Author: gmazza
Date: Fri Aug 23 21:03:38 2013
New Revision: 1517033
URL: http://svn.apache.org/r1517033
Log:
Minor code cleanup, switch from tab- to space-delimited for the
SchemeEnforcementFilter.
Modified:
roller/trunk/NOTICE.txt
roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/core/CmaRollerContext.java
roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/core/RollerContext.java
roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/core/filters/SchemeEnforcementFilter.java
roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/struts2/core/Register.java
roller/trunk/app/src/main/resources/org/apache/roller/weblogger/config/roller.properties
roller/trunk/app/src/main/webapp/WEB-INF/web.xml
Modified: roller/trunk/NOTICE.txt
URL:
http://svn.apache.org/viewvc/roller/trunk/NOTICE.txt?rev=1517033&r1=1517032&r2=1517033&view=diff
==============================================================================
--- roller/trunk/NOTICE.txt (original)
+++ roller/trunk/NOTICE.txt Fri Aug 23 21:03:38 2013
@@ -26,9 +26,6 @@ This product includes:
* Code written by Dave Johnson for RSS and Atom in Action
Copyright 2005 David M Johnson (For RSS and Atom In Action)
-* Code from OSCache, a product of the OpenSymphony project
- Copyright 2002-2003 by OpenSymphony
-
* A Struts LinkTag and LinkParamTag by BSquare Software
Copyright 2001 Bsquare Projects
@@ -47,7 +44,7 @@ OTHER NOTICES
"This product includes software developed by the Acegi Security
System for Spring Project (http://acegisecurity.org)"
-* Roller include icons by Mark James (http://www.famfamfam.com/lab/icons)
+* Roller includes icons by Mark James (http://www.famfamfam.com/lab/icons)
CREDITS
@@ -67,3 +64,4 @@ Matt Schmidt (emeritus)
Jeff Blattman (emeritus)
Craig Russell
Greg Huber
+Glen Mazza
Modified:
roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/core/CmaRollerContext.java
URL:
http://svn.apache.org/viewvc/roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/core/CmaRollerContext.java?rev=1517033&r1=1517032&r2=1517033&view=diff
==============================================================================
---
roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/core/CmaRollerContext.java
(original)
+++
roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/core/CmaRollerContext.java
Fri Aug 23 21:03:38 2013
@@ -38,9 +38,9 @@ public class CmaRollerContext extends Ro
}
/**
- * Setup Acegi security features.
+ * Setup Spring Security features.
*/
protected void initializeSecurityFeatures(ServletContext context) {
- // no need to setup Acegi security
+ // no need to setup Spring Security
}
}
Modified:
roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/core/RollerContext.java
URL:
http://svn.apache.org/viewvc/roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/core/RollerContext.java?rev=1517033&r1=1517032&r2=1517033&view=diff
==============================================================================
---
roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/core/RollerContext.java
(original)
+++
roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/core/RollerContext.java
Fri Aug 23 21:03:38 2013
@@ -95,7 +95,7 @@ public class RollerContext extends Conte
// First, initialize everything that requires no database
- // Keep a reverence to ServletContext object
+ // Keep a reference to ServletContext object
this.servletContext = sce.getServletContext();
// Call Spring's context ContextLoaderListener to initialize all the
@@ -105,10 +105,11 @@ public class RollerContext extends Conte
// get the *real* path to <context>/resources
String ctxPath = servletContext.getRealPath("/");
- if(!ctxPath.endsWith(File.separator))
+ if (!ctxPath.endsWith(File.separator)) {
ctxPath += File.separator + "resources";
- else
+ } else {
ctxPath += "resources";
+ }
// try setting the uploads path to <context>/resources
// NOTE: this should go away at some point
@@ -165,7 +166,7 @@ public class RollerContext extends Conte
// do a small amount of work to initialize the web tier
try {
- // Initialize Acegi based on Roller configuration
+ // Initialize Spring Security based on Roller configuration
initializeSecurityFeatures(servletContext);
// Setup Velocity template engine
@@ -225,7 +226,7 @@ public class RollerContext extends Conte
System.out.println(name);*/
String rememberMe = WebloggerConfig.getProperty("rememberme.enabled");
