taylor 02/05/28 16:04:56
Modified: proposals Security.txt
src/java/org/apache/jetspeed/modules/actions JLoginUser.java
src/java/org/apache/jetspeed/modules/actions/portlets/security
UserUpdateAction.java
src/java/org/apache/jetspeed/services JetspeedSecurity.java
src/java/org/apache/jetspeed/services/security
JetspeedDBSecurityService.java
JetspeedSecurityService.java
src/java/org/apache/jetspeed/services/template
JetspeedTemplateLocatorService.java
webapp/WEB-INF/conf JetspeedResources.properties
Log:
- fixed logon.auto.disable bug in JR.p - made it part of JetspeedSecurity service
(for now)
- the default is now false (feature is turned 0ff by default)
Revision Changes Path
1.4 +3 -1 jakarta-jetspeed/proposals/Security.txt
Index: Security.txt
===================================================================
RCS file: /home/cvs/jakarta-jetspeed/proposals/Security.txt,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- Security.txt 24 May 2002 05:46:26 -0000 1.3
+++ Security.txt 28 May 2002 23:04:55 -0000 1.4
@@ -1,5 +1,5 @@
Jetspeed Proposal: Portal Security 1.4
-LAST MODIFIED: $Date: 2002/05/24 05:46:26 $
+LAST MODIFIED: $Date: 2002/05/28 23:04:55 $
AUTHOR: [EMAIL PROTECTED], [EMAIL PROTECTED]
STATUS:
@@ -237,6 +237,8 @@
User login( String username, String password );
User login( Principal principal );
User getAnonymousUser();
+
+ void logout();
}
-----------------------------------------------
1.24 +2 -2
jakarta-jetspeed/src/java/org/apache/jetspeed/modules/actions/JLoginUser.java
Index: JLoginUser.java
===================================================================
RCS file:
/home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/modules/actions/JLoginUser.java,v
retrieving revision 1.23
retrieving revision 1.24
diff -u -r1.23 -r1.24
--- JLoginUser.java 25 Feb 2002 04:38:12 -0000 1.23
+++ JLoginUser.java 28 May 2002 23:04:55 -0000 1.24
@@ -265,7 +265,7 @@
if ( data.getUser().hasLoggedIn())
{
- if (JetspeedResources.getBoolean("logon.auto.disable", true))
+ if (JetspeedSecurity.getAutoLogonDisable())
{
// dst: this needs some refactoring. I don't believe this api is
necessary
JetspeedSecurity.resetUserCheck(data.getParameters().getString("username", ""));
@@ -354,7 +354,7 @@
else
{
// disable user after a configurable number of strikes
- if (JetspeedResources.getBoolean("logon.auto.disable", true))
+ if (JetspeedSecurity.getAutoLogonDisable())
{
boolean disabled =
JetspeedSecurity.disableUserCheck(data.getParameters().getString("username", ""));
if (disabled)
1.12 +2 -2
jakarta-jetspeed/src/java/org/apache/jetspeed/modules/actions/portlets/security/UserUpdateAction.java
Index: UserUpdateAction.java
===================================================================
RCS file:
/home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/modules/actions/portlets/security/UserUpdateAction.java,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -r1.11 -r1.12
--- UserUpdateAction.java 29 Mar 2002 20:12:32 -0000 1.11
+++ UserUpdateAction.java 28 May 2002 23:04:55 -0000 1.12
@@ -104,7 +104,7 @@
* @author <a href="mailto:[EMAIL PROTECTED]";>David Sean Taylor</a>
* @author <a href="mailto:[EMAIL PROTECTED]";>Chris Kimpton</a>
* @author <a href="mailto:[EMAIL PROTECTED]";>Paul Spencer</a>
- * @version $Id: UserUpdateAction.java,v 1.11 2002/03/29 20:12:32 taylor Exp $
+ * @version $Id: UserUpdateAction.java,v 1.12 2002/05/28 23:04:55 taylor Exp $
*/
public class UserUpdateAction extends VelocityPortletAction
{
@@ -483,7 +483,7 @@
boolean disabled = (strDisabled != null);
user.setDisabled(disabled);
- if (!disabled && oldDisabled &&
JetspeedResources.getBoolean("logon.auto.disable", true))
+ if (!disabled && oldDisabled && JetspeedSecurity.getAutoLogonDisable())
{
JetspeedSecurity.resetUserCheck(name);
}
1.11 +8 -1
jakarta-jetspeed/src/java/org/apache/jetspeed/services/JetspeedSecurity.java
Index: JetspeedSecurity.java
