Author: gmazza
Date: Mon Aug 4 01:35:51 2014
New Revision: 1615472
URL: http://svn.apache.org/r1615472
Log:
Removed users.sso.passwords.save option; renamed some properties from *.sso.*
to *.ldap.*
Modified:
roller/trunk/app/src/main/java/org/apache/roller/weblogger/pojos/wrapper/UserWrapper.java
roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/core/RollerContext.java
roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/core/RollerSession.java
roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/core/security/CustomUserRegistry.java
roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/struts2/core/Register.java
roller/trunk/app/src/main/resources/org/apache/roller/weblogger/config/roller.properties
Modified:
roller/trunk/app/src/main/java/org/apache/roller/weblogger/pojos/wrapper/UserWrapper.java
URL:
http://svn.apache.org/viewvc/roller/trunk/app/src/main/java/org/apache/roller/weblogger/pojos/wrapper/UserWrapper.java?rev=1615472&r1=1615471&r2=1615472&view=diff
==============================================================================
---
roller/trunk/app/src/main/java/org/apache/roller/weblogger/pojos/wrapper/UserWrapper.java
(original)
+++
roller/trunk/app/src/main/java/org/apache/roller/weblogger/pojos/wrapper/UserWrapper.java
Mon Aug 4 01:35:51 2014
@@ -51,7 +51,7 @@ public final class UserWrapper {
* username to be displayed publicly, so screen name is returned instead.
*/
public String getUserName() {
- if (WebloggerConfig.getBooleanProperty("user.privateUserNames")) {
+ if (WebloggerConfig.getBooleanProperty("user.hideUserNames")) {
return this.pojo.getScreenName();
}
return this.pojo.getUserName();
Modified:
roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/core/RollerContext.java
URL:
http://svn.apache.org/viewvc/roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/core/RollerContext.java?rev=1615472&r1=1615471&r2=1615472&view=diff
==============================================================================
---
roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/core/RollerContext.java
(original)
+++
roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/core/RollerContext.java
Mon Aug 4 01:35:51 2014
@@ -322,7 +322,7 @@ public class RollerContext extends Conte
* @return AutoProvision
*/
public static AutoProvision getAutoProvision() {
- String clazzName =
WebloggerConfig.getProperty("users.sso.autoProvision.className");
+ String clazzName =
WebloggerConfig.getProperty("users.ldap.autoProvision.className");
if (null == clazzName) {
return null;
Modified:
roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/core/RollerSession.java
URL:
http://svn.apache.org/viewvc/roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/core/RollerSession.java?rev=1615472&r1=1615471&r2=1615472&view=diff
==============================================================================
---
roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/core/RollerSession.java
(original)
+++
roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/core/RollerSession.java
Mon Aug 4 01:35:51 2014
@@ -97,7 +97,7 @@ public class RollerSession
// try one time to auto-provision, only happens if
user==null
// which means installation has SSO-enabled in security.xml
- if (user == null &&
WebloggerConfig.getBooleanProperty("users.sso.autoProvision.enabled")) {
+ if (user == null &&
WebloggerConfig.getBooleanProperty("users.ldap.autoProvision.enabled")) {
// provisioning enabled, get provisioner and execute
AutoProvision provisioner =
RollerContext.getAutoProvision();
Modified:
roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/core/security/CustomUserRegistry.java
URL:
http://svn.apache.org/viewvc/roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/core/security/CustomUserRegistry.java?rev=1615472&r1=1615471&r2=1615472&view=diff
==============================================================================
---
roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/core/security/CustomUserRegistry.java
(original)
+++
roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/core/security/CustomUserRegistry.java
Mon Aug 4 01:35:51 2014
@@ -50,12 +50,12 @@ public class CustomUserRegistry {
private static final String DEFAULT_LOCALE_LDAP_ATTRIBUTE = "locale";
private static final String DEFAULT_TIMEZONE_LDAP_ATTRIBUTE = "timezone";
- private static final String SNAME_LDAP_PROPERTY =
"users.sso.registry.ldap.attributes.screenname";
- private static final String UID_LDAP_PROPERTY =
"users.sso.registry.ldap.attributes.uid";
- private static final String NAME_LDAP_PROPERTY =
"users.sso.registry.ldap.attributes.name";
- private static final String EMAIL_LDAP_PROPERTY =
"users.sso.registry.ldap.attributes.email";
- private static final String LOCALE_LDAP_PROPERTY =
"users.sso.registry.ldap.attributes.locale";
- private static final String TIMEZONE_LDAP_PROPERTY =
"users.sso.registry.ldap.attributes.timezone";
+ private static final String SNAME_LDAP_PROPERTY =
"users.ldap.registry.attributes.screenname";
+ private static final String UID_LDAP_PROPERTY =
"users.ldap.registry.attributes.uid";
+ private static final String NAME_LDAP_PROPERTY =
"users.ldap.registry.attributes.name";
+ private static final String EMAIL_LDAP_PROPERTY =
"users.ldap.registry.attributes.email";
+ private static final String LOCALE_LDAP_PROPERTY =
"users.ldap.registry.attributes.locale";
+ private static final String TIMEZONE_LDAP_PROPERTY =
"users.ldap.registry.attributes.timezone";
public static User getUserDetailsFromAuthentication(HttpServletRequest
request) {
@@ -74,14 +74,14 @@ public class CustomUserRegistry {
ud.setTimeZone(TimeZone.getDefault().getID());
ud.setDateCreated(new java.util.Date());
- String userName = null;
- String password = null;
+ String userName;
+ String unusedPassword;
String fullName = null;
String email = null;
String screenName = null;
String locale = null;
String timezone = null;
- boolean enabled = false;
+ boolean enabled;
if(authentication == null) {
// Try to get SSO data from HttpServletRequest
@@ -124,7 +124,6 @@ public class CustomUserRegistry {
UserDetails userDetails = (UserDetails) oPrincipal;
userName = userDetails.getUsername();
- password = userDetails.getPassword();
enabled = userDetails.isEnabled();
@@ -152,12 +151,10 @@ public class CustomUserRegistry {
} */
}
- boolean storePassword =
WebloggerConfig.getBooleanProperty("users.sso.passwords.save");
- if(!storePassword) {
- password =
WebloggerConfig.getProperty("users.sso.passwords.defaultValue","<unknown>");
- }
-
- ud.setPassword(password);
+ // for LDAP we don't store its password in the roller_users table,
+ // just an string indicating external auth method being used.
+ unusedPassword =
WebloggerConfig.getProperty("users.passwords.externalAuthValue","<externalAuth>");
+ ud.setPassword(unusedPassword);
ud.setEnabled(enabled ? Boolean.TRUE : Boolean.FALSE);
ud.setUserName(userName);
@@ -192,7 +189,7 @@ public class CustomUserRegistry {
return null;
}
- if(oValue == null) {
+ if (oValue == null) {
return null;
}
Modified:
roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/struts2/core/Register.java
URL:
http://svn.apache.org/viewvc/roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/struts2/core/Register.java?rev=1615472&r1=1615471&r2=1615472&view=diff
==============================================================================
---
roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/struts2/core/Register.java
(original)
+++
roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/struts2/core/Register.java
Mon Aug 4 01:35:51 2014
@@ -325,28 +325,26 @@ public class Register extends UIAction i
public void myValidate() {
- // if usingSSO, we don't want to error on empty password/username from
HTML form.
+ // if using external auth, we don't want to error on empty
password/username from HTML form.
