You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@roller.apache.org by mr...@apache.org on 2005/11/28 20:47:53 UTC
svn commit: r349481 - in /incubator/roller/trunk: ./
metadata/database/hibernate/ metadata/xdoclet/ personal/testing/
src/org/roller/business/ src/org/roller/business/hibernate/
src/org/roller/model/ src/org/roller/pojos/ src/org/roller/presentation/ s...
Author: mraible
Date: Mon Nov 28 11:47:33 2005
New Revision: 349481
URL: http://svn.apache.org/viewcvs?rev=349481&view=rev
Log:
Replaced CMA with Acegi Security (http://www.rollerweblogger.org/wiki/Wiki.jsp?page=Proposal_AcegiSecurity)
Added:
incubator/roller/trunk/tools/lib/commons-codec-1.3.jar (with props)
incubator/roller/trunk/tools/spring-1.2/
incubator/roller/trunk/tools/spring-1.2/acegi-security-0.9.0.jar (with props)
incubator/roller/trunk/tools/spring-1.2/spring.jar (with props)
Removed:
incubator/roller/trunk/metadata/xdoclet/web-security.xml
incubator/roller/trunk/src/org/roller/pojos/UserCookieData.java
incubator/roller/trunk/src/org/roller/presentation/filters/LoginFilter.java
incubator/roller/trunk/src/org/roller/presentation/servlets/LoginServlet.java
incubator/roller/trunk/tools/lib/commons-codec-1.1.jar
Modified:
incubator/roller/trunk/.classpath
incubator/roller/trunk/build.xml
incubator/roller/trunk/metadata/database/hibernate/hibernate.cfg.xml
incubator/roller/trunk/metadata/xdoclet/filter-mappings.xml
incubator/roller/trunk/metadata/xdoclet/filters.xml
incubator/roller/trunk/metadata/xdoclet/web-settings.xml
incubator/roller/trunk/personal/testing/hibernate.cfg.xml
incubator/roller/trunk/properties.xmlf
incubator/roller/trunk/src/org/roller/business/UserManagerImpl.java
incubator/roller/trunk/src/org/roller/business/hibernate/HibernateUserManagerImpl.java
incubator/roller/trunk/src/org/roller/model/UserManager.java
incubator/roller/trunk/src/org/roller/presentation/RollerContext.java
incubator/roller/trunk/src/org/roller/presentation/RollerSession.java
incubator/roller/trunk/src/org/roller/presentation/filters/RequestFilter.java
incubator/roller/trunk/web/WEB-INF/classes/log4j.properties
incubator/roller/trunk/web/WEB-INF/classes/roller.properties
incubator/roller/trunk/web/loginBody.jsp
incubator/roller/trunk/web/logout-redirect.jsp
Modified: incubator/roller/trunk/.classpath
URL: http://svn.apache.org/viewcvs/incubator/roller/trunk/.classpath?rev=349481&r1=349480&r2=349481&view=diff
==============================================================================
--- incubator/roller/trunk/.classpath (original)
+++ incubator/roller/trunk/.classpath Mon Nov 28 11:47:33 2005
@@ -37,7 +37,6 @@
<classpathentry kind="lib" path="tools/lib/ekitapplet.jar"/>
<classpathentry kind="lib" path="tools/lib/concurrent-1.3.2.jar"/>
<classpathentry kind="lib" path="tools/lib/commons-httpclient-2.0.2.jar"/>
- <classpathentry kind="lib" path="tools/lib/commons-codec-1.1.jar"/>
<classpathentry kind="lib" path="tools/lib/commons-betwixt-1.0-beta-1.jar"/>
<classpathentry kind="lib" path="tools/lib/activation.jar"/>
<classpathentry kind="lib" path="tools/standard-1.0.3/lib/standard.jar"/>
Modified: incubator/roller/trunk/build.xml
