svn commit: r1179224 - in /incubator/rave/trunk/rave-portal-resources/src/main/webapp/WEB-INF: applicationContext-security.xml db/initial_data.sql

[ja...@apache.org]

Author: jasha
Date: Wed Oct  5 13:44:37 2011
New Revision: 1179224

URL: http://svn.apache.org/viewvc?rev=1179224&view=rev
Log:
RAVE-136 parts of the portal are now only accessible for users with the role ROLE_ADMIN

Modified:
    incubator/rave/trunk/rave-portal-resources/src/main/webapp/WEB-INF/applicationContext-security.xml
    incubator/rave/trunk/rave-portal-resources/src/main/webapp/WEB-INF/db/initial_data.sql

Modified: incubator/rave/trunk/rave-portal-resources/src/main/webapp/WEB-INF/applicationContext-security.xml
URL: http://svn.apache.org/viewvc/incubator/rave/trunk/rave-portal-resources/src/main/webapp/WEB-INF/applicationContext-security.xml?rev=1179224&r1=1179223&r2=1179224&view=diff
==============================================================================
--- incubator/rave/trunk/rave-portal-resources/src/main/webapp/WEB-INF/applicationContext-security.xml (original)
+++ incubator/rave/trunk/rave-portal-resources/src/main/webapp/WEB-INF/applicationContext-security.xml Wed Oct  5 13:44:37 2011
@@ -1,67 +1,61 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!--
-  ~ Licensed to the Apache Software Foundation (ASF) under one
-  ~ or more contributor license agreements.  See the NOTICE file
-  ~ distributed with this work for additional information
-  ~ regarding copyright ownership.  The ASF licenses this file
-  ~ to you under the Apache License, Version 2.0 (the
-  ~ "License"); you may not use this file except in
-  ~ compliance with the License.  You may obtain a copy of the License at
-  ~
-  ~    http://www.apache.org/licenses/LICENSE-2.0
-  ~
-  ~ Unless required by applicable law or agreed to in writing,
-  ~ software distributed under the License is distributed on an
-  ~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-  ~ KIND, either express or implied.  See the License for the
-  ~ specific language governing permissions and limitations
-  ~ under the License.
+  Licensed to the Apache Software Foundation (ASF) under one
+  or more contributor license agreements.  See the NOTICE file
+  distributed with this work for additional information
+  regarding copyright ownership.  The ASF licenses this file
+  to you under the Apache License, Version 2.0 (the
+  "License"); you may not use this file except in compliance
+  with the License.  You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing,
+  software distributed under the License is distributed on an
+  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+  KIND, either express or implied.  See the License for the
+  specific language governing permissions and limitations
+  under the License.
   -->
 
 <!--
 	This security file uses the default spring simple form login
 -->
 <beans xmlns="http://www.springframework.org/schema/beans"
-	xmlns:security="http://www.springframework.org/schema/security"
-	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-	xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
-			    http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd">
+       xmlns:security="http://www.springframework.org/schema/security"
+       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+       xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
+                           http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd">
+
+    <security:http auto-config="true" use-expressions="true" disable-url-rewriting="true">
+        <security:intercept-url pattern="/newaccount.jsp*" access="permitAll"/>
+        <security:intercept-url pattern="/app/newaccount*" access="permitAll"/>
+        <security:intercept-url pattern="/login.jsp*" filters="none"/>
+        <security:intercept-url pattern="/css/**" access="permitAll"/>
+        <security:intercept-url pattern="/images/**" access="permitAll"/>
+        <security:intercept-url pattern="/script/**" access="permitAll"/>
+        <security:intercept-url pattern="/app/admin/**" access="hasRole('ROLE_ADMIN')"/>
+        <!-- all urls must be authenticated -->
+        <security:intercept-url pattern="/**" access="hasAnyRole('ROLE_USER','ROLE_ADMIN')"/>
+        <security:openid-login user-service-ref="userService" authentication-failure-url="/login.jsp?authfail=openid">
+            <security:attribute-exchange>
+                <!-- Supported by MyOpenID.com -->
+                <security:openid-attribute name="firstName" type="http://schema.openid.net/namePerson/first"/>
+                <security:openid-attribute name="lastName" type="http://schema.openid.net/namePerson/last"/>
+                <security:openid-attribute name="email" type="http://schema.openid.net/contact/email" required="true"/>
+            </security:attribute-exchange>
+        </security:openid-login>
+        <security:form-login login-page="/login.jsp" authentication-failure-url="/login.jsp?authfail=form"/>
+        <security:logout/>
+        <security:remember-me/>
+    </security:http>
 
