You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@roller.apache.org by sn...@apache.org on 2007/02/06 18:47:40 UTC
svn commit: r504218 - in /incubator/roller/branches/roller_4.0: CHANGES.txt
merges.txt src/org/apache/roller/ui/core/struts/actions/UserNewAction.java
web/WEB-INF/security.xml
Author: snoopdave
Date: Tue Feb 6 09:47:39 2007
New Revision: 504218
URL: http://svn.apache.org/viewvc?view=rev&rev=504218
Log:
* New comments in security.xml explain LDAP/SSO setup
* Fix to invalidate session after new user registration
Added:
incubator/roller/branches/roller_4.0/merges.txt
Modified:
incubator/roller/branches/roller_4.0/CHANGES.txt
incubator/roller/branches/roller_4.0/src/org/apache/roller/ui/core/struts/actions/UserNewAction.java
incubator/roller/branches/roller_4.0/web/WEB-INF/security.xml
Modified: incubator/roller/branches/roller_4.0/CHANGES.txt
URL: http://svn.apache.org/viewvc/incubator/roller/branches/roller_4.0/CHANGES.txt?view=diff&rev=504218&r1=504217&r2=504218
==============================================================================
--- incubator/roller/branches/roller_4.0/CHANGES.txt (original)
+++ incubator/roller/branches/roller_4.0/CHANGES.txt Tue Feb 6 09:47:39 2007
@@ -25,6 +25,7 @@
* Allow for bulk delete of comments matching a given pattern
* Allow for hibernate configuration via roller.properties config
* [ROL-1281] - unnecessary session creation on weblog urls
+ * New comments in security.xml explain LDAP/SSO setup
Bug Fixes
* [ROL-829] - comment munging escaped HTML content
@@ -34,6 +35,7 @@
* fixed bug allowing user to create a 'Weblog' template without setting defaultPageId
* fix for in-use category deletion and duplicate named category issues
* fix for anchor creation when non-alpha characters are involved
+ * Fix to invalidate session after new user registration
-------------------------------------------------------------------------------
Added: incubator/roller/branches/roller_4.0/merges.txt
URL: http://svn.apache.org/viewvc/incubator/roller/branches/roller_4.0/merges.txt?view=auto&rev=504218
==============================================================================
--- incubator/roller/branches/roller_4.0/merges.txt (added)
+++ incubator/roller/branches/roller_4.0/merges.txt Tue Feb 6 09:47:39 2007
@@ -0,0 +1,5 @@
+Merges from trunk into this branch:
+
+Feb. 6, 2007: merging in LDAP/SSO related changes
+svn merge -r 504197:504198 https://svn.apache.org/repos/asf/incubator/roller/trunk
+
Modified: incubator/roller/branches/roller_4.0/src/org/apache/roller/ui/core/struts/actions/UserNewAction.java
URL: http://svn.apache.org/viewvc/incubator/roller/branches/roller_4.0/src/org/apache/roller/ui/core/struts/actions/UserNewAction.java?view=diff&rev=504218&r1=504217&r2=504218
==============================================================================
--- incubator/roller/branches/roller_4.0/src/org/apache/roller/ui/core/struts/actions/UserNewAction.java (original)
+++ incubator/roller/branches/roller_4.0/src/org/apache/roller/ui/core/struts/actions/UserNewAction.java Tue Feb 6 09:47:39 2007
@@ -184,8 +184,14 @@
// User registered, so go to welcome page
request.setAttribute("contextURL",
RollerRuntimeConfig.getAbsoluteContextURL());
+
+ // Invalidate session, otherwise new user who was originally authenticated
+ // via LDAP/SSO will remain logged in with a but without a valid Roller role.