- boolean rememberMeEnabled = Boolean.valueOf(rememberMe).booleanValue();
+ boolean rememberMeEnabled = Boolean.valueOf(rememberMe);
log.info("Remember Me enabled: " + rememberMeEnabled);
@@ -242,7 +243,7 @@ public class RollerContext extends Conte
}
String encryptPasswords =
WebloggerConfig.getProperty("passwds.encryption.enabled");
- boolean doEncrypt = Boolean.valueOf(encryptPasswords).booleanValue();
+ boolean doEncrypt = Boolean.valueOf(encryptPasswords);
if (doEncrypt) {
DaoAuthenticationProvider provider = (DaoAuthenticationProvider)
ctx.getBean("org.springframework.security.authentication.dao.DaoAuthenticationProvider#0");
@@ -279,7 +280,7 @@ public class RollerContext extends Conte
PathBasedFilterInvocationDefinitionMap defmap =
(PathBasedFilterInvocationDefinitionMap)procfilter.getFilterInvocationDefinitionSource();
- // add HTTPS URL path patterns to Acegi config
+ // add HTTPS URL path patterns to Spring Security config
String httpsUrlsProp =
WebloggerConfig.getProperty("schemeenforcement.https.urls");
if (httpsUrlsProp != null) {
String[] httpsUrls =
StringUtils.stripAll(StringUtils.split(httpsUrlsProp, ",") );
Modified:
roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/core/filters/SchemeEnforcementFilter.java
URL:
http://svn.apache.org/viewvc/roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/core/filters/SchemeEnforcementFilter.java?rev=1517033&r1=1517032&r2=1517033&view=diff
==============================================================================
---
roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/core/filters/SchemeEnforcementFilter.java
(original)
+++
roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/core/filters/SchemeEnforcementFilter.java
Fri Aug 23 21:03:38 2013
@@ -44,165 +44,173 @@ import org.apache.roller.weblogger.confi
/**
* The SchemeEnforcementFilter is provided for Roller sites that enable secure
* logins and want to ensure that login urls are used only under https.
- *
+ *
* @author Allen Gilliland
- *
* @web.filter name="SchemeEnforcementFilter"
*/
public class SchemeEnforcementFilter implements Filter {
- private static Log log =
LogFactory.getLog(SchemeEnforcementFilter.class);
+ private static Log log = LogFactory.getLog(SchemeEnforcementFilter.class);
- private boolean schemeEnforcementEnabled = false;
- private boolean secureLoginEnabled = false;
- private int httpPort = 80;
- private int httpsPort = 443;
-
- private Set<String> allowedUrls = new HashSet<String>();
- private Set<String> ignored = new HashSet<String>();
-
- /**
- * Process filter.
- *
- * We'll take the incoming request and first determine if this is a
secure
- * request. If the request is secure then we'll see if it matches one
of the
- * allowed secure urls, if not then we will redirect back out of https.
- */
- public void doFilter(ServletRequest request, ServletResponse response,
- FilterChain chain) throws IOException, ServletException
{
-
- if (this.schemeEnforcementEnabled && this.secureLoginEnabled) {
-
- HttpServletRequest req = (HttpServletRequest) request;
- HttpServletResponse res = (HttpServletResponse)
response;
-
- if (log.isDebugEnabled())
- log.debug("checking path = " +
req.getServletPath());
-
- if (!request.isSecure()
- &&
allowedUrls.contains(req.getServletPath())) {
-
- // http insecure request that should be over
https
- String redirect = "https://"; +
req.getServerName();
-
- if (this.httpsPort != 443)
- redirect += ":" + this.httpsPort;
-
- redirect += req.getRequestURI();
-
- if (req.getQueryString() != null)
- redirect += "?" + req.getQueryString();
-
- if (log.isDebugEnabled())
- log.debug("Redirecting to " + redirect);
-
- res.sendRedirect(redirect);
- return;
-
- } else if (request.isSecure()
- && !isIgnoredURL(req.getServletPath())
- &&
!allowedUrls.contains(req.getServletPath())) {
-
- // https secure request that should be over http
- String redirect = "http://"; +
req.getServerName();
-
- if (this.httpPort != 80)
- redirect += ":" + this.httpPort;
-
- redirect += req.getRequestURI();
-
- if (req.getQueryString() != null)
- redirect += "?" + req.getQueryString();
-
- if (log.isDebugEnabled())
- log.debug("Redirecting to " + redirect);
-
- res.sendRedirect(redirect);
- return;
- }
- }
-
- chain.doFilter(request, response);
- }
-
- /**
- * Checks if the url is to be ignored.
