← Back to team overview

dhis2-devs team mailing list archive

[Branch ~dhis2-devs-core/dhis2/trunk] Rev 1716: STQC security: added system settings for max attempts before lockout and lockout time

 

------------------------------------------------------------
revno: 1716
committer: Saptarshi <sunbiz@xxxxxxxxx>
branch nick: trunk
timestamp: Wed 2010-03-31 18:44:55 +0200
message:
  STQC security: added system settings for max attempts before lockout and lockout time
modified:
  dhis-2/dhis-api/src/main/java/org/hisp/dhis/useraudit/UserAuditService.java
  dhis-2/dhis-options/src/main/java/org/hisp/dhis/options/SystemSettingManager.java
  dhis-2/dhis-services/dhis-service-administration/pom.xml
  dhis-2/dhis-services/dhis-service-administration/src/main/java/org/hisp/dhis/useraudit/DefaultUserAuditService.java
  dhis-2/dhis-services/dhis-service-administration/src/main/resources/META-INF/dhis/beans.xml
  dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/interceptor/SystemSettingInterceptor.java
  dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-settings/src/main/java/org/hisp/dhis/settings/action/system/SetSystemSettingsAction.java
  dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-settings/src/main/resources/org/hisp/dhis/settings/i18n_module.properties
  dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-settings/src/main/webapp/dhis-web-maintenance-settings/systemSettings.vm


--
lp:dhis2
https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk

Your team DHIS 2 developers is subscribed to branch lp:dhis2.
To unsubscribe from this branch go to https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk/+edit-subscription
=== modified file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/useraudit/UserAuditService.java'
--- dhis-2/dhis-api/src/main/java/org/hisp/dhis/useraudit/UserAuditService.java	2010-03-30 23:08:42 +0000
+++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/useraudit/UserAuditService.java	2010-03-31 16:44:55 +0000
@@ -32,9 +32,6 @@
  */
 public interface UserAuditService
 {
-    final int TIMEFRAME_MINUTES = 10; //TODO: through System Settings
-    final int MAX_NUMBER_OF_ATTEMPTS = 5; //TODO: through System Settings
-    
     void registerLoginSuccess( String username );
     
     void registerLogout( String username );

=== modified file 'dhis-2/dhis-options/src/main/java/org/hisp/dhis/options/SystemSettingManager.java'
--- dhis-2/dhis-options/src/main/java/org/hisp/dhis/options/SystemSettingManager.java	2009-12-21 05:32:40 +0000
+++ dhis-2/dhis-options/src/main/java/org/hisp/dhis/options/SystemSettingManager.java	2010-03-31 16:44:55 +0000
@@ -47,6 +47,9 @@
     final String KEY_OMIT_INDICATORS_ZERO_NUMERATOR_DATAMART = "omitIndicatorsZeroNumeratorDataMart";
     final String KEY_REPORT_TEMPLATE_DIRECTORY = "reportTemplateDirectory";
     final String KEY_REPORT_FRAMEWORK = "reportFramework";
+
+    final String KEY_MAX_NUMBER_OF_ATTEMPTS = "maxAttempts";
+    final String KEY_TIMEFRAME_MINUTES = "lockoutTimeframe";
     
     final String KEY_CHR_IMAGE_DIRECTORY = "chrImageDirectory";
     final String KEY_CHR_NUMBER_OF_RECORDS = "chrNumberOfRecords";

=== modified file 'dhis-2/dhis-services/dhis-service-administration/pom.xml'
--- dhis-2/dhis-services/dhis-service-administration/pom.xml	2010-03-12 11:05:35 +0000
+++ dhis-2/dhis-services/dhis-service-administration/pom.xml	2010-03-31 16:44:55 +0000
@@ -29,6 +29,10 @@
       <groupId>org.hisp.dhis</groupId>
       <artifactId>dhis-service-core</artifactId>
     </dependency>
+    <dependency>
+      <groupId>org.hisp.dhis</groupId>
+      <artifactId>dhis-options</artifactId>
+    </dependency>
     
     <!-- Other -->
     
@@ -42,7 +46,7 @@
     </dependency>
     
   </dependencies>
-  <properties>
-    <rootDir>../../</rootDir>
-  </properties>
+  <properties>
+    <rootDir>../../</rootDir>
+  </properties>
 </project>

