dhis2-devs team mailing list archive
-
dhis2-devs team
-
Mailing list archive
-
Message #05241
[Branch ~dhis2-devs-core/dhis2/trunk] Rev 1716: STQC security: added system settings for max attempts before lockout and lockout time
------------------------------------------------------------
revno: 1716
committer: Saptarshi <sunbiz@xxxxxxxxx>
branch nick: trunk
timestamp: Wed 2010-03-31 18:44:55 +0200
message:
STQC security: added system settings for max attempts before lockout and lockout time
modified:
dhis-2/dhis-api/src/main/java/org/hisp/dhis/useraudit/UserAuditService.java
dhis-2/dhis-options/src/main/java/org/hisp/dhis/options/SystemSettingManager.java
dhis-2/dhis-services/dhis-service-administration/pom.xml
dhis-2/dhis-services/dhis-service-administration/src/main/java/org/hisp/dhis/useraudit/DefaultUserAuditService.java
dhis-2/dhis-services/dhis-service-administration/src/main/resources/META-INF/dhis/beans.xml
dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/interceptor/SystemSettingInterceptor.java
dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-settings/src/main/java/org/hisp/dhis/settings/action/system/SetSystemSettingsAction.java
dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-settings/src/main/resources/org/hisp/dhis/settings/i18n_module.properties
dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-settings/src/main/webapp/dhis-web-maintenance-settings/systemSettings.vm
--
lp:dhis2
https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk
Your team DHIS 2 developers is subscribed to branch lp:dhis2.
To unsubscribe from this branch go to https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk/+edit-subscription
=== modified file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/useraudit/UserAuditService.java'
--- dhis-2/dhis-api/src/main/java/org/hisp/dhis/useraudit/UserAuditService.java 2010-03-30 23:08:42 +0000
+++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/useraudit/UserAuditService.java 2010-03-31 16:44:55 +0000
@@ -32,9 +32,6 @@
*/
public interface UserAuditService
{
- final int TIMEFRAME_MINUTES = 10; //TODO: through System Settings
- final int MAX_NUMBER_OF_ATTEMPTS = 5; //TODO: through System Settings
-
void registerLoginSuccess( String username );
void registerLogout( String username );
=== modified file 'dhis-2/dhis-options/src/main/java/org/hisp/dhis/options/SystemSettingManager.java'
--- dhis-2/dhis-options/src/main/java/org/hisp/dhis/options/SystemSettingManager.java 2009-12-21 05:32:40 +0000
+++ dhis-2/dhis-options/src/main/java/org/hisp/dhis/options/SystemSettingManager.java 2010-03-31 16:44:55 +0000
@@ -47,6 +47,9 @@
final String KEY_OMIT_INDICATORS_ZERO_NUMERATOR_DATAMART = "omitIndicatorsZeroNumeratorDataMart";
final String KEY_REPORT_TEMPLATE_DIRECTORY = "reportTemplateDirectory";
final String KEY_REPORT_FRAMEWORK = "reportFramework";
+
+ final String KEY_MAX_NUMBER_OF_ATTEMPTS = "maxAttempts";
+ final String KEY_TIMEFRAME_MINUTES = "lockoutTimeframe";
final String KEY_CHR_IMAGE_DIRECTORY = "chrImageDirectory";
final String KEY_CHR_NUMBER_OF_RECORDS = "chrNumberOfRecords";
=== modified file 'dhis-2/dhis-services/dhis-service-administration/pom.xml'
--- dhis-2/dhis-services/dhis-service-administration/pom.xml 2010-03-12 11:05:35 +0000
+++ dhis-2/dhis-services/dhis-service-administration/pom.xml 2010-03-31 16:44:55 +0000
@@ -29,6 +29,10 @@
<groupId>org.hisp.dhis</groupId>
<artifactId>dhis-service-core</artifactId>
</dependency>
+ <dependency>
+ <groupId>org.hisp.dhis</groupId>
+ <artifactId>dhis-options</artifactId>
+ </dependency>
<!-- Other -->
@@ -42,7 +46,7 @@
</dependency>
</dependencies>
- <properties>
- <rootDir>../../</rootDir>
- </properties>
+ <properties>
+ <rootDir>../../</rootDir>
+ </properties>
</project>
=== modified file 'dhis-2/dhis-services/dhis-service-administration/src/main/java/org/hisp/dhis/useraudit/DefaultUserAuditService.java'
--- dhis-2/dhis-services/dhis-service-administration/src/main/java/org/hisp/dhis/useraudit/DefaultUserAuditService.java 2010-03-30 23:08:42 +0000
