This is an automated email from the ASF dual-hosted git repository.
snoopdave pushed a commit to branch roller-5.2.x
in repository https://gitbox.apache.org/repos/asf/roller.git
The following commit(s) were added to refs/heads/roller-5.2.x by this push:
new b668319 More remember-me fixes.
b668319 is described below
commit b66831921c7b66a1d06e955b608fa5451c5525fe
Author: [email protected] <[email protected]>
AuthorDate: Sun May 19 16:53:40 2019 -0400
More remember-me fixes.
---
.../apache/roller/weblogger/ui/core/RollerContext.java | 7 ++-----
.../RollerRememberMeAuthenticationProvider.java | 3 +++
.../ui/core/security/RollerRememberMeServices.java | 17 ++++++++++++++---
app/src/main/webapp/WEB-INF/security.xml | 3 ++-
4 files changed, 21 insertions(+), 9 deletions(-)
diff --git
a/app/src/main/java/org/apache/roller/weblogger/ui/core/RollerContext.java
b/app/src/main/java/org/apache/roller/weblogger/ui/core/RollerContext.java
index b4517a5..1acc7f4 100644
--- a/app/src/main/java/org/apache/roller/weblogger/ui/core/RollerContext.java
+++ b/app/src/main/java/org/apache/roller/weblogger/ui/core/RollerContext.java
@@ -234,10 +234,6 @@ public class RollerContext extends ContextLoaderListener
ApplicationContext ctx =
WebApplicationContextUtils.getRequiredWebApplicationContext(context);
- /*String[] beanNames = ctx.getBeanDefinitionNames();
- for (String name : beanNames)
- System.out.println(name);*/
-
String rememberMe = WebloggerConfig.getProperty("rememberme.enabled");
boolean rememberMeEnabled = Boolean.valueOf(rememberMe);
@@ -246,7 +242,8 @@ public class RollerContext extends ContextLoaderListener
context.setAttribute("rememberMeEnabled", rememberMe);
if (!rememberMeEnabled) {
- ProviderManager provider = (ProviderManager)
ctx.getBean("_authenticationManager");
+ ProviderManager provider =
+ (ProviderManager)
ctx.getBean("org.springframework.security.authenticationManager");
for (AuthenticationProvider authProvider :
provider.getProviders()) {
if (authProvider instanceof RememberMeAuthenticationProvider) {
provider.getProviders().remove(authProvider);
diff --git
a/app/src/main/java/org/apache/roller/weblogger/ui/core/security/RollerRememberMeAuthenticationProvider.java
b/app/src/main/java/org/apache/roller/weblogger/ui/core/security/RollerRememberMeAuthenticationProvider.java
index 82e4322..a847abc 100644
---
a/app/src/main/java/org/apache/roller/weblogger/ui/core/security/RollerRememberMeAuthenticationProvider.java
+++
b/app/src/main/java/org/apache/roller/weblogger/ui/core/security/RollerRememberMeAuthenticationProvider.java
@@ -29,6 +29,7 @@ public class RollerRememberMeAuthenticationProvider extends
RememberMeAuthentica
public RollerRememberMeAuthenticationProvider() {
+ log.debug("initializing: RollerRememberMeAuthenticationProvider");
String key = WebloggerConfig.getProperty("rememberme.key",
"springRocks");
@@ -38,6 +39,8 @@ public class RollerRememberMeAuthenticationProvider extends
RememberMeAuthentica
"properties file. Make sure it is a secret and make sure it is
NOT be springRocks");
}
setKey(key);
+
+ log.debug("initialized: RollerRememberMeAuthenticationProvider with
key: " + getKey());
}
}
diff --git
a/app/src/main/java/org/apache/roller/weblogger/ui/core/security/RollerRememberMeServices.java
b/app/src/main/java/org/apache/roller/weblogger/ui/core/security/RollerRememberMeServices.java
index fdb920e..608d752 100644
---
a/app/src/main/java/org/apache/roller/weblogger/ui/core/security/RollerRememberMeServices.java
+++
b/app/src/main/java/org/apache/roller/weblogger/ui/core/security/RollerRememberMeServices.java
@@ -33,7 +33,20 @@ public class RollerRememberMeServices extends
TokenBasedRememberMeServices {
private static final Log log =
LogFactory.getLog(RollerRememberMeServices.class);
- public RollerRememberMeServices() {}
+ public RollerRememberMeServices() {
+ log.debug("initializing: RollerRememberMeServices");
+
+ String key = WebloggerConfig.getProperty("rememberme.key",
"springRocks");
+
+ if ("springRocks".equals(key)) {
+ throw new RuntimeException(
+ "If remember-me is to be enabled, rememberme.key must be
specified in the roller " +
+ "properties file. Make sure it is a secret and make sure
it is NOT be springRocks");
+ }
+ setKey(key);
+
+ log.debug("initialized: RollerRememberMeServices with key: " +
getKey());
+ }
/**
* Calculates the digital signature to be put in the cookie. Default value
is
@@ -62,6 +75,4 @@ public class RollerRememberMeServices extends
TokenBasedRememberMeServices {
return new String(Hex.encode(digest.digest(data.getBytes())));
}
-
-
}
diff --git a/app/src/main/webapp/WEB-INF/security.xml
b/app/src/main/webapp/WEB-INF/security.xml
index 993073a..d3e8fa3 100644
--- a/app/src/main/webapp/WEB-INF/security.xml
+++ b/app/src/main/webapp/WEB-INF/security.xml
@@ -78,12 +78,13 @@
<beans:bean id="rollerRememberMeServices"
class="org.apache.roller.weblogger.ui.core.security.RollerRememberMeServices">
- <beans:property name="key"
value="715F2448-3176-11DD-ABC6-9CD955D89593"/>
+ <beans:property name="key" value="ignored"/>
<beans:property name="userDetailsService" ref="rollerUserService"/>
</beans:bean>
<beans:bean id="rememberMeAuthenticationProvider"
class="org.apache.roller.weblogger.ui.core.security.RollerRememberMeAuthenticationProvider">
+ <beans:property name="key" value="ignored"/>
</beans:bean>
<beans:bean id = "openIDAuthProvider"
class="org.springframework.security.openid.OpenIDAuthenticationProvider">
