This is an automated email from the ASF dual-hosted git repository. snoopdave pushed a commit to branch roller-5.2.x in repository https://gitbox.apache.org/repos/asf/roller.git
The following commit(s) were added to refs/heads/roller-5.2.x by this push: new 21c92aa [ROL-2132] Fix for remember-me not working with LDAP. 21c92aa is described below commit 21c92aafd850a5477450284c127e52612bd2d585 Author: snoopd...@gmail.com <snoopd...@gmail.com> AuthorDate: Sun Apr 21 15:13:36 2019 -0400 [ROL-2132] Fix for remember-me not working with LDAP. --- .../ui/core/security/RollerRememberMeServices.java | 55 ++++++++++++++++++++++ app/src/main/webapp/WEB-INF/security.xml | 28 +++++++---- 2 files changed, 74 insertions(+), 9 deletions(-) diff --git a/app/src/main/java/org/apache/roller/weblogger/ui/core/security/RollerRememberMeServices.java b/app/src/main/java/org/apache/roller/weblogger/ui/core/security/RollerRememberMeServices.java new file mode 100644 index 0000000..5aa7d51 --- /dev/null +++ b/app/src/main/java/org/apache/roller/weblogger/ui/core/security/RollerRememberMeServices.java @@ -0,0 +1,55 @@ +package org.apache.roller.weblogger.ui.core.security; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; +import org.apache.roller.weblogger.config.AuthMethod; +import org.apache.roller.weblogger.config.WebloggerConfig; +import org.springframework.security.core.userdetails.UserDetailsService; +import org.springframework.security.crypto.codec.Hex; +import org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices; + +import java.security.MessageDigest; +import java.security.NoSuchAlgorithmException; + + +public class RollerRememberMeServices extends TokenBasedRememberMeServices { + private static final Log log = LogFactory.getLog(CustomUserRegistry.class); + + + public RollerRememberMeServices() { + } + + public RollerRememberMeServices(String key, UserDetailsService userDetailsService) { + super(key, userDetailsService); + } + + /** + * Calculates the digital signature to be put in the cookie. Default value is + * MD5 ("username:tokenExpiryTime:password:key") + * + * If LDAP is enabled then a configurable dummy password is used in the calculation. + */ + protected String makeTokenSignature(long tokenExpiryTime, String username, String password) { + + boolean usingLDAP = WebloggerConfig.getAuthMethod() == AuthMethod.LDAP; + if (usingLDAP) { + log.debug("LDAP is enabled; using dummy password in remember me signature."); + + // for LDAP we don't store its password in the roller_users table, + // just an string indicating external auth method being used. + password = WebloggerConfig.getProperty("users.passwords.externalAuthValue","<externalAuth>"); + } + + String data = username + ":" + tokenExpiryTime + ":" + password + ":" + getKey(); + MessageDigest digest; + try { + digest = MessageDigest.getInstance("MD5"); + } catch (NoSuchAlgorithmException e) { + throw new IllegalStateException("No MD5 algorithm available!"); + } + + return new String(Hex.encode(digest.digest(data.getBytes()))); + } + + +} diff --git a/app/src/main/webapp/WEB-INF/security.xml b/app/src/main/webapp/WEB-INF/security.xml index 73094b0..33f80a2 100644 --- a/app/src/main/webapp/WEB-INF/security.xml +++ b/app/src/main/webapp/WEB-INF/security.xml @@ -41,7 +41,7 @@ authentication-failure-url="/roller-ui/login.rol?error=true" login-processing-url="/roller_j_security_check"/> - <remember-me user-service-ref="rollerUserService" + <remember-me services-ref="rollerRememberMeServices" key="715F2448-3176-11DD-ABC6-9CD955D89593"/> <custom-filter ref="openidAuthenticationProcessingFilter" position="OPENID_FILTER"/> @@ -63,16 +63,25 @@ <!-- Read users from Roller API --> <authentication-manager alias='rollerAuthenticationManager'> <authentication-provider ref="rememberMeAuthenticationProvider"/> + <!-- Uncomment one of the three below, based on whether database, LDAP, or OpenID authentication is desired. --> + <authentication-provider ref="ldapAuthProvider" /> + <!-- <authentication-provider user-service-ref="rollerUserService"/> - <!--authentication-provider ref="ldapAuthProvider"/> - <authentication-provider ref="openIDAuthProvider"/--> + <authentication-provider ref="openIDAuthProvider"/> + --> </authentication-manager> <beans:bean id="rollerUserService" class="org.apache.roller.weblogger.ui.core.security.RollerUserDetailsService"/> + <beans:bean id="rollerRememberMeServices" + class="org.apache.roller.weblogger.ui.core.security.RollerRememberMeServices"> + <beans:property name="key" value="715F2448-3176-11DD-ABC6-9CD955D89593"/> + <beans:property name="userDetailsService" ref="rollerUserService"/> + </beans:bean> + <beans:bean id="rememberMeAuthenticationProvider" class="org.springframework.security.authentication.RememberMeAuthenticationProvider"> <beans:property name="key" value="springRocks"/> @@ -113,10 +122,10 @@ </beans:property> </beans:bean> - <!-- Uncomment & customize below beans if using LDAP --> - <!--beans:bean id="contextSource" class="org.springframework.security.ldap.DefaultSpringSecurityContextSource"> - <beans:constructor-arg value="ldap://localhost:10389/dc=example,dc=com" /> - <beans:property name="userDn" value="uid=admin,ou=system" /> + <!-- Uncomment & customize below beans if using LDAP + <beans:bean id="contextSource" class="org.springframework.security.ldap.DefaultSpringSecurityContextSource"> + <beans:constructor-arg value="ldap://localhost:389/dc=example,dc=com" /> + <beans:property name="userDn" value="uid=admin" /> <beans:property name="password" value="secret" /> </beans:bean> @@ -142,6 +151,7 @@ <beans:constructor-arg index="1" value="(uid={0})" /> <beans:constructor-arg index="2" ref="contextSource" /> <beans:property name="searchSubtree" value="true" /> - </beans:bean--> - + </beans:bean> + --> + </beans:beans>