Author: taylor Date: Mon May 6 00:38:09 2019 New Revision: 1858719 URL: http://svn.apache.org/viewvc?rev=1858719&view=rev Log: JS2-1369: IP WhiteList Feature
Modified: portals/jetspeed-2/portal/trunk/components/jetspeed-portal/pom.xml portals/jetspeed-2/portal/trunk/components/jetspeed-portal/src/main/java/org/apache/jetspeed/administration/PortalAdministrationImpl.java portals/jetspeed-2/portal/trunk/components/jetspeed-portal/src/main/java/org/apache/jetspeed/security/impl/LoginValidationValveImpl.java portals/jetspeed-2/portal/trunk/components/jetspeed-security/pom.xml portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/UserPasswordCredentialPolicyManagerImpl.java portals/jetspeed-2/portal/trunk/jetspeed-installer/pom.xml portals/jetspeed-2/portal/trunk/jetspeed-portal-resources/src/main/resources/assembly/administration.xml portals/jetspeed-2/portal/trunk/jetspeed-portal-resources/src/main/resources/conf/jetspeed/jetspeed.properties Modified: portals/jetspeed-2/portal/trunk/components/jetspeed-portal/pom.xml URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/components/jetspeed-portal/pom.xml?rev=1858719&r1=1858718&r2=1858719&view=diff ============================================================================== --- portals/jetspeed-2/portal/trunk/components/jetspeed-portal/pom.xml (original) +++ portals/jetspeed-2/portal/trunk/components/jetspeed-portal/pom.xml Mon May 6 00:38:09 2019 @@ -20,10 +20,12 @@ <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd"> <modelVersion>4.0.0</modelVersion> + <prerequisites> - <maven>2.0.9</maven> + <maven>3.3.1</maven> </prerequisites> + <artifactId>jetspeed-portal</artifactId> <name>Jetspeed-2 Portal Components</name> <description>Jetspeed-2 Portal Components</description> Modified: portals/jetspeed-2/portal/trunk/components/jetspeed-portal/src/main/java/org/apache/jetspeed/administration/PortalAdministrationImpl.java URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/components/jetspeed-portal/src/main/java/org/apache/jetspeed/administration/PortalAdministrationImpl.java?rev=1858719&r1=1858718&r2=1858719&view=diff ============================================================================== --- portals/jetspeed-2/portal/trunk/components/jetspeed-portal/src/main/java/org/apache/jetspeed/administration/PortalAdministrationImpl.java (original) +++ portals/jetspeed-2/portal/trunk/components/jetspeed-portal/src/main/java/org/apache/jetspeed/administration/PortalAdministrationImpl.java Mon May 6 00:38:09 2019 @@ -114,6 +114,14 @@ public class PortalAdministrationImpl im */ protected String adminRole; + /** + * email BCC for administrative emails + * @since 2.3.2 + */ + protected String emailBcc; + + public final static String CONFIGURATION_EMAIL_BCC = "email.bcc"; + public PortalAdministrationImpl(UserManager userManager, RoleManager roleManager, GroupManager groupManager, @@ -150,7 +158,7 @@ public class PortalAdministrationImpl im public void start() { this.defaultRoles = configuration.getList(PortalConfigurationConstants.REGISTRATION_ROLES_DEFAULT); this.defaultGroups = configuration.getList(PortalConfigurationConstants.REGISTRATION_GROUPS_DEFAULT); - + this.emailBcc = configuration.getString(CONFIGURATION_EMAIL_BCC, null); String[] profileRuleNames = configuration.getStringArray(PortalConfigurationConstants.PROFILER_RULE_NAMES_DEFAULT); String[] profileRuleValues = configuration.getStringArray(PortalConfigurationConstants.PROFILER_RULE_VALUES_DEFAULT); defaultRules = new HashMap<String, String>(); @@ -412,6 +420,9 @@ public class PortalAdministrationImpl im } msg.setSubject(subject); msg.setTo(to); + if (emailBcc != null) { + msg.setBcc(emailBcc); + } msg.setText(text); ClassLoader currentCL = Thread.currentThread().getContextClassLoader(); Modified: portals/jetspeed-2/portal/trunk/components/jetspeed-portal/src/main/java/org/apache/jetspeed/security/impl/LoginValidationValveImpl.java URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/components/jetspeed-portal/src/main/java/org/apache/jetspeed/security/impl/LoginValidationValveImpl.java?rev=1858719&r1=1858718&r2=1858719&view=diff ============================================================================== --- portals/jetspeed-2/portal/trunk/components/jetspeed-portal/src/main/java/org/apache/jetspeed/security/impl/LoginValidationValveImpl.java (original) +++ portals/jetspeed-2/portal/trunk/components/jetspeed-portal/src/main/java/org/apache/jetspeed/security/impl/LoginValidationValveImpl.java Mon May 6 00:38:09 2019 @@ -31,6 +31,11 @@ import org.apache.jetspeed.security.User import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import javax.servlet.http.HttpServletRequest; +import java.io.IOException; +import java.security.Principal; +import java.util.ArrayList; +import java.util.Enumeration; import java.util.Iterator; import java.util.LinkedList; import java.util.List; @@ -150,8 +155,10 @@ public class LoginValidationValveImpl ex { if (request.getSessionAttribute(LoginConstants.LOGIN_CHECK) == null) { - clearSessionAttributes(request); - request.getRequest().getSession().setAttribute(LoginConstants.LOGIN_CHECK, "true"); + if (ipWhiteListAllowed(request)) { + clearSessionAttributes(request); + request.getRequest().getSession().setAttribute(LoginConstants.LOGIN_CHECK, "true"); + } } } @@ -179,4 +186,60 @@ public class LoginValidationValveImpl ex return "LoginValidationValve"; } + + protected boolean ipWhiteListAllowed(RequestContext requestContext) throws IOException { + Boolean enabled = Jetspeed.getConfiguration().getBoolean("whitelist.enabled", false); + if (enabled) { + Boolean debug = Jetspeed.getConfiguration().getBoolean("whitelist.debug", false); + if (debug) { + System.out.println("remote address = " + requestContext.getRequest().getRemoteAddr()); + System.out.println("X-Forwarded-For: " + requestContext.getRequest().getHeader("X-Forwarded-For")); + Enumeration headerNames = requestContext.getRequest().getHeaderNames(); + while (headerNames.hasMoreElements()) { + String headerName = (String) headerNames.nextElement(); + System.out.println("header: " + headerName + " = " + requestContext.getRequest().getHeader(headerName)); + } + } + String urlContext = requestContext.getRequest().getContextPath(); + Principal userPrincipal = requestContext.getUserPrincipal(); + if (userPrincipal == null) { + return true; + } + List<String> list = Jetspeed.getConfiguration().getList("whitelist.ip." + userPrincipal.getName()); + // empty list: allow access + if (list == null || list.size() == 0) return true; + // trim nasty trailing spaces + List<String> whiteList = new ArrayList<>(); + for (String token : list) { + if (!token.trim().equals("")) { + whiteList.add(token); + } + } + if (whiteList.size() == 0) return true; + boolean blackListed = true; + for (String ip : whiteList) { + if (ip.equals(getClientIp(requestContext.getRequest()))) { + blackListed = false; + break; + } + } + if (blackListed) { + String restrictedUrl = Jetspeed.getConfiguration().getString("whitelist.redirect.page", "/portal/restricted.psml"); + requestContext.getResponse().sendRedirect(urlContext + "/login/logout?org.apache.jetspeed.login.destination=" + urlContext + restrictedUrl); + return false; + } + } + return true; + } + + private String getClientIp(HttpServletRequest request) { + String remoteAddr = ""; + if (request != null) { + remoteAddr = request.getHeader("X-FORWARDED-FOR"); + if (remoteAddr == null || "".equals(remoteAddr)) { + remoteAddr = request.getRemoteAddr(); + } + } + return remoteAddr; + } } Modified: portals/jetspeed-2/portal/trunk/components/jetspeed-security/pom.xml URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/components/jetspeed-security/pom.xml?rev=1858719&r1=1858718&r2=1858719&view=diff ============================================================================== --- portals/jetspeed-2/portal/trunk/components/jetspeed-security/pom.xml (original) +++ portals/jetspeed-2/portal/trunk/components/jetspeed-security/pom.xml Mon May 6 00:38:09 2019 @@ -21,7 +21,7 @@ <modelVersion>4.0.0</modelVersion> <prerequisites> - <maven>2.0.9</maven> + <maven>3.3.1</maven> </prerequisites> <artifactId>jetspeed-security</artifactId> Modified: portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/UserPasswordCredentialPolicyManagerImpl.java URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/UserPasswordCredentialPolicyManagerImpl.java?rev=1858719&r1=1858718&r2=1858719&view=diff ============================================================================== --- portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/UserPasswordCredentialPolicyManagerImpl.java (original) +++ portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/UserPasswordCredentialPolicyManagerImpl.java Mon May 6 00:38:09 2019 @@ -208,7 +208,10 @@ public class UserPasswordCredentialPolic { pci.beforeSetPassword(credential, newPassword, authenticated); } - credential.setUpdateRequired(false); + // TODO: DST: 2019-03-25: this breaks forgotten password feature with auto-require update + if (credential.getOldPassword() != null) { + credential.setUpdateRequired(false); + } } credential.setPassword(newPassword, encoder != null); credential.clearNewPasswordSet(); Modified: portals/jetspeed-2/portal/trunk/jetspeed-installer/pom.xml URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/jetspeed-installer/pom.xml?rev=1858719&r1=1858718&r2=1858719&view=diff ============================================================================== --- portals/jetspeed-2/portal/trunk/jetspeed-installer/pom.xml (original) +++ portals/jetspeed-2/portal/trunk/jetspeed-installer/pom.xml Mon May 6 00:38:09 2019 @@ -22,10 +22,10 @@ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd"> <modelVersion>4.0.0</modelVersion> - <prerequisites> +<!-- <prerequisites> <maven>2.0.9</maven> </prerequisites> - +--> <artifactId>jetspeed-installer-pom</artifactId> <name>Jetspeed-2 Installer</name> <parent> Modified: portals/jetspeed-2/portal/trunk/jetspeed-portal-resources/src/main/resources/assembly/administration.xml URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/jetspeed-portal-resources/src/main/resources/assembly/administration.xml?rev=1858719&r1=1858718&r2=1858719&view=diff ============================================================================== --- portals/jetspeed-2/portal/trunk/jetspeed-portal-resources/src/main/resources/assembly/administration.xml (original) +++ portals/jetspeed-2/portal/trunk/jetspeed-portal-resources/src/main/resources/assembly/administration.xml Mon May 6 00:38:09 2019 @@ -32,6 +32,9 @@ <property name="javaMailProperties"> <props> <prop key="mail.smtp.auth">${email.smtp.auth}</prop> + <prop key="mail.smtp.starttls.required">true</prop> + <prop key="mail.smtp.starttls.enable">true</prop> + <prop key="mail.smtp.ssl.trust">${email.smtp.server.address}</prop> </props> </property> </bean> Modified: portals/jetspeed-2/portal/trunk/jetspeed-portal-resources/src/main/resources/conf/jetspeed/jetspeed.properties URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/jetspeed-portal-resources/src/main/resources/conf/jetspeed/jetspeed.properties?rev=1858719&r1=1858718&r2=1858719&view=diff ============================================================================== --- portals/jetspeed-2/portal/trunk/jetspeed-portal-resources/src/main/resources/conf/jetspeed/jetspeed.properties (original) +++ portals/jetspeed-2/portal/trunk/jetspeed-portal-resources/src/main/resources/conf/jetspeed/jetspeed.properties Mon May 6 00:38:09 2019 @@ -278,6 +278,10 @@ email.smtp.user.name= email.smtp.user.password= #mail.smtp.auth email.smtp.auth=false +# email BCC for Administrative emails +# @since 2.3.2 +email.bcc = + #------------------------------------------------------------------------- # L A Y O U T @@ -480,5 +484,18 @@ resource.loader.filesystem = true #------------------------------------------------------------------------- factory.portlet.extensions = false +#------------------------------------------------------------------------- +# White List Feature +# since 2.3.2 +#------------------------------------------------------------------------- +whitelist.enabled=false +whitelist.debug=false +whitelist.redirect.page=/portal/restricted.psml +# examples +# whitelist.ip.kathy= +# whitelist.ip.dave = 127.0.0.1, 0:0:0:0:0:0:0:1 +# whitelist.ip.devmgr=10.1.10.181, 0:0:0:0:0:0:0:1 +# whitelist.ip.rick=10.1.10.181 - +# Remember Me Portal Filter cookie name +rmpf.accesstoken.cookie.name = js_at --------------------------------------------------------------------- To unsubscribe, e-mail: jetspeed-dev-unsubscr...@portals.apache.org For additional commands, e-mail: jetspeed-dev-h...@portals.apache.org