roller-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Glen Mazza (JIRA)" <>
Subject [jira] [Updated] (ROL-1968) Upgrade Spring Security from 2.0.7 to 3.1.4
Date Mon, 12 Aug 2013 18:12:49 GMT


Glen Mazza updated ROL-1968:

    Attachment: SpringSecurity.patch
> Upgrade Spring Security from 2.0.7 to 3.1.4
> -------------------------------------------
>                 Key: ROL-1968
>                 URL:
>             Project: Roller
>          Issue Type: Task
>    Affects Versions: 5.1
>            Reporter: Glen Mazza
>            Assignee: Roller Unassigned
>         Attachments: SpringSecurity.patch
> The enclosed patch gets us codewise about (my guess) 95-98% there, but there is some
configuration error in the updated security.xml that makes it all for naught.  Basically,
the app will compile and run via mvn jetty:run at http://localhost:8080/roller but authentication
of the first user created at the login screen *always* fails.  I'm attaching the patch of
what I have so far in case somebody wants to be a hero and get the remaining 2-5% in--I'll
try to work on it more myself as well.
> Debugging can be done via IntelliJ by doing Menu item Run -> Edit Configurations,
adding a new Maven config item ("debug Roller") with a working directory of /full/path/to/app/folder
and a command line option of "jetty:run".  Then add breakpoints to the code and choose Menu
Item Run -> "debug Roller".  It's difficult to debug however, as most of the code is Spring
internal via the XML Configuration file and not Roller code. 
> We don't need to get the OpenID auth method working to commit this patch (AFAICT it needed
updating to work in 2.0.7 as it wasn't working right OOTB anyway) -- I can look into that
later, but just to get the standard username/login at the command prompt working would be
good enough to commit this patch.  I'm partly inclined to commit this patch anyway and hold
Roller trunk hostage, meaning *nobody* can use trunk until somebody patches it to get Spring
Security 3.1 working, but I'll pass on such a drastic step.  :)

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see:

View raw message