[MMBASE SCM] r42035 - didactor/trunk/components/core/src/main/java/nl/didactor/security/plain

Mon, 03 May 2010 04:02:36 -0700 

Author: michiel
Date: 2010-04-23 12:23:01 +0200 (Fri, 23 Apr 2010)
New Revision: 42035

Modified:
   
didactor/trunk/components/core/src/main/java/nl/didactor/security/plain/PropertiesSecurityComponent.java
Log:
if using admins.properties to hack the site, let it determin the actual node 
too, which makes the hacked site better useable, and you do'nt have to change 
passwords

Modified: 
didactor/trunk/components/core/src/main/java/nl/didactor/security/plain/PropertiesSecurityComponent.java
===================================================================
--- 
didactor/trunk/components/core/src/main/java/nl/didactor/security/plain/PropertiesSecurityComponent.java
    2010-04-23 09:47:15 UTC (rev 42034)
+++ 
didactor/trunk/components/core/src/main/java/nl/didactor/security/plain/PropertiesSecurityComponent.java
    2010-04-23 10:23:01 UTC (rev 42035)
@@ -8,6 +8,8 @@
 import org.mmbase.util.*;
 import java.io.InputStream;
 
+import org.mmbase.module.core.MMObjectNode;
+import org.mmbase.module.core.MMBase;
 import org.mmbase.util.logging.Logger;
 import org.mmbase.util.logging.Logging;
 import org.mmbase.security.*;
@@ -80,10 +82,21 @@
         password = password.trim();
 
         if (password.equals(properties.get(login))) {
-            UserContext uc =  new UserContext(login, login, Rank.ADMIN, 
application);
+
+            PeopleBuilder users = (PeopleBuilder) 
MMBase.getMMBase().getBuilder("people");
+            MMObjectNode user = users.getUser(login);
+            UserContext uc;
             HttpSession session = request.getSession(true);
             session.setAttribute("didactor-propertieslogin-userid", "" + 
login);
             session.setAttribute("didactor-prpertieslogin-application", 
application);
+            if (user != null) {
+                session.setAttribute("didactor-plainlogin-userid", "" + 
user.getNumber());
+                session.setAttribute("didactor-plainlogin-application", 
application);
+                uc = new UserContext(user, application);
+            } else {
+                log.debug("No user found for " + login);
+                uc =  new UserContext(login, login, Rank.ADMIN, application);
+            }
             return uc;
         } else {
             throw new SecurityException("Cannot login");

_______________________________________________
Cvs mailing list
[email protected]
http://lists.mmbase.org/mailman/listinfo/cvs

Reply via email to