URL: http://svn.apache.org/viewcvs/incubator/roller/trunk/build.xml?rev=349481&r1=349480&r2=349481&view=diff
==============================================================================
--- incubator/roller/trunk/build.xml (original)
+++ incubator/roller/trunk/build.xml Mon Nov 28 11:47:33 2005
@@ -135,23 +135,8 @@
<fileset dir="./src" includes="org/roller/pojos/*Assoc.java" />
<fileset dir="./src" includes="org/roller/business/*Data.java" />
&custom-gen-beans;
- <hibernate validatexml="true" version="2.0"/>
+ <hibernate validatexml="true" version="3.0"/>
</hibernatedoclet>
-
- <replace dir="${build.compile_beans}/org/roller/pojos"
- token="Hibernate Mapping DTD 2.0//EN"
- value="Hibernate Mapping DTD 3.0//EN"/>
- <replace dir="${build.compile_beans}/org/roller/pojos"
- token="hibernate-mapping-2.0.dtd"
- value="hibernate-mapping-3.0.dtd"/>
-
- <replace dir="${build.compile_beans}/org/roller/business"
- token="Hibernate Mapping DTD 2.0//EN"
- value="Hibernate Mapping DTD 3.0//EN"/>
- <replace dir="${build.compile_beans}/org/roller/business"
- token="hibernate-mapping-2.0.dtd"
- value="hibernate-mapping-3.0.dtd"/>
-
</target>
<!-- ============================================== -->
@@ -427,6 +412,7 @@
<fileset refid="hibernate.jars" />
<fileset refid="commons.jars" />
<fileset refid="struts.jars" />
+ <fileset refid="spring.jars" />
<fileset refid="jstl.jars" />
&custom-jars;
<fileset dir="${ro.tools}/lib">
Modified: incubator/roller/trunk/metadata/database/hibernate/hibernate.cfg.xml
URL: http://svn.apache.org/viewcvs/incubator/roller/trunk/metadata/database/hibernate/hibernate.cfg.xml?rev=349481&r1=349480&r2=349481&view=diff
==============================================================================
--- incubator/roller/trunk/metadata/database/hibernate/hibernate.cfg.xml (original)
+++ incubator/roller/trunk/metadata/database/hibernate/hibernate.cfg.xml Mon Nov 28 11:47:33 2005
@@ -55,7 +55,6 @@
<mapping resource="org/roller/pojos/RoleData.hbm.xml" />
<mapping resource="org/roller/pojos/RollerConfigData.hbm.xml" />
<mapping resource="org/roller/pojos/UserData.hbm.xml" />
- <mapping resource="org/roller/pojos/UserCookieData.hbm.xml" />
<mapping resource="org/roller/pojos/WeblogCategoryData.hbm.xml" />
<mapping resource="org/roller/pojos/WeblogCategoryAssoc.hbm.xml" />
<mapping resource="org/roller/pojos/WeblogEntryData.hbm.xml" />
Modified: incubator/roller/trunk/metadata/xdoclet/filter-mappings.xml
URL: http://svn.apache.org/viewcvs/incubator/roller/trunk/metadata/xdoclet/filter-mappings.xml?rev=349481&r1=349480&r2=349481&view=diff
==============================================================================
--- incubator/roller/trunk/metadata/xdoclet/filter-mappings.xml (original)
+++ incubator/roller/trunk/metadata/xdoclet/filter-mappings.xml Mon Nov 28 11:47:33 2005
@@ -17,6 +17,14 @@
</filter-mapping>
-->
+<!-- Acegi Security filters - controls secure access to different parts of Roller -->
+<filter-mapping>
+ <filter-name>securityFilter</filter-name>
+ <url-pattern>/*</url-pattern>
+ <dispatcher>REQUEST</dispatcher>
+ <dispatcher>FORWARD</dispatcher>
+</filter-mapping>
+
<!-- Ensures character encoding set to UTF-8 and JSTL and Struts locales are in sync.
