You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@roller.apache.org by sn...@apache.org on 2006/01/10 16:23:24 UTC
svn commit: r367638 - in /incubator/roller/trunk: metadata/xdoclet/
src/org/roller/presentation/ src/org/roller/presentation/filters/
src/org/roller/presentation/tags/ src/org/roller/presentation/util/
src/org/roller/util/ web/ web/WEB-INF/ web/WEB-INF...
Author: snoopdave
Date: Tue Jan 10 07:23:08 2006
New Revision: 367638
URL: http://svn.apache.org/viewcvs?rev=367638&view=rev
Log:
Scheme enforcement now done via Acegi but still configured via roller.properties, also: some cleanup of unused classes and properties
Removed:
incubator/roller/trunk/src/org/roller/presentation/filters/SchemeEnforcementFilter.java
incubator/roller/trunk/src/org/roller/presentation/tags/SecureTag.java
incubator/roller/trunk/src/org/roller/presentation/util/SslUtil.java
Modified:
incubator/roller/trunk/metadata/xdoclet/filter-mappings.xml
incubator/roller/trunk/src/org/roller/presentation/RollerContext.java
incubator/roller/trunk/src/org/roller/util/SpamChecker.java
incubator/roller/trunk/web/WEB-INF/classes/roller.properties
incubator/roller/trunk/web/WEB-INF/security.xml
incubator/roller/trunk/web/login-redirect.jsp
incubator/roller/trunk/web/login.jsp
Modified: incubator/roller/trunk/metadata/xdoclet/filter-mappings.xml
URL: http://svn.apache.org/viewcvs/incubator/roller/trunk/metadata/xdoclet/filter-mappings.xml?rev=367638&r1=367637&r2=367638&view=diff
==============================================================================
--- incubator/roller/trunk/metadata/xdoclet/filter-mappings.xml (original)
+++ incubator/roller/trunk/metadata/xdoclet/filter-mappings.xml Tue Jan 10 07:23:08 2006
@@ -34,11 +34,6 @@
<dispatcher>FORWARD</dispatcher>
</filter-mapping>
-<filter-mapping>
- <filter-name>SchemeEnforcementFilter</filter-name>
- <url-pattern>/*</url-pattern>
-</filter-mapping>
-
<!-- Map everything to the PersistenceSessionFilter.
NOTE: Any filters preceding this one MUST NOT use persistence sessions.-->
<filter-mapping>
Modified: incubator/roller/trunk/src/org/roller/presentation/RollerContext.java
URL: http://svn.apache.org/viewcvs/incubator/roller/trunk/src/org/roller/presentation/RollerContext.java?rev=367638&r1=367637&r2=367638&view=diff
==============================================================================
--- incubator/roller/trunk/src/org/roller/presentation/RollerContext.java (original)
+++ incubator/roller/trunk/src/org/roller/presentation/RollerContext.java Tue Jan 10 07:23:08 2006
@@ -13,7 +13,6 @@
import javax.naming.InitialContext;
import javax.naming.NamingException;
import javax.servlet.ServletContext;
-import javax.servlet.ServletConfig;
import javax.servlet.ServletContextEvent;
import javax.servlet.ServletContextListener;
import javax.servlet.http.HttpServletRequest;
@@ -25,7 +24,7 @@
import net.sf.acegisecurity.providers.encoding.Md5PasswordEncoder;
import net.sf.acegisecurity.providers.encoding.PasswordEncoder;
import net.sf.acegisecurity.providers.encoding.ShaPasswordEncoder;
-import net.sf.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint;
+import net.sf.acegisecurity.securechannel.ChannelProcessingFilter;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
@@ -35,7 +34,6 @@
import org.roller.config.PingConfig;
import org.roller.config.RollerConfig;
import org.roller.config.RollerRuntimeConfig;
-import org.roller.model.RefererManager;
import org.roller.model.Roller;
import org.roller.model.RollerFactory;
import org.roller.model.RollerSpellCheck;
@@ -45,7 +43,6 @@
import org.roller.pojos.WebsiteData;
import org.roller.presentation.pings.PingQueueTask;
import org.roller.presentation.velocity.CommentAuthenticator;
-import org.roller.presentation.velocity.ContextLoader;
import org.roller.presentation.velocity.DefaultCommentAuthenticator;
import org.roller.util.StringUtils;
import org.roller.util.Utilities;
@@ -54,6 +51,10 @@
import org.springframework.web.context.support.WebApplicationContextUtils;
import EDU.oswego.cs.dl.util.concurrent.SynchronizedInt;
+import net.sf.acegisecurity.ConfigAttributeDefinition;
+import net.sf.acegisecurity.SecurityConfig;
