You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@roller.apache.org by sn...@apache.org on 2007/02/06 18:03:47 UTC

svn commit: r504198 - in /incubator/roller/trunk: src/org/apache/roller/ui/core/struts/actions/UserNewAction.java web/WEB-INF/security.xml

Author: snoopdave
Date: Tue Feb  6 09:03:46 2007
New Revision: 504198

URL: http://svn.apache.org/viewvc?view=rev&rev=504198
Log:
LDAP/SSO setup comments and session invalidation change required to make them work

Modified:
    incubator/roller/trunk/src/org/apache/roller/ui/core/struts/actions/UserNewAction.java
    incubator/roller/trunk/web/WEB-INF/security.xml

Modified: incubator/roller/trunk/src/org/apache/roller/ui/core/struts/actions/UserNewAction.java
URL: http://svn.apache.org/viewvc/incubator/roller/trunk/src/org/apache/roller/ui/core/struts/actions/UserNewAction.java?view=diff&rev=504198&r1=504197&r2=504198
==============================================================================
--- incubator/roller/trunk/src/org/apache/roller/ui/core/struts/actions/UserNewAction.java (original)
+++ incubator/roller/trunk/src/org/apache/roller/ui/core/struts/actions/UserNewAction.java Tue Feb  6 09:03:46 2007
@@ -184,8 +184,14 @@
                 // User registered, so go to welcome page
                 request.setAttribute("contextURL",
                         RollerRuntimeConfig.getAbsoluteContextURL());
+                
+                // Invalidate session, otherwise new user who was originally authenticated 
+                // via LDAP/SSO will remain logged in with a but without a valid Roller role.
+                request.getSession().invalidate();
+                
                 return mapping.findForward("welcome.page");
             }
+                       
         } catch (RollerException e) {
             errors.add(ActionErrors.GLOBAL_ERROR, new ActionError(e.getMessage()));
             saveErrors(request,errors);

Modified: incubator/roller/trunk/web/WEB-INF/security.xml
URL: http://svn.apache.org/viewvc/incubator/roller/trunk/web/WEB-INF/security.xml?view=diff&rev=504198&r1=504197&r2=504198
==============================================================================
--- incubator/roller/trunk/web/WEB-INF/security.xml (original)
+++ incubator/roller/trunk/web/WEB-INF/security.xml Tue Feb  6 09:03:46 2007
@@ -51,14 +51,17 @@
                 /roller-ui/admin/**=admin
                 /rewrite-status*=admin
             </value>
+                <!-- Add this to above list for LDAP/SSO configuration -->
+                <!-- /roller-ui/user.do*=register -->
         </property>
     </bean>
 
     <bean id="authenticationManager" class="org.acegisecurity.providers.ProviderManager">
         <property name="providers">
             <list>
-                <ref local="daoAuthenticationProvider"/>
-                <ref local="anonymousAuthenticationProvider"/>
+                <ref local="daoAuthenticationProvider"/> 
+                <!-- Uncomment this for LDAP/SSO configuration <ref local="ldapAuthProvider"/> -->
+                <ref local="anonymousAuthenticationProvider"/>                
                 <!-- rememberMeAuthenticationProvider added programmatically -->
             </list>
         </property>
@@ -66,60 +69,65 @@
   
