Merge pull request DSpace#11406 from tdonohue/remove_x509

Remove X.509 certificate authentication from DSpace

Author: tdonohue

dspace-api/src/main/java/org/dspace/authenticate/AuthenticationMethod.java

@@ -54,7 +54,7 @@ public interface AuthenticationMethod {
     public static final int BAD_CREDENTIALS = 2;
 
     /**
-     * Not allowed to login this way without X.509 certificate.
+     * Not allowed to login this way without a certificate.
      */
     public static final int CERT_REQUIRED = 3;
 
@@ -124,8 +124,8 @@ public boolean allowSetPassword(Context context,
      * Predicate, is this an implicit authentication method.
      * An implicit method gets credentials from the environment (such as
      * an HTTP request or even Java system properties) rather than the
-     * explicit username and password.  For example, a method that reads
-     * the X.509 certificates in an HTTPS request is implicit.
+     * explicit username and password. For example, a method that provides
+     * IP-based authentication is implicit.
      *
      * @return true if this method uses implicit authentication.
      */
@@ -188,7 +188,7 @@ public default boolean areSpecialGroupsApplicable(Context context, HttpServletRe
      * <p>Meaning:
      * <br>SUCCESS         - authenticated OK.
      * <br>BAD_CREDENTIALS - user exists, but credentials (e.g. passwd) don't match
-     * <br>CERT_REQUIRED   - not allowed to login this way without X.509 cert.
+     * <br>CERT_REQUIRED   - not allowed to login this way without a cert.
      * <br>NO_SUCH_USER    - user not found using this method.
      * <br>BAD_ARGS        - user/pw not appropriate for this method
      * @throws SQLException if database error

dspace-api/src/main/java/org/dspace/authenticate/AuthenticationServiceImpl.java

@@ -38,11 +38,11 @@
  * <b>Configuration</b><br>
  * The stack of authentication methods is defined by one property in the DSpace configuration:
  * <pre>
- *   plugin.sequence.org.dspace.eperson.AuthenticationMethod = <em>a list of method class names</em>
+ *   plugin.sequence.org.dspace.authenticate.AuthenticationMethod = <em>a list of method class names</em>
  *     <em>e.g.</em>
- *   plugin.sequence.org.dspace.eperson.AuthenticationMethod = \
- *       org.dspace.eperson.X509Authentication, \
- *       org.dspace.eperson.PasswordAuthentication
+ *   plugin.sequence.org.dspace.authenticate.AuthenticationMethod = \
+ *       org.dspace.authenticate.IPAuthentication, \
+ *       org.dspace.authenticate.PasswordAuthentication
  * </pre>
  * <p>
  * The "stack" is always traversed in order, with the methods

dspace-api/src/main/java/org/dspace/authenticate/LDAPAuthentication.java

@@ -204,7 +204,7 @@ public List<Group> getSpecialGroups(Context context, HttpServletRequest request)
      * <p>Meaning:
      * <br>SUCCESS         - authenticated OK.
      * <br>BAD_CREDENTIALS - user exists, but credentials (e.g. passwd) don't match
-     * <br>CERT_REQUIRED   - not allowed to login this way without X.509 cert.
+     * <br>CERT_REQUIRED   - not allowed to login this way without a cert.
      * <br>NO_SUCH_USER    - user not found using this method.
      * <br>BAD_ARGS        - user/pw not appropriate for this method
      */

dspace-api/src/main/java/org/dspace/authenticate/PasswordAuthentication.java

@@ -188,7 +188,7 @@ public List<Group> getSpecialGroups(Context context, HttpServletRequest request)
      * <p>Meaning:
      * <br>SUCCESS         - authenticated OK.
      * <br>BAD_CREDENTIALS - user exists, but password doesn't match
-     * <br>CERT_REQUIRED   - not allowed to login this way without X.509 cert.
+     * <br>CERT_REQUIRED   - not allowed to login this way without a cert.
      * <br>NO_SUCH_USER    - no EPerson with matching email address.
      * <br>BAD_ARGS        - missing username, or user matched but cannot login.
      * @throws SQLException if database error
@@ -213,7 +213,7 @@ public int authenticate(Context context,
                 // cannot login this way
                 return BAD_ARGS;
             } else if (eperson.getRequireCertificate()) {
-                // this user can only login with x.509 certificate
+                // this user can only login with a certificate
                 log.warn(LogHelper.getHeader(context, "authenticate",
                                               "rejecting PasswordAuthentication because " + username + " requires " +
                                                   "certificate."));

dspace-api/src/main/java/org/dspace/authenticate/ShibAuthentication.java

@@ -160,7 +160,7 @@ public class ShibAuthentication implements AuthenticationMethod {
      * SUCCESS - authenticated OK. <br>
      * BAD_CREDENTIALS - user exists, but credentials (e.g. passwd)
      * don't match <br>
-     * CERT_REQUIRED - not allowed to login this way without X.509 cert.
+     * CERT_REQUIRED - not allowed to login this way without a cert.
      * <br>
      * NO_SUCH_USER - user not found using this method. <br>
      * BAD_ARGS - user/pw not appropriate for this method
@@ -417,8 +417,7 @@ public boolean allowSetPassword(Context context,
      * Predicate, is this an implicit authentication method. An implicit method
      * gets credentials from the environment (such as an HTTP request or even
      * Java system properties) rather than the explicit username and password.
-     * For example, a method that reads the X.509 certificates in an HTTPS
-     * request is implicit.
+     * For example, a method that provides IP-based authentication is implicit.
      *
      * @return true if this method uses implicit authentication.
      */
@@ -917,7 +916,7 @@ protected int swordCompatibility(Context context, String username, String passwo
                     " is not allowed to login.");
             return BAD_ARGS;
         } else if (eperson.getRequireCertificate()) {
-            // this user can only login with x.509 certificate
+            // this user can only login with a certificate
             log.error(
                 "Shibboleth-based password authentication failed for user " + username + " because the eperson object" +
                     " requires a certificate to authenticate..");