+import net.sf.acegisecurity.intercept.web.PathBasedFilterInvocationDefinitionMap;
+import net.sf.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint;
//////////////////////////////////////////////////////////////////////////////
@@ -347,11 +348,33 @@
}
}
- String secureLogin = RollerConfig.getProperty("securelogin.enabled");
- if (secureLogin != null && "true".equalsIgnoreCase(secureLogin)) {
+ if (RollerConfig.getBooleanProperty("securelogin.enabled")) {
AuthenticationProcessingFilterEntryPoint entryPoint =
- (AuthenticationProcessingFilterEntryPoint) ctx.getBean("authenticationProcessingFilterEntryPoint");
+ (AuthenticationProcessingFilterEntryPoint)ctx.getBean("authenticationProcessingFilterEntryPoint");
entryPoint.setForceHttps(true);
+ }
+
+ if (RollerConfig.getBooleanProperty("schemeenforcement.enabled")) {
+
+ ChannelProcessingFilter procfilter =
+ (ChannelProcessingFilter)ctx.getBean("channelProcessingFilter");
+ ConfigAttributeDefinition secureDef = new ConfigAttributeDefinition();
+ secureDef.addConfigAttribute(new SecurityConfig("REQUIRES_SECURE_CHANNEL"));
+ ConfigAttributeDefinition insecureDef = new ConfigAttributeDefinition();
+ insecureDef.addConfigAttribute(new SecurityConfig("REQUIRES_INSECURE_CHANNEL"));
+ PathBasedFilterInvocationDefinitionMap defmap =
+ (PathBasedFilterInvocationDefinitionMap)procfilter.getFilterInvocationDefinitionSource();
+
+ // add HTTPS URL path patterns to Acegi config
+ String httpsUrlsProp = RollerConfig.getProperty("schemeenforcement.https.urls");
+ if (httpsUrlsProp != null) {
+ String[] httpsUrls = StringUtils.stripAll(StringUtils.split(httpsUrlsProp, ",") );
+ for (int i=0; i<httpsUrls.length; i++) {
+ defmap.addSecureUrl(httpsUrls[i], secureDef);
+ }
+ }
+ // all other action URLs are non-HTTPS
+ defmap.addSecureUrl("/**/*.do*", insecureDef);
}
}
Modified: incubator/roller/trunk/src/org/roller/util/SpamChecker.java
URL: http://svn.apache.org/viewcvs/incubator/roller/trunk/src/org/roller/util/SpamChecker.java?rev=367638&r1=367637&r2=367638&view=diff
==============================================================================
--- incubator/roller/trunk/src/org/roller/util/SpamChecker.java (original)
+++ incubator/roller/trunk/src/org/roller/util/SpamChecker.java Tue Jan 10 07:23:08 2006
@@ -36,19 +36,23 @@
return false;
}
- /** Test referrer URL, applying website blacklist only, if configured */
+ /** Test referrer URL, applying blacklist and website blacklist only if configured */
public static boolean checkReferrer(WebsiteData website, String referrerURL) {
if (RollerConfig.getBooleanProperty("site.blacklist.enable.referrers")) {
List stringRules = new ArrayList();
List regexRules = new ArrayList();
Blacklist.populateSpamRules(
website.getBlacklist(), stringRules, regexRules, null);
+ if (RollerRuntimeConfig.getProperty("spam.blacklist") != null) {
+ Blacklist.populateSpamRules(
+ RollerRuntimeConfig.getProperty("spam.blacklist"), stringRules, regexRules, null);
+ }
return Blacklist.matchesRulesOnly(referrerURL, stringRules, regexRules);
}
return false;
}
- /** Test comment against built in blacklist + blacklist */
+ /** Test comment against built in blacklist, site blacklist and website blacklist */
private static boolean testComment(CommentData c) {
boolean ret = false;
List stringRules = new ArrayList();
Modified: incubator/roller/trunk/web/WEB-INF/classes/roller.properties
URL: http://svn.apache.org/viewcvs/incubator/roller/trunk/web/WEB-INF/classes/roller.properties?rev=367638&r1=367637&r2=367638&view=diff
==============================================================================
--- incubator/roller/trunk/web/WEB-INF/classes/roller.properties (original)
+++ incubator/roller/trunk/web/WEB-INF/classes/roller.properties Tue Jan 10 07:23:08 2006
@@ -114,25 +114,11 @@
# Enables HTTPS for login page only
securelogin.enabled=false
-# These are only used if secure login is enabled
-securelogin.http.port=80
-securelogin.https.port=443
-
-# Header to be used to determine if HTTPS is active. Needed in cases where
-# request.isSecure() cannot be relied on (e.g if system is behind an SSL
-# accelerator).