+++ dhis-2/dhis-services/dhis-service-administration/src/main/java/org/hisp/dhis/useraudit/DefaultUserAuditService.java 2010-03-31 16:44:55 +0000
@@ -32,10 +32,17 @@
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
+import org.hisp.dhis.options.SystemSettingManager;
import org.springframework.transaction.annotation.Transactional;
+import static org.hisp.dhis.options.SystemSettingManager.KEY_MAX_NUMBER_OF_ATTEMPTS;
+import static org.hisp.dhis.options.SystemSettingManager.KEY_TIMEFRAME_MINUTES;
+
/**
* @author Lars Helge Overland
+ *
+ * TODO: Cleanup code by MAX_NUMBER_OF_ATTEMPTS and TIMEFRAME_MINUTES loading
+ * in system setting with default values through startup routine
*/
public class DefaultUserAuditService
implements UserAuditService
@@ -43,6 +50,16 @@
private static final Log log = LogFactory.getLog( DefaultUserAuditService.class );
+ // -------------------------------------------------------------------------
+ // Dependencies
+ // -------------------------------------------------------------------------
+ private SystemSettingManager systemSettingManager;
+
+ public void setSystemSettingManager( SystemSettingManager systemSettingManager )
+ {
+ this.systemSettingManager = systemSettingManager;
+ }
+
private UserAuditStore userAuditStore;
public void setUserAuditStore( UserAuditStore userAuditStore )
@@ -74,19 +91,22 @@
int no = userAuditStore.getLoginFailures( username, getDate() );
+ int MAX_NUMBER_OF_ATTEMPTS = 5; //DEFAULT
+
+ if ( systemSettingManager.getSystemSetting( KEY_MAX_NUMBER_OF_ATTEMPTS ) != null )
+ {
+ MAX_NUMBER_OF_ATTEMPTS = (Integer) systemSettingManager.getSystemSetting( KEY_MAX_NUMBER_OF_ATTEMPTS );
+ } else
+ {
+ systemSettingManager.saveSystemSetting( KEY_MAX_NUMBER_OF_ATTEMPTS, 5 );
+ }
+
if ( no >= MAX_NUMBER_OF_ATTEMPTS )
{
log.info( "Max number of login attempts exceeded: '" + username + "'" );
}
}
- private Date getDate()
- {
- Calendar cal = Calendar.getInstance();
- cal.add( Calendar.MINUTE, TIMEFRAME_MINUTES * -1 );
- return cal.getTime();
- }
-
@Transactional
@Override
public int getLoginFailures( String username )
@@ -98,12 +118,32 @@
@Override
public int getMaxAttempts()
{
+ int MAX_NUMBER_OF_ATTEMPTS = 5;
+
+ if ( systemSettingManager.getSystemSetting( KEY_MAX_NUMBER_OF_ATTEMPTS ) != null )
+ {
+ MAX_NUMBER_OF_ATTEMPTS = (Integer) systemSettingManager.getSystemSetting( KEY_MAX_NUMBER_OF_ATTEMPTS );
+ } else
+ {
+ systemSettingManager.saveSystemSetting( KEY_MAX_NUMBER_OF_ATTEMPTS, 5 );
+ }
+
return MAX_NUMBER_OF_ATTEMPTS;
}
@Override
public int getLockoutTimeframe()
{
+ int TIMEFRAME_MINUTES = 10; //DEFAULT
+
+ if ( systemSettingManager.getSystemSetting( KEY_TIMEFRAME_MINUTES ) != null )
+ {
+ TIMEFRAME_MINUTES = (Integer) systemSettingManager.getSystemSetting( KEY_TIMEFRAME_MINUTES );
+ } else
+ {
+ systemSettingManager.saveSystemSetting( KEY_TIMEFRAME_MINUTES, 10 );
+ }
+
return TIMEFRAME_MINUTES;
}
@@ -112,4 +152,21 @@
{
userAuditStore.resetLoginFailures( username, getDate() );
}
+
+ private Date getDate()
+ {
+ int TIMEFRAME_MINUTES = 10;
+
+ if ( systemSettingManager.getSystemSetting( KEY_TIMEFRAME_MINUTES ) != null )
+ {
+ TIMEFRAME_MINUTES = (Integer) systemSettingManager.getSystemSetting( KEY_TIMEFRAME_MINUTES );
+ } else
+ {
+ systemSettingManager.saveSystemSetting( KEY_TIMEFRAME_MINUTES, 10 );
+ }
+
+ Calendar cal = Calendar.getInstance();
+ cal.add( Calendar.MINUTE, TIMEFRAME_MINUTES * -1 );
+ return cal.getTime();
+ }
}
=== modified file 'dhis-2/dhis-services/dhis-service-administration/src/main/resources/META-INF/dhis/beans.xml'
--- dhis-2/dhis-services/dhis-service-administration/src/main/resources/META-INF/dhis/beans.xml 2010-03-06 16:00:25 +0000
+++ dhis-2/dhis-services/dhis-service-administration/src/main/resources/META-INF/dhis/beans.xml 2010-03-31 16:44:55 +0000
@@ -137,8 +137,8 @@
<bean id="org.hisp.dhis.useraudit.UserAuditService"
class="org.hisp.dhis.useraudit.DefaultUserAuditService">
- <property name="userAuditStore"
- ref="org.hisp.dhis.useraudit.UserAuditStore"/>
+ <property name="userAuditStore" ref="org.hisp.dhis.useraudit.UserAuditStore"/>