Note: Any filters preceding this one MUST not cause request parsing. -->
<filter-mapping>
@@ -73,18 +81,6 @@
<filter-mapping>
<filter-name>RefererFilter</filter-name>
<url-pattern>/page/*</url-pattern>
-</filter-mapping>
-
-<!-- RememberMe Filter -->
-<filter-mapping>
- <filter-name>loginFilter</filter-name>
- <url-pattern>/login.jsp</url-pattern>
- <dispatcher>REQUEST</dispatcher>
- <dispatcher>FORWARD</dispatcher>
-</filter-mapping>
-<filter-mapping>
- <filter-name>loginFilter</filter-name>
- <url-pattern>/logout-redirect.jsp</url-pattern>
</filter-mapping>
<!--
Modified: incubator/roller/trunk/metadata/xdoclet/filters.xml
URL: http://svn.apache.org/viewcvs/incubator/roller/trunk/metadata/xdoclet/filters.xml?rev=349481&r1=349480&r2=349481&view=diff
==============================================================================
--- incubator/roller/trunk/metadata/xdoclet/filters.xml (original)
+++ incubator/roller/trunk/metadata/xdoclet/filters.xml Mon Nov 28 11:47:33 2005
@@ -1,3 +1,11 @@
+<filter>
+ <filter-name>securityFilter</filter-name>
+ <filter-class>net.sf.acegisecurity.util.FilterToBeanProxy</filter-class>
+ <init-param>
+ <param-name>targetClass</param-name>
+ <param-value>net.sf.acegisecurity.util.FilterChainProxy</param-value>
+ </init-param>
+</filter>
<filter>
<filter-name>RssGzipFilter</filter-name>
Modified: incubator/roller/trunk/metadata/xdoclet/web-settings.xml
URL: http://svn.apache.org/viewcvs/incubator/roller/trunk/metadata/xdoclet/web-settings.xml?rev=349481&r1=349480&r2=349481&view=diff
==============================================================================
--- incubator/roller/trunk/metadata/xdoclet/web-settings.xml (original)
+++ incubator/roller/trunk/metadata/xdoclet/web-settings.xml Mon Nov 28 11:47:33 2005
@@ -4,3 +4,7 @@
<!-- RESIN_LOGGER -->
+<context-param>
+ <param-name>contextConfigLocation</param-name>
+ <param-value>/WEB-INF/security.xml</param-value>
+</context-param>
Modified: incubator/roller/trunk/personal/testing/hibernate.cfg.xml
URL: http://svn.apache.org/viewcvs/incubator/roller/trunk/personal/testing/hibernate.cfg.xml?rev=349481&r1=349480&r2=349481&view=diff
==============================================================================
--- incubator/roller/trunk/personal/testing/hibernate.cfg.xml (original)
+++ incubator/roller/trunk/personal/testing/hibernate.cfg.xml Mon Nov 28 11:47:33 2005
@@ -57,7 +57,6 @@
<mapping resource="org/roller/pojos/RoleData.hbm.xml" />
<mapping resource="org/roller/pojos/RollerConfigData.hbm.xml" />
<mapping resource="org/roller/pojos/UserData.hbm.xml" />
- <mapping resource="org/roller/pojos/UserCookieData.hbm.xml" />
<mapping resource="org/roller/pojos/WeblogCategoryData.hbm.xml" />
<mapping resource="org/roller/pojos/WeblogCategoryAssoc.hbm.xml" />
<mapping resource="org/roller/pojos/WeblogEntryData.hbm.xml" />
Modified: incubator/roller/trunk/properties.xmlf
URL: http://svn.apache.org/viewcvs/incubator/roller/trunk/properties.xmlf?rev=349481&r1=349480&r2=349481&view=diff
==============================================================================
--- incubator/roller/trunk/properties.xmlf (original)
+++ incubator/roller/trunk/properties.xmlf Mon Nov 28 11:47:33 2005
@@ -15,6 +15,7 @@
<property name="build.reports" value="${ro.build}/reports"/>
<property name="tools.struts" value="${ro.tools}/struts-1.2.4" />
<property name="tools.hibernate" value="${ro.tools}/hibernate-3.0" />
+<property name="tools.spring" value="${ro.tools}/spring-1.2" />
<property name="tools.jstl" value="${ro.tools}/standard-1.0.3" />
<property name="tools.xdoclet" value="${ro.tools}/buildtime/xdoclet-1.2.3" />
<property name="tools.tomcat" value="${ro.tools}/buildtime/tomcat-5.0.28" />
@@ -42,7 +43,7 @@
<fileset id="base.jars" dir="${ro.tools}/lib">
