This is an automated email from the ASF dual-hosted git repository.
snoopdave pushed a commit to branch roller-5.2.x
in repository https://gitbox.apache.org/repos/asf/roller.git
The following commit(s) were added to refs/heads/roller-5.2.x by this push:
new 21c92aa [ROL-2132] Fix for remember-me not working with LDAP.
21c92aa is described below
commit 21c92aafd850a5477450284c127e52612bd2d585
Author: [email protected] <[email protected]>
AuthorDate: Sun Apr 21 15:13:36 2019 -0400
[ROL-2132] Fix for remember-me not working with LDAP.
---
.../ui/core/security/RollerRememberMeServices.java | 55 ++++++++++++++++++++++
app/src/main/webapp/WEB-INF/security.xml | 28 +++++++----
2 files changed, 74 insertions(+), 9 deletions(-)
diff --git
a/app/src/main/java/org/apache/roller/weblogger/ui/core/security/RollerRememberMeServices.java
b/app/src/main/java/org/apache/roller/weblogger/ui/core/security/RollerRememberMeServices.java
new file mode 100644
index 0000000..5aa7d51
--- /dev/null
+++
b/app/src/main/java/org/apache/roller/weblogger/ui/core/security/RollerRememberMeServices.java
@@ -0,0 +1,55 @@
+package org.apache.roller.weblogger.ui.core.security;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.roller.weblogger.config.AuthMethod;
+import org.apache.roller.weblogger.config.WebloggerConfig;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.crypto.codec.Hex;
+import
org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices;
+
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
+
+
+public class RollerRememberMeServices extends TokenBasedRememberMeServices {
+ private static final Log log = LogFactory.getLog(CustomUserRegistry.class);
+
+
+ public RollerRememberMeServices() {
+ }
+
+ public RollerRememberMeServices(String key, UserDetailsService
userDetailsService) {
+ super(key, userDetailsService);
+ }
+
+ /**
+ * Calculates the digital signature to be put in the cookie. Default value
is
+ * MD5 ("username:tokenExpiryTime:password:key")
+ *
+ * If LDAP is enabled then a configurable dummy password is used in the
calculation.
+ */
+ protected String makeTokenSignature(long tokenExpiryTime, String username,
String password) {
+
+ boolean usingLDAP = WebloggerConfig.getAuthMethod() == AuthMethod.LDAP;
+ if (usingLDAP) {
+ log.debug("LDAP is enabled; using dummy password in remember me
signature.");
+
+ // for LDAP we don't store its password in the roller_users table,
+ // just an string indicating external auth method being used.
+ password =
WebloggerConfig.getProperty("users.passwords.externalAuthValue","<externalAuth>");
+ }
+
+ String data = username + ":" + tokenExpiryTime + ":" + password + ":"
+ getKey();
+ MessageDigest digest;
+ try {
+ digest = MessageDigest.getInstance("MD5");
+ } catch (NoSuchAlgorithmException e) {
+ throw new IllegalStateException("No MD5 algorithm available!");
+ }
+
+ return new String(Hex.encode(digest.digest(data.getBytes())));
+ }
+
+
+}
diff --git a/app/src/main/webapp/WEB-INF/security.xml
b/app/src/main/webapp/WEB-INF/security.xml
index 73094b0..33f80a2 100644
--- a/app/src/main/webapp/WEB-INF/security.xml
+++ b/app/src/main/webapp/WEB-INF/security.xml
@@ -41,7 +41,7 @@
authentication-failure-url="/roller-ui/login.rol?error=true"
login-processing-url="/roller_j_security_check"/>
- <remember-me user-service-ref="rollerUserService"
+ <remember-me services-ref="rollerRememberMeServices"
key="715F2448-3176-11DD-ABC6-9CD955D89593"/>
<custom-filter ref="openidAuthenticationProcessingFilter"
position="OPENID_FILTER"/>
@@ -63,16 +63,25 @@
<!-- Read users from Roller API -->
<authentication-manager alias='rollerAuthenticationManager'>
<authentication-provider ref="rememberMeAuthenticationProvider"/>
+
<!-- Uncomment one of the three below, based on whether database,
LDAP, or
OpenID authentication is desired. -->
+ <authentication-provider ref="ldapAuthProvider" />
+ <!--
<authentication-provider user-service-ref="rollerUserService"/>
- <!--authentication-provider ref="ldapAuthProvider"/>
- <authentication-provider ref="openIDAuthProvider"/-->
+ <authentication-provider ref="openIDAuthProvider"/>
+ -->
</authentication-manager>
<beans:bean id="rollerUserService"
class="org.apache.roller.weblogger.ui.core.security.RollerUserDetailsService"/>
+ <beans:bean id="rollerRememberMeServices"
+
class="org.apache.roller.weblogger.ui.core.security.RollerRememberMeServices">
+ <beans:property name="key"
value="715F2448-3176-11DD-ABC6-9CD955D89593"/>
+ <beans:property name="userDetailsService" ref="rollerUserService"/>
+ </beans:bean>
+
<beans:bean id="rememberMeAuthenticationProvider"
class="org.springframework.security.authentication.RememberMeAuthenticationProvider">
<beans:property name="key" value="springRocks"/>
@@ -113,10 +122,10 @@
</beans:property>
</beans:bean>
- <!-- Uncomment & customize below beans if using LDAP -->
- <!--beans:bean id="contextSource"
class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
- <beans:constructor-arg
value="ldap://localhost:10389/dc=example,dc=com"; />
- <beans:property name="userDn" value="uid=admin,ou=system" />
+ <!-- Uncomment & customize below beans if using LDAP
+ <beans:bean id="contextSource"
class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
+ <beans:constructor-arg value="ldap://localhost:389/dc=example,dc=com";
/>
+ <beans:property name="userDn" value="uid=admin" />
<beans:property name="password" value="secret" />
</beans:bean>
@@ -142,6 +151,7 @@
<beans:constructor-arg index="1" value="(uid={0})" />
<beans:constructor-arg index="2" ref="contextSource" />
<beans:property name="searchSubtree" value="true" />
- </beans:bean-->
-
+ </beans:bean>
+ -->
+
</beans:beans>
