roller-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Glen Mazza (JIRA)" <j...@apache.org>
Subject [jira] [Created] (ROL-1968) Upgrade Spring Security from 2.0.7 to 3.1.4
Date Mon, 12 Aug 2013 18:12:48 GMT
Glen Mazza created ROL-1968:
-------------------------------

             Summary: Upgrade Spring Security from 2.0.7 to 3.1.4
                 Key: ROL-1968
                 URL: https://issues.apache.org/jira/browse/ROL-1968
             Project: Roller
          Issue Type: Task
    Affects Versions: 5.1
            Reporter: Glen Mazza
            Assignee: Roller Unassigned
         Attachments: SpringSecurity.patch

The enclosed patch gets us codewise about (my guess) 95-98% there, but there is some configuration
error in the updated security.xml that makes it all for naught.  Basically, the app will compile
and run via mvn jetty:run at http://localhost:8080/roller but authentication of the first
user created at the login screen *always* fails.  I'm attaching the patch of what I have so
far in case somebody wants to be a hero and get the remaining 2-5% in--I'll try to work on
it more myself as well.

Debugging can be done via IntelliJ by doing Menu item Run -> Edit Configurations, adding
a new Maven config item ("debug Roller") with a working directory of /full/path/to/app/folder
and a command line option of "jetty:run".  Then add breakpoints to the code and choose Menu
Item Run -> "debug Roller".  It's difficult to debug however, as most of the code is Spring
internal via the XML Configuration file and not Roller code. 

We don't need to get the OpenID auth method working to commit this patch (AFAICT it needed
updating to work in 2.0.7 as it wasn't working right OOTB anyway) -- I can look into that
later, but just to get the standard username/login at the command prompt working would be
good enough to commit this patch.  I'm partly inclined to commit this patch anyway and hold
Roller trunk hostage, meaning *nobody* can use trunk until somebody patches it to get Spring
Security 3.1 working, but I'll pass on such a drastic step.  :)

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message