<include name="commons-betwixt-1.0-beta-1.jar" />
<include name="commons-cache.jar" />
- <include name="commons-codec-1.1.jar" />
+ <include name="commons-codec-1.3.jar" />
<include name="concurrent-1.3.2.jar"/>
<include name="jazzy-core.jar" />
<include name="jdom.jar"/>
@@ -95,6 +96,10 @@
<include name="*.jar"/>
</fileset>
+<fileset id="spring.jars" dir="${tools.spring}">
+ <include name="*.jar"/>
+</fileset>
+
<!-- **************************************************************** -->
<!-- Define path based on above filesets -->
<!-- **************************************************************** -->
@@ -113,6 +118,7 @@
<fileset refid="servlet.jars"/>
<fileset refid="mail.jars"/>
<fileset refid="jstl.jars"/>
+ <fileset refid="spring.jars"/>
<!--fileset refid="resin.jars" /-->
</path>
Modified: incubator/roller/trunk/src/org/roller/business/UserManagerImpl.java
URL: http://svn.apache.org/viewcvs/incubator/roller/trunk/src/org/roller/business/UserManagerImpl.java?rev=349481&r1=349480&r2=349481&view=diff
==============================================================================
--- incubator/roller/trunk/src/org/roller/business/UserManagerImpl.java (original)
+++ incubator/roller/trunk/src/org/roller/business/UserManagerImpl.java Mon Nov 28 11:47:33 2005
@@ -3,7 +3,6 @@
*/
package org.roller.business;
-import java.io.IOException;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
@@ -23,11 +22,9 @@
import org.roller.pojos.WeblogTemplate;
import org.roller.pojos.PermissionsData;
import org.roller.pojos.RoleData;
-import org.roller.pojos.UserCookieData;
import org.roller.pojos.UserData;
import org.roller.pojos.WeblogCategoryData;
import org.roller.pojos.WebsiteData;
-import org.roller.util.RandomGUID;
import org.roller.util.Utilities;
/**
@@ -327,41 +324,6 @@
perms.save();
return website;
- }
-
- /**
- * @see org.roller.model.UserManager#createLoginCookie(java.lang.String)
- */
- public String createLoginCookie(String username) throws RollerException
- {
- UserCookieData cookie = new UserCookieData();
- cookie.setUsername(username);
-
- return saveLoginCookie(cookie);
- }
-
- /**
- * Convenience method to set a unique cookie id and save to database
- *
- * @param cookie
- * @return
- * @throws Exception
- */
- protected String saveLoginCookie(UserCookieData cookie) throws RollerException
- {
- cookie.setCookieId(new RandomGUID().toString());
- cookie.save();
-
- String cookieString = null;
- try {
- cookieString = Utilities.encodeString(cookie.getUsername() + "|" +
- cookie.getCookieId());
- } catch (IOException io) {
- mLogger.warn("Failed to encode rememberMe cookieString");
- mLogger.warn(io.getMessage());
- cookieString = cookie.getUsername() + "|" + cookie.getCookieId();
- }
- return cookieString;
}
/**
Modified: incubator/roller/trunk/src/org/roller/business/hibernate/HibernateUserManagerImpl.java
URL: http://svn.apache.org/viewcvs/incubator/roller/trunk/src/org/roller/business/hibernate/HibernateUserManagerImpl.java?rev=349481&r1=349480&r2=349481&view=diff
==============================================================================
--- incubator/roller/trunk/src/org/roller/business/hibernate/HibernateUserManagerImpl.java (original)
+++ incubator/roller/trunk/src/org/roller/business/hibernate/HibernateUserManagerImpl.java Mon Nov 28 11:47:33 2005
@@ -31,13 +31,10 @@
import org.roller.pojos.PermissionsData;
import org.roller.pojos.RefererData;
import org.roller.pojos.RoleData;
-import org.roller.pojos.UserCookieData;
import org.roller.pojos.UserData;
import org.roller.pojos.WeblogCategoryData;
import org.roller.pojos.WeblogEntryData;
import org.roller.pojos.WebsiteData;
-import org.roller.util.StringUtils;
-import org.roller.util.Utilities;
/**
* Hibernate queries.
