bottom-border {
+    font-family: verdana, arial, helvetica, sans-serif;
+    font-size: 9pt;
+    border-color: #e3e3e3;
+    border-style: solid;
+    border-width: 0 0 1px 0;
+    padding: 5px;
+}
+</style>
+<body>
+
+    <h3><fmt:message key="clearspace.info.status.title"/></h3>
+    <% if (connected) {%>
+    <p><fmt:message key="clearspace.info.status.connected"/></p>
+    <% } else { %>
+    <p><fmt:message key="clearspace.info.status.disconnected"/></p>
+    <% } %>
+
+</body>
+</html>
\ No newline at end of file

src/web/login.jsp

@@ -4,17 +4,21 @@
   -	$Date$
 --%>
 
-<%@ page import="org.jivesoftware.openfire.auth.AuthToken,
+<%@ page import="org.jivesoftware.admin.AdminConsole,
+                 org.jivesoftware.openfire.admin.AdminManager,
                  org.jivesoftware.openfire.auth.AuthFactory,
-                 org.jivesoftware.openfire.auth.UnauthorizedException,
-                 org.jivesoftware.admin.AdminConsole"
+                 org.jivesoftware.openfire.auth.AuthToken"
     errorPage="error.jsp"
 %>
-<%@ page import="org.jivesoftware.util.*"%>
-<%@ page import="org.xmpp.packet.JID"%>
-<%@ page import="org.jivesoftware.openfire.container.AdminConsolePlugin" %>
+<%@ page import="org.jivesoftware.openfire.auth.UnauthorizedException"%>
+<%@ page import="org.jivesoftware.openfire.clearspace.ClearspaceManager"%>
 <%@ page import="org.jivesoftware.openfire.cluster.ClusterManager" %>
-<%@ page import="org.jivesoftware.openfire.admin.AdminManager" %>
+<%@ page import="org.jivesoftware.openfire.container.AdminConsolePlugin" %>
+<%@ page import="org.jivesoftware.util.Base64" %>
+<%@ page import="org.jivesoftware.util.Log" %>
+<%@ page import="org.jivesoftware.util.ParamUtils" %>
+<%@ page import="org.jivesoftware.util.StringUtils" %>
+<%@ page import="org.xmpp.packet.JID" %>
 
 <%@ taglib uri="http://java.sun.com/jstl/core_rt" prefix="c" %>
 <%@ taglib uri="http://java.sun.com/jstl/fmt_rt" prefix="fmt" %>
@@ -57,6 +61,7 @@
     // SSO between cluster nodes
     String secret = ParamUtils.getParameter(request, "secret");
     String nodeID = ParamUtils.getParameter(request, "nodeID");
+    String nonce = ParamUtils.getParameter(request, "nonce");
 
     // The user auth token:
     AuthToken authToken;
@@ -74,6 +79,15 @@
                 if (StringUtils.hash(AdminConsolePlugin.secret).equals(secret) && ClusterManager.isClusterMember(Base64.decode(nodeID, Base64.URL_SAFE))) {
                     authToken = new AuthToken(username);
                 }
+                else if ("clearspace".equals(nodeID) && ClearspaceManager.getInstance().isEnabled()) {
+                    ClearspaceManager csmanager = ClearspaceManager.getInstance();
+                    String sharedSecret = csmanager.getSharedSecret();
+                    if (nonce == null || sharedSecret == null || !csmanager.isValidNonce(nonce) ||
+                            !StringUtils.hash(username + ":" + sharedSecret + ":" + nonce).equals(secret)) {
+                        throw new UnauthorizedException("SSO failed. Invalid secret was provided");
+                    }
+                    authToken = new AuthToken(username);
+                }
                 else {
                     throw new UnauthorizedException("SSO failed. Invalid secret or node ID was provided");
                 }