- *
- * @param theUrl
- * the the url
- *
- * @return true, if the url is to be ignored.
- */
- private boolean isIgnoredURL(String theUrl) {
-
- int i = theUrl.lastIndexOf('.');
-
- if (i <= 0 || i == theUrl.length() - 1)
- return true;
-
- return ignored.contains(theUrl.substring(i + 1));
-
- }
-
- /**
- * @see javax.servlet.Filter#destroy()
- */
- public void destroy() {
- }
-
- /**
- * Filter init.
- *
- * We are just collecting init properties which we'll use for each
request.
- */
- public void init(FilterConfig filterConfig) {
-
- // determine if we are doing scheme enforcement
- this.schemeEnforcementEnabled = WebloggerConfig
-
.getBooleanProperty("schemeenforcement.enabled");
- this.secureLoginEnabled = WebloggerConfig
- .getBooleanProperty("securelogin.enabled");
-
- if (this.schemeEnforcementEnabled && this.secureLoginEnabled) {
- // gather some more properties
- String http_port = WebloggerConfig
- .getProperty("securelogin.http.port");
- String https_port = WebloggerConfig
- .getProperty("securelogin.https.port");
-
- try {
- this.httpPort = Integer.parseInt(http_port);
- this.httpsPort = Integer.parseInt(https_port);
- } catch (NumberFormatException nfe) {
- // ignored ... guess we'll have to use the
defaults
- log.warn("error with secure login ports", nfe);
- }
-
- // finally, construct our list of allowable https urls
and ignored
- // resources
- String cfgs = WebloggerConfig
-
.getProperty("schemeenforcement.https.urls");
- String[] cfgsArray = cfgs.split(",");
- for (int i = 0; i < cfgsArray.length; i++)
- this.allowedUrls.add(cfgsArray[i]);
-
- cfgs = WebloggerConfig
-
.getProperty("schemeenforcement.https.ignored");
- cfgsArray =
StringUtils.stripAll(StringUtils.split(cfgs, ","));
- for (int i = 0; i < cfgsArray.length; i++)
- this.ignored.add(cfgsArray[i]);
-
- // some logging for the curious
- log.info("Scheme enforcement = enabled");
- if (log.isDebugEnabled()) {
- log.debug("allowed urls are:");
- for (String allowedUrl : allowedUrls)
- log.debug(allowedUrl);
- log.debug("ignored extensions are:");
- for (String ignore : ignored)
- log.debug(ignore);
- }
- }
- }
+ private boolean schemeEnforcementEnabled = false;
+ private boolean secureLoginEnabled = false;
+ private int httpPort = 80;
+ private int httpsPort = 443;
+
+ private Set<String> allowedUrls = new HashSet<String>();
+ private Set<String> ignored = new HashSet<String>();
+
+ /**
+ * Process filter.
+ * <p/>
+ * We'll take the incoming request and first determine if this is a secure
+ * request. If the request is secure then we'll see if it matches one of
the
+ * allowed secure urls, if not then we will redirect back out of https.