@@ -204,87 +201,6 @@
catch (HibernateException e)
{
throw new RollerException(e);
- }
- }
-
- /**
- * @see org.roller.model.UserManager#removeLoginCookies(java.lang.String)
- */
- public void removeLoginCookies(String username) throws RollerException
- {
- Session session = ((HibernateStrategy)mStrategy).getSession();
- Criteria criteria = session.createCriteria(UserCookieData.class);
- criteria.add(Expression.eq("username", username));
- List list;
- try
- {
- list = criteria.list();
- }
- catch (HibernateException e)
- {
- throw new RollerException(e);
- }
- for (Iterator it = list.iterator(); it.hasNext();)
- {
- String id = ((UserCookieData) it.next()).getId();
- mStrategy.remove(id, UserCookieData.class);
- }
- }
-
- /**
- * @see org.roller.model.UserManager#checkLoginCookie(java.lang.String)
- */
- public String checkLoginCookie(String value) throws RollerException
- {
- try
- {
- value = Utilities.decodeString(value);
- }
- catch (IOException io)
- {
- mLogger.warn("Failed to decode rememberMe cookieString");
- return null;
- }
-
- String[] values = StringUtils.split(value, "|");
-
- if (mLogger.isDebugEnabled())
- {
- mLogger.debug("looking up cookieId: " + values[1]);
- }
-
- Session session = ((HibernateStrategy)mStrategy).getSession();
- Criteria criteria = session.createCriteria(UserCookieData.class);
- criteria.add(Expression.eq("username", values[0]));
- criteria.add(Expression.eq("cookieId", values[1]));
-
- List list;
- try
- {
- list = criteria.list();
- }
- catch (HibernateException e)
- {
- throw new RollerException(e);
- }
- UserCookieData cookie = (list.size() > 0) ? (UserCookieData)list.get(0) : null;
-
- if (cookie != null)
- {
- if (mLogger.isDebugEnabled())
- {
- mLogger.debug("cookieId lookup succeeded, generating new cookieId");
- }
- return saveLoginCookie(cookie);
- }
- else
- {
- if (mLogger.isDebugEnabled())
- {
- mLogger.debug("cookieId lookup failed, returning null");
- }
-
- return null;
}
}
Modified: incubator/roller/trunk/src/org/roller/model/UserManager.java
URL: http://svn.apache.org/viewcvs/incubator/roller/trunk/src/org/roller/model/UserManager.java?rev=349481&r1=349480&r2=349481&view=diff
==============================================================================
--- incubator/roller/trunk/src/org/roller/model/UserManager.java (original)
+++ incubator/roller/trunk/src/org/roller/model/UserManager.java Mon Nov 28 11:47:33 2005
@@ -247,32 +247,6 @@
* Retrieve the Page in read-only mode (does hibernate support this?).
*/
public WeblogTemplate retrievePageReadOnly(String id) throws RollerException;
-
- /**
- * Validates a user based on a cookie value. If successful, it returns
- * a new cookie String. If not, then it returns null.
- *
- * @param value (in format username|guid)
- * @return indicator that this is a valid login
- * @throws Exception
- */
- public String checkLoginCookie(String value) throws RollerException;
-
- /**
- * Creates a cookie string using a username - designed for use when
- * a user logs in and wants to be remembered.
- *
- * @param username
- * @return String to put in a cookie for remembering user
- * @throws Exception
- */
- public String createLoginCookie(String username) throws RollerException;
-
- /**
- * Deletes all cookies for user.
- * @param username
- */
- public void removeLoginCookies(String username) throws RollerException;
/**
* Remove contents of website.
Modified: incubator/roller/trunk/src/org/roller/presentation/RollerContext.java
URL: http://svn.apache.org/viewcvs/incubator/roller/trunk/src/org/roller/presentation/RollerContext.java?rev=349481&r1=349480&r2=349481&view=diff
==============================================================================
--- incubator/roller/trunk/src/org/roller/presentation/RollerContext.java (original)
+++ incubator/roller/trunk/src/org/roller/presentation/RollerContext.java Mon Nov 28 11:47:33 2005
@@ -19,10 +19,18 @@
import javax.servlet.http.HttpSessionEvent;
import javax.sql.DataSource;
+import net.sf.acegisecurity.providers.ProviderManager;
+import net.sf.acegisecurity.providers.dao.DaoAuthenticationProvider;
+import net.sf.acegisecurity.providers.encoding.Md5PasswordEncoder;
+import net.sf.acegisecurity.providers.encoding.PasswordEncoder;
+import net.sf.acegisecurity.providers.encoding.ShaPasswordEncoder;
+import net.sf.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint;
+
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.struts.util.RequestUtils;
import org.roller.RollerException;
+import org.roller.business.utils.UpgradeDatabase;
import org.roller.config.PingConfig;
import org.roller.config.RollerConfig;
import org.roller.config.RollerRuntimeConfig;
@@ -40,10 +48,11 @@
import org.roller.presentation.velocity.DefaultCommentAuthenticator;
import org.roller.util.StringUtils;
import org.roller.util.Utilities;
+import org.springframework.context.ApplicationContext;
+import org.springframework.web.context.ContextLoaderListener;
+import org.springframework.web.context.support.WebApplicationContextUtils;
+
import EDU.oswego.cs.dl.util.concurrent.SynchronizedInt;
-import org.roller.business.utils.UpgradeDatabase;
-import org.roller.config.RollerRuntimeConfig;
-import org.roller.config.PingConfig;
//////////////////////////////////////////////////////////////////////////////
@@ -51,7 +60,7 @@
* Responds to app init/destroy events and holds Roller instance.
