Author: snoopdave
Date: Wed Mar 3 04:16:42 2010
New Revision: 918322
URL: http://svn.apache.org/viewvc?rev=918322&view=rev
Log:
Fix for remember me problem. As Greg suggested the <input> name and id values
were wrong, but there was also a chunk of XML missing from the Spring Security
config file security.xml.
Also, did a bit of cleanup and remove the old LDAP/CAS configuration because it
does not work with Spring Security 2. Leaving it in the file might be confusing
for folks trying to figure out how to make Roller work with LDAP.
Modified:
roller/trunk/weblogger-web/src/main/webapp/WEB-INF/jsps/core/Login.jsp
roller/trunk/weblogger-web/src/main/webapp/WEB-INF/security.xml
Modified: roller/trunk/weblogger-web/src/main/webapp/WEB-INF/jsps/core/Login.jsp
URL:
http://svn.apache.org/viewvc/roller/trunk/weblogger-web/src/main/webapp/WEB-INF/jsps/core/Login.jsp?rev=918322&r1=918321&r2=918322&view=diff
==============================================================================
--- roller/trunk/weblogger-web/src/main/webapp/WEB-INF/jsps/core/Login.jsp
(original)
+++ roller/trunk/weblogger-web/src/main/webapp/WEB-INF/jsps/core/Login.jsp Wed
Mar 3 04:16:42 2010
@@ -93,7 +93,7 @@
<tr>
<td width="20%"></td>
<td width="80%">
- <input type="checkbox" name="rememberMe" id="rememberMe" />
+ <input type="checkbox" name="_spring_security_remember_me"
id="_spring_security_remember_me" />
<label for="rememberMe">
<s:text name="loginPage.rememberMe" />
</label>
Modified: roller/trunk/weblogger-web/src/main/webapp/WEB-INF/security.xml
URL:
http://svn.apache.org/viewvc/roller/trunk/weblogger-web/src/main/webapp/WEB-INF/security.xml?rev=918322&r1=918321&r2=918322&view=diff
==============================================================================
--- roller/trunk/weblogger-web/src/main/webapp/WEB-INF/security.xml (original)
+++ roller/trunk/weblogger-web/src/main/webapp/WEB-INF/security.xml Wed Mar 3
04:16:42 2010
@@ -21,11 +21,11 @@
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-2.0.1-openidfix.xsd";>
-<!--
- xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
- http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-2.0.1.xsd";>
+ <!--
+xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
+http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-2.0.1.xsd";>
-->
-
+
<http auto-config="false" lowercase-comparisons="true"
access-decision-manager-ref="accessDecisionManager">
<intercept-url pattern="/images/**" filters="none"/>
<intercept-url pattern="/scripts/**" filters="none"/>
@@ -37,21 +37,45 @@
<intercept-url pattern="/roller-ui/authoring/**"
access="admin,editor"/>
<intercept-url pattern="/roller-ui/admin/**" access="admin"/>
<intercept-url pattern="/rewrite-status*" access="admin"/>
-
- <!-- Uncomment the following for LDAP/SSO configuration -->
- <!--intercept-url pattern="/roller-ui/user.do*" access="register"/-->
- <form-login login-page="/roller-ui/login.rol"
authentication-failure-url="/roller-ui/login.rol?error=true"
- login-processing-url="/roller_j_security_check"/>
- <remember-me user-service-ref="rollerUserService"
key="715F2448-3176-11DD-ABC6-9CD955D89593"/>
- </http>
+ <form-login login-page="/roller-ui/login.rol"
+
authentication-failure-url="/roller-ui/login.rol?error=true"
+ login-processing-url="/roller_j_security_check"/>
+
+ <remember-me user-service-ref="rollerUserService"
+ key="715F2448-3176-11DD-ABC6-9CD955D89593"/>
+ </http>
+
+
+ <!-- Read users from Roller API -->
+ <authentication-provider user-service-ref="rollerUserService"/>
+ <beans:bean id="rollerUserService"
+
class="org.apache.roller.weblogger.ui.core.security.RollerUserDetailsService"/>
+
+ <beans:bean id="accessDecisionManager"
