Author: gmazza Date: Mon Aug 4 01:35:51 2014 New Revision: 1615472 URL: http://svn.apache.org/r1615472 Log: Removed users.sso.passwords.save option; renamed some properties from *.sso.* to *.ldap.*
Modified: roller/trunk/app/src/main/java/org/apache/roller/weblogger/pojos/wrapper/UserWrapper.java roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/core/RollerContext.java roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/core/RollerSession.java roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/core/security/CustomUserRegistry.java roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/struts2/core/Register.java roller/trunk/app/src/main/resources/org/apache/roller/weblogger/config/roller.properties Modified: roller/trunk/app/src/main/java/org/apache/roller/weblogger/pojos/wrapper/UserWrapper.java URL: http://svn.apache.org/viewvc/roller/trunk/app/src/main/java/org/apache/roller/weblogger/pojos/wrapper/UserWrapper.java?rev=1615472&r1=1615471&r2=1615472&view=diff ============================================================================== --- roller/trunk/app/src/main/java/org/apache/roller/weblogger/pojos/wrapper/UserWrapper.java (original) +++ roller/trunk/app/src/main/java/org/apache/roller/weblogger/pojos/wrapper/UserWrapper.java Mon Aug 4 01:35:51 2014 @@ -51,7 +51,7 @@ public final class UserWrapper { * username to be displayed publicly, so screen name is returned instead. */ public String getUserName() { - if (WebloggerConfig.getBooleanProperty("user.privateUserNames")) { + if (WebloggerConfig.getBooleanProperty("user.hideUserNames")) { return this.pojo.getScreenName(); } return this.pojo.getUserName(); Modified: roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/core/RollerContext.java URL: http://svn.apache.org/viewvc/roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/core/RollerContext.java?rev=1615472&r1=1615471&r2=1615472&view=diff ============================================================================== --- roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/core/RollerContext.java (original) +++ roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/core/RollerContext.java Mon Aug 4 01:35:51 2014 @@ -322,7 +322,7 @@ public class RollerContext extends Conte * @return AutoProvision */ public static AutoProvision getAutoProvision() { - String clazzName = WebloggerConfig.getProperty("users.sso.autoProvision.className"); + String clazzName = WebloggerConfig.getProperty("users.ldap.autoProvision.className"); if (null == clazzName) { return null; Modified: roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/core/RollerSession.java URL: http://svn.apache.org/viewvc/roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/core/RollerSession.java?rev=1615472&r1=1615471&r2=1615472&view=diff ============================================================================== --- roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/core/RollerSession.java (original) +++ roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/core/RollerSession.java Mon Aug 4 01:35:51 2014 @@ -97,7 +97,7 @@ public class RollerSession // try one time to auto-provision, only happens if user==null // which means installation has SSO-enabled in security.xml - if (user == null && WebloggerConfig.getBooleanProperty("users.sso.autoProvision.enabled")) { + if (user == null && WebloggerConfig.getBooleanProperty("users.ldap.autoProvision.enabled")) { // provisioning enabled, get provisioner and execute AutoProvision provisioner = RollerContext.getAutoProvision(); Modified: roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/core/security/CustomUserRegistry.java URL: http://svn.apache.org/viewvc/roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/core/security/CustomUserRegistry.java?rev=1615472&r1=1615471&r2=1615472&view=diff ============================================================================== --- roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/core/security/CustomUserRegistry.java (original) +++ roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/core/security/CustomUserRegistry.java Mon Aug 4 01:35:51 2014 @@ -50,12 +50,12 @@ public class CustomUserRegistry { private static final String DEFAULT_LOCALE_LDAP_ATTRIBUTE = "locale"; private static final String DEFAULT_TIMEZONE_LDAP_ATTRIBUTE = "timezone"; - private static final String SNAME_LDAP_PROPERTY = "users.sso.registry.ldap.attributes.screenname"; - private static final String UID_LDAP_PROPERTY = "users.sso.registry.ldap.attributes.uid"; - private static final String NAME_LDAP_PROPERTY = "users.sso.registry.ldap.attributes.name"; - private static final String EMAIL_LDAP_PROPERTY = "users.sso.registry.ldap.attributes.email"; - private static final String LOCALE_LDAP_PROPERTY = "users.sso.registry.ldap.attributes.locale"; - private static final String TIMEZONE_LDAP_PROPERTY = "users.sso.registry.ldap.attributes.timezone"; + private static final String SNAME_LDAP_PROPERTY = "users.ldap.registry.attributes.screenname"; + private static final String UID_LDAP_PROPERTY = "users.ldap.registry.attributes.uid"; + private static final String NAME_LDAP_PROPERTY = "users.ldap.registry.attributes.name"; + private static final String EMAIL_LDAP_PROPERTY = "users.ldap.registry.attributes.email"; + private static final String LOCALE_LDAP_PROPERTY = "users.ldap.registry.attributes.locale"; + private static final String TIMEZONE_LDAP_PROPERTY = "users.ldap.registry.attributes.timezone"; public static User getUserDetailsFromAuthentication(HttpServletRequest request) { @@ -74,14 +74,14 @@ public class CustomUserRegistry { ud.setTimeZone(TimeZone.getDefault().getID()); ud.setDateCreated(new java.util.Date()); - String userName = null; - String password = null; + String userName; + String unusedPassword; String fullName = null; String email = null; String screenName = null; String locale = null; String timezone = null; - boolean enabled = false; + boolean enabled; if(authentication == null) { // Try to get SSO data from HttpServletRequest @@ -124,7 +124,6 @@ public class CustomUserRegistry { UserDetails userDetails = (UserDetails) oPrincipal; userName = userDetails.getUsername(); - password = userDetails.getPassword(); enabled = userDetails.isEnabled(); @@ -152,12 +151,10 @@ public class CustomUserRegistry { } */ } - boolean storePassword = WebloggerConfig.getBooleanProperty("users.sso.passwords.save"); - if(!storePassword) { - password = WebloggerConfig.getProperty("users.sso.passwords.defaultValue","<unknown>"); - } - - ud.setPassword(password); + // for LDAP we don't store its password in the roller_users table, + // just an string indicating external auth method being used. + unusedPassword = WebloggerConfig.getProperty("users.passwords.externalAuthValue","<externalAuth>"); + ud.setPassword(unusedPassword); ud.setEnabled(enabled ? Boolean.TRUE : Boolean.FALSE); ud.setUserName(userName); @@ -192,7 +189,7 @@ public class CustomUserRegistry { return null; } - if(oValue == null) { + if (oValue == null) { return null; } Modified: roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/struts2/core/Register.java URL: http://svn.apache.org/viewvc/roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/struts2/core/Register.java?rev=1615472&r1=1615471&r2=1615472&view=diff ============================================================================== --- roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/struts2/core/Register.java (original) +++ roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/struts2/core/Register.java Mon Aug 4 01:35:51 2014 @@ -325,28 +325,26 @@ public class Register extends UIAction i public void myValidate() { - // if usingSSO, we don't want to error on empty password/username from HTML form. + // if using external auth, we don't want to error on empty password/username from HTML form. boolean usingSSO = authMethod == AuthMethod.LDAP || authMethod == AuthMethod.CMA; if (usingSSO) { - boolean storePassword = WebloggerConfig.getBooleanProperty("users.sso.passwords.save"); - String password = WebloggerConfig.getProperty("users.sso.passwords.defaultValue", "<unknown>"); + // store an unused marker in the Roller DB for the passphrase in + // the LDAP or CMA cases, as actual passwords are stored externally + String unusedPassword = WebloggerConfig.getProperty("users.passwords.externalAuthValue", "<externalAuth>"); // Preserve username and password, Spring Security case User fromSSOUser = CustomUserRegistry.getUserDetailsFromAuthentication(getServletRequest()); if (fromSSOUser != null) { - if (storePassword) { - password = fromSSOUser.getPassword(); - } - getBean().setPasswordText(password); - getBean().setPasswordConfirm(password); + getBean().setPasswordText(unusedPassword); + getBean().setPasswordConfirm(unusedPassword); getBean().setUserName(fromSSOUser.getUserName()); } // Preserve