* @web.listener
*/
-public class RollerContext implements ServletContextListener
+public class RollerContext extends ContextLoaderListener implements ServletContextListener
{
private static Log mLogger =
LogFactory.getFactory().getInstance(RollerContext.class);
@@ -189,6 +198,14 @@
setupPingQueueTask(roller);
setupScheduledTasks(mContext, roller);
+ // call Spring's context ContextLoaderListener to initialize
+ // all the context files specified in web.xml. This is necessary
+ // because listeners don't initialize in the order specified in
+ // 2.3 containers
+ super.contextInitialized(sce);
+
+ initializeSecurityFeatures(mContext);
+
roller.commit();
roller.release();
@@ -292,6 +309,52 @@
// Schedule it at the appropriate interval, delay start for one interval.
mLogger.info("Scheduling ping queue task to run at " + intervalMins + " minute intervals.");
roller.getThreadManager().scheduleFixedRateTimerTask(pingQueueTask, intervalMins, intervalMins);
+ }
+
+ protected void initializeSecurityFeatures(ServletContext context) {
+ ApplicationContext ctx =
+ WebApplicationContextUtils.getRequiredWebApplicationContext(context);
+
+ String rememberMe = RollerConfig.getProperty("rememberme.enabled");
+ boolean rememberMeEnabled = Boolean.valueOf(rememberMe).booleanValue();
+
+ mLogger.info("Remember Me enabled: " + rememberMeEnabled);
+
+ context.setAttribute("rememberMeEnabled", rememberMe);
+
+ if (rememberMeEnabled) {
+ ProviderManager provider = (ProviderManager) ctx.getBean("authenticationManager");
+ provider.getProviders().add(ctx.getBean("rememberMeAuthenticationProvider"));
+ }
+
+ String encryptPasswords = RollerConfig.getProperty("passwds.encryption.enabled");
+ boolean doEncrypt = Boolean.valueOf(encryptPasswords).booleanValue();
+
+ if (doEncrypt) {
+ DaoAuthenticationProvider provider =
+ (DaoAuthenticationProvider) ctx.getBean("daoAuthenticationProvider");
+ String algorithm = RollerConfig.getProperty("passwds.encryption.algorithm");
+ PasswordEncoder encoder = null;
+ if (algorithm.equalsIgnoreCase("SHA")) {
+ encoder = new ShaPasswordEncoder();
+ } else if (algorithm.equalsIgnoreCase("MD5")) {
+ encoder = new Md5PasswordEncoder();
+ } else {
+ mLogger.error("Encryption algorithm '" + algorithm +
+ "' not supported, disabling encryption.");
+ }
+ if (encoder != null) {
+ provider.setPasswordEncoder(encoder);
+ mLogger.info("Password Encryption Algorithm set to '" + algorithm + "'");
+ }
+ }
+
+ String secureLogin = RollerConfig.getProperty("securelogin.enabled");
+ if (secureLogin != null && "true".equalsIgnoreCase(secureLogin)) {
+ AuthenticationProcessingFilterEntryPoint entryPoint =
+ (AuthenticationProcessingFilterEntryPoint) ctx.getBean("authenticationProcessingFilterEntryPoint");
+ entryPoint.setForceHttps(true);
+ }
}
protected void upgradeDatabaseIfNeeded() throws RollerException
Modified: incubator/roller/trunk/src/org/roller/presentation/RollerSession.java
URL: http://svn.apache.org/viewcvs/incubator/roller/trunk/src/org/roller/presentation/RollerSession.java?rev=349481&r1=349480&r2=349481&view=diff
==============================================================================
--- incubator/roller/trunk/src/org/roller/presentation/RollerSession.java (original)
+++ incubator/roller/trunk/src/org/roller/presentation/RollerSession.java Mon Nov 28 11:47:33 2005
@@ -54,7 +54,7 @@
if (rollerSession == null)
{
// HttpSession with no RollerSession?
