roller-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From gma...@apache.org
Subject svn commit: r1615472 - in /roller/trunk/app/src/main: java/org/apache/roller/weblogger/pojos/wrapper/ java/org/apache/roller/weblogger/ui/core/ java/org/apache/roller/weblogger/ui/core/security/ java/org/apache/roller/weblogger/ui/struts2/core/ resourc...
Date Mon, 04 Aug 2014 01:35:51 GMT
Author: gmazza
Date: Mon Aug  4 01:35:51 2014
New Revision: 1615472

URL: http://svn.apache.org/r1615472
Log:
Removed users.sso.passwords.save option; renamed some properties from *.sso.* to *.ldap.*

Modified:
    roller/trunk/app/src/main/java/org/apache/roller/weblogger/pojos/wrapper/UserWrapper.java
    roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/core/RollerContext.java
    roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/core/RollerSession.java
    roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/core/security/CustomUserRegistry.java
    roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/struts2/core/Register.java
    roller/trunk/app/src/main/resources/org/apache/roller/weblogger/config/roller.properties

Modified: roller/trunk/app/src/main/java/org/apache/roller/weblogger/pojos/wrapper/UserWrapper.java
URL: http://svn.apache.org/viewvc/roller/trunk/app/src/main/java/org/apache/roller/weblogger/pojos/wrapper/UserWrapper.java?rev=1615472&r1=1615471&r2=1615472&view=diff
==============================================================================
--- roller/trunk/app/src/main/java/org/apache/roller/weblogger/pojos/wrapper/UserWrapper.java
(original)
+++ roller/trunk/app/src/main/java/org/apache/roller/weblogger/pojos/wrapper/UserWrapper.java
Mon Aug  4 01:35:51 2014
@@ -51,7 +51,7 @@ public final class UserWrapper {
      * username to be displayed publicly, so screen name is returned instead.
      */
     public String getUserName() {
-        if (WebloggerConfig.getBooleanProperty("user.privateUserNames")) {
+        if (WebloggerConfig.getBooleanProperty("user.hideUserNames")) {
             return this.pojo.getScreenName();
         }
         return this.pojo.getUserName();

Modified: roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/core/RollerContext.java
URL: http://svn.apache.org/viewvc/roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/core/RollerContext.java?rev=1615472&r1=1615471&r2=1615472&view=diff
==============================================================================
--- roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/core/RollerContext.java
(original)
+++ roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/core/RollerContext.java
Mon Aug  4 01:35:51 2014
@@ -322,7 +322,7 @@ public class RollerContext extends Conte
      * @return AutoProvision
      */
     public static AutoProvision getAutoProvision() {        
-        String clazzName = WebloggerConfig.getProperty("users.sso.autoProvision.className");
+        String clazzName = WebloggerConfig.getProperty("users.ldap.autoProvision.className");
         
         if (null == clazzName) {
             return null;

Modified: roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/core/RollerSession.java
URL: http://svn.apache.org/viewvc/roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/core/RollerSession.java?rev=1615472&r1=1615471&r2=1615472&view=diff
==============================================================================
--- roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/core/RollerSession.java
(original)
+++ roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/core/RollerSession.java
Mon Aug  4 01:35:51 2014
@@ -97,7 +97,7 @@ public class RollerSession 
                     
                     // try one time to auto-provision, only happens if user==null
                     // which means installation has SSO-enabled in security.xml
-                    if (user == null && WebloggerConfig.getBooleanProperty("users.sso.autoProvision.enabled"))
{
+                    if (user == null && WebloggerConfig.getBooleanProperty("users.ldap.autoProvision.enabled"))
{
                         
                         // provisioning enabled, get provisioner and execute
                         AutoProvision provisioner = RollerContext.getAutoProvision();

Modified: roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/core/security/CustomUserRegistry.java
URL: http://svn.apache.org/viewvc/roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/core/security/CustomUserRegistry.java?rev=1615472&r1=1615471&r2=1615472&view=diff
==============================================================================
--- roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/core/security/CustomUserRegistry.java
(original)
+++ roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/core/security/CustomUserRegistry.java
Mon Aug  4 01:35:51 2014
@@ -50,12 +50,12 @@ public class CustomUserRegistry {
     private static final String DEFAULT_LOCALE_LDAP_ATTRIBUTE = "locale";
     private static final String DEFAULT_TIMEZONE_LDAP_ATTRIBUTE = "timezone";
     
