roller-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From gma...@apache.org
Subject svn commit: r1517033 - in /roller/trunk: ./ app/src/main/java/org/apache/roller/weblogger/ui/core/ app/src/main/java/org/apache/roller/weblogger/ui/core/filters/ app/src/main/java/org/apache/roller/weblogger/ui/struts2/core/ app/src/main/resources/org/...
Date Fri, 23 Aug 2013 21:03:38 GMT
Author: gmazza
Date: Fri Aug 23 21:03:38 2013
New Revision: 1517033

URL: http://svn.apache.org/r1517033
Log:
Minor code cleanup, switch from tab- to space-delimited for the SchemeEnforcementFilter.

Modified:
    roller/trunk/NOTICE.txt
    roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/core/CmaRollerContext.java
    roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/core/RollerContext.java
    roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/core/filters/SchemeEnforcementFilter.java
    roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/struts2/core/Register.java
    roller/trunk/app/src/main/resources/org/apache/roller/weblogger/config/roller.properties
    roller/trunk/app/src/main/webapp/WEB-INF/web.xml

Modified: roller/trunk/NOTICE.txt
URL: http://svn.apache.org/viewvc/roller/trunk/NOTICE.txt?rev=1517033&r1=1517032&r2=1517033&view=diff
==============================================================================
--- roller/trunk/NOTICE.txt (original)
+++ roller/trunk/NOTICE.txt Fri Aug 23 21:03:38 2013
@@ -26,9 +26,6 @@ This product includes:
 * Code written by Dave Johnson for RSS and Atom in Action
     Copyright 2005 David M Johnson (For RSS and Atom In Action)
 
-* Code from OSCache, a product of the OpenSymphony project
-    Copyright 2002-2003 by OpenSymphony
-
 * A Struts LinkTag and LinkParamTag by BSquare Software
     Copyright 2001 Bsquare Projects 
 
@@ -47,7 +44,7 @@ OTHER NOTICES
     "This product includes software developed by the Acegi Security
     System for Spring Project (http://acegisecurity.org)"
 
-* Roller include icons by Mark James (http://www.famfamfam.com/lab/icons)
+* Roller includes icons by Mark James (http://www.famfamfam.com/lab/icons)
 
 
 CREDITS
@@ -67,3 +64,4 @@ Matt Schmidt (emeritus)
 Jeff Blattman (emeritus)
 Craig Russell
 Greg Huber
+Glen Mazza

Modified: roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/core/CmaRollerContext.java
URL: http://svn.apache.org/viewvc/roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/core/CmaRollerContext.java?rev=1517033&r1=1517032&r2=1517033&view=diff
==============================================================================
--- roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/core/CmaRollerContext.java
(original)
+++ roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/core/CmaRollerContext.java
Fri Aug 23 21:03:38 2013
@@ -38,9 +38,9 @@ public class CmaRollerContext extends Ro
     }
     
     /**
-     * Setup Acegi security features.
+     * Setup Spring Security features.
      */
     protected void initializeSecurityFeatures(ServletContext context) { 
-        // no need to setup Acegi security
+        // no need to setup Spring Security
     }
 }

Modified: roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/core/RollerContext.java
URL: http://svn.apache.org/viewvc/roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/core/RollerContext.java?rev=1517033&r1=1517032&r2=1517033&view=diff
==============================================================================
--- roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/core/RollerContext.java
(original)
+++ roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/core/RollerContext.java
Fri Aug 23 21:03:38 2013
@@ -95,7 +95,7 @@ public class RollerContext extends Conte
 
         // First, initialize everything that requires no database
 
-        // Keep a reverence to ServletContext object
+        // Keep a reference to ServletContext object
         this.servletContext = sce.getServletContext();
         
         // Call Spring's context ContextLoaderListener to initialize all the
@@ -105,10 +105,11 @@ public class RollerContext extends Conte
         
         // get the *real* path to <context>/resources
         String ctxPath = servletContext.getRealPath("/");
-        if(!ctxPath.endsWith(File.separator))
+        if (!ctxPath.endsWith(File.separator)) {
             ctxPath += File.separator + "resources";
-        else
+        } else {
             ctxPath += "resources";
+        }
         
