roller-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From snoopd...@apache.org
Subject [roller] branch master updated: More remember-me fixes.
Date Sun, 19 May 2019 21:07:10 GMT
This is an automated email from the ASF dual-hosted git repository.

snoopdave pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/roller.git


The following commit(s) were added to refs/heads/master by this push:
     new 88f02b9  More remember-me fixes.
88f02b9 is described below

commit 88f02b99f0a286e37115fd7a7a18d7d7d5d07224
Author: snoopdave@gmail.com <snoopdave@gmail.com>
AuthorDate: Sun May 19 16:53:40 2019 -0400

    More remember-me fixes.
---
 .../apache/roller/weblogger/ui/core/RollerContext.java  |  7 ++-----
 .../RollerRememberMeAuthenticationProvider.java         |  3 +++
 .../ui/core/security/RollerRememberMeServices.java      | 17 ++++++++++++++---
 app/src/main/webapp/WEB-INF/security.xml                |  3 ++-
 4 files changed, 21 insertions(+), 9 deletions(-)

diff --git a/app/src/main/java/org/apache/roller/weblogger/ui/core/RollerContext.java b/app/src/main/java/org/apache/roller/weblogger/ui/core/RollerContext.java
index b4517a5..1acc7f4 100644
--- a/app/src/main/java/org/apache/roller/weblogger/ui/core/RollerContext.java
+++ b/app/src/main/java/org/apache/roller/weblogger/ui/core/RollerContext.java
@@ -234,10 +234,6 @@ public class RollerContext extends ContextLoaderListener
         ApplicationContext ctx =
                 WebApplicationContextUtils.getRequiredWebApplicationContext(context);
 
-        /*String[] beanNames = ctx.getBeanDefinitionNames();
-        for (String name : beanNames)
-            System.out.println(name);*/
-
         String rememberMe = WebloggerConfig.getProperty("rememberme.enabled");
         boolean rememberMeEnabled = Boolean.valueOf(rememberMe);
 
@@ -246,7 +242,8 @@ public class RollerContext extends ContextLoaderListener
         context.setAttribute("rememberMeEnabled", rememberMe);
 
         if (!rememberMeEnabled) {
-            ProviderManager provider = (ProviderManager) ctx.getBean("_authenticationManager");
+            ProviderManager provider =
+                (ProviderManager) ctx.getBean("org.springframework.security.authenticationManager");
             for (AuthenticationProvider authProvider : provider.getProviders()) {
                 if (authProvider instanceof RememberMeAuthenticationProvider) {
                     provider.getProviders().remove(authProvider);
diff --git a/app/src/main/java/org/apache/roller/weblogger/ui/core/security/RollerRememberMeAuthenticationProvider.java
b/app/src/main/java/org/apache/roller/weblogger/ui/core/security/RollerRememberMeAuthenticationProvider.java
index 82e4322..a847abc 100644
--- a/app/src/main/java/org/apache/roller/weblogger/ui/core/security/RollerRememberMeAuthenticationProvider.java
+++ b/app/src/main/java/org/apache/roller/weblogger/ui/core/security/RollerRememberMeAuthenticationProvider.java
@@ -29,6 +29,7 @@ public class RollerRememberMeAuthenticationProvider extends RememberMeAuthentica
 
 
     public RollerRememberMeAuthenticationProvider() {
+        log.debug("initializing: RollerRememberMeAuthenticationProvider");
 
         String key = WebloggerConfig.getProperty("rememberme.key", "springRocks");
 
@@ -38,6 +39,8 @@ public class RollerRememberMeAuthenticationProvider extends RememberMeAuthentica
                 "properties file. Make sure it is a secret and make sure it is NOT be springRocks");
         }
         setKey(key);
+
+        log.debug("initialized: RollerRememberMeAuthenticationProvider with key: " + getKey());
     }
 }
 
diff --git a/app/src/main/java/org/apache/roller/weblogger/ui/core/security/RollerRememberMeServices.java
b/app/src/main/java/org/apache/roller/weblogger/ui/core/security/RollerRememberMeServices.java
index fdb920e..608d752 100644
--- a/app/src/main/java/org/apache/roller/weblogger/ui/core/security/RollerRememberMeServices.java
+++ b/app/src/main/java/org/apache/roller/weblogger/ui/core/security/RollerRememberMeServices.java
@@ -33,7 +33,20 @@ public class RollerRememberMeServices extends TokenBasedRememberMeServices
{
     private static final Log log = LogFactory.getLog(RollerRememberMeServices.class);
 
 
-    public RollerRememberMeServices() {}
+    public RollerRememberMeServices() {
+        log.debug("initializing: RollerRememberMeServices");
+
+        String key = WebloggerConfig.getProperty("rememberme.key", "springRocks");
+
+        if ("springRocks".equals(key)) {
+            throw new RuntimeException(
+                "If remember-me is to be enabled, rememberme.key must be specified in the
roller " +
+                    "properties file. Make sure it is a secret and make sure it is NOT be
springRocks");
+        }
+        setKey(key);
+
+        log.debug("initialized: RollerRememberMeServices with key: " + getKey());
+    }
 
     /**
      * Calculates the digital signature to be put in the cookie. Default value is
@@ -62,6 +75,4 @@ public class RollerRememberMeServices extends TokenBasedRememberMeServices
{
 
         return new String(Hex.encode(digest.digest(data.getBytes())));
     }
-
-
 }
diff --git a/app/src/main/webapp/WEB-INF/security.xml b/app/src/main/webapp/WEB-INF/security.xml
index 993073a..d3e8fa3 100644
--- a/app/src/main/webapp/WEB-INF/security.xml
+++ b/app/src/main/webapp/WEB-INF/security.xml
@@ -78,12 +78,13 @@
 
     <beans:bean id="rollerRememberMeServices"
                 class="org.apache.roller.weblogger.ui.core.security.RollerRememberMeServices">
-        <beans:property name="key" value="715F2448-3176-11DD-ABC6-9CD955D89593"/>
+        <beans:property name="key" value="ignored"/>
         <beans:property name="userDetailsService" ref="rollerUserService"/>
     </beans:bean>
 
     <beans:bean id="rememberMeAuthenticationProvider"
                 class="org.apache.roller.weblogger.ui.core.security.RollerRememberMeAuthenticationProvider">
+        <beans:property name="key" value="ignored"/>
     </beans:bean>
 
     <beans:bean id = "openIDAuthProvider" class="org.springframework.security.openid.OpenIDAuthenticationProvider">


Mime
View raw message