-    private static final String SNAME_LDAP_PROPERTY = "users.sso.registry.ldap.attributes.screenname";
-    private static final String UID_LDAP_PROPERTY = "users.sso.registry.ldap.attributes.uid";
-    private static final String NAME_LDAP_PROPERTY = "users.sso.registry.ldap.attributes.name";
-    private static final String EMAIL_LDAP_PROPERTY = "users.sso.registry.ldap.attributes.email";
-    private static final String LOCALE_LDAP_PROPERTY = "users.sso.registry.ldap.attributes.locale";
-    private static final String TIMEZONE_LDAP_PROPERTY = "users.sso.registry.ldap.attributes.timezone";
+    private static final String SNAME_LDAP_PROPERTY = "users.ldap.registry.attributes.screenname";
+    private static final String UID_LDAP_PROPERTY = "users.ldap.registry.attributes.uid";
+    private static final String NAME_LDAP_PROPERTY = "users.ldap.registry.attributes.name";
+    private static final String EMAIL_LDAP_PROPERTY = "users.ldap.registry.attributes.email";
+    private static final String LOCALE_LDAP_PROPERTY = "users.ldap.registry.attributes.locale";
+    private static final String TIMEZONE_LDAP_PROPERTY = "users.ldap.registry.attributes.timezone";
 
     public static User getUserDetailsFromAuthentication(HttpServletRequest request) {
 
@@ -74,14 +74,14 @@ public class CustomUserRegistry {
         ud.setTimeZone(TimeZone.getDefault().getID());
         ud.setDateCreated(new java.util.Date());
 
-        String userName = null;
-        String password = null;
+        String userName;
+        String unusedPassword;
         String fullName = null;
         String email = null;
         String screenName = null;
         String locale = null;
         String timezone = null;
-        boolean enabled = false;
+        boolean enabled;
 
         if(authentication == null) {
             // Try to get SSO data from HttpServletRequest
@@ -124,7 +124,6 @@ public class CustomUserRegistry {
             UserDetails userDetails = (UserDetails) oPrincipal;
         
             userName = userDetails.getUsername();
-            password = userDetails.getPassword();
             enabled = userDetails.isEnabled();
         
         
@@ -152,12 +151,10 @@ public class CustomUserRegistry {
             } */
         }
 
-        boolean storePassword = WebloggerConfig.getBooleanProperty("users.sso.passwords.save");
-        if(!storePassword) {
-            password = WebloggerConfig.getProperty("users.sso.passwords.defaultValue","<unknown>");
-        }
-
-        ud.setPassword(password);
+        // for LDAP we don't store its password in the roller_users table,
+        // just an string indicating external auth method being used.
+        unusedPassword = WebloggerConfig.getProperty("users.passwords.externalAuthValue","<externalAuth>");
+        ud.setPassword(unusedPassword);
         ud.setEnabled(enabled ? Boolean.TRUE : Boolean.FALSE);
 
         ud.setUserName(userName);
@@ -192,7 +189,7 @@ public class CustomUserRegistry {
             return null;
         }
         
-        if(oValue == null) {
+        if (oValue == null) {
             return null;
         }
         

Modified: roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/struts2/core/Register.java
URL: http://svn.apache.org/viewvc/roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/struts2/core/Register.java?rev=1615472&r1=1615471&r2=1615472&view=diff
==============================================================================
--- roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/struts2/core/Register.java
(original)
+++ roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/struts2/core/Register.java
Mon Aug  4 01:35:51 2014
@@ -325,28 +325,26 @@ public class Register extends UIAction i
     
     public void myValidate() {
         
-        // if usingSSO, we don't want to error on empty password/username from HTML form.
+        // if using external auth, we don't want to error on empty password/username from
HTML form.
         boolean usingSSO = authMethod == AuthMethod.LDAP || authMethod == AuthMethod.CMA;
         if (usingSSO) {
-            boolean storePassword = WebloggerConfig.getBooleanProperty("users.sso.passwords.save");
-            String password = WebloggerConfig.getProperty("users.sso.passwords.defaultValue",
"<unknown>");
+            // store an unused marker in the Roller DB for the passphrase in
+            // the LDAP or CMA cases, as actual passwords are stored externally
+            String unusedPassword = WebloggerConfig.getProperty("users.passwords.externalAuthValue",
"<externalAuth>");
             
             // Preserve username and password, Spring Security case
             User fromSSOUser = CustomUserRegistry.getUserDetailsFromAuthentication(getServletRequest());
             if (fromSSOUser != null) {
-                if (storePassword) {
-                    password = fromSSOUser.getPassword();
-                }
-                getBean().setPasswordText(password);
-                getBean().setPasswordConfirm(password);
+                getBean().setPasswordText(unusedPassword);
+                getBean().setPasswordConfirm(unusedPassword);
                 getBean().setUserName(fromSSOUser.getUserName());
             }
 