- // Must be a session that was de-serialzied from a previous run.
+ // Must be a session that was de-serialized from a previous run.
rollerSession = new RollerSession();
session.setAttribute(ROLLER_SESSION, rollerSession);
}
Modified: incubator/roller/trunk/src/org/roller/presentation/filters/RequestFilter.java
URL: http://svn.apache.org/viewcvs/incubator/roller/trunk/src/org/roller/presentation/filters/RequestFilter.java?rev=349481&r1=349480&r2=349481&view=diff
==============================================================================
--- incubator/roller/trunk/src/org/roller/presentation/filters/RequestFilter.java (original)
+++ incubator/roller/trunk/src/org/roller/presentation/filters/RequestFilter.java Mon Nov 28 11:47:33 2005
@@ -20,6 +20,7 @@
import org.apache.commons.logging.LogFactory;
import org.apache.struts.Globals;
import org.roller.RollerException;
+import org.roller.config.RollerConfig;
import org.roller.model.Roller;
import org.roller.model.RollerFactory;
import org.roller.model.UserManager;
@@ -66,28 +67,7 @@
try
{
rreq = RollerRequest.getRollerRequest(
- request, mFilterConfig.getServletContext());
-
- // if user wants to be remembered, create a remember me cookie
- // TODO: Figure out a better place to put this - so it will
- // only be called when the user initially logs in
- String username = request.getRemoteUser();
-
- if (username != null)
- {
- if (session.getAttribute(RollerRequest.LOGIN_COOKIE) != null)
- {
- session.removeAttribute(RollerRequest.LOGIN_COOKIE);
-
- UserManager mgr = RollerFactory.getRoller().getUserManager();
- String loginCookie = mgr.createLoginCookie(username);
- RollerFactory.getRoller().commit();
- RequestUtil.setCookie(response, RollerRequest.LOGIN_COOKIE,
- loginCookie, request.getContextPath());
- }
- }
-
-
+ request, mFilterConfig.getServletContext());
}
catch (RollerException e)
{
@@ -97,25 +77,6 @@
"Page not found or error parsing requested URL");
return;
}
-
- /*if (session != null)
- {
- // look for messages and errors in the request, and if they
- // exist, stuff them in the request - in Struts 1.2, you don't
- // need to do this
- if (session.getAttribute(Globals.MESSAGE_KEY) != null)
- {
- request.setAttribute(Globals.MESSAGE_KEY,
- session.getAttribute(Globals.MESSAGE_KEY));
- session.removeAttribute(Globals.MESSAGE_KEY);
- }
- if (session.getAttribute(Globals.ERROR_KEY) != null)
- {
- request.setAttribute(Globals.ERROR_KEY,
- session.getAttribute(Globals.ERROR_KEY));
- session.removeAttribute(Globals.ERROR_KEY);
- }
- }*/
Date updateTime = null;
try
Added: incubator/roller/trunk/tools/lib/commons-codec-1.3.jar
URL: http://svn.apache.org/viewcvs/incubator/roller/trunk/tools/lib/commons-codec-1.3.jar?rev=349481&view=auto
==============================================================================
Binary file - no diff available.
Propchange: incubator/roller/trunk/tools/lib/commons-codec-1.3.jar
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Added: incubator/roller/trunk/tools/spring-1.2/acegi-security-0.9.0.jar
URL: http://svn.apache.org/viewcvs/incubator/roller/trunk/tools/spring-1.2/acegi-security-0.9.0.jar?rev=349481&view=auto
==============================================================================
Binary file - no diff available.