class="org.springframework.security.vote.AffirmativeBased">
+ <beans:property name="allowIfAllAbstainDecisions" value="false"/>
+ <beans:property name="decisionVoters">
+ <beans:list>
+ <beans:ref local="roleVoter"/>
+ </beans:list>
+ </beans:property>
+ </beans:bean>
+ <beans:bean id="roleVoter"
class="org.springframework.security.vote.RoleVoter">
+ <beans:property name="rolePrefix" value=""/>
+ </beans:bean>
+
+ <beans:bean id="rememberMeAuthenticationProvider"
class="org.springframework.security.providers.rememberme.RememberMeAuthenticationProvider">
+ <!-- This ensures that remember-me is added as an authentication
provider -->
+ <custom-authentication-provider />
+ <beans:property name="key" value="springRocks"/>
+ </beans:bean>
+ <!-- OpenID -->
<authentication-manager alias='authenticationManagerAlias'/>
<beans:bean id = "openIDAuthProvider"
class="org.springframework.security.providers.openid.OpenIDAuthenticationProvider">
<custom-authentication-provider/>
<beans:property name="userDetailsService" ref="rollerUserService"/>
</beans:bean>
-
<beans:bean id="openidAuthenticationProcessingFilter"
class="org.apache.roller.weblogger.ui.core.filters.CustomOpenIDAuthenticationProcessingFilter">
<beans:property name="defaultTargetUrl" value="/roller-ui/menu.rol"/>
<beans:property name="filterProcessesUrl"
value="/roller_j_openid_security_check"/>
@@ -60,122 +84,14 @@
<beans:prop
key="org.springframework.security.userdetails.UsernameNotFoundException">/roller-ui/register.rol
</beans:prop>
<beans:prop
key="org.springframework.security.BadCredentialsException">/roller-ui/login.rol?error=true
- </beans:prop>
+ </beans:prop>
<beans:prop
key="org.springframework.security.AuthenticationException">/roller-ui/login.rol?error=true
</beans:prop>
</beans:props>
- </beans:property>
- <beans:property name="authenticationFailureUrl"
value="/roller-ui/login.rol?error=true"/>
+ </beans:property>
+ <beans:property name="authenticationFailureUrl"
value="/roller-ui/login.rol?error=true"/>
<beans:property name="authenticationManager"
ref="authenticationManagerAlias"/>
<custom-filter position="OPENID_PROCESSING_FILTER"/>
</beans:bean>
-
-
- <authentication-provider user-service-ref="rollerUserService"/>
-
-
- <!-- Read users from Roller API -->
- <beans:bean id="rollerUserService"
class="org.apache.roller.weblogger.ui.core.security.RollerUserDetailsService"/>
-
- <!-- It may be possible to get rid of the following two beans in a
future version of Spring Security. -->
- <!-- See http://jira.springframework.org/browse/SEC-840 for more
information. -->
- <beans:bean id="accessDecisionManager"
class="org.springframework.security.vote.AffirmativeBased">
- <beans:property name="allowIfAllAbstainDecisions" value="false"/>
- <beans:property name="decisionVoters">
- <beans:list>
- <beans:ref local="roleVoter"/>
- </beans:list>
- </beans:property>
- </beans:bean>
- <beans:bean id="roleVoter"
class="org.springframework.security.vote.RoleVoter">
- <beans:property name="rolePrefix" value=""/>
- </beans:bean>
-
- <!-- TODO MR: Modify LDAP and CAS Configuration for Spring Security 2.0.x
-->
-
- <!-- ===================== LDAP AUTHENTICATION ==================== -->
- <!-- BEGIN: Sample LDAP/RollerDB hybrid security configuration
- <bean id="initialDirContextFactory"
class="org.springframework.security.ldap.DefaultInitialDirContextFactory">
- <constructor-arg value="LDAP_URL"/>
- <property name="managerDn" value="LDAP_USERNAME"/>
- <property name="managerPassword" value="LDAP_PASSWORD"/>
- </bean>
-
- <bean id="ldapUserSearch"
class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">
- <constructor-arg index="0" value=""/>