         // try setting the uploads path to <context>/resources
         // NOTE: this should go away at some point
@@ -165,7 +166,7 @@ public class RollerContext extends Conte
             
         // do a small amount of work to initialize the web tier
         try {
-            // Initialize Acegi based on Roller configuration
+            // Initialize Spring Security based on Roller configuration
             initializeSecurityFeatures(servletContext);
             
             // Setup Velocity template engine
@@ -225,7 +226,7 @@ public class RollerContext extends Conte
             System.out.println(name);*/
         
         String rememberMe = WebloggerConfig.getProperty("rememberme.enabled");
-        boolean rememberMeEnabled = Boolean.valueOf(rememberMe).booleanValue();
+        boolean rememberMeEnabled = Boolean.valueOf(rememberMe);
         
         log.info("Remember Me enabled: " + rememberMeEnabled);
         
@@ -242,7 +243,7 @@ public class RollerContext extends Conte
         }
         
         String encryptPasswords = WebloggerConfig.getProperty("passwds.encryption.enabled");
-        boolean doEncrypt = Boolean.valueOf(encryptPasswords).booleanValue();
+        boolean doEncrypt = Boolean.valueOf(encryptPasswords);
         
         if (doEncrypt) {
             DaoAuthenticationProvider provider = (DaoAuthenticationProvider) ctx.getBean("org.springframework.security.authentication.dao.DaoAuthenticationProvider#0");
@@ -279,7 +280,7 @@ public class RollerContext extends Conte
             PathBasedFilterInvocationDefinitionMap defmap =
                     (PathBasedFilterInvocationDefinitionMap)procfilter.getFilterInvocationDefinitionSource();
             
-            // add HTTPS URL path patterns to Acegi config
+            // add HTTPS URL path patterns to Spring Security config
             String httpsUrlsProp = WebloggerConfig.getProperty("schemeenforcement.https.urls");
             if (httpsUrlsProp != null) {
                 String[] httpsUrls = StringUtils.stripAll(StringUtils.split(httpsUrlsProp,
",") );

Modified: roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/core/filters/SchemeEnforcementFilter.java
URL: http://svn.apache.org/viewvc/roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/core/filters/SchemeEnforcementFilter.java?rev=1517033&r1=1517032&r2=1517033&view=diff
==============================================================================
--- roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/core/filters/SchemeEnforcementFilter.java
(original)
+++ roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/core/filters/SchemeEnforcementFilter.java
Fri Aug 23 21:03:38 2013
@@ -44,165 +44,173 @@ import org.apache.roller.weblogger.confi
 /**
  * The SchemeEnforcementFilter is provided for Roller sites that enable secure
  * logins and want to ensure that login urls are used only under https.
- * 
+ *
  * @author Allen Gilliland
- * 
  * @web.filter name="SchemeEnforcementFilter"
  */
 public class SchemeEnforcementFilter implements Filter {
 
-	private static Log log = LogFactory.getLog(SchemeEnforcementFilter.class);
+    private static Log log = LogFactory.getLog(SchemeEnforcementFilter.class);
 
