Changeset 2511


Ignore:
Timestamp:
Jun 17, 2014, 11:45:44 AM (9 years ago)
Author:
Nicklas Nordborg
Message:

Fixes #609: Add support for ignoring YubiKey? login depending on client

Location:
extensions/net.sf.basedb.yubikey/trunk
Files:
3 edited

Legend:

Unmodified
Added
Removed

  • extensions/net.sf.basedb.yubikey/trunk/src/net/sf/basedb/yubikey/YubiKey.java

    r2484 r2511  
    2424import java.io.InputStream;
    2525import java.net.URL;
     26import java.util.Arrays;
     27import java.util.HashSet;
    2628import java.util.Properties;
     29import java.util.Set;
    2730
    2831import com.yubico.client.v2.YubicoClient;
     
    5053  private static Integer clientId;
    5154  private static String clientKey;
     55  private static Set<String> noYubiKeyLogin;
    5256 
    5357  /**
     
    8690        throw new ConfigurationException("Missing configuration value: client-id or client-key");
    8791      }
     92     
     93      String noYubiKey  = config.getProperty("no-yubikey");
     94      if (noYubiKey != null)
     95      {
     96        noYubiKeyLogin = new HashSet<String>(Arrays.asList(noYubiKey.split("[\\s,]+")));
     97      }
    8898    }
    8999    return config;
     
    109119 
    110120  /**
     121    Check if YubiKey login has been disabled for the given client id.
     122    To disable a client, the id should be listed in no-yubikey setting
     123    in yubikey.properties configuration file.
     124   
     125    @param clientId
     126    @return TRUE if YubiKey is disabled, FALSE if no
     127  */
     128  public static boolean isYubiKeyDisabledForClient(String clientId)
     129  {
     130    return clientId != null && noYubiKeyLogin != null && noYubiKeyLogin.contains(clientId);
     131  }
     132 
     133  /**
    111134    Get a YubicoClient configured for verification of passwords.
    112135  */

  • extensions/net.sf.basedb.yubikey/trunk/src/net/sf/basedb/yubikey/YubiKeyAuthenticationManagerFactory.java

    r2257 r2511  
    2626
    2727  /**
    28     @return Always true (if properly configured)
     28    Checks if YubiKey has been properly configured and
     29    if the currently used client application has been disabled for
     30    use with YubiKey.
     31    @return TRUE if YubiKey is enabled, FALSE otherwise
    2932  */
    3033  @Override
    3134  public boolean prepareContext(InvokationContext<? super AuthenticationManager> context)
    3235  {
    33     return hasConfig;
     36    String clientId = context.getClientContext().getSessionControl().getExternalClientId();
     37    return hasConfig && !YubiKey.isYubiKeyDisabledForClient(clientId);
    3438  }
    3539

  • extensions/net.sf.basedb.yubikey/trunk/yubikey.properties

    r2257 r2511  
    1313client-key  =
    1414
     15## Comma- or whitespace separated list of application ids
     16## that should NOT use YubiKey for login. For example,
     17## it is recommended that YubiKey is disabled for the
     18## FTP Server extension if that is installed
     19# no-yubikey = net.sf.basedb.clients.ftp
Note: See TracChangeset for help on using the changeset viewer.