- <constructor-arg index="1" value="uid={0}"/>
- <constructor-arg index="2" ref="initialDirContextFactory"/>
- <property name="searchSubtree" value="true"/>
- </bean>
-
- <bean id="ldapAuthProvider"
class="org.springframework.security.providers.ldap.LdapAuthenticationProvider">
- <constructor-arg>
- <bean
class="org.springframework.security.providers.ldap.authenticator.BindAuthenticator">
- <constructor-arg ref="initialDirContextFactory"/>
- <property name="userSearch" ref="ldapUserSearch"/>
- </bean>
- </constructor-arg>
- <constructor-arg ref="jdbcAuthoritiesPopulator"/>
- <property name="userCache" ref="userCache"/>
- </bean>
-
- <bean id="jdbcAuthoritiesPopulator"
class="org.apache.roller.weblogger.ui.core.security.AuthoritiesPopulator">
- <property name="defaultRole" value="register"/>
- </bean>
- -->
- <!-- END Sample LDAP/RollerDB hybrid security configuration -->
-
- <!-- ======================== CENTRAL AUTHENTICATION SERVICE (CAS)
======================= -->
- <!-- BEGIN: Sample CAS/RollerDB hybrid security configuration
- <bean id="casProcessingFilter"
class="org.springframework.security.ui.cas.CasProcessingFilter">
- <property name="authenticationManager" ref="authenticationManager"/>
- <property name="authenticationFailureUrl"
value="/roller-ui/login.rol?error=true"/>
- <property name="defaultTargetUrl" value="/"/>
- <property name="filterProcessesUrl" value="/roller_j_security_check"/>
- </bean>
-
- <bean id="casProcessingFilterEntryPoint"
class="org.springframework.security.ui.cas.CasProcessingFilterEntryPoint">
- <property name="loginUrl" value="https://localhost:8443/cas/login"/>
- <property name="serviceProperties" ref="serviceProperties"/>
- </bean>
-
- <bean id="casAuthenticationProvider"
class="org.springframework.security.providers.cas.CasAuthenticationProvider">
- <property name="casAuthoritiesPopulator">
- <bean
class="org.apache.roller.weblogger.ui.core.security.RollerCasPopulator">
- <property name="userDetailsService"
ref="jdbcAuthenticationDao"/>
- </bean>
- </property>
- <property name="casProxyDecider" ref="casProxyDecider"/>
- <property name="ticketValidator" ref="casProxyTicketValidator"/>
- <property name="statelessTicketCache" ref="statelessTicketCache"/>
- <property name="key" value="rollerlovesacegi"/>
- </bean>
-
- <bean id="casProxyTicketValidator"
class="org.springframework.security.providers.cas.ticketvalidator.CasProxyTicketValidator">
- <property name="casValidate"
value="https://localhost:8443/cas/proxyValidate"/>
- <property name="proxyCallbackUrl"
value="http://localhost:8080/roller/casProxy/receptor"/>
- <property name="serviceProperties" ref="serviceProperties"/>
- <property name="trustStore"
value="/Library/Java/Home/lib/security/cacerts"/>
- </bean>
-
- <bean id="cacheManager"
class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean"/>
-
- <bean id="ticketCacheBackend"
class="org.springframework.cache.ehcache.EhCacheFactoryBean">
- <property name="cacheManager" ref="cacheManager"/>
- <property name="cacheName" value="ticketCache"/>
- </bean>
-
- <bean id="statelessTicketCache"
class="org.springframework.security.providers.cas.cache.EhCacheBasedTicketCache">
- <property name="cache" ref="ticketCacheBackend"/>
- </bean>
-
- <bean id="casProxyDecider"
class="org.springframework.security.providers.cas.proxy.RejectProxyTickets"/>
-
- <bean id="serviceProperties"
class="org.springframework.security.ui.cas.ServiceProperties">
- <property name="service"
value="http://localhost:8080/roller/roller_j_security_check"/>
- <property name="sendRenew" value="false"/>
- </bean>
- -->
- <!-- END Sample CAS/RollerDB hybrid security configuration -->
</beans:beans>
