------------------------------------------------------------ revno: 5627 committer: Morten Olav Hansen <[email protected]> branch nick: dhis2 timestamp: Tue 2011-12-27 14:25:50 +0100 message: updated to spring 3.1 xsds in security.xml, also set default session timeout to 1 hour to handle mobile client where datainput can take some time (and data is lost if the session times out) modified: dhis-2/dhis-services/dhis-service-core/src/main/resources/META-INF/dhis/security.xml dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/security/DefaultAuthenticationSuccessHandler.java dhis-2/dhis-web/dhis-web-commons/src/main/resources/META-INF/dhis/security.xml
-- lp:dhis2 https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk Your team DHIS 2 developers is subscribed to branch lp:dhis2. To unsubscribe from this branch go to https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk/+edit-subscription
=== modified file 'dhis-2/dhis-services/dhis-service-core/src/main/resources/META-INF/dhis/security.xml' --- dhis-2/dhis-services/dhis-service-core/src/main/resources/META-INF/dhis/security.xml 2011-07-02 11:06:16 +0000 +++ dhis-2/dhis-services/dhis-service-core/src/main/resources/META-INF/dhis/security.xml 2011-12-27 13:25:50 +0000 @@ -1,9 +1,8 @@ <?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" - xmlns:aop="http://www.springframework.org/schema/aop" xmlns:sec="http://www.springframework.org/schema/security" - xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd - http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.0.xsd - http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd"> + xmlns:sec="http://www.springframework.org/schema/security" + xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd + http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd"> <bean id="passwordEncoder" class="org.springframework.security.authentication.encoding.Md5PasswordEncoder" /> <bean id="usernameSaltSource" class="org.hisp.dhis.security.DefaultUsernameSaltSource" /> === modified file 'dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/security/DefaultAuthenticationSuccessHandler.java' --- dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/security/DefaultAuthenticationSuccessHandler.java 2011-12-26 10:07:59 +0000 +++ dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/security/DefaultAuthenticationSuccessHandler.java 2011-12-27 13:25:50 +0000 @@ -27,32 +27,40 @@ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ -import java.io.IOException; +import org.hisp.dhis.security.intercept.LoginInterceptor; +import org.springframework.security.core.Authentication; +import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; - -import org.hisp.dhis.security.intercept.LoginInterceptor; -import org.springframework.security.core.Authentication; -import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler; +import javax.servlet.http.HttpSession; +import java.io.IOException; /** * Since ActionContext is not available at this point, we set a mark in the * session that signales that login has just occured, and that LoginInterceptor * should be run. - * + * * @author mortenoh */ public class DefaultAuthenticationSuccessHandler extends SavedRequestAwareAuthenticationSuccessHandler { + // default is 1 hour of inactivity, this is mostly for when we are using the mobile + // client, since entering data can take time, and data will be lost of the session + // times out while entering data. + public static int DEFAULT_SESSION_TIMEOUT = 60 * 60; + @Override public void onAuthenticationSuccess( HttpServletRequest request, HttpServletResponse response, - Authentication authentication ) + Authentication authentication ) throws ServletException, IOException { - request.getSession().setAttribute( LoginInterceptor.JLI_SESSION_VARIABLE, Boolean.TRUE ); + HttpSession session = request.getSession(); + + session.setAttribute( LoginInterceptor.JLI_SESSION_VARIABLE, Boolean.TRUE ); + session.setMaxInactiveInterval( DefaultAuthenticationSuccessHandler.DEFAULT_SESSION_TIMEOUT ); super.onAuthenticationSuccess( request, response, authentication ); } === modified file 'dhis-2/dhis-web/dhis-web-commons/src/main/resources/META-INF/dhis/security.xml' --- dhis-2/dhis-web/dhis-web-commons/src/main/resources/META-INF/dhis/security.xml 2011-12-23 12:21:18 +0000 +++ dhis-2/dhis-web/dhis-web-commons/src/main/resources/META-INF/dhis/security.xml 2011-12-27 13:25:50 +0000 @@ -2,8 +2,8 @@ <beans xmlns="http://www.springframework.org/schema/beans" xmlns:sec="http://www.springframework.org/schema/security" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation=" - http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd - http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd"> + http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd + http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd"> <bean id="mappedRedirectStrategy" class="org.hisp.dhis.security.MappedRedirectStrategy"> <property name="redirectMap"> @@ -35,10 +35,10 @@ <sec:intercept-url pattern="/dhis-web-commons/javascripts/**" filters="none" /> <sec:intercept-url pattern="/dhis-web-commons/css/**" filters="none" /> <sec:intercept-url pattern="/favicon.ico" filters="none" /> -<!-- - <sec:intercept-url pattern="/api*" access="hasRole('F_WEBAPI_READ')" /> - <sec:intercept-url pattern="/api/**" access="hasRole('F_WEBAPI_READ')" /> ---> + <!-- + <sec:intercept-url pattern="/api*" access="hasRole('F_WEBAPI_READ')" /> + <sec:intercept-url pattern="/api/**" access="hasRole('F_WEBAPI_READ')" /> + --> <sec:intercept-url pattern="/**" access="isAuthenticated()" /> <sec:custom-filter ref="automaticAccessFilter" before="LOGOUT_FILTER" />
_______________________________________________ Mailing list: https://launchpad.net/~dhis2-devs Post to : [email protected] Unsubscribe : https://launchpad.net/~dhis2-devs More help : https://help.launchpad.net/ListHelp

