You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@isis.apache.org by ah...@apache.org on 2020/06/19 20:35:10 UTC
[isis] branch master updated: ISIS-2340: removing Secman config
option, instead reuse Shiro
This is an automated email from the ASF dual-hosted git repository.
ahuber pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/isis.git
The following commit(s) were added to refs/heads/master by this push:
new 9cf91c7 ISIS-2340: removing Secman config option, instead reuse Shiro
9cf91c7 is described below
commit 9cf91c7b4cfac49f2555da9b18a8358eebb89fad
Author: Andi Huber <ah...@apache.org>
AuthorDate: Fri Jun 19 22:34:55 2020 +0200
ISIS-2340: removing Secman config option, instead reuse Shiro
---
.../org/apache/isis/core/config/IsisConfiguration.java | 15 ++++++++++-----
.../secman/jdo/dom/user/ApplicationUserRepository.java | 6 ++++--
.../secman/shiro/IsisModuleExtSecmanShiroRealm.java | 11 ++++++-----
3 files changed, 20 insertions(+), 12 deletions(-)
diff --git a/core/config/src/main/java/org/apache/isis/core/config/IsisConfiguration.java b/core/config/src/main/java/org/apache/isis/core/config/IsisConfiguration.java
index 1d1916c..cd97e7a 100644
--- a/core/config/src/main/java/org/apache/isis/core/config/IsisConfiguration.java
+++ b/core/config/src/main/java/org/apache/isis/core/config/IsisConfiguration.java
@@ -126,6 +126,14 @@ public class IsisConfiguration {
* </p>
*/
private boolean autoLogoutIfAlreadyAuthenticated = false;
+ /**
+ * Delegated users, on first successful logon, are auto-created but disabled (by default).
+ * <p>
+ * This option allows to override this behavior, such that authenticated
+ * users are also auto-enabled.
+ *
+ */
+ private boolean autoEnableIfDelegatedAndAuthenticated = false;
}
}
@@ -2973,8 +2981,8 @@ public class IsisConfiguration {
private final Extensions extensions = new Extensions();
@Data
public static class Extensions {
+
private final Cors cors = new Cors();
- private final Secman secman = new Secman();
@Data
public static class Cors {
/**
@@ -3030,10 +3038,7 @@ public class IsisConfiguration {
*/
private List<String> exposedHeaders = listOf("Authorization");
}
- @Data
- public static class Secman {
- private Boolean enableDelegatedUsers = false;
- }
+
}
private static List<String> listOf(final String ...values) {
diff --git a/extensions/security/secman/persistence-jdo/src/main/java/org/apache/isis/extensions/secman/jdo/dom/user/ApplicationUserRepository.java b/extensions/security/secman/persistence-jdo/src/main/java/org/apache/isis/extensions/secman/jdo/dom/user/ApplicationUserRepository.java
index 42cec09..69aa854 100644
--- a/extensions/security/secman/persistence-jdo/src/main/java/org/apache/isis/extensions/secman/jdo/dom/user/ApplicationUserRepository.java
+++ b/extensions/security/secman/persistence-jdo/src/main/java/org/apache/isis/extensions/secman/jdo/dom/user/ApplicationUserRepository.java
@@ -204,8 +204,10 @@ implements org.apache.isis.extensions.secman.api.user.ApplicationUserRepository<
if(user.getAccountType().equals(AccountType.LOCAL)) {
// keep null that is set for status in accept() call above
} else {
- Boolean enableDelegatedUsers = isisConfiguration.getExtensions().getSecman().getEnableDelegatedUsers();
- user.setStatus(enableDelegatedUsers ? ApplicationUserStatus.ENABLED : ApplicationUserStatus.DISABLED);
+ val shiroConf = isisConfiguration.getSecurity().getShiro();
+ user.setStatus(shiroConf.isAutoEnableIfDelegatedAndAuthenticated()
+ ? ApplicationUserStatus.ENABLED
+ : ApplicationUserStatus.DISABLED);
}
repository.persistAndFlush(user);
return user;
diff --git a/extensions/security/secman/shiro-realm/src/main/java/org/apache/isis/extensions/secman/shiro/IsisModuleExtSecmanShiroRealm.java b/extensions/security/secman/shiro-realm/src/main/java/org/apache/isis/extensions/secman/shiro/IsisModuleExtSecmanShiroRealm.java
index de5e4b9..872bdb9 100644
--- a/extensions/security/secman/shiro-realm/src/main/java/org/apache/isis/extensions/secman/shiro/IsisModuleExtSecmanShiroRealm.java
+++ b/extensions/security/secman/shiro-realm/src/main/java/org/apache/isis/extensions/secman/shiro/IsisModuleExtSecmanShiroRealm.java
@@ -116,12 +116,13 @@ public class IsisModuleExtSecmanShiroRealm extends AuthorizingRealm implements S
_Assert.assertNotNull(newPrincipal);
- Boolean enableDelegatedUsers = isisConfiguration.getExtensions().getSecman().getEnableDelegatedUsers();
- if(!enableDelegatedUsers) {
- _Assert.assertTrue(newPrincipal.isDisabled(), "As configured in " + SECMAN_ENABLE_DELEGATED_USERS + ", Auto-created user accounts must be initially disabled!");
- throw disabledAccountException(username); // default behavior after user auto-creation
+ val shiroConf = isisConfiguration.getSecurity().getShiro();
+
+ if(shiroConf.isAutoEnableIfDelegatedAndAuthenticated()) {
+ principal = newPrincipal;
} else {
- principal = newPrincipal;
+ _Assert.assertTrue(newPrincipal.isDisabled(), "As configured in " + SECMAN_ENABLE_DELEGATED_USERS + ", Auto-created user accounts must be initially disabled!");
+ throw disabledAccountException(username); // default behavior after user auto-creation
}
}