             // Preserve username and password, CMA case             
             else if (getServletRequest().getUserPrincipal() != null) {
                 getBean().setUserName(getServletRequest().getUserPrincipal().getName());
-                getBean().setPasswordText(password);
-                getBean().setPasswordConfirm(password);
+                getBean().setPasswordText(unusedPassword);
+                getBean().setPasswordConfirm(unusedPassword);
             }
         }
         

Modified: roller/trunk/app/src/main/resources/org/apache/roller/weblogger/config/roller.properties
URL: http://svn.apache.org/viewvc/roller/trunk/app/src/main/resources/org/apache/roller/weblogger/config/roller.properties?rev=1615472&r1=1615471&r2=1615472&view=diff
==============================================================================
--- roller/trunk/app/src/main/resources/org/apache/roller/weblogger/config/roller.properties
(original)
+++ roller/trunk/app/src/main/resources/org/apache/roller/weblogger/config/roller.properties
Mon Aug  4 01:35:51 2014
@@ -49,7 +49,7 @@
 # -- Directory settings
 # -- Feature specific settings
 # -- Scheduled tasks configuration
-# -- Cache configuratation
+# -- Cache configuration
 # -- User management and security settings
 # -- Rendering system
 # -- Weblog ping system
@@ -266,7 +266,7 @@ tasks.RefreshRollerPlanetTask.interval=6
 tasks.RefreshRollerPlanetTask.leaseTime=30
 
 #-----------------------------------------------------------------------------
-# Cache configuratation
+# Cache configuration
 #-----------------------------------------------------------------------------
 
 # Remember... times are in seconds
@@ -319,7 +319,7 @@ cache.salt.timeout=3600
 
 
 #-----------------------------------------------------------------------------
-# Security settings
+# User management and security settings
 #-----------------------------------------------------------------------------
 
 # Top-level authentication declaration for Apache Roller.  Introduced in Roller 5.1,
@@ -337,6 +337,10 @@ authentication.method=db
 # Enables HTTPS for login page only
 securelogin.enabled=false
 
+# Empty value used for passphrase in roller_user table when LDAP or CMA used;
+# openid presently generates a random (long) password string instead.
+users.passwords.externalAuthValue=<externalAuth>
+
 # Password security settings
 passwds.encryption.enabled=true
 passwds.encryption.algorithm=SHA
@@ -350,9 +354,9 @@ role.action.admin=login,comment,weblog,a
 users.firstUserAdmin=true
 
 # Normally, for security purposes Roller keeps usernames private and the user
-# getUserName() method in templates actually returns the user's sceenname.
+# getUserName() method in templates actually returns the user's screenname.
 # If you want templates to have access to real usernames, set this to false.
-user.privateUserNames=true
+user.hideUserNames=true
 
 # Enable scheme enforcement?
 # Scheme enforcement ensures that specific URLs are viewed only via HTTPS
@@ -375,8 +379,11 @@ schemeenforcement.https.ignored=css,gif,
 # Ignored urls for salt.  These are for multipart/form-data submissions as we do not get
any parameters
 salt.ignored.urls=mediaFileAdd!save.rol,mediaFileEdit!save.rol,bookmarksImport!save.rol
 
-#----------------------------------
-# Single-Sign-On (LDAP)
+#---------------------------------------------------------------------
+# LDAP authentication properties -- valid only if LDAP authentication
+# authentication.method via authentication.method setting.
+# See also comments and trackbacks section above for addition LDAP
+# config options.
 
 # Set these properties for a custom LDAP schema (optional)
 #users.ldap.registry.attributes.name=cn
@@ -384,16 +391,8 @@ salt.ignored.urls=mediaFileAdd!save.rol,
 #users.ldap.registry.attributes.locale=locale
 #users.ldap.registry.attributes.timezone=timezone
 
-# If you don't want user credentials from LDAP to be stored in Roller
-# (possibly in clear-text) leave this alone, otherwise set to true.
-# i.e. you would like a backup auth mechanism in case LDAP is down.
-users.sso.passwords.save=false
-
-# if you don't want passwords stored in DB, set this to the default value.
-users.sso.passwords.defaultValue=<usingSSO>
-
-users.sso.autoProvision.enabled=false
-users.sso.autoProvision.className=\
+users.ldap.autoProvision.enabled=false
+users.ldap.autoProvision.className=\
 org.apache.roller.weblogger.ui.core.security.BasicUserAutoProvision
 
 #-----------------------------------------------------------------------------



Mime
View raw message