-	private boolean schemeEnforcementEnabled = false;
-	private boolean secureLoginEnabled = false;
-	private int httpPort = 80;
-	private int httpsPort = 443;
-
-	private Set<String> allowedUrls = new HashSet<String>();
-	private Set<String> ignored = new HashSet<String>();
-
-	/**
-	 * Process filter.
-	 * 
-	 * We'll take the incoming request and first determine if this is a secure
-	 * request. If the request is secure then we'll see if it matches one of the
-	 * allowed secure urls, if not then we will redirect back out of https.
-	 */
-	public void doFilter(ServletRequest request, ServletResponse response,
-			FilterChain chain) throws IOException, ServletException {
-
-		if (this.schemeEnforcementEnabled && this.secureLoginEnabled) {
-
-			HttpServletRequest req = (HttpServletRequest) request;
-			HttpServletResponse res = (HttpServletResponse) response;
-
-			if (log.isDebugEnabled())
-				log.debug("checking path = " + req.getServletPath());
-
-			if (!request.isSecure()
-					&& allowedUrls.contains(req.getServletPath())) {
-
-				// http insecure request that should be over https
-				String redirect = "https://" + req.getServerName();
-
-				if (this.httpsPort != 443)
-					redirect += ":" + this.httpsPort;
-
-				redirect += req.getRequestURI();
-
-				if (req.getQueryString() != null)
-					redirect += "?" + req.getQueryString();
-
-				if (log.isDebugEnabled())
-					log.debug("Redirecting to " + redirect);
-
-				res.sendRedirect(redirect);
-				return;
-
-			} else if (request.isSecure()
-					&& !isIgnoredURL(req.getServletPath())
-					&& !allowedUrls.contains(req.getServletPath())) {
-
-				// https secure request that should be over http
-				String redirect = "http://" + req.getServerName();
-
-				if (this.httpPort != 80)
-					redirect += ":" + this.httpPort;
-
-				redirect += req.getRequestURI();
-
-				if (req.getQueryString() != null)
-					redirect += "?" + req.getQueryString();
-
-				if (log.isDebugEnabled())
-					log.debug("Redirecting to " + redirect);
-
-				res.sendRedirect(redirect);
-				return;
-			}
-		}
-
-		chain.doFilter(request, response);
-	}
-
-	/**
-	 * Checks if the url is to be ignored.
-	 * 
-	 * @param theUrl
-	 *            the the url
-	 * 
-	 * @return true, if the url is to be ignored.
-	 */
-	private boolean isIgnoredURL(String theUrl) {
-
-		int i = theUrl.lastIndexOf('.');
-
-		if (i <= 0 || i == theUrl.length() - 1)
-			return true;
-
-		return ignored.contains(theUrl.substring(i + 1));
-
-	}
-
-	/**
-	 * @see javax.servlet.Filter#destroy()
-	 */
-	public void destroy() {
-	}
-
-	/**
-	 * Filter init.
-	 * 
-	 * We are just collecting init properties which we'll use for each request.
-	 */
-	public void init(FilterConfig filterConfig) {
-
-		// determine if we are doing scheme enforcement
-		this.schemeEnforcementEnabled = WebloggerConfig
-				.getBooleanProperty("schemeenforcement.enabled");
-		this.secureLoginEnabled = WebloggerConfig
-				.getBooleanProperty("securelogin.enabled");
-
-		if (this.schemeEnforcementEnabled && this.secureLoginEnabled) {
-			// gather some more properties
-			String http_port = WebloggerConfig
-					.getProperty("securelogin.http.port");
-			String https_port = WebloggerConfig
-					.getProperty("securelogin.https.port");
-
-			try {
-				this.httpPort = Integer.parseInt(http_port);
-				this.httpsPort = Integer.parseInt(https_port);
-			} catch (NumberFormatException nfe) {
-				// ignored ... guess we'll have to use the defaults
-				log.warn("error with secure login ports", nfe);
-			}
-
-			// finally, construct our list of allowable https urls and ignored
-			// resources
-			String cfgs = WebloggerConfig
-					.getProperty("schemeenforcement.https.urls");
-			String[] cfgsArray = cfgs.split(",");
-			for (int i = 0; i < cfgsArray.length; i++)
-				this.allowedUrls.add(cfgsArray[i]);
-
-			cfgs = WebloggerConfig
-					.getProperty("schemeenforcement.https.ignored");
-			cfgsArray = StringUtils.stripAll(StringUtils.split(cfgs, ","));
-			for (int i = 0; i < cfgsArray.length; i++)
-				this.ignored.add(cfgsArray[i]);
-
-			// some logging for the curious
-			log.info("Scheme enforcement = enabled");
-			if (log.isDebugEnabled()) {
-				log.debug("allowed urls are:");
-				for (String allowedUrl : allowedUrls)
-					log.debug(allowedUrl);
-				log.debug("ignored extensions are:");
-				for (String ignore : ignored)
-					log.debug(ignore);
-			}
-		}
-	}
+    private boolean schemeEnforcementEnabled = false;
+    private boolean secureLoginEnabled = false;
+    private int httpPort = 80;
+    private int httpsPort = 443;
+
+    private Set<String> allowedUrls = new HashSet<String>();
+    private Set<String> ignored = new HashSet<String>();
+
+    /**
+     * Process filter.
+     * <p/>
+     * We'll take the incoming request and first determine if this is a secure
+     * request. If the request is secure then we'll see if it matches one of the
+     * allowed secure urls, if not then we will redirect back out of https.
+     */