+ */
+ public void doFilter(ServletRequest request, ServletResponse response,
+ FilterChain chain) throws IOException,
ServletException {
+
+ if (this.schemeEnforcementEnabled && this.secureLoginEnabled) {
+
+ HttpServletRequest req = (HttpServletRequest) request;
+ HttpServletResponse res = (HttpServletResponse) response;
+
+ if (log.isDebugEnabled()) {
+ log.debug("checking path = " + req.getServletPath());
+ }
+
+ if (!request.isSecure()
+ && allowedUrls.contains(req.getServletPath())) {
+
+ // http insecure request that should be over https
+ String redirect = "https://"; + req.getServerName();
+
+ if (this.httpsPort != 443) {
+ redirect += ":" + this.httpsPort;
+ }
+
+ redirect += req.getRequestURI();
+
+ if (req.getQueryString() != null) {
+ redirect += "?" + req.getQueryString();
+ }
+
+ if (log.isDebugEnabled()) {
+ log.debug("Redirecting to " + redirect);
+ }
+
+ res.sendRedirect(redirect);
+ return;
+
+ } else if (request.isSecure()
+ && !isIgnoredURL(req.getServletPath())
+ && !allowedUrls.contains(req.getServletPath())) {
+
+ // https secure request that should be over http
+ String redirect = "http://"; + req.getServerName();
+
+ if (this.httpPort != 80) {
+ redirect += ":" + this.httpPort;
+ }
+
+ redirect += req.getRequestURI();
+
+ if (req.getQueryString() != null) {
+ redirect += "?" + req.getQueryString();
+ }
+
+ if (log.isDebugEnabled()) {
+ log.debug("Redirecting to " + redirect);
+ }
+
+ res.sendRedirect(redirect);
+ return;
+ }
+ }
+
+ chain.doFilter(request, response);
+ }
+
+ /**
+ * Checks if the url is to be ignored.
+ *
+ * @param theUrl the the url
+ * @return true, if the url is to be ignored.
+ */
+ private boolean isIgnoredURL(String theUrl) {
+
+ int i = theUrl.lastIndexOf('.');
+
+ if (i <= 0 || i == theUrl.length() - 1) {
+ return true;
+ }
+
+ return ignored.contains(theUrl.substring(i + 1));
+
+ }
+
+ /**
+ * @see javax.servlet.Filter#destroy()
+ */
+ public void destroy() {
+ }
+
+ /**
+ * Filter init.
+ * <p/>
+ * We are just collecting init properties which we'll use for each request.
+ */
+ public void init(FilterConfig filterConfig) {
+
+ // determine if we are doing scheme enforcement
+ this.schemeEnforcementEnabled = WebloggerConfig
+ .getBooleanProperty("schemeenforcement.enabled");
+ this.secureLoginEnabled = WebloggerConfig
+ .getBooleanProperty("securelogin.enabled");
+
+ if (this.schemeEnforcementEnabled && this.secureLoginEnabled) {
+ // gather some more properties
+ String http_port = WebloggerConfig
+ .getProperty("securelogin.http.port");
+ String https_port = WebloggerConfig
+ .getProperty("securelogin.https.port");
+
+ try {
+ this.httpPort = Integer.parseInt(http_port);
+ this.httpsPort = Integer.parseInt(https_port);
+ } catch (NumberFormatException nfe) {
+ // ignored ... guess we'll have to use the defaults
+ log.warn("error with secure login ports", nfe);
+ }
+
+ // finally, construct our list of allowable https urls and ignored
+ // resources
+ String cfgs = WebloggerConfig
+ .getProperty("schemeenforcement.https.urls");
+ String[] cfgsArray = cfgs.split(",");
+ for (int i = 0; i < cfgsArray.length; i++) {
+ this.allowedUrls.add(cfgsArray[i]);
+ }
+ cfgs = WebloggerConfig
+ .getProperty("schemeenforcement.https.ignored");
+ cfgsArray = StringUtils.stripAll(StringUtils.split(cfgs, ","));
+ for (int i = 0; i < cfgsArray.length; i++) {
+ this.ignored.add(cfgsArray[i]);
+ }
+
+ // some logging for the curious
+ log.info("Scheme enforcement = enabled");
+ if (log.isDebugEnabled()) {
+ log.debug("allowed urls are:");
+ for (String allowedUrl : allowedUrls) {
+ log.debug(allowedUrl);
