You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@roller.apache.org by sn...@apache.org on 2007/02/06 18:46:53 UTC

svn commit: r504217 - in /incubator/roller/branches/roller_3.1: CHANGES.txt src/org/apache/roller/ui/core/struts/actions/UserNewAction.java web/WEB-INF/security.xml

Author: snoopdave
Date: Tue Feb  6 09:46:52 2007
New Revision: 504217

URL: http://svn.apache.org/viewvc?view=rev&rev=504217
Log:
    * New comments in security.xml explain LDAP/SSO setup
    * Fix to invalidate session after new user registration 

Modified:
    incubator/roller/branches/roller_3.1/CHANGES.txt
    incubator/roller/branches/roller_3.1/src/org/apache/roller/ui/core/struts/actions/UserNewAction.java
    incubator/roller/branches/roller_3.1/web/WEB-INF/security.xml

Modified: incubator/roller/branches/roller_3.1/CHANGES.txt
URL: http://svn.apache.org/viewvc/incubator/roller/branches/roller_3.1/CHANGES.txt?view=diff&rev=504217&r1=504216&r2=504217
==============================================================================
--- incubator/roller/branches/roller_3.1/CHANGES.txt (original)
+++ incubator/roller/branches/roller_3.1/CHANGES.txt Tue Feb  6 09:46:52 2007
@@ -25,15 +25,17 @@
     * Allow for bulk delete of comments matching a given pattern
     * Allow for hibernate configuration via roller.properties config
     * [ROL-1281] - unnecessary session creation on weblog urls
+    * New comments in security.xml explain LDAP/SSO setup
 
 Bug Fixes
     * [ROL-829] - comment munging escaped HTML content
     * [ROL-1280] - entry management paging
-    * fix to prevent entries published to future from being viewable via permalinks
-    * fixed bug allowing user to create multiple pages with the same name
-    * fixed bug allowing user to create a 'Weblog' template without setting defaultPageId
-    * fix for in-use category deletion and duplicate named category issues
-    * fix for anchor creation when non-alpha characters are involved
+    * Fix to prevent entries published to future from being viewable via permalinks
+    * Fixed bug allowing user to create multiple pages with the same name
+    * Fixed bug allowing user to create a 'Weblog' template without setting defaultPageId
+    * Fix for in-use category deletion and duplicate named category issues
+    * Fix for anchor creation when non-alpha characters are involved
+    * Fix to invalidate session after new user registration 
 
 -------------------------------------------------------------------------------
 

Modified: incubator/roller/branches/roller_3.1/src/org/apache/roller/ui/core/struts/actions/UserNewAction.java
URL: http://svn.apache.org/viewvc/incubator/roller/branches/roller_3.1/src/org/apache/roller/ui/core/struts/actions/UserNewAction.java?view=diff&rev=504217&r1=504216&r2=504217
==============================================================================
--- incubator/roller/branches/roller_3.1/src/org/apache/roller/ui/core/struts/actions/UserNewAction.java (original)
+++ incubator/roller/branches/roller_3.1/src/org/apache/roller/ui/core/struts/actions/UserNewAction.java Tue Feb  6 09:46:52 2007
@@ -184,8 +184,14 @@
                 // User registered, so go to welcome page
                 request.setAttribute("contextURL",
                         RollerRuntimeConfig.getAbsoluteContextURL());
+                
+                // Invalidate session, otherwise new user who was originally authenticated 
+                // via LDAP/SSO will remain logged in with a but without a valid Roller role.
+                request.getSession().invalidate();
+                
                 return mapping.findForward("welcome.page");
             }
+                       
         } catch (RollerException e) {
             errors.add(ActionErrors.GLOBAL_ERROR, new ActionError(e.getMessage()));
             saveErrors(request,errors);

Modified: incubator/roller/branches/roller_3.1/web/WEB-INF/security.xml
URL: http://svn.apache.org/viewvc/incubator/roller/branches/roller_3.1/web/WEB-INF/security.xml?view=diff&rev=504217&r1=504216&r2=504217
==============================================================================
--- incubator/roller/branches/roller_3.1/web/WEB-INF/security.xml (original)
+++ incubator/roller/branches/roller_3.1/web/WEB-INF/security.xml Tue Feb  6 09:46:52 2007
@@ -51,14 +51,17 @@
                 /roller-ui/admin/**=admin
                 /rewrite-status*=admin
             </value>
+                <!-- Add this to above list for LDAP/SSO configuration -->
+                <!-- /roller-ui/user.do*=register -->
         </property>
     </bean>
 
     <bean id="authenticationManager" class="org.acegisecurity.providers.ProviderManager">
         <property name="providers">
             <list>
-                <ref local="daoAuthenticationProvider"/>
-                <ref local="anonymousAuthenticationProvider"/>
+                <ref local="daoAuthenticationProvider"/> 
+                <!-- Uncomment this for LDAP/SSO configuration <ref local="ldapAuthProvider"/> -->
+                <ref local="anonymousAuthenticationProvider"/>                
                 <!-- rememberMeAuthenticationProvider added programmatically -->
             </list>
         </property>
@@ -66,60 +69,65 @@
   