===================================================================
RCS file:
/home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/services/JetspeedSecurity.java,v
retrieving revision 1.10
retrieving revision 1.11
diff -u -r1.10 -r1.11
--- JetspeedSecurity.java 25 Feb 2002 04:38:13 -0000 1.10
+++ JetspeedSecurity.java 28 May 2002 23:04:55 -0000 1.11
@@ -75,7 +75,7 @@
*
* @see org.apache.jetspeed.services.security.JetspeedSecurityService
* @author <a href="mailto:[EMAIL PROTECTED]";>David Sean Taylor</a>
- * @version $Id: JetspeedSecurity.java,v 1.10 2002/02/25 04:38:13 taylor Exp $
+ * @version $Id: JetspeedSecurity.java,v 1.11 2002/05/28 23:04:55 taylor Exp $
*/
abstract public class JetspeedSecurity extends TurbineSecurity
@@ -215,5 +215,12 @@
((JetspeedSecurityService)getService()).resetUserCheck(username);
}
+ /**
+ * @see JetspeedSecurityService#getAutoLogonDisable
+ */
+ public static boolean getAutoLogonDisable()
+ {
+ return ((JetspeedSecurityService)getService()).getAutoLogonDisable();
+ }
}
1.19 +13 -2
jakarta-jetspeed/src/java/org/apache/jetspeed/services/security/JetspeedDBSecurityService.java
Index: JetspeedDBSecurityService.java
===================================================================
RCS file:
/home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/services/security/JetspeedDBSecurityService.java,v
retrieving revision 1.18
retrieving revision 1.19
diff -u -r1.18 -r1.19
--- JetspeedDBSecurityService.java 17 Apr 2002 02:04:56 -0000 1.18
+++ JetspeedDBSecurityService.java 28 May 2002 23:04:55 -0000 1.19
@@ -101,7 +101,7 @@
*
* @author <a href="mailto:[EMAIL PROTECTED]";>David Sean Taylor</a>
* @author <a href="mailto:[EMAIL PROTECTED]";>Santiago Gala</a>
- * @version $Id: JetspeedDBSecurityService.java,v 1.18 2002/04/17 02:04:56 taylor
Exp $
+ * @version $Id: JetspeedDBSecurityService.java,v 1.19 2002/05/28 23:04:55 taylor
Exp $
*/
@@ -115,6 +115,7 @@
private final static String CONFIG_LOGON_STRIKE_COUNT = "logon.strike.count";
private final static String CONFIG_LOGON_STRIKE_MAX = "logon.strike.max";
private final static String CONFIG_LOGON_STRIKE_INTERVAL =
"logon.strike.interval";
+ private final static String CONFIG_LOGON_AUTO_DISABLE = "logon.auto.disable";
private final static String CONFIG_NEWUSER_ROLES = "newuser.roles";
private final static String CONFIG_DEFAULT_PERMISSION_LOGGEDIN =
"permission.default.loggedin";
@@ -126,11 +127,13 @@
String roles[] = null;
boolean caseInsensitiveUsername = false;
boolean caseInsensitivePassword = false;
- boolean caseInsensitiveUpper = true;
+ boolean caseInsensitiveUpper = true;
int strikeCount = 3; // 3 within the interval
int strikeMax = 20; // 20 total failures
long strikeInterval = 300; // five minutes
+ boolean autoLogonDisable = false;
+
private static HashMap users = new HashMap();
/**
@@ -171,6 +174,8 @@
strikeInterval = serviceConf.getLong(CONFIG_LOGON_STRIKE_INTERVAL,
strikeInterval);
strikeMax = serviceConf.getInt(CONFIG_LOGON_STRIKE_MAX, strikeMax);
+ autoLogonDisable = serviceConf.getBoolean(CONFIG_LOGON_AUTO_DISABLE,
autoLogonDisable);
+
// initialization done
setInit(true);
}
@@ -624,4 +629,10 @@
{
super.forcePassword(user, convertPassword(password));
}
+
+ public boolean getAutoLogonDisable()
+ {
+ return autoLogonDisable;
+ }
+
}
1.8 +2 -1
jakarta-jetspeed/src/java/org/apache/jetspeed/services/security/JetspeedSecurityService.java
Index: JetspeedSecurityService.java
===================================================================
RCS file:
/home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/services/security/JetspeedSecurityService.java,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -r1.7 -r1.8
--- JetspeedSecurityService.java 25 Feb 2002 04:38:13 -0000 1.7
+++ JetspeedSecurityService.java 28 May 2002 23:04:56 -0000 1.8
@@ -75,7 +75,7 @@
* for controlling access to portal resources (portlets, panes).
