improve authentication api for issue '#3 Add extension point for plugins to define groups and their members'

plugins/scm-pam-plugin/src/main/java/sonia/scm/pam/PAMAuthenticationHandler.java

@@ -138,7 +138,7 @@ public class PAMAuthenticationHandler implements AuthenticationHandler
             User user = new User(username);
 
             user.setAdmin(isAdmin(unixUser));
-            result = new AuthenticationResult(user);
+            result = new AuthenticationResult(user, unixUser.getGroups());
           }
         }
         catch (PAMException ex)

scm-core/src/main/java/sonia/scm/web/security/AuthenticationManager.java

@@ -37,7 +37,6 @@ package sonia.scm.web.security;
 
 import sonia.scm.Initable;
 import sonia.scm.ListenerSupport;
-import sonia.scm.user.User;
 
 //~--- JDK imports ------------------------------------------------------------
 
@@ -65,7 +64,6 @@ public interface AuthenticationManager
    *
    * @return
    */
-  public User authenticate(HttpServletRequest request,
+  public AuthenticationResult authenticate(HttpServletRequest request,
-                           HttpServletResponse response, String username,
+          HttpServletResponse response, String username, String password);
-                           String password);
 }

scm-core/src/main/java/sonia/scm/web/security/AuthenticationResult.java

@@ -37,6 +37,10 @@ package sonia.scm.web.security;
 
 import sonia.scm.user.User;
 
+//~--- JDK imports ------------------------------------------------------------
+
+import java.util.Collection;
+
 /**
  *
  * @author Sebastian Sdorra
@@ -91,6 +95,37 @@ public class AuthenticationResult
     this.state = state;
   }
 
+  /**
+   * Constructs ...
+   *
+   *
+   *
+   * @param user
+   * @param groups
+   */
+  public AuthenticationResult(User user, Collection<String> groups)
+  {
+    this.user = user;
+    this.groups = groups;
+    this.state = AuthenticationState.SUCCESS;
+  }
+
+  /**
+   * Constructs ...
+   *
+   *
+   * @param user
+   * @param groups
+   * @param state
+   */
+  public AuthenticationResult(User user, Collection<String> groups,
+                              AuthenticationState state)
+  {
+    this.user = user;
+    this.groups = groups;
+    this.state = state;
+  }
+
   //~--- methods --------------------------------------------------------------
 
   /**
@@ -118,6 +153,17 @@ public class AuthenticationResult
 
   //~--- get methods ----------------------------------------------------------
 
+  /**
+   * Method description
+   *
+   *
+   * @return
+   */
+  public Collection<String> getGroups()
+  {
+    return groups;
+  }
+
   /**
    * Method description
    *
@@ -142,6 +188,9 @@ public class AuthenticationResult
 
   //~--- fields ---------------------------------------------------------------
 
+  /** Field description */
+  private Collection<String> groups;
+
   /** Field description */
   private AuthenticationState state;
 

scm-webapp/src/main/java/sonia/scm/web/security/BasicSecurityContext.java

@@ -51,6 +51,7 @@ import sonia.scm.user.UserManager;
 
 import java.util.Collection;
 import java.util.HashSet;
+import java.util.Iterator;
 import java.util.Set;
 
 import javax.servlet.http.HttpServletRequest;
@@ -113,10 +114,13 @@ public class BasicSecurityContext implements WebSecurityContext
                            HttpServletResponse response, String username,
                            String password)
   {
-    user = authenticator.authenticate(request, response, username, password);
+    AuthenticationResult ar = authenticator.authenticate(request, response,
+                                username, password);
 
-    if (user != null)
+    if (ar != null)
     {
+      user = ar.getUser();
+
       try
       {
         user.setLastLogin(System.currentTimeMillis());
@@ -138,7 +142,19 @@ public class BasicSecurityContext implements WebSecurityContext
           userManager.create(user);
         }
 
+        Collection<String> groupCollection = ar.getGroups();
+
+        if (groupCollection != null)
+        {
+          groups.addAll(groupCollection);
+        }
+
         loadGroups();
+
+        if (logger.isDebugEnabled())
+        {
+          logGroups();
+        }
       }
       catch (Exception ex)
       {
@@ -161,7 +177,7 @@ public class BasicSecurityContext implements WebSecurityContext
   public void logout(HttpServletRequest request, HttpServletResponse response)
   {
     user = null;
-    groups = null;
+    groups = new HashSet<String>();
   }
 
