You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@roller.apache.org by sn...@apache.org on 2007/02/06 18:46:53 UTC
svn commit: r504217 - in /incubator/roller/branches/roller_3.1: CHANGES.txt
src/org/apache/roller/ui/core/struts/actions/UserNewAction.java
web/WEB-INF/security.xml
Author: snoopdave
Date: Tue Feb 6 09:46:52 2007
New Revision: 504217
URL: http://svn.apache.org/viewvc?view=rev&rev=504217
Log:
* New comments in security.xml explain LDAP/SSO setup
* Fix to invalidate session after new user registration
Modified:
incubator/roller/branches/roller_3.1/CHANGES.txt
incubator/roller/branches/roller_3.1/src/org/apache/roller/ui/core/struts/actions/UserNewAction.java
incubator/roller/branches/roller_3.1/web/WEB-INF/security.xml
Modified: incubator/roller/branches/roller_3.1/CHANGES.txt
URL: http://svn.apache.org/viewvc/incubator/roller/branches/roller_3.1/CHANGES.txt?view=diff&rev=504217&r1=504216&r2=504217
==============================================================================
--- incubator/roller/branches/roller_3.1/CHANGES.txt (original)
+++ incubator/roller/branches/roller_3.1/CHANGES.txt Tue Feb 6 09:46:52 2007
@@ -25,15 +25,17 @@
* Allow for bulk delete of comments matching a given pattern
* Allow for hibernate configuration via roller.properties config
* [ROL-1281] - unnecessary session creation on weblog urls
+ * New comments in security.xml explain LDAP/SSO setup
Bug Fixes
* [ROL-829] - comment munging escaped HTML content
* [ROL-1280] - entry management paging
- * fix to prevent entries published to future from being viewable via permalinks
- * fixed bug allowing user to create multiple pages with the same name
- * fixed bug allowing user to create a 'Weblog' template without setting defaultPageId
- * fix for in-use category deletion and duplicate named category issues
- * fix for anchor creation when non-alpha characters are involved
+ * Fix to prevent entries published to future from being viewable via permalinks
+ * Fixed bug allowing user to create multiple pages with the same name
+ * Fixed bug allowing user to create a 'Weblog' template without setting defaultPageId
+ * Fix for in-use category deletion and duplicate named category issues
+ * Fix for anchor creation when non-alpha characters are involved
+ * Fix to invalidate session after new user registration
-------------------------------------------------------------------------------
Modified: incubator/roller/branches/roller_3.1/src/org/apache/roller/ui/core/struts/actions/UserNewAction.java
URL: http://svn.apache.org/viewvc/incubator/roller/branches/roller_3.1/src/org/apache/roller/ui/core/struts/actions/UserNewAction.java?view=diff&rev=504217&r1=504216&r2=504217
==============================================================================
--- incubator/roller/branches/roller_3.1/src/org/apache/roller/ui/core/struts/actions/UserNewAction.java (original)
+++ incubator/roller/branches/roller_3.1/src/org/apache/roller/ui/core/struts/actions/UserNewAction.java Tue Feb 6 09:46:52 2007
@@ -184,8 +184,14 @@
// User registered, so go to welcome page
request.setAttribute("contextURL",
RollerRuntimeConfig.getAbsoluteContextURL());
+
+ // Invalidate session, otherwise new user who was originally authenticated
+ // via LDAP/SSO will remain logged in with a but without a valid Roller role.
+ request.getSession().invalidate();
+
return mapping.findForward("welcome.page");
}
+
} catch (RollerException e) {
errors.add(ActionErrors.GLOBAL_ERROR, new ActionError(e.getMessage()));
saveErrors(request,errors);
Modified: incubator/roller/branches/roller_3.1/web/WEB-INF/security.xml
URL: http://svn.apache.org/viewvc/incubator/roller/branches/roller_3.1/web/WEB-INF/security.xml?view=diff&rev=504217&r1=504216&r2=504217
==============================================================================
--- incubator/roller/branches/roller_3.1/web/WEB-INF/security.xml (original)
+++ incubator/roller/branches/roller_3.1/web/WEB-INF/security.xml Tue Feb 6 09:46:52 2007
@@ -51,14 +51,17 @@
/roller-ui/admin/**=admin
/rewrite-status*=admin
</value>
+ <!-- Add this to above list for LDAP/SSO configuration -->
+ <!-- /roller-ui/user.do*=register -->
</property>
</bean>
<bean id="authenticationManager" class="org.acegisecurity.providers.ProviderManager">
<property name="providers">
<list>
- <ref local="daoAuthenticationProvider"/>
- <ref local="anonymousAuthenticationProvider"/>