+ }
+ log.debug("ignored extensions are:");
+ for (String ignore : ignored) {
+ log.debug(ignore);
+ }
+ }
+ }
+ }
}
Modified:
roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/struts2/core/Register.java
URL:
http://svn.apache.org/viewvc/roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/struts2/core/Register.java?rev=1517033&r1=1517032&r2=1517033&view=diff
==============================================================================
---
roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/struts2/core/Register.java
(original)
+++
roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/struts2/core/Register.java
Fri Aug 23 21:03:38 2013
@@ -135,10 +135,10 @@ public class Register extends UIAction i
boolean usingSSO =
WebloggerConfig.getBooleanProperty("users.sso.enabled");
if (usingSSO) {
- // See if user is already logged in via Acegi
+ // See if user is already logged in via Spring Security
User fromSSO =
CustomUserRegistry.getUserDetailsFromAuthentication(getServletRequest());
if (fromSSO != null) {
- // Copy user details from Acegi, including LDAP attributes
+ // Copy user details from Spring Security, including LDAP
attributes
getBean().copyFrom(fromSSO);
setFromSso(true);
}
@@ -321,7 +321,7 @@ public class Register extends UIAction i
boolean storePassword =
WebloggerConfig.getBooleanProperty("users.sso.passwords.saveInRollerDb");
String password =
WebloggerConfig.getProperty("users.sso.passwords.defaultValue", "<unknown>");
- // Preserve username and password, Acegi case
+ // Preserve username and password, Spring Security case
User fromSSO =
CustomUserRegistry.getUserDetailsFromAuthentication(getServletRequest());
if (fromSSO != null) {
if (storePassword) {
Modified:
roller/trunk/app/src/main/resources/org/apache/roller/weblogger/config/roller.properties
URL:
http://svn.apache.org/viewvc/roller/trunk/app/src/main/resources/org/apache/roller/weblogger/config/roller.properties?rev=1517033&r1=1517032&r2=1517033&view=diff
==============================================================================
---
roller/trunk/app/src/main/resources/org/apache/roller/weblogger/config/roller.properties
(original)
+++
roller/trunk/app/src/main/resources/org/apache/roller/weblogger/config/roller.properties
Fri Aug 23 21:03:38 2013
@@ -654,7 +654,6 @@ log4j.logger.org.apache.velocity=FATAL
# Roller extras
log4j.logger.com.ecyrd.jspwiki=ERROR
-log4j.logger.com.opensymphony.oscache=ERROR
log4j.logger.com.danga.MemCached=ERROR
#-----------------------------------------------------------------------------
Modified: roller/trunk/app/src/main/webapp/WEB-INF/web.xml
URL:
http://svn.apache.org/viewvc/roller/trunk/app/src/main/webapp/WEB-INF/web.xml?rev=1517033&r1=1517032&r2=1517033&view=diff
==============================================================================
--- roller/trunk/app/src/main/webapp/WEB-INF/web.xml (original)
+++ roller/trunk/app/src/main/webapp/WEB-INF/web.xml Fri Aug 23 21:03:38 2013
@@ -99,14 +99,14 @@
<dispatcher>FORWARD</dispatcher>
</filter-mapping>
- <!-- Scheme enforcement. Only here until we get Acegi scheme enforcement
working -->
+ <!-- Scheme enforcement. Only here until we get Spring Security scheme
enforcement working -->
<filter-mapping>
<filter-name>SchemeEnforcementFilter</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
- <!-- Acegi Security filters - controls secure access to different parts of
Roller -->
+ <!-- Spring Security filters - controls secure access to different parts
of Roller -->
<filter-mapping>
<filter-name>securityFilter</filter-name>
<url-pattern>/*</url-pattern>
