You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@rave.apache.org by ja...@apache.org on 2011/10/05 15:44:38 UTC
svn commit: r1179224 - in
/incubator/rave/trunk/rave-portal-resources/src/main/webapp/WEB-INF:
applicationContext-security.xml db/initial_data.sql
Author: jasha
Date: Wed Oct 5 13:44:37 2011
New Revision: 1179224
URL: http://svn.apache.org/viewvc?rev=1179224&view=rev
Log:
RAVE-136 parts of the portal are now only accessible for users with the role ROLE_ADMIN
Modified:
incubator/rave/trunk/rave-portal-resources/src/main/webapp/WEB-INF/applicationContext-security.xml
incubator/rave/trunk/rave-portal-resources/src/main/webapp/WEB-INF/db/initial_data.sql
Modified: incubator/rave/trunk/rave-portal-resources/src/main/webapp/WEB-INF/applicationContext-security.xml
URL: http://svn.apache.org/viewvc/incubator/rave/trunk/rave-portal-resources/src/main/webapp/WEB-INF/applicationContext-security.xml?rev=1179224&r1=1179223&r2=1179224&view=diff
==============================================================================
--- incubator/rave/trunk/rave-portal-resources/src/main/webapp/WEB-INF/applicationContext-security.xml (original)
+++ incubator/rave/trunk/rave-portal-resources/src/main/webapp/WEB-INF/applicationContext-security.xml Wed Oct 5 13:44:37 2011
@@ -1,67 +1,61 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
- ~ Licensed to the Apache Software Foundation (ASF) under one
- ~ or more contributor license agreements. See the NOTICE file
- ~ distributed with this work for additional information
- ~ regarding copyright ownership. The ASF licenses this file
- ~ to you under the Apache License, Version 2.0 (the
- ~ "License"); you may not use this file except in
- ~ compliance with the License. You may obtain a copy of the License at
- ~
- ~ http://www.apache.org/licenses/LICENSE-2.0
- ~
- ~ Unless required by applicable law or agreed to in writing,
- ~ software distributed under the License is distributed on an
- ~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- ~ KIND, either express or implied. See the License for the
- ~ specific language governing permissions and limitations
- ~ under the License.
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
-->
<!--
This security file uses the default spring simple form login
-->
<beans xmlns="http://www.springframework.org/schema/beans"
- xmlns:security="http://www.springframework.org/schema/security"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
- http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd">
+ xmlns:security="http://www.springframework.org/schema/security"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
+ http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd">
+
+ <security:http auto-config="true" use-expressions="true" disable-url-rewriting="true">
+ <security:intercept-url pattern="/newaccount.jsp*" access="permitAll"/>
+ <security:intercept-url pattern="/app/newaccount*" access="permitAll"/>
+ <security:intercept-url pattern="/login.jsp*" filters="none"/>
+ <security:intercept-url pattern="/css/**" access="permitAll"/>
+ <security:intercept-url pattern="/images/**" access="permitAll"/>
+ <security:intercept-url pattern="/script/**" access="permitAll"/>
+ <security:intercept-url pattern="/app/admin/**" access="hasRole('ROLE_ADMIN')"/>
+ <!-- all urls must be authenticated -->
+ <security:intercept-url pattern="/**" access="hasAnyRole('ROLE_USER','ROLE_ADMIN')"/>
+ <security:openid-login user-service-ref="userService" authentication-failure-url="/login.jsp?authfail=openid">
+ <security:attribute-exchange>
+ <!-- Supported by MyOpenID.com -->
+ <security:openid-attribute name="firstName" type="http://schema.openid.net/namePerson/first"/>
+ <security:openid-attribute name="lastName" type="http://schema.openid.net/namePerson/last"/>
+ <security:openid-attribute name="email" type="http://schema.openid.net/contact/email" required="true"/>
+ </security:attribute-exchange>
+ </security:openid-login>
+ <security:form-login login-page="/login.jsp" authentication-failure-url="/login.jsp?authfail=form"/>
+ <security:logout/>
+ <security:remember-me/>
+ </security:http>
- <security:http auto-config="true" use-expressions="true" disable-url-rewriting="true">
- <security:intercept-url pattern="/newaccount.jsp*" access="permitAll"/>
- <security:intercept-url pattern="/app/newaccount*" access="permitAll"/>
- <security:intercept-url pattern="/login.jsp*" filters="none" />
- <security:intercept-url pattern="/css/**" access="permitAll"/>
- <security:intercept-url pattern="/images/**" access="permitAll"/>
- <security:intercept-url pattern="/script/**" access="permitAll"/>
- <!-- all urls must be authenticated -->
- <security:intercept-url pattern="/**"
- access="isAuthenticated()"/>
- <security:openid-login user-service-ref="userService" authentication-failure-url="/login.jsp?authfail=openid">
- <security:attribute-exchange>
- <!-- Supported by MyOpenID.com -->