Propchange: incubator/roller/trunk/tools/spring-1.2/acegi-security-0.9.0.jar
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Added: incubator/roller/trunk/tools/spring-1.2/spring.jar
URL: http://svn.apache.org/viewcvs/incubator/roller/trunk/tools/spring-1.2/spring.jar?rev=349481&view=auto
==============================================================================
Binary file - no diff available.
Propchange: incubator/roller/trunk/tools/spring-1.2/spring.jar
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Modified: incubator/roller/trunk/web/WEB-INF/classes/log4j.properties
URL: http://svn.apache.org/viewcvs/incubator/roller/trunk/web/WEB-INF/classes/log4j.properties?rev=349481&r1=349480&r2=349481&view=diff
==============================================================================
--- incubator/roller/trunk/web/WEB-INF/classes/log4j.properties (original)
+++ incubator/roller/trunk/web/WEB-INF/classes/log4j.properties Mon Nov 28 11:47:33 2005
@@ -14,6 +14,9 @@
log4j.category.org.hibernate=ERROR
log4j.category.org.apache.struts=ERROR
log4j.category.org.tuckey.web.filters.urlrewrite=DEBUG
+log4j.category.org.springframework=WARN
+log4j.category.net.sf.acegisecurity=WARN
+log4j.category.net.sf.acegisecurity.ui.rememberme=DEBUG
# Tomcat's ClientAbortExceptions cause Velocity to talk way
# too much so by default Velocity is set to STFU mode.
Modified: incubator/roller/trunk/web/WEB-INF/classes/roller.properties
URL: http://svn.apache.org/viewcvs/incubator/roller/trunk/web/WEB-INF/classes/roller.properties?rev=349481&r1=349480&r2=349481&view=diff
==============================================================================
--- incubator/roller/trunk/web/WEB-INF/classes/roller.properties (original)
+++ incubator/roller/trunk/web/WEB-INF/classes/roller.properties Mon Nov 28 11:47:33 2005
@@ -283,7 +283,7 @@
#----------------------------------
# misc settings
-loginfilter.rememberme.enabled=true
+rememberme.enabled=true
breadcrumbs.stacksize=3
debug.memory.enabled=false
Modified: incubator/roller/trunk/web/loginBody.jsp
URL: http://svn.apache.org/viewcvs/incubator/roller/trunk/web/loginBody.jsp?rev=349481&r1=349480&r2=349481&view=diff
==============================================================================
--- incubator/roller/trunk/web/loginBody.jsp (original)
+++ incubator/roller/trunk/web/loginBody.jsp Mon Nov 28 11:47:33 2005
@@ -13,7 +13,7 @@
<form method="post"
id="loginForm"
- action="<c:url value="/auth/"/>"
+ action="<c:url value="/j_security_check"/>"
onsubmit="saveUsername(this)">
<table>
@@ -29,8 +29,6 @@
<th><fmt:message key="loginPage.password" />:</th>
<td>
<input type="password" name="j_password" id="j_password" size="20" />
- <!-- for Resin -->
- <input type="hidden" name="j_uri" id="j_uri" value="" />
</td>
</tr>
Modified: incubator/roller/trunk/web/logout-redirect.jsp
URL: http://svn.apache.org/viewcvs/incubator/roller/trunk/web/logout-redirect.jsp?rev=349481&r1=349480&r2=349481&view=diff
==============================================================================
--- incubator/roller/trunk/web/logout-redirect.jsp (original)
+++ incubator/roller/trunk/web/logout-redirect.jsp Mon Nov 28 11:47:33 2005
@@ -1,8 +1,17 @@
<%@ page language="java" contentType="text/html; charset=UTF-8" %>
<%@ page import="org.roller.presentation.RollerSession" %>
-<%
+<%@ page import="javax.servlet.http.Cookie" %>
+<%@ page import="net.sf.acegisecurity.ui.rememberme.TokenBasedRememberMeServices" %>
+
+<%
request.getSession().removeAttribute(RollerSession.ROLLER_SESSION);
request.getSession().invalidate();
+
+Cookie terminate = new Cookie(TokenBasedRememberMeServices.ACEGI_SECURITY_HASHED_REMEMBER_ME_COOKIE_KEY, null);
+
+terminate.setMaxAge(0);
+response.addCookie(terminate);
+
response.sendRedirect("index.jsp");
-%>
-
+%>
+