-#securelogin.https.headername=X-SSL
-# Header value to be used to determine if HTTPS is active. Leave this empty
-# to simply check for the existance of the header.
-#securelogin.https.headervalue=
-
-# enable scheme enforcement?
-# scheme enforcement ensures that only specific urls are accessed under https
-# this is typically good because it keeps people from browsing a site in https
-schemeenforcement.enabled=true
-# https urls allowed by scheme enforcer, all other urls are redirected to http
-schemeenforcement.https.urls=/j_security_check,/auth,/login-redirect.jsp,\
-/login.jsp
+# Enable scheme enforcement?
+# Scheme enforcement ensures that specific URLs are viewed only via HTTPS
+schemeenforcement.enabled=false
+# URL patterns that require HTTPS
+schemeenforcement.https.urls=/editor/yourProfile.do*,/admin/user.do*
# Password security settings. Warning enabling password encryption may make
# if more difficult to support the Atom Protocol (due in Fall 2005).
Modified: incubator/roller/trunk/web/WEB-INF/security.xml
URL: http://svn.apache.org/viewcvs/incubator/roller/trunk/web/WEB-INF/security.xml?rev=367638&r1=367637&r2=367638&view=diff
==============================================================================
--- incubator/roller/trunk/web/WEB-INF/security.xml (original)
+++ incubator/roller/trunk/web/WEB-INF/security.xml Tue Jan 10 07:23:08 2006
@@ -10,9 +10,9 @@
<value>
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
- /**=httpSessionContextIntegrationFilter,authenticationProcessingFilter,rememberMeProcessingFilter,remoteUserFilter,anonymousProcessingFilter,securityEnforcementFilter
+ /**=httpSessionContextIntegrationFilter,authenticationProcessingFilter,rememberMeProcessingFilter,channelProcessingFilter,remoteUserFilter,anonymousProcessingFilter,securityEnforcementFilter
</value>
- <!-- Put channelProcessingFilter before remoteUserFilter to turn on SSL switching, it's off by default -->
+ <!-- Note that channelProcessingFilter before remoteUserFilter to turn on SSL switching, it's off by default -->
</property>
</bean>
@@ -144,17 +144,11 @@
<property name="channelDecisionManager" ref="channelDecisionManager"/>
<property name="filterInvocationDefinitionSource">
<value>
- CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
- /admin/**=REQUIRES_SECURE_CHANNEL
- /editor/**=REQUIRES_SECURE_CHANNEL
- /login*=REQUIRES_SECURE_CHANNEL
- /j_security_check*=REQUIRES_SECURE_CHANNEL
- /**=REQUIRES_INSECURE_CHANNEL
</value>
</property>
</bean>
-
+
<bean id="channelDecisionManager" class="net.sf.acegisecurity.securechannel.ChannelDecisionManagerImpl">
<property name="channelProcessors">
<list>
Modified: incubator/roller/trunk/web/login-redirect.jsp
URL: http://svn.apache.org/viewcvs/incubator/roller/trunk/web/login-redirect.jsp?rev=367638&r1=367637&r2=367638&view=diff
==============================================================================
--- incubator/roller/trunk/web/login-redirect.jsp (original)
+++ incubator/roller/trunk/web/login-redirect.jsp Tue Jan 10 07:23:08 2006
@@ -6,10 +6,6 @@
page import="org.roller.config.RollerConfig" %><%@
page import="org.roller.presentation.RollerSession" %><%@
page import="java.util.List" %>
-<% request.setAttribute("secure_login", RollerConfig.getProperty("securelogin.enabled")); %>
-<c:if test='${secure_login == "true"}' >
- <roller:secure mode="unsecured" />
-</c:if>
<%
Roller roller = RollerFactory.getRoller();
RollerSession rollerSession = RollerSession.getRollerSession(request);
Modified: incubator/roller/trunk/web/login.jsp
URL: http://svn.apache.org/viewcvs/incubator/roller/trunk/web/login.jsp?rev=367638&r1=367637&r2=367638&view=diff
==============================================================================
--- incubator/roller/trunk/web/login.jsp (original)
+++ incubator/roller/trunk/web/login.jsp Tue Jan 10 07:23:08 2006
@@ -1,9 +1,4 @@
<%@ include file="/taglibs.jsp" %>
-<% request.setAttribute("secure_login",
- org.roller.config.RollerConfig.getProperty("securelogin.enabled")); %>
-<c:if test='${secure_login == "true"}' >
- <roller:secure mode="secured" />
-</c:if>
<tiles:insert page="/theme/tiles-simplepage.jsp">
<tiles:put name="banner" value="/theme/banner.jsp" />
<tiles:put name="bannerStatus" value="/theme/bannerStatus.jsp" />