   //~--- get methods ----------------------------------------------------------
@@ -220,8 +236,6 @@ public class BasicSecurityContext implements WebSecurityContext
    */
   private void loadGroups()
   {
-    groups = new HashSet<String>();
-
     Collection<Group> groupCollection =
       groupManager.getGroupsForMember(user.getName());
 
@@ -234,6 +248,31 @@ public class BasicSecurityContext implements WebSecurityContext
     }
   }
 
+  /**
+   * Method description
+   *
+   */
+  private void logGroups()
+  {
+    StringBuilder msg = new StringBuilder("user ");
+
+    msg.append(user.getName()).append(" is member of ");
+
+    Iterator<String> groupIt = groups.iterator();
+
+    while (groupIt.hasNext())
+    {
+      msg.append(groupIt.next());
+
+      if (groupIt.hasNext())
+      {
+        msg.append(", ");
+      }
+    }
+
+    logger.debug(msg.toString());
+  }
+
   //~--- fields ---------------------------------------------------------------
 
   /** Field description */

scm-webapp/src/main/java/sonia/scm/web/security/ChainAuthenticatonManager.java

@@ -97,11 +97,10 @@ public class ChainAuthenticatonManager extends AbstractAuthenticationManager
    * @return
    */
   @Override
-  public User authenticate(HttpServletRequest request,
+  public AuthenticationResult authenticate(HttpServletRequest request,
-                           HttpServletResponse response, String username,
+          HttpServletResponse response, String username, String password)
-                           String password)
   {
-    User user = null;
+    AuthenticationResult ar = null;
 
     for (AuthenticationHandler authenticator : authenticationHandlerSet)
     {
@@ -122,8 +121,10 @@ public class ChainAuthenticatonManager extends AbstractAuthenticationManager
         {
           if (result.getState().isSuccessfully() && (result.getUser() != null))
           {
-            user = result.getUser();
+            User user = result.getUser();
+
             user.setType(authenticator.getType());
+            ar = result;
 
             // notify authentication listeners
             fireAuthenticationEvent(request, response, user);
@@ -138,7 +139,7 @@ public class ChainAuthenticatonManager extends AbstractAuthenticationManager
       }
     }
 
-    return user;
+    return ar;
   }
 
   /**

scm-webapp/src/test/java/sonia/scm/web/security/ChainAuthenticationManagerTest.java

@@ -69,10 +69,10 @@ public class ChainAuthenticationManagerTest extends AbstractTestBase
   @Test
   public void testAuthenticateFailed()
   {
-    User user = manager.authenticate(request, response, trillian.getName(),
+    AuthenticationResult result = manager.authenticate(request, response, trillian.getName(),
                                      "trillian");
 
-    assertNull(user);
+    assertNull(result);
   }
 
   /**
@@ -82,9 +82,9 @@ public class ChainAuthenticationManagerTest extends AbstractTestBase
   @Test
   public void testAuthenticateNotFound()
   {
-    User user = manager.authenticate(request, response, "dent", "trillian");
+    AuthenticationResult result = manager.authenticate(request, response, "dent", "trillian");
 
-    assertNull(user);
+    assertNull(result);
   }
 
   /**
@@ -94,17 +94,17 @@ public class ChainAuthenticationManagerTest extends AbstractTestBase
   @Test
   public void testAuthenticateSuccess()
   {
-    User user = manager.authenticate(request, response, trillian.getName(),
+    AuthenticationResult result = manager.authenticate(request, response, trillian.getName(),
                                      "trillian123");
 
-    assertNotNull(user);
+    assertNotNull(result);
-    assertUserEquals(trillian, user);
+    assertUserEquals(trillian, result.getUser());
-    assertEquals("trilliansType", user.getType());
+    assertEquals("trilliansType", result.getUser().getType());
-    user = manager.authenticate(request, response, perfect.getName(),
+    result = manager.authenticate(request, response, perfect.getName(),
                                 "perfect123");
     assertNotNull(perfect);
-    assertUserEquals(perfect, user);
+    assertUserEquals(perfect, result.getUser());
-    assertEquals("perfectsType", user.getType());
+    assertEquals("perfectsType", result.getUser().getType());
   }
 
   /**