+ request.getSession().invalidate();
+
return mapping.findForward("welcome.page");
}
+
} catch (RollerException e) {
errors.add(ActionErrors.GLOBAL_ERROR, new ActionError(e.getMessage()));
saveErrors(request,errors);
Modified: incubator/roller/branches/roller_4.0/web/WEB-INF/security.xml
URL: http://svn.apache.org/viewvc/incubator/roller/branches/roller_4.0/web/WEB-INF/security.xml?view=diff&rev=504218&r1=504217&r2=504218
==============================================================================
--- incubator/roller/branches/roller_4.0/web/WEB-INF/security.xml (original)
+++ incubator/roller/branches/roller_4.0/web/WEB-INF/security.xml Tue Feb 6 09:47:39 2007
@@ -51,14 +51,17 @@
/roller-ui/admin/**=admin
/rewrite-status*=admin
</value>
+ <!-- Add this to above list for LDAP/SSO configuration -->
+ <!-- /roller-ui/user.do*=register -->
</property>
</bean>
<bean id="authenticationManager" class="org.acegisecurity.providers.ProviderManager">
<property name="providers">
<list>
- <ref local="daoAuthenticationProvider"/>
- <ref local="anonymousAuthenticationProvider"/>
+ <ref local="daoAuthenticationProvider"/>
+ <!-- Uncomment this for LDAP/SSO configuration <ref local="ldapAuthProvider"/> -->
+ <ref local="anonymousAuthenticationProvider"/>
<!-- rememberMeAuthenticationProvider added programmatically -->
</list>
</property>
@@ -66,60 +69,65 @@
<!-- Log failed authentication attempts to commons-logging -->
<bean id="loggerListener" class="org.acegisecurity.event.authentication.LoggerListener"/>
-
- <!-- Sample LDAP/RollerDB hybrid security configuration -->
- <!--
-
- <bean id="initialDirContextFactory" class="org.acegisecurity.ldap.DefaultInitialDirContextFactory">
- <constructor-arg value="ldap://server:389/basedn"/>
- </bean>
-
- <bean id="ldapUserSearch" class="org.acegisecurity.ldap.search.FilterBasedLdapUserSearch">
- <constructor-arg index="0">
- <value></value>
- </constructor-arg>
- <constructor-arg index="1">
- <value>mail={0}</value>
- </constructor-arg>
- <constructor-arg index="2">
- <ref local="initialDirContextFactory" />
- </constructor-arg>
- <property name="searchSubtree">
- <value>true</value>
- </property>
- </bean>
-
- <bean id="ldapAuthProvider"
- class="org.acegisecurity.providers.ldap.LdapAuthenticationProvider">
- <constructor-arg>
- <bean class="org.acegisecurity.providers.ldap.authenticator.BindAuthenticator">
- <constructor-arg><ref local="initialDirContextFactory"/></constructor-arg>
- <property name="userSearch"><ref bean="ldapUserSearch"/></property>
- </bean>
- </constructor-arg>
- <constructor-arg><ref local="jdbcAuthoritiesPopulator"/></constructor-arg>
- <property name="userCache" ref="userCache"/>
- </bean>
-
- <bean id="jdbcAuthoritiesPopulator" class="org.apache.roller.ui.core.security.AuthoritiesPopulator">
- <property name="dataSource">
- <bean class="org.springframework.jndi.JndiObjectFactoryBean">
- <property name="jndiName" value="java:comp/env/jdbc/rollerdb"/>
- </bean>
- </property>
- <property name="authoritiesByUsernameQuery">
- <value>SELECT username,rolename FROM userrole WHERE username = ?</value>
- </property>
- <property name="defaultRole"><value>register</value></property>
- </bean>
- -->
-
+ <!-- BEGIN: Sample LDAP/RollerDB hybrid security configuration
+
+ <bean id="initialDirContextFactory" class="org.acegisecurity.ldap.DefaultInitialDirContextFactory">
+ <constructor-arg value="LDAP_URL"/>
+ <property name="managerDn">
+ <value>cn=LDAP_USERNAME</value>
+ </property>
+ <property name="managerPassword">
+ <value>LDAP_PASSWORD</value>
+ </property>
+ </bean>
+
+ <bean id="ldapUserSearch" class="org.acegisecurity.ldap.search.FilterBasedLdapUserSearch">
+ <constructor-arg index="0">
+ <value></value>
+ </constructor-arg>
+ <constructor-arg index="1">
+ <value>uid={0}</value>
+ </constructor-arg>
+ <constructor-arg index="2">
+ <ref local="initialDirContextFactory" />
+ </constructor-arg>
+ <property name="searchSubtree">
+ <value>true</value>
+ </property>
+ </bean>
+
+ <bean id="ldapAuthProvider"
+ class="org.acegisecurity.providers.ldap.LdapAuthenticationProvider">
+ <constructor-arg>
+ <bean class="org.acegisecurity.providers.ldap.authenticator.BindAuthenticator">
+ <constructor-arg><ref local="initialDirContextFactory"/></constructor-arg>
+ <property name="userSearch"><ref bean="ldapUserSearch"/></property>
+ </bean>
+ </constructor-arg>
+ <constructor-arg><ref local="jdbcAuthoritiesPopulator"/></constructor-arg>
+ <property name="userCache" ref="userCache"/>
+ </bean>
+
+ <bean id="jdbcAuthoritiesPopulator" class="org.apache.roller.ui.core.security.AuthoritiesPopulator">
+ <property name="dataSource">
+ <bean class="org.springframework.jndi.JndiObjectFactoryBean">
+ <property name="jndiName" value="java:comp/env/jdbc/rollerdb"/>
+ </bean>
+ </property>
+ <property name="authoritiesByUsernameQuery">
+ <value>SELECT username,rolename FROM userrole WHERE username = ?</value>
+ </property>
+ <property name="defaultRole"><value>register</value></property>
+ </bean>
+ -->
+ <!-- END Sample LDAP/RollerDB hybrid security configuration -->
+
<bean id="daoAuthenticationProvider" class="org.acegisecurity.providers.dao.DaoAuthenticationProvider">
<property name="userDetailsService" ref="jdbcAuthenticationDao"/>
<property name="userCache" ref="userCache"/>
</bean>
-
+
<!-- Read users from database -->
<bean id="jdbcAuthenticationDao" class="org.acegisecurity.userdetails.jdbc.JdbcDaoImpl">
<property name="dataSource">