+    public void doFilter(ServletRequest request, ServletResponse response,
+                         FilterChain chain) throws IOException, ServletException {
+
+        if (this.schemeEnforcementEnabled && this.secureLoginEnabled) {
+
+            HttpServletRequest req = (HttpServletRequest) request;
+            HttpServletResponse res = (HttpServletResponse) response;
+
+            if (log.isDebugEnabled()) {
+                log.debug("checking path = " + req.getServletPath());
+            }
+
+            if (!request.isSecure()
+                    && allowedUrls.contains(req.getServletPath())) {
+
+                // http insecure request that should be over https
+                String redirect = "https://" + req.getServerName();
+
+                if (this.httpsPort != 443) {
+                    redirect += ":" + this.httpsPort;
+                }
+
+                redirect += req.getRequestURI();
+
+                if (req.getQueryString() != null) {
+                    redirect += "?" + req.getQueryString();
+                }
+
+                if (log.isDebugEnabled()) {
+                    log.debug("Redirecting to " + redirect);
+                }
+
+                res.sendRedirect(redirect);
+                return;
+
+            } else if (request.isSecure()
+                    && !isIgnoredURL(req.getServletPath())
+                    && !allowedUrls.contains(req.getServletPath())) {
+
+                // https secure request that should be over http
+                String redirect = "http://" + req.getServerName();
+
+                if (this.httpPort != 80) {
+                    redirect += ":" + this.httpPort;
+                }
+
+                redirect += req.getRequestURI();
+
+                if (req.getQueryString() != null) {
+                    redirect += "?" + req.getQueryString();
+                }
+
+                if (log.isDebugEnabled()) {
+                    log.debug("Redirecting to " + redirect);
+                }
+
+                res.sendRedirect(redirect);
+                return;
+            }
+        }
+
+        chain.doFilter(request, response);
+    }
+
+    /**
+     * Checks if the url is to be ignored.
+     *
+     * @param theUrl the the url
+     * @return true, if the url is to be ignored.
+     */
+    private boolean isIgnoredURL(String theUrl) {
+
+        int i = theUrl.lastIndexOf('.');
+
+        if (i <= 0 || i == theUrl.length() - 1) {
+            return true;
+        }
+
+        return ignored.contains(theUrl.substring(i + 1));
+
+    }
+
+    /**
+     * @see javax.servlet.Filter#destroy()
+     */
+    public void destroy() {
+    }
+
+    /**
+     * Filter init.
+     * <p/>
+     * We are just collecting init properties which we'll use for each request.
+     */
+    public void init(FilterConfig filterConfig) {
+
+        // determine if we are doing scheme enforcement
+        this.schemeEnforcementEnabled = WebloggerConfig
+                .getBooleanProperty("schemeenforcement.enabled");
+        this.secureLoginEnabled = WebloggerConfig
+                .getBooleanProperty("securelogin.enabled");
+
+        if (this.schemeEnforcementEnabled && this.secureLoginEnabled) {
+            // gather some more properties
+            String http_port = WebloggerConfig
+                    .getProperty("securelogin.http.port");
+            String https_port = WebloggerConfig
+                    .getProperty("securelogin.https.port");
+
+            try {
+                this.httpPort = Integer.parseInt(http_port);
+                this.httpsPort = Integer.parseInt(https_port);
+            } catch (NumberFormatException nfe) {
+                // ignored ... guess we'll have to use the defaults
+                log.warn("error with secure login ports", nfe);
+            }
+
+            // finally, construct our list of allowable https urls and ignored
+            // resources
+            String cfgs = WebloggerConfig
+                    .getProperty("schemeenforcement.https.urls");
+            String[] cfgsArray = cfgs.split(",");
+            for (int i = 0; i < cfgsArray.length; i++) {
+                this.allowedUrls.add(cfgsArray[i]);
+            }
+            cfgs = WebloggerConfig
+                    .getProperty("schemeenforcement.https.ignored");
+            cfgsArray = StringUtils.stripAll(StringUtils.split(cfgs, ","));
+            for (int i = 0; i < cfgsArray.length; i++) {
+                this.ignored.add(cfgsArray[i]);
+            }
+
+            // some logging for the curious
+            log.info("Scheme enforcement = enabled");
+            if (log.isDebugEnabled()) {
+                log.debug("allowed urls are:");
+                for (String allowedUrl : allowedUrls) {
+                    log.debug(allowedUrl);
+                }
+                log.debug("ignored extensions are:");
+                for (String ignore : ignored) {
+                    log.debug(ignore);
+                }
+            }
+        }
+    }
 