+ <property name="systemSettingManager" ref="org.hisp.dhis.options.SystemSettingManager" />
</bean>
<bean id="org.hisp.dhis.useraudit.UserAuditStore"
=== modified file 'dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/interceptor/SystemSettingInterceptor.java'
--- dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/interceptor/SystemSettingInterceptor.java 2009-12-21 05:32:40 +0000
+++ dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/interceptor/SystemSettingInterceptor.java 2010-03-31 16:44:55 +0000
@@ -28,6 +28,8 @@
*/
import static org.hisp.dhis.options.SystemSettingManager.KEY_APPLICATION_TITLE;
+import static org.hisp.dhis.options.SystemSettingManager.KEY_MAX_NUMBER_OF_ATTEMPTS;
+import static org.hisp.dhis.options.SystemSettingManager.KEY_TIMEFRAME_MINUTES;
import static org.hisp.dhis.options.SystemSettingManager.KEY_FLAG;
import static org.hisp.dhis.options.SystemSettingManager.KEY_FORUM_INTEGRATION;
import static org.hisp.dhis.options.SystemSettingManager.KEY_OMIT_INDICATORS_ZERO_NUMERATOR_DATAMART;
@@ -81,6 +83,8 @@
Map<String, Object> map = new HashMap<String, Object>( 2 );
map.put( KEY_APPLICATION_TITLE, systemSettingManager.getSystemSetting( KEY_APPLICATION_TITLE ) );
+ map.put( KEY_MAX_NUMBER_OF_ATTEMPTS, systemSettingManager.getSystemSetting( KEY_MAX_NUMBER_OF_ATTEMPTS ) );
+ map.put( KEY_TIMEFRAME_MINUTES, systemSettingManager.getSystemSetting( KEY_TIMEFRAME_MINUTES ) );
map.put( KEY_FLAG, systemSettingManager.getSystemSetting( KEY_FLAG ) );
map.put( KEY_START_MODULE, systemSettingManager.getSystemSetting( KEY_START_MODULE ) );
map.put( KEY_REPORT_FRAMEWORK, systemSettingManager.getSystemSetting( KEY_REPORT_FRAMEWORK, Report.TYPE_DEFAULT ) );
=== modified file 'dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-settings/src/main/java/org/hisp/dhis/settings/action/system/SetSystemSettingsAction.java'
--- dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-settings/src/main/java/org/hisp/dhis/settings/action/system/SetSystemSettingsAction.java 2009-12-21 05:32:40 +0000
+++ dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-settings/src/main/java/org/hisp/dhis/settings/action/system/SetSystemSettingsAction.java 2010-03-31 16:44:55 +0000
@@ -28,6 +28,8 @@
*/
import static org.hisp.dhis.options.SystemSettingManager.KEY_APPLICATION_TITLE;
+import static org.hisp.dhis.options.SystemSettingManager.KEY_MAX_NUMBER_OF_ATTEMPTS;
+import static org.hisp.dhis.options.SystemSettingManager.KEY_TIMEFRAME_MINUTES;
import static org.hisp.dhis.options.SystemSettingManager.KEY_FLAG;
import static org.hisp.dhis.options.SystemSettingManager.KEY_FORUM_INTEGRATION;
import static org.hisp.dhis.options.SystemSettingManager.KEY_REPORT_FRAMEWORK;
@@ -61,7 +63,6 @@
// -------------------------------------------------------------------------
// Output
// -------------------------------------------------------------------------
-
private String applicationTitle;
public void setApplicationTitle( String applicationTitle )
@@ -69,6 +70,20 @@
this.applicationTitle = applicationTitle;
}
+ private int maxAttempts;
+
+ public void setMaxAttempts( int maxAttempts )
+ {
+ this.maxAttempts = maxAttempts;
+ }
+
+ private int lockoutTimeframe;
+
+ public void setLockoutTimeframe( int lockoutTimeframe )
+ {
+ this.lockoutTimeframe = lockoutTimeframe;
+ }
+
private String flag;
public void setFlag( String flag )
@@ -121,7 +136,6 @@
// -------------------------------------------------------------------------
// Action implementation
// -------------------------------------------------------------------------
-
public String execute()
{
if ( applicationTitle != null && applicationTitle.trim().length() == 0 )
@@ -140,6 +154,8 @@
}
systemSettingManager.saveSystemSetting( KEY_APPLICATION_TITLE, applicationTitle );
+ systemSettingManager.saveSystemSetting( KEY_MAX_NUMBER_OF_ATTEMPTS, maxAttempts );
+ systemSettingManager.saveSystemSetting( KEY_TIMEFRAME_MINUTES, lockoutTimeframe );
systemSettingManager.saveSystemSetting( KEY_FLAG, flag );
systemSettingManager.saveSystemSetting( KEY_START_MODULE, startModule );
systemSettingManager.saveSystemSetting