*
* @author <a href="mailto:[EMAIL PROTECTED]";>David Sean Taylor</a>
- * @version $Id: JetspeedSecurityService.java,v 1.7 2002/02/25 04:38:13 taylor Exp $
+ * @version $Id: JetspeedSecurityService.java,v 1.8 2002/05/28 23:04:56 taylor Exp $
*/
@@ -113,4 +113,5 @@
public void resetUserCheck(String username);
+ public boolean getAutoLogonDisable();
}
1.8 +2 -2
jakarta-jetspeed/src/java/org/apache/jetspeed/services/template/JetspeedTemplateLocatorService.java
Index: JetspeedTemplateLocatorService.java
===================================================================
RCS file:
/home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/services/template/JetspeedTemplateLocatorService.java,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -r1.7 -r1.8
--- JetspeedTemplateLocatorService.java 9 May 2002 08:44:53 -0000 1.7
+++ JetspeedTemplateLocatorService.java 28 May 2002 23:04:56 -0000 1.8
@@ -112,7 +112,7 @@
* @author <a href="mailto:[EMAIL PROTECTED]";>Raphael Luta</a>
* @author <a href="mailto:[EMAIL PROTECTED]";>Paul Spener</a>
* @author <a href="mailto:[EMAIL PROTECTED]";>Chris Kimpton</a>
- * @version $Id: JetspeedTemplateLocatorService.java,v 1.7 2002/05/09 08:44:53
kimptoc Exp $
+ * @version $Id: JetspeedTemplateLocatorService.java,v 1.8 2002/05/28 23:04:56
taylor Exp $
*/
public class JetspeedTemplateLocatorService extends TurbineBaseService
@@ -591,7 +591,6 @@
templatePath.append(PATH_SEPARATOR).append(language);
if ((country != null) && (country.length() > 0))
templatePath.append(PATH_SEPARATOR).append(country);
-
return templatePath.toString();
}
@@ -697,5 +696,6 @@
loadNameCache(path + list[ix], list[ix]);
}
}
+
}
1.78 +2 -2
jakarta-jetspeed/webapp/WEB-INF/conf/JetspeedResources.properties
Index: JetspeedResources.properties
===================================================================
RCS file:
/home/cvs/jakarta-jetspeed/webapp/WEB-INF/conf/JetspeedResources.properties,v
retrieving revision 1.77
retrieving revision 1.78
diff -u -r1.77 -r1.78
--- JetspeedResources.properties 10 May 2002 18:43:01 -0000 1.77
+++ JetspeedResources.properties 28 May 2002 23:04:56 -0000 1.78
@@ -1,7 +1,7 @@
################################################################################
# Jetspeed Configuration
# Author: Kevin A. Burton ([EMAIL PROTECTED])
-# $Id: JetspeedResources.properties,v 1.77 2002/05/10 18:43:01 kimptoc Exp $
+# $Id: JetspeedResources.properties,v 1.78 2002/05/28 23:04:56 taylor Exp $
################################################################################
# This is the main file you will need to configuration Jetspeed. If there are
# any secondary files they will be pointed to from this file.
@@ -424,7 +424,7 @@
services.JetspeedSecurity.caseinsensitive.upper=true
# Auto-Account-Disable Feature
-services.JetspeedSecurity.logon.auto.disable=true
+services.JetspeedSecurity.logon.auto.disable=false
# 3 logon strikes per 300 seconds and your out
services.JetspeedSecurity.logon.strike.count=3
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