-  <security:http auto-config="true" use-expressions="true" disable-url-rewriting="true">
-	 <security:intercept-url pattern="/newaccount.jsp*" access="permitAll"/>
-	 <security:intercept-url pattern="/app/newaccount*" access="permitAll"/>
-	 <security:intercept-url pattern="/login.jsp*" filters="none" />
-	 <security:intercept-url pattern="/css/**" access="permitAll"/>
-	 <security:intercept-url pattern="/images/**" access="permitAll"/>
-	 <security:intercept-url pattern="/script/**" access="permitAll"/>
-	 <!-- all urls must be authenticated -->
-	 <security:intercept-url pattern="/**"
-									 access="isAuthenticated()"/>
-	 <security:openid-login user-service-ref="userService" authentication-failure-url="/login.jsp?authfail=openid">
-		<security:attribute-exchange>
-		  <!-- Supported by MyOpenID.com -->
-		  <security:openid-attribute name="firstName" type="http://schema.openid.net/namePerson/first"/>
-		  <security:openid-attribute name="lastName" type="http://schema.openid.net/namePerson/last"/>
-		  <security:openid-attribute name="email" type="http://schema.openid.net/contact/email" required="true"/>
-		  <!-- security:openid-attribute name="language" type="http://schema.openid.net/language/pref"/>
-				 <security:openid-attribute name="birthDate" type="http://schema.openid.net/birthDate"/>
-				 <security:openid-attribute name="namePerson" type="http://schema.openid.net/namePerson" required="true"/>
-				 <security:openid-attribute name="nickname" type="http://schema.openid.net/namePerson/friendly" required="true"/>
-				 <security:openid-attribute name="country" type="http://schema.openid.net/contact/country/home"/>
-		  -->
-		</security:attribute-exchange>
-	 </security:openid-login>
-	 <security:form-login login-page="/login.jsp" authentication-failure-url="/login.jsp?authfail=form" />
-	 <security:logout/>
-     <security:remember-me/>
-  </security:http>
-  
-  <security:authentication-manager>
-	 <security:authentication-provider
-		  user-service-ref="userService">
-		<security:password-encoder ref="passwordEncoder">
-		  <security:salt-source ref="saltSource"/>
-		</security:password-encoder>
-	 </security:authentication-provider>
-  </security:authentication-manager>
+    <security:authentication-manager>
+        <security:authentication-provider
+                user-service-ref="userService">
+            <security:password-encoder ref="passwordEncoder">
+                <security:salt-source ref="saltSource"/>
+            </security:password-encoder>
+        </security:authentication-provider>
+    </security:authentication-manager>
 </beans>

Modified: incubator/rave/trunk/rave-portal-resources/src/main/webapp/WEB-INF/db/initial_data.sql
URL: http://svn.apache.org/viewvc/incubator/rave/trunk/rave-portal-resources/src/main/webapp/WEB-INF/db/initial_data.sql?rev=1179224&r1=1179223&r2=1179224&view=diff
==============================================================================
--- incubator/rave/trunk/rave-portal-resources/src/main/webapp/WEB-INF/db/initial_data.sql (original)
+++ incubator/rave/trunk/rave-portal-resources/src/main/webapp/WEB-INF/db/initial_data.sql Wed Oct  5 13:44:37 2011
@@ -718,19 +718,42 @@ UPDATE RAVE_PORTAL_SEQUENCES SET seq_cou
 --- End openid user_id_13 layout ---
 
 -- authorities
-set @next_authority_id = (SELECT seq_count FROM RAVE_PORTAL_SEQUENCES WHERE seq_name = @granted_authority_seq);
+set @user_authority_id = (SELECT seq_count FROM RAVE_PORTAL_SEQUENCES WHERE seq_name = @granted_authority_seq);
 insert into granted_authority (entity_id, authority)
-values (@next_authority_id, 'user');
+values (@user_authority_id, 'ROLE_USER');
 UPDATE RAVE_PORTAL_SEQUENCES SET seq_count = (seq_count + 1) WHERE seq_name = @granted_authority_seq;
 
-set @next_authority_id = (SELECT seq_count FROM RAVE_PORTAL_SEQUENCES WHERE seq_name = @granted_authority_seq);
+set @admin_authority_id = (SELECT seq_count FROM RAVE_PORTAL_SEQUENCES WHERE seq_name = @granted_authority_seq);
 insert into granted_authority (entity_id, authority)
-values (@next_authority_id, 'manager');
+values (@admin_authority_id, 'ROLE_ADMIN');
 UPDATE RAVE_PORTAL_SEQUENCES SET seq_count = (seq_count + 1) WHERE seq_name = @granted_authority_seq;
 
-set @next_authority_id = (SELECT seq_count FROM RAVE_PORTAL_SEQUENCES WHERE seq_name = @granted_authority_seq);
-insert into granted_authority (entity_id, authority)
-values (@next_authority_id, 'administrator');
-UPDATE RAVE_PORTAL_SEQUENCES SET seq_count = (seq_count + 1) WHERE seq_name = @granted_authority_seq;
+-- end authorities
 
--- end authorities
\ No newline at end of file
+-- assign roles
+insert into user_authorities (user_id, authority_id)
+values (@user_id_1, @admin_authority_id);
+insert into user_authorities (user_id, authority_id)
+values (@user_id_2, @user_authority_id);
+insert into user_authorities (user_id, authority_id)
+values (@user_id_3, @user_authority_id);
+insert into user_authorities (user_id, authority_id)
+values (@user_id_4, @user_authority_id);
+insert into user_authorities (user_id, authority_id)
+values (@user_id_5, @user_authority_id);
+insert into user_authorities (user_id, authority_id)
+values (@user_id_6, @user_authority_id);
+insert into user_authorities (user_id, authority_id)
+values (@user_id_7, @user_authority_id);
+insert into user_authorities (user_id, authority_id)
+values (@user_id_8, @user_authority_id);
+insert into user_authorities (user_id, authority_id)
+values (@user_id_9, @user_authority_id);
+insert into user_authorities (user_id, authority_id)
+values (@user_id_10, @user_authority_id);
+insert into user_authorities (user_id, authority_id)
+values (@user_id_11, @user_authority_id);
+insert into user_authorities (user_id, authority_id)
+values (@user_id_12, @user_authority_id);
+insert into user_authorities (user_id, authority_id)
+values (@user_id_13, @user_authority_id);