boolean usingSSO = authMethod == AuthMethod.LDAP || authMethod ==
AuthMethod.CMA;
if (usingSSO) {
- boolean storePassword =
WebloggerConfig.getBooleanProperty("users.sso.passwords.save");
- String password =
WebloggerConfig.getProperty("users.sso.passwords.defaultValue", "<unknown>");
+ // store an unused marker in the Roller DB for the passphrase in
+ // the LDAP or CMA cases, as actual passwords are stored externally
+ String unusedPassword =
WebloggerConfig.getProperty("users.passwords.externalAuthValue",
"<externalAuth>");
// Preserve username and password, Spring Security case
User fromSSOUser =
CustomUserRegistry.getUserDetailsFromAuthentication(getServletRequest());
if (fromSSOUser != null) {
- if (storePassword) {
- password = fromSSOUser.getPassword();
- }
- getBean().setPasswordText(password);
- getBean().setPasswordConfirm(password);
+ getBean().setPasswordText(unusedPassword);
+ getBean().setPasswordConfirm(unusedPassword);
getBean().setUserName(fromSSOUser.getUserName());
}
// Preserve username and password, CMA case
else if (getServletRequest().getUserPrincipal() != null) {
getBean().setUserName(getServletRequest().getUserPrincipal().getName());
- getBean().setPasswordText(password);
- getBean().setPasswordConfirm(password);
+ getBean().setPasswordText(unusedPassword);
+ getBean().setPasswordConfirm(unusedPassword);
}
}
Modified:
roller/trunk/app/src/main/resources/org/apache/roller/weblogger/config/roller.properties
URL:
http://svn.apache.org/viewvc/roller/trunk/app/src/main/resources/org/apache/roller/weblogger/config/roller.properties?rev=1615472&r1=1615471&r2=1615472&view=diff
==============================================================================
---
roller/trunk/app/src/main/resources/org/apache/roller/weblogger/config/roller.properties
(original)
+++
roller/trunk/app/src/main/resources/org/apache/roller/weblogger/config/roller.properties
Mon Aug 4 01:35:51 2014
@@ -49,7 +49,7 @@
# -- Directory settings
# -- Feature specific settings
# -- Scheduled tasks configuration
-# -- Cache configuratation
+# -- Cache configuration
# -- User management and security settings
# -- Rendering system
# -- Weblog ping system
@@ -266,7 +266,7 @@ tasks.RefreshRollerPlanetTask.interval=6
tasks.RefreshRollerPlanetTask.leaseTime=30
#-----------------------------------------------------------------------------
-# Cache configuratation
+# Cache configuration
#-----------------------------------------------------------------------------
# Remember... times are in seconds
@@ -319,7 +319,7 @@ cache.salt.timeout=3600
#-----------------------------------------------------------------------------
-# Security settings
+# User management and security settings
#-----------------------------------------------------------------------------
# Top-level authentication declaration for Apache Roller. Introduced in
Roller 5.1,
@@ -337,6 +337,10 @@ authentication.method=db
# Enables HTTPS for login page only
securelogin.enabled=false
+# Empty value used for passphrase in roller_user table when LDAP or CMA used;
+# openid presently generates a random (long) password string instead.
+users.passwords.externalAuthValue=<externalAuth>
+
# Password security settings
passwds.encryption.enabled=true
passwds.encryption.algorithm=SHA
@@ -350,9 +354,9 @@ role.action.admin=login,comment,weblog,a
users.firstUserAdmin=true
# Normally, for security purposes Roller keeps usernames private and the user
-# getUserName() method in templates actually returns the user's sceenname.
+# getUserName() method in templates actually returns the user's screenname.
# If you want templates to have access to real usernames, set this to false.
-user.privateUserNames=true
+user.hideUserNames=true
# Enable scheme enforcement?
# Scheme enforcement ensures that specific URLs are viewed only via HTTPS
@@ -375,8 +379,11 @@ schemeenforcement.https.ignored=css,gif,
# Ignored urls for salt. These are for multipart/form-data submissions as we
do not get any parameters
salt.ignored.urls=mediaFileAdd!save.rol,mediaFileEdit!save.rol,bookmarksImport!save.rol
-#----------------------------------
-# Single-Sign-On (LDAP)
+#---------------------------------------------------------------------
+# LDAP authentication properties -- valid only if LDAP authentication
+# authentication.method via authentication.method setting.
+# See also comments and trackbacks section above for addition LDAP
+# config options.
# Set these properties for a custom LDAP schema (optional)
#users.ldap.registry.attributes.name=cn
@@ -384,16 +391,8 @@ salt.ignored.urls=mediaFileAdd!save.rol,
#users.ldap.registry.attributes.locale=locale
#users.ldap.registry.attributes.timezone=timezone
-# If you don't want user credentials from LDAP to be stored in Roller
-# (possibly in clear-text) leave this alone, otherwise set to true.
-# i.e. you would like a backup auth mechanism in case LDAP is down.
-users.sso.passwords.save=false
-
-# if you don't want passwords stored in DB, set this to the default value.
-users.sso.passwords.defaultValue=<usingSSO>
-
-users.sso.autoProvision.enabled=false
-users.sso.autoProvision.className=\
+users.ldap.autoProvision.enabled=false
+users.ldap.autoProvision.className=\
org.apache.roller.weblogger.ui.core.security.BasicUserAutoProvision
#-----------------------------------------------------------------------------