=== modified file 'dhis-2/dhis-services/dhis-service-administration/src/main/java/org/hisp/dhis/useraudit/DefaultUserAuditService.java'
--- dhis-2/dhis-services/dhis-service-administration/src/main/java/org/hisp/dhis/useraudit/DefaultUserAuditService.java	2010-03-30 23:08:42 +0000
+++ dhis-2/dhis-services/dhis-service-administration/src/main/java/org/hisp/dhis/useraudit/DefaultUserAuditService.java	2010-03-31 16:44:55 +0000
@@ -32,10 +32,17 @@
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+import org.hisp.dhis.options.SystemSettingManager;
 import org.springframework.transaction.annotation.Transactional;
 
+import static org.hisp.dhis.options.SystemSettingManager.KEY_MAX_NUMBER_OF_ATTEMPTS;
+import static org.hisp.dhis.options.SystemSettingManager.KEY_TIMEFRAME_MINUTES;
+
 /**
  * @author Lars Helge Overland
+ *
+ * TODO: Cleanup code by MAX_NUMBER_OF_ATTEMPTS and TIMEFRAME_MINUTES loading
+ * in system setting with default values through startup routine
  */
 public class DefaultUserAuditService
     implements UserAuditService
@@ -43,6 +50,16 @@
 
     private static final Log log = LogFactory.getLog( DefaultUserAuditService.class );
 
+    // -------------------------------------------------------------------------
+    // Dependencies
+    // -------------------------------------------------------------------------
+    private SystemSettingManager systemSettingManager;
+
+    public void setSystemSettingManager( SystemSettingManager systemSettingManager )
+    {
+        this.systemSettingManager = systemSettingManager;
+    }
+
     private UserAuditStore userAuditStore;
 
     public void setUserAuditStore( UserAuditStore userAuditStore )
@@ -74,19 +91,22 @@
 
         int no = userAuditStore.getLoginFailures( username, getDate() );
 
+        int MAX_NUMBER_OF_ATTEMPTS = 5; //DEFAULT
+
+        if ( systemSettingManager.getSystemSetting( KEY_MAX_NUMBER_OF_ATTEMPTS ) != null )
+        {
+            MAX_NUMBER_OF_ATTEMPTS = (Integer) systemSettingManager.getSystemSetting( KEY_MAX_NUMBER_OF_ATTEMPTS );
+        } else
+        {
+            systemSettingManager.saveSystemSetting( KEY_MAX_NUMBER_OF_ATTEMPTS, 5 );
+        }
+
         if ( no >= MAX_NUMBER_OF_ATTEMPTS )
         {
             log.info( "Max number of login attempts exceeded: '" + username + "'" );
         }
     }
 
-    private Date getDate()
-    {
-        Calendar cal = Calendar.getInstance();
-        cal.add( Calendar.MINUTE, TIMEFRAME_MINUTES * -1 );
-        return cal.getTime();
-    }
-
     @Transactional
     @Override
     public int getLoginFailures( String username )
@@ -98,12 +118,32 @@
     @Override
     public int getMaxAttempts()
     {
+        int MAX_NUMBER_OF_ATTEMPTS = 5;
+
+        if ( systemSettingManager.getSystemSetting( KEY_MAX_NUMBER_OF_ATTEMPTS ) != null )
+        {
+            MAX_NUMBER_OF_ATTEMPTS = (Integer) systemSettingManager.getSystemSetting( KEY_MAX_NUMBER_OF_ATTEMPTS );
+        } else
+        {
+            systemSettingManager.saveSystemSetting( KEY_MAX_NUMBER_OF_ATTEMPTS, 5 );
+        }
+
         return MAX_NUMBER_OF_ATTEMPTS;
     }
 
     @Override
     public int getLockoutTimeframe()
     {
+        int TIMEFRAME_MINUTES = 10; //DEFAULT
+
+        if ( systemSettingManager.getSystemSetting( KEY_TIMEFRAME_MINUTES ) != null )
+        {
+            TIMEFRAME_MINUTES = (Integer) systemSettingManager.getSystemSetting( KEY_TIMEFRAME_MINUTES );
+        } else
+        {
+            systemSettingManager.saveSystemSetting( KEY_TIMEFRAME_MINUTES, 10 );
+        }
+
         return TIMEFRAME_MINUTES;
     }
 