 }

Modified: roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/struts2/core/Register.java
URL: http://svn.apache.org/viewvc/roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/struts2/core/Register.java?rev=1517033&r1=1517032&r2=1517033&view=diff
==============================================================================
--- roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/struts2/core/Register.java
(original)
+++ roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/struts2/core/Register.java
Fri Aug 23 21:03:38 2013
@@ -135,10 +135,10 @@ public class Register extends UIAction i
 
             boolean usingSSO = WebloggerConfig.getBooleanProperty("users.sso.enabled");
             if (usingSSO) {
-                // See if user is already logged in via Acegi
+                // See if user is already logged in via Spring Security
                 User fromSSO = CustomUserRegistry.getUserDetailsFromAuthentication(getServletRequest());
                 if (fromSSO != null) {
-                    // Copy user details from Acegi, including LDAP attributes
+                    // Copy user details from Spring Security, including LDAP attributes
                     getBean().copyFrom(fromSSO);
                     setFromSso(true);
                 }
@@ -321,7 +321,7 @@ public class Register extends UIAction i
             boolean storePassword = WebloggerConfig.getBooleanProperty("users.sso.passwords.saveInRollerDb");
             String password = WebloggerConfig.getProperty("users.sso.passwords.defaultValue",
"<unknown>");
             
-            // Preserve username and password, Acegi case             
+            // Preserve username and password, Spring Security case
             User fromSSO = CustomUserRegistry.getUserDetailsFromAuthentication(getServletRequest());
             if (fromSSO != null) {
                 if (storePassword) {

Modified: roller/trunk/app/src/main/resources/org/apache/roller/weblogger/config/roller.properties
URL: http://svn.apache.org/viewvc/roller/trunk/app/src/main/resources/org/apache/roller/weblogger/config/roller.properties?rev=1517033&r1=1517032&r2=1517033&view=diff
==============================================================================
--- roller/trunk/app/src/main/resources/org/apache/roller/weblogger/config/roller.properties
(original)
+++ roller/trunk/app/src/main/resources/org/apache/roller/weblogger/config/roller.properties
Fri Aug 23 21:03:38 2013
@@ -654,7 +654,6 @@ log4j.logger.org.apache.velocity=FATAL
 
 # Roller extras
 log4j.logger.com.ecyrd.jspwiki=ERROR
-log4j.logger.com.opensymphony.oscache=ERROR
 log4j.logger.com.danga.MemCached=ERROR
 
 #-----------------------------------------------------------------------------

Modified: roller/trunk/app/src/main/webapp/WEB-INF/web.xml
URL: http://svn.apache.org/viewvc/roller/trunk/app/src/main/webapp/WEB-INF/web.xml?rev=1517033&r1=1517032&r2=1517033&view=diff
==============================================================================
--- roller/trunk/app/src/main/webapp/WEB-INF/web.xml (original)
+++ roller/trunk/app/src/main/webapp/WEB-INF/web.xml Fri Aug 23 21:03:38 2013
@@ -99,14 +99,14 @@
         <dispatcher>FORWARD</dispatcher>
     </filter-mapping>
 
-    <!-- Scheme enforcement.  Only here until we get Acegi scheme enforcement working
-->
+    <!-- Scheme enforcement.  Only here until we get Spring Security scheme enforcement
working -->
     <filter-mapping>
         <filter-name>SchemeEnforcementFilter</filter-name>
         <url-pattern>/*</url-pattern>
         <dispatcher>REQUEST</dispatcher>
     </filter-mapping>
 
-    <!-- Acegi Security filters - controls secure access to different parts of Roller
-->
+    <!-- Spring Security filters - controls secure access to different parts of Roller
-->
     <filter-mapping>
         <filter-name>securityFilter</filter-name>
         <url-pattern>/*</url-pattern>



Mime
View raw message