     <!-- Log failed authentication attempts to commons-logging -->
     <bean id="loggerListener" class="org.acegisecurity.event.authentication.LoggerListener"/> 
-    
-    <!-- Sample LDAP/RollerDB hybrid security configuration -->
-    <!--
-    
-	<bean id="initialDirContextFactory" class="org.acegisecurity.ldap.DefaultInitialDirContextFactory">
-      <constructor-arg value="ldap://server:389/basedn"/>
-    </bean>
-   
-    <bean id="ldapUserSearch" class="org.acegisecurity.ldap.search.FilterBasedLdapUserSearch">
-      <constructor-arg index="0">
-        <value></value>
-      </constructor-arg>
-      <constructor-arg index="1">
-        <value>mail={0}</value>
-      </constructor-arg>
-      <constructor-arg index="2">
-        <ref local="initialDirContextFactory" />
-      </constructor-arg>            
-      <property name="searchSubtree">
-        <value>true</value>
-      </property>            
-    </bean>     
-    
-    <bean id="ldapAuthProvider" 
-            class="org.acegisecurity.providers.ldap.LdapAuthenticationProvider">
-      <constructor-arg>
-        <bean class="org.acegisecurity.providers.ldap.authenticator.BindAuthenticator">
-           <constructor-arg><ref local="initialDirContextFactory"/></constructor-arg>
-		   <property name="userSearch"><ref bean="ldapUserSearch"/></property>
-        </bean>
-      </constructor-arg>
-      <constructor-arg><ref local="jdbcAuthoritiesPopulator"/></constructor-arg>
-      <property name="userCache" ref="userCache"/>
-    </bean>    
-    
-    <bean id="jdbcAuthoritiesPopulator" class="org.apache.roller.ui.core.security.AuthoritiesPopulator">
-        <property name="dataSource">
-            <bean class="org.springframework.jndi.JndiObjectFactoryBean">
-                <property name="jndiName" value="java:comp/env/jdbc/rollerdb"/>
-            </bean>
-        </property>
-        <property name="authoritiesByUsernameQuery">
-            <value>SELECT username,rolename FROM userrole WHERE username = ?</value>
-        </property>
-	   <property name="defaultRole"><value>register</value></property>        
-    </bean>
-    -->
-     
     
+    <!-- BEGIN: Sample LDAP/RollerDB hybrid security configuration
+    
+	<bean id="initialDirContextFactory" class="org.acegisecurity.ldap.DefaultInitialDirContextFactory">
+      <constructor-arg value="LDAP_URL"/>
+      <property name="managerDn">
+        <value>cn=LDAP_USERNAME</value>
+      </property>
+      <property name="managerPassword">
+        <value>LDAP_PASSWORD</value>
+      </property>
+    </bean>
+   
+    <bean id="ldapUserSearch" class="org.acegisecurity.ldap.search.FilterBasedLdapUserSearch">
+      <constructor-arg index="0">
+        <value></value>
+      </constructor-arg>
+      <constructor-arg index="1">
+        <value>uid={0}</value>
+      </constructor-arg>
+      <constructor-arg index="2">
+        <ref local="initialDirContextFactory" />
+      </constructor-arg>            
+      <property name="searchSubtree">
+        <value>true</value>
+      </property>            
+    </bean>     
+    
+    <bean id="ldapAuthProvider" 
+            class="org.acegisecurity.providers.ldap.LdapAuthenticationProvider">
+      <constructor-arg>
+        <bean class="org.acegisecurity.providers.ldap.authenticator.BindAuthenticator">
+           <constructor-arg><ref local="initialDirContextFactory"/></constructor-arg>
+		   <property name="userSearch"><ref bean="ldapUserSearch"/></property>
+        </bean>
+      </constructor-arg>
+      <constructor-arg><ref local="jdbcAuthoritiesPopulator"/></constructor-arg>
+      <property name="userCache" ref="userCache"/>
+    </bean>    
+    
+    <bean id="jdbcAuthoritiesPopulator" class="org.apache.roller.ui.core.security.AuthoritiesPopulator">
+        <property name="dataSource">
+            <bean class="org.springframework.jndi.JndiObjectFactoryBean">
+                <property name="jndiName" value="java:comp/env/jdbc/rollerdb"/>
+            </bean>
+        </property>
+        <property name="authoritiesByUsernameQuery">
+            <value>SELECT username,rolename FROM userrole WHERE username = ?</value>
+        </property>
+	   <property name="defaultRole"><value>register</value></property>        
+    </bean>
+    -->
+    <!-- END Sample LDAP/RollerDB hybrid security configuration -->
+         
     <bean id="daoAuthenticationProvider" class="org.acegisecurity.providers.dao.DaoAuthenticationProvider">
          <property name="userDetailsService" ref="jdbcAuthenticationDao"/>
          <property name="userCache" ref="userCache"/>
     </bean>
-
+    
     <!-- Read users from database -->
     <bean id="jdbcAuthenticationDao" class="org.acegisecurity.userdetails.jdbc.JdbcDaoImpl">
         <property name="dataSource">