@@ -112,4 +152,21 @@
     {
         userAuditStore.resetLoginFailures( username, getDate() );
     }
+
+    private Date getDate()
+    {
+        int TIMEFRAME_MINUTES = 10;
+
+        if ( systemSettingManager.getSystemSetting( KEY_TIMEFRAME_MINUTES ) != null )
+        {
+            TIMEFRAME_MINUTES = (Integer) systemSettingManager.getSystemSetting( KEY_TIMEFRAME_MINUTES );
+        } else
+        {
+            systemSettingManager.saveSystemSetting( KEY_TIMEFRAME_MINUTES, 10 );
+        }
+
+        Calendar cal = Calendar.getInstance();
+        cal.add( Calendar.MINUTE, TIMEFRAME_MINUTES * -1 );
+        return cal.getTime();
+    }
 }

=== modified file 'dhis-2/dhis-services/dhis-service-administration/src/main/resources/META-INF/dhis/beans.xml'
--- dhis-2/dhis-services/dhis-service-administration/src/main/resources/META-INF/dhis/beans.xml	2010-03-06 16:00:25 +0000
+++ dhis-2/dhis-services/dhis-service-administration/src/main/resources/META-INF/dhis/beans.xml	2010-03-31 16:44:55 +0000
@@ -137,8 +137,8 @@
   
   <bean id="org.hisp.dhis.useraudit.UserAuditService"
 	class="org.hisp.dhis.useraudit.DefaultUserAuditService">
-	<property name="userAuditStore"
-	  ref="org.hisp.dhis.useraudit.UserAuditStore"/>
+	<property name="userAuditStore" ref="org.hisp.dhis.useraudit.UserAuditStore"/>
+    <property name="systemSettingManager" ref="org.hisp.dhis.options.SystemSettingManager" />
   </bean>
 	
   <bean id="org.hisp.dhis.useraudit.UserAuditStore"

=== modified file 'dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/interceptor/SystemSettingInterceptor.java'
--- dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/interceptor/SystemSettingInterceptor.java	2009-12-21 05:32:40 +0000
+++ dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/interceptor/SystemSettingInterceptor.java	2010-03-31 16:44:55 +0000
@@ -28,6 +28,8 @@
  */
 
 import static org.hisp.dhis.options.SystemSettingManager.KEY_APPLICATION_TITLE;
+import static org.hisp.dhis.options.SystemSettingManager.KEY_MAX_NUMBER_OF_ATTEMPTS;
+import static org.hisp.dhis.options.SystemSettingManager.KEY_TIMEFRAME_MINUTES;
 import static org.hisp.dhis.options.SystemSettingManager.KEY_FLAG;
 import static org.hisp.dhis.options.SystemSettingManager.KEY_FORUM_INTEGRATION;
 import static org.hisp.dhis.options.SystemSettingManager.KEY_OMIT_INDICATORS_ZERO_NUMERATOR_DATAMART;
@@ -81,6 +83,8 @@
         Map<String, Object> map = new HashMap<String, Object>( 2 );
         
         map.put( KEY_APPLICATION_TITLE, systemSettingManager.getSystemSetting( KEY_APPLICATION_TITLE ) );
+        map.put( KEY_MAX_NUMBER_OF_ATTEMPTS, systemSettingManager.getSystemSetting( KEY_MAX_NUMBER_OF_ATTEMPTS ) );
+        map.put( KEY_TIMEFRAME_MINUTES, systemSettingManager.getSystemSetting( KEY_TIMEFRAME_MINUTES ) );
         map.put( KEY_FLAG, systemSettingManager.getSystemSetting( KEY_FLAG ) );
         map.put( KEY_START_MODULE, systemSettingManager.getSystemSetting( KEY_START_MODULE ) );
         map.put( KEY_REPORT_FRAMEWORK, systemSettingManager.getSystemSetting( KEY_REPORT_FRAMEWORK, Report.TYPE_DEFAULT ) );

=== modified file 'dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-settings/src/main/java/org/hisp/dhis/settings/action/system/SetSystemSettingsAction.java'
--- dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-settings/src/main/java/org/hisp/dhis/settings/action/system/SetSystemSettingsAction.java	2009-12-21 05:32:40 +0000
+++ dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-settings/src/main/java/org/hisp/dhis/settings/action/system/SetSystemSettingsAction.java	2010-03-31 16:44:55 +0000
@@ -28,6 +28,8 @@
  */
 