     <!-- Log failed authentication attempts to commons-logging -->
     <bean id="loggerListener" class="org.acegisecurity.event.authentication.LoggerListener"/> 
-    
-    <!-- Sample LDAP/RollerDB hybrid security configuration -->
-    <!--
-    
-	<bean id="initialDirContextFactory" class="org.acegisecurity.ldap.DefaultInitialDirContextFactory">
-      <constructor-arg value="ldap://server:389/basedn"/>
-    </bean>
-   
-    <bean id="ldapUserSearch" class="org.acegisecurity.ldap.search.FilterBasedLdapUserSearch">
-      <constructor-arg index="0">
-        <value></value>
-      </constructor-arg>
-      <constructor-arg index="1">
-        <value>mail={0}</value>
-      </constructor-arg>
-      <constructor-arg index="2">
-        <ref local="initialDirContextFactory" />
-      </constructor-arg>            
-      <property name="searchSubtree">
-        <value>true</value>
-      </property>            
-    </bean>     
-    
-    <bean id="ldapAuthProvider" 
-            class="org.acegisecurity.providers.ldap.LdapAuthenticationProvider">
-      <constructor-arg>
-        <bean class="org.acegisecurity.providers.ldap.authenticator.BindAuthenticator">
-           <constructor-arg><ref local="initialDirContextFactory"/></constructor-arg>
-		   <property name="userSearch"><ref bean="ldapUserSearch"/></property>
-        </bean>
-      </constructor-arg>
-      <constructor-arg><ref local="jdbcAuthoritiesPopulator"/></constructor-arg>
-      <property name="userCache" ref="userCache"/>
-    </bean>    
-    
-    <bean id="jdbcAuthoritiesPopulator" class="org.apache.roller.ui.core.security.AuthoritiesPopulator">
-        <property name="dataSource">
-            <bean class="org.springframework.jndi.JndiObjectFactoryBean">
-                <property name="jndiName" value="java:comp/env/jdbc/rollerdb"/>
-            </bean>
-        </property>
-        <property name="authoritiesByUsernameQuery">
-            <value>SELECT username,rolename FROM userrole WHERE username = ?</value>
-        </property>
-	   <property name="defaultRole"><value>register</value></property>        
-    </bean>
-    -->
-     
     
+    <!-- BEGIN: Sample LDAP/RollerDB hybrid security configuration
+    
+	<bean id="initialDirContextFactory" class="org.acegisecurity.ldap.DefaultInitialDirContextFactory">
+      <constructor-arg value="LDAP_URL"/>
+      <property name="managerDn">
+        <value>cn=LDAP_USERNAME</value>
+      </property>
+      <property name="managerPassword">
+        <value>LDAP_PASSWORD</value>
+      </property>
+    </bean>
+   
+    <bean id="ldapUserSearch" class="org.acegisecurity.ldap.search.FilterBasedLdapUserSearch">
+      <constructor-arg index="0">
+        <value></value>
+      </constructor-arg>
+      <constructor-arg index="1">
+        <value>uid={0}</value>
+      </constructor-arg>
+      <constructor-arg index="2">
+        <ref local="initialDirContextFactory" />
+      </constructor-arg>            
+      <property name="searchSubtree">
+        <value>true</value>
+      </property>            
+    </bean>     
+    
+    <bean id="ldapAuthProvider" 
+            class="org.acegisecurity.providers.ldap.LdapAuthenticationProvider">
+      <constructor-arg>
+        <bean class="org.acegisecurity.providers.ldap.authenticator.BindAuthenticator">
+           <constructor-arg><ref local="initialDirContextFactory"/></constructor-arg>
+		   <property name="userSearch"><ref bean="ldapUserSearch"/></property>
+        </bean>
+      </constructor-arg>
+      <constructor-arg><ref local="jdbcAuthoritiesPopulator"/></constructor-arg>
+      <property name="userCache" ref="userCache"/>
+    </bean>    
+    
+    <bean id="jdbcAuthoritiesPopulator" class="org.apache.roller.ui.core.security.AuthoritiesPopulator">
+        <property name="dataSource">
+            <bean class="org.springframework.jndi.JndiObjectFactoryBean">
+                <property name="jndiName" value="java:comp/env/jdbc/rollerdb"/>
+            </bean>
+        </property>
+        <property name="authoritiesByUsernameQuery">
+            <value>SELECT username,rolename FROM userrole WHERE username = ?</value>
+        </property>
+	   <property name="defaultRole"><value>register</value></property>        
+    </bean>
+    -->
+    <!-- END Sample LDAP/RollerDB hybrid security configuration -->
+         
     <bean id="daoAuthenticationProvider" class="org.acegisecurity.providers.dao.DaoAuthenticationProvider">
          <property name="userDetailsService" ref="jdbcAuthenticationDao"/>
          <property name="userCache" ref="userCache"/>
     </bean>
-
+    
     <!-- Read users from database -->
     <bean id="jdbcAuthenticationDao" class="org.acegisecurity.userdetails.jdbc.JdbcDaoImpl">
         <property name="dataSource">