- <security:openid-attribute name="firstName" type="http://schema.openid.net/namePerson/first"/>
- <security:openid-attribute name="lastName" type="http://schema.openid.net/namePerson/last"/>
- <security:openid-attribute name="email" type="http://schema.openid.net/contact/email" required="true"/>
- <!-- security:openid-attribute name="language" type="http://schema.openid.net/language/pref"/>
- <security:openid-attribute name="birthDate" type="http://schema.openid.net/birthDate"/>
- <security:openid-attribute name="namePerson" type="http://schema.openid.net/namePerson" required="true"/>
- <security:openid-attribute name="nickname" type="http://schema.openid.net/namePerson/friendly" required="true"/>
- <security:openid-attribute name="country" type="http://schema.openid.net/contact/country/home"/>
- -->
- </security:attribute-exchange>
- </security:openid-login>
- <security:form-login login-page="/login.jsp" authentication-failure-url="/login.jsp?authfail=form" />
- <security:logout/>
- <security:remember-me/>
- </security:http>
-
- <security:authentication-manager>
- <security:authentication-provider
- user-service-ref="userService">
- <security:password-encoder ref="passwordEncoder">
- <security:salt-source ref="saltSource"/>
- </security:password-encoder>
- </security:authentication-provider>
- </security:authentication-manager>
+ <security:authentication-manager>
+ <security:authentication-provider
+ user-service-ref="userService">
+ <security:password-encoder ref="passwordEncoder">
+ <security:salt-source ref="saltSource"/>
+ </security:password-encoder>
+ </security:authentication-provider>
+ </security:authentication-manager>
</beans>
Modified: incubator/rave/trunk/rave-portal-resources/src/main/webapp/WEB-INF/db/initial_data.sql
URL: http://svn.apache.org/viewvc/incubator/rave/trunk/rave-portal-resources/src/main/webapp/WEB-INF/db/initial_data.sql?rev=1179224&r1=1179223&r2=1179224&view=diff
==============================================================================
--- incubator/rave/trunk/rave-portal-resources/src/main/webapp/WEB-INF/db/initial_data.sql (original)
+++ incubator/rave/trunk/rave-portal-resources/src/main/webapp/WEB-INF/db/initial_data.sql Wed Oct 5 13:44:37 2011
@@ -718,19 +718,42 @@ UPDATE RAVE_PORTAL_SEQUENCES SET seq_cou
--- End openid user_id_13 layout ---
-- authorities
-set @next_authority_id = (SELECT seq_count FROM RAVE_PORTAL_SEQUENCES WHERE seq_name = @granted_authority_seq);
+set @user_authority_id = (SELECT seq_count FROM RAVE_PORTAL_SEQUENCES WHERE seq_name = @granted_authority_seq);
insert into granted_authority (entity_id, authority)
-values (@next_authority_id, 'user');
+values (@user_authority_id, 'ROLE_USER');
UPDATE RAVE_PORTAL_SEQUENCES SET seq_count = (seq_count + 1) WHERE seq_name = @granted_authority_seq;
-set @next_authority_id = (SELECT seq_count FROM RAVE_PORTAL_SEQUENCES WHERE seq_name = @granted_authority_seq);
+set @admin_authority_id = (SELECT seq_count FROM RAVE_PORTAL_SEQUENCES WHERE seq_name = @granted_authority_seq);
insert into granted_authority (entity_id, authority)
-values (@next_authority_id, 'manager');
+values (@admin_authority_id, 'ROLE_ADMIN');
UPDATE RAVE_PORTAL_SEQUENCES SET seq_count = (seq_count + 1) WHERE seq_name = @granted_authority_seq;
-set @next_authority_id = (SELECT seq_count FROM RAVE_PORTAL_SEQUENCES WHERE seq_name = @granted_authority_seq);
-insert into granted_authority (entity_id, authority)
-values (@next_authority_id, 'administrator');
-UPDATE RAVE_PORTAL_SEQUENCES SET seq_count = (seq_count + 1) WHERE seq_name = @granted_authority_seq;
+-- end authorities
--- end authorities
\ No newline at end of file
+-- assign roles
+insert into user_authorities (user_id, authority_id)
+values (@user_id_1, @admin_authority_id);
+insert into user_authorities (user_id, authority_id)
+values (@user_id_2, @user_authority_id);
+insert into user_authorities (user_id, authority_id)
+values (@user_id_3, @user_authority_id);
+insert into user_authorities (user_id, authority_id)
+values (@user_id_4, @user_authority_id);
+insert into user_authorities (user_id, authority_id)
+values (@user_id_5, @user_authority_id);
+insert into user_authorities (user_id, authority_id)
+values (@user_id_6, @user_authority_id);
+insert into user_authorities (user_id, authority_id)
+values (@user_id_7, @user_authority_id);
+insert into user_authorities (user_id, authority_id)
+values (@user_id_8, @user_authority_id);
+insert into user_authorities (user_id, authority_id)
+values (@user_id_9, @user_authority_id);
+insert into user_authorities (user_id, authority_id)
+values (@user_id_10, @user_authority_id);
+insert into user_authorities (user_id, authority_id)
+values (@user_id_11, @user_authority_id);
+insert into user_authorities (user_id, authority_id)
+values (@user_id_12, @user_authority_id);
+insert into user_authorities (user_id, authority_id)
+values (@user_id_13, @user_authority_id);