 import static org.hisp.dhis.options.SystemSettingManager.KEY_APPLICATION_TITLE;
+import static org.hisp.dhis.options.SystemSettingManager.KEY_MAX_NUMBER_OF_ATTEMPTS;
+import static org.hisp.dhis.options.SystemSettingManager.KEY_TIMEFRAME_MINUTES;
 import static org.hisp.dhis.options.SystemSettingManager.KEY_FLAG;
 import static org.hisp.dhis.options.SystemSettingManager.KEY_FORUM_INTEGRATION;
 import static org.hisp.dhis.options.SystemSettingManager.KEY_REPORT_FRAMEWORK;
@@ -61,7 +63,6 @@
     // -------------------------------------------------------------------------
     // Output
     // -------------------------------------------------------------------------
-
     private String applicationTitle;
 
     public void setApplicationTitle( String applicationTitle )
@@ -69,6 +70,20 @@
         this.applicationTitle = applicationTitle;
     }
 
+    private int maxAttempts;
+
+    public void setMaxAttempts( int maxAttempts )
+    {
+        this.maxAttempts = maxAttempts;
+    }
+
+    private int lockoutTimeframe;
+
+    public void setLockoutTimeframe( int lockoutTimeframe )
+    {
+        this.lockoutTimeframe = lockoutTimeframe;
+    }
+
     private String flag;
 
     public void setFlag( String flag )
@@ -121,7 +136,6 @@
     // -------------------------------------------------------------------------
     // Action implementation
     // -------------------------------------------------------------------------
-
     public String execute()
     {
         if ( applicationTitle != null && applicationTitle.trim().length() == 0 )
@@ -140,6 +154,8 @@
         }
 
         systemSettingManager.saveSystemSetting( KEY_APPLICATION_TITLE, applicationTitle );
+        systemSettingManager.saveSystemSetting( KEY_MAX_NUMBER_OF_ATTEMPTS, maxAttempts );
+        systemSettingManager.saveSystemSetting( KEY_TIMEFRAME_MINUTES, lockoutTimeframe );
         systemSettingManager.saveSystemSetting( KEY_FLAG, flag );
         systemSettingManager.saveSystemSetting( KEY_START_MODULE, startModule );
         systemSettingManager.saveSystemSetting( KEY_REPORT_FRAMEWORK, reportFramework );
@@ -147,8 +163,7 @@
         systemSettingManager.saveSystemSetting( KEY_FORUM_INTEGRATION, forumIntegration );
         systemSettingManager.saveSystemSetting( KEY_OMIT_INDICATORS_ZERO_NUMERATOR_DATAMART,
             omitIndicatorsZeroNumeratorDataMart );
-        systemSettingManager
-            .saveSystemSetting( KEY_DISABLE_DATAENTRYFORM_WHEN_COMPLETED, disableDataEntryWhenCompleted );
+        systemSettingManager.saveSystemSetting( KEY_DISABLE_DATAENTRYFORM_WHEN_COMPLETED, disableDataEntryWhenCompleted );
 
         return SUCCESS;
     }

=== modified file 'dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-settings/src/main/resources/org/hisp/dhis/settings/i18n_module.properties'
--- dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-settings/src/main/resources/org/hisp/dhis/settings/i18n_module.properties	2010-02-10 17:00:47 +0000
+++ dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-settings/src/main/resources/org/hisp/dhis/settings/i18n_module.properties	2010-03-31 16:44:55 +0000
@@ -13,6 +13,8 @@
 custom = Custom
 user_settings = User settings
 application_title = Application title
+max_attempts = Maximum no. of failed attempts before lockout
+lockout_timeframe = Minutes of lockout
 top_background_color = Top background colour
 left_background_color = Left background colour
 title_color = Title text colour

=== modified file 'dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-settings/src/main/webapp/dhis-web-maintenance-settings/systemSettings.vm'
--- dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-settings/src/main/webapp/dhis-web-maintenance-settings/systemSettings.vm	2009-12-21 05:32:40 +0000
+++ dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-settings/src/main/webapp/dhis-web-maintenance-settings/systemSettings.vm	2010-03-31 16:44:55 +0000
@@ -7,6 +7,14 @@
 
 <p><input type="text" name="applicationTitle" style="width:30em" value="$!applicationTitle"></p>
 
+<h4>$i18n.getString( "max_attempts" )</h4>
+
+<p><input type="text" name="maxAttempts" style="width:30em" value="$!maxAttempts"></p>
+
+<h4>$i18n.getString( "lockout_timeframe" )</h4>
+
+<p><input type="text" name="lockoutTimeframe" style="width:30em" value="$!lockoutTimeframe"></p>
+
 <h4>$i18n.getString( "flag" )</h4>
 
 <p>