+ <ref local="daoAuthenticationProvider"/>
+ <!-- Uncomment this for LDAP/SSO configuration <ref local="ldapAuthProvider"/> -->
+ <ref local="anonymousAuthenticationProvider"/>
<!-- rememberMeAuthenticationProvider added programmatically -->
</list>
</property>
@@ -66,60 +69,65 @@
<!-- Log failed authentication attempts to commons-logging -->
<bean id="loggerListener" class="org.acegisecurity.event.authentication.LoggerListener"/>
-
- <!-- Sample LDAP/RollerDB hybrid security configuration -->
- <!--
-
- <bean id="initialDirContextFactory" class="org.acegisecurity.ldap.DefaultInitialDirContextFactory">
- <constructor-arg value="ldap://server:389/basedn"/>
- </bean>
-
- <bean id="ldapUserSearch" class="org.acegisecurity.ldap.search.FilterBasedLdapUserSearch">
- <constructor-arg index="0">
- <value></value>
- </constructor-arg>
- <constructor-arg index="1">
- <value>mail={0}</value>
- </constructor-arg>
- <constructor-arg index="2">
- <ref local="initialDirContextFactory" />
- </constructor-arg>
- <property name="searchSubtree">
- <value>true</value>
- </property>
- </bean>
-
- <bean id="ldapAuthProvider"
- class="org.acegisecurity.providers.ldap.LdapAuthenticationProvider">
- <constructor-arg>
- <bean class="org.acegisecurity.providers.ldap.authenticator.BindAuthenticator">
- <constructor-arg><ref local="initialDirContextFactory"/></constructor-arg>
- <property name="userSearch"><ref bean="ldapUserSearch"/></property>
- </bean>
- </constructor-arg>
- <constructor-arg><ref local="jdbcAuthoritiesPopulator"/></constructor-arg>
- <property name="userCache" ref="userCache"/>
- </bean>
-
- <bean id="jdbcAuthoritiesPopulator" class="org.apache.roller.ui.core.security.AuthoritiesPopulator">
- <property name="dataSource">
- <bean class="org.springframework.jndi.JndiObjectFactoryBean">
- <property name="jndiName" value="java:comp/env/jdbc/rollerdb"/>
- </bean>
- </property>
- <property name="authoritiesByUsernameQuery">
- <value>SELECT username,rolename FROM userrole WHERE username = ?</value>
- </property>
- <property name="defaultRole"><value>register</value></property>
- </bean>
- -->
-
+ <!-- BEGIN: Sample LDAP/RollerDB hybrid security configuration
+
+ <bean id="initialDirContextFactory" class="org.acegisecurity.ldap.DefaultInitialDirContextFactory">
+ <constructor-arg value="LDAP_URL"/>
+ <property name="managerDn">
+ <value>cn=LDAP_USERNAME</value>
+ </property>
+ <property name="managerPassword">
+ <value>LDAP_PASSWORD</value>
+ </property>
+ </bean>
+
+ <bean id="ldapUserSearch" class="org.acegisecurity.ldap.search.FilterBasedLdapUserSearch">
+ <constructor-arg index="0">
+ <value></value>
+ </constructor-arg>
+ <constructor-arg index="1">
+ <value>uid={0}</value>
+ </constructor-arg>
+ <constructor-arg index="2">
+ <ref local="initialDirContextFactory" />
+ </constructor-arg>
+ <property name="searchSubtree">
+ <value>true</value>
+ </property>
+ </bean>
+
+ <bean id="ldapAuthProvider"
+ class="org.acegisecurity.providers.ldap.LdapAuthenticationProvider">
+ <constructor-arg>
+ <bean class="org.acegisecurity.providers.ldap.authenticator.BindAuthenticator">
+ <constructor-arg><ref local="initialDirContextFactory"/></constructor-arg>
+ <property name="userSearch"><ref bean="ldapUserSearch"/></property>
+ </bean>
+ </constructor-arg>
+ <constructor-arg><ref local="jdbcAuthoritiesPopulator"/></constructor-arg>
+ <property name="userCache" ref="userCache"/>
+ </bean>
+
+ <bean id="jdbcAuthoritiesPopulator" class="org.apache.roller.ui.core.security.AuthoritiesPopulator">
+ <property name="dataSource">
+ <bean class="org.springframework.jndi.JndiObjectFactoryBean">
+ <property name="jndiName" value="java:comp/env/jdbc/rollerdb"/>
+ </bean>
+ </property>
+ <property name="authoritiesByUsernameQuery">
+ <value>SELECT username,rolename FROM userrole WHERE username = ?</value>
+ </property>
+ <property name="defaultRole"><value>register</value></property>
+ </bean>
+ -->
+ <!-- END Sample LDAP/RollerDB hybrid security configuration -->
+
<bean id="daoAuthenticationProvider" class="org.acegisecurity.providers.dao.DaoAuthenticationProvider">
<property name="userDetailsService" ref="jdbcAuthenticationDao"/>
<property name="userCache" ref="userCache"/>
</bean>
-
+
<!-- Read users from database -->
<bean id="jdbcAuthenticationDao" class="org.acegisecurity.userdetails.jdbc.JdbcDaoImpl">
<property name="dataSource">