username and password, CMA case else if (getServletRequest().getUserPrincipal() != null) { getBean().setUserName(getServletRequest().getUserPrincipal().getName()); - getBean().setPasswordText(password); - getBean().setPasswordConfirm(password); + getBean().setPasswordText(unusedPassword); + getBean().setPasswordConfirm(unusedPassword); } } Modified: roller/trunk/app/src/main/resources/org/apache/roller/weblogger/config/roller.properties URL: http://svn.apache.org/viewvc/roller/trunk/app/src/main/resources/org/apache/roller/weblogger/config/roller.properties?rev=1615472&r1=1615471&r2=1615472&view=diff ============================================================================== --- roller/trunk/app/src/main/resources/org/apache/roller/weblogger/config/roller.properties (original) +++ roller/trunk/app/src/main/resources/org/apache/roller/weblogger/config/roller.properties Mon Aug 4 01:35:51 2014 @@ -49,7 +49,7 @@ # -- Directory settings # -- Feature specific settings # -- Scheduled tasks configuration -# -- Cache configuratation +# -- Cache configuration # -- User management and security settings # -- Rendering system # -- Weblog ping system @@ -266,7 +266,7 @@ tasks.RefreshRollerPlanetTask.interval=6 tasks.RefreshRollerPlanetTask.leaseTime=30 #----------------------------------------------------------------------------- -# Cache configuratation +# Cache configuration #----------------------------------------------------------------------------- # Remember... times are in seconds @@ -319,7 +319,7 @@ cache.salt.timeout=3600 #----------------------------------------------------------------------------- -# Security settings +# User management and security settings #----------------------------------------------------------------------------- # Top-level authentication declaration for Apache Roller. Introduced in Roller 5.1, @@ -337,6 +337,10 @@ authentication.method=db # Enables HTTPS for login page only securelogin.enabled=false +# Empty value used for passphrase in roller_user table when LDAP or CMA used; +# openid presently generates a random (long) password string instead. +users.passwords.externalAuthValue=<externalAuth> + # Password security settings passwds.encryption.enabled=true passwds.encryption.algorithm=SHA @@ -350,9 +354,9 @@ role.action.admin=login,comment,weblog,a users.firstUserAdmin=true # Normally, for security purposes Roller keeps usernames private and the user -# getUserName() method in templates actually returns the user's sceenname. +# getUserName() method in templates actually returns the user's screenname. # If you want templates to have access to real usernames, set this to false. -user.privateUserNames=true +user.hideUserNames=true # Enable scheme enforcement? # Scheme enforcement ensures that specific URLs are viewed only via HTTPS @@ -375,8 +379,11 @@ schemeenforcement.https.ignored=css,gif, # Ignored urls for salt. These are for multipart/form-data submissions as we do not get any parameters salt.ignored.urls=mediaFileAdd!save.rol,mediaFileEdit!save.rol,bookmarksImport!save.rol -#---------------------------------- -# Single-Sign-On (LDAP) +#--------------------------------------------------------------------- +# LDAP authentication properties -- valid only if LDAP authentication +# authentication.method via authentication.method setting. +# See also comments and trackbacks section above for addition LDAP +# config options. # Set these properties for a custom LDAP schema (optional) #users.ldap.registry.attributes.name=cn @@ -384,16 +391,8 @@ salt.ignored.urls=mediaFileAdd!save.rol, #users.ldap.registry.attributes.locale=locale #users.ldap.registry.attributes.timezone=timezone -# If you don't want user credentials from LDAP to be stored in Roller -# (possibly in clear-text) leave this alone, otherwise set to true. -# i.e. you would like a backup auth mechanism in case LDAP is down. -users.sso.passwords.save=false - -# if you don't want passwords stored in DB, set this to the default value. -users.sso.passwords.defaultValue=<usingSSO> - -users.sso.autoProvision.enabled=false -users.sso.autoProvision.className=\ +users.ldap.autoProvision.enabled=false +users.ldap.autoProvision.className=\ org.apache.roller.weblogger.ui.core.security.BasicUserAutoProvision #-----------------------------------------------------------------------------