You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@roller.apache.org by sn...@apache.org on 2019/05/19 21:07:10 UTC
[roller] branch master updated: More remember-me fixes.
This is an automated email from the ASF dual-hosted git repository.
snoopdave pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/roller.git
The following commit(s) were added to refs/heads/master by this push:
new 88f02b9 More remember-me fixes.
88f02b9 is described below
commit 88f02b99f0a286e37115fd7a7a18d7d7d5d07224
Author: snoopdave@gmail.com <sn...@gmail.com>
AuthorDate: Sun May 19 16:53:40 2019 -0400
More remember-me fixes.
---
.../apache/roller/weblogger/ui/core/RollerContext.java | 7 ++-----
.../RollerRememberMeAuthenticationProvider.java | 3 +++
.../ui/core/security/RollerRememberMeServices.java | 17 ++++++++++++++---
app/src/main/webapp/WEB-INF/security.xml | 3 ++-
4 files changed, 21 insertions(+), 9 deletions(-)
diff --git a/app/src/main/java/org/apache/roller/weblogger/ui/core/RollerContext.java b/app/src/main/java/org/apache/roller/weblogger/ui/core/RollerContext.java
index b4517a5..1acc7f4 100644
--- a/app/src/main/java/org/apache/roller/weblogger/ui/core/RollerContext.java
+++ b/app/src/main/java/org/apache/roller/weblogger/ui/core/RollerContext.java
@@ -234,10 +234,6 @@ public class RollerContext extends ContextLoaderListener
ApplicationContext ctx =
WebApplicationContextUtils.getRequiredWebApplicationContext(context);
- /*String[] beanNames = ctx.getBeanDefinitionNames();
- for (String name : beanNames)
- System.out.println(name);*/
-
String rememberMe = WebloggerConfig.getProperty("rememberme.enabled");
boolean rememberMeEnabled = Boolean.valueOf(rememberMe);
@@ -246,7 +242,8 @@ public class RollerContext extends ContextLoaderListener
context.setAttribute("rememberMeEnabled", rememberMe);
if (!rememberMeEnabled) {
- ProviderManager provider = (ProviderManager) ctx.getBean("_authenticationManager");
+ ProviderManager provider =
+ (ProviderManager) ctx.getBean("org.springframework.security.authenticationManager");
for (AuthenticationProvider authProvider : provider.getProviders()) {
if (authProvider instanceof RememberMeAuthenticationProvider) {
provider.getProviders().remove(authProvider);
diff --git a/app/src/main/java/org/apache/roller/weblogger/ui/core/security/RollerRememberMeAuthenticationProvider.java b/app/src/main/java/org/apache/roller/weblogger/ui/core/security/RollerRememberMeAuthenticationProvider.java
index 82e4322..a847abc 100644
--- a/app/src/main/java/org/apache/roller/weblogger/ui/core/security/RollerRememberMeAuthenticationProvider.java
+++ b/app/src/main/java/org/apache/roller/weblogger/ui/core/security/RollerRememberMeAuthenticationProvider.java
@@ -29,6 +29,7 @@ public class RollerRememberMeAuthenticationProvider extends RememberMeAuthentica
public RollerRememberMeAuthenticationProvider() {
+ log.debug("initializing: RollerRememberMeAuthenticationProvider");
String key = WebloggerConfig.getProperty("rememberme.key", "springRocks");
@@ -38,6 +39,8 @@ public class RollerRememberMeAuthenticationProvider extends RememberMeAuthentica
"properties file. Make sure it is a secret and make sure it is NOT be springRocks");
}
setKey(key);
+
+ log.debug("initialized: RollerRememberMeAuthenticationProvider with key: " + getKey());
}
}
diff --git a/app/src/main/java/org/apache/roller/weblogger/ui/core/security/RollerRememberMeServices.java b/app/src/main/java/org/apache/roller/weblogger/ui/core/security/RollerRememberMeServices.java
index fdb920e..608d752 100644
--- a/app/src/main/java/org/apache/roller/weblogger/ui/core/security/RollerRememberMeServices.java
+++ b/app/src/main/java/org/apache/roller/weblogger/ui/core/security/RollerRememberMeServices.java
@@ -33,7 +33,20 @@ public class RollerRememberMeServices extends TokenBasedRememberMeServices {
private static final Log log = LogFactory.getLog(RollerRememberMeServices.class);
- public RollerRememberMeServices() {}
+ public RollerRememberMeServices() {
+ log.debug("initializing: RollerRememberMeServices");
+
+ String key = WebloggerConfig.getProperty("rememberme.key", "springRocks");
+
+ if ("springRocks".equals(key)) {
+ throw new RuntimeException(
+ "If remember-me is to be enabled, rememberme.key must be specified in the roller " +
+ "properties file. Make sure it is a secret and make sure it is NOT be springRocks");
+ }
+ setKey(key);
+
+ log.debug("initialized: RollerRememberMeServices with key: " + getKey());
+ }
/**
* Calculates the digital signature to be put in the cookie. Default value is
@@ -62,6 +75,4 @@ public class RollerRememberMeServices extends TokenBasedRememberMeServices {
return new String(Hex.encode(digest.digest(data.getBytes())));
}
-
-
}
diff --git a/app/src/main/webapp/WEB-INF/security.xml b/app/src/main/webapp/WEB-INF/security.xml
index 993073a..d3e8fa3 100644
--- a/app/src/main/webapp/WEB-INF/security.xml
+++ b/app/src/main/webapp/WEB-INF/security.xml
@@ -78,12 +78,13 @@
<beans:bean id="rollerRememberMeServices"
class="org.apache.roller.weblogger.ui.core.security.RollerRememberMeServices">
- <beans:property name="key" value="715F2448-3176-11DD-ABC6-9CD955D89593"/>
+ <beans:property name="key" value="ignored"/>
<beans:property name="userDetailsService" ref="rollerUserService"/>
</beans:bean>
<beans:bean id="rememberMeAuthenticationProvider"
class="org.apache.roller.weblogger.ui.core.security.RollerRememberMeAuthenticationProvider">
+ <beans:property name="key" value="ignored"/>
</beans:bean>
<beans:bean id = "openIDAuthProvider" class="org.springframework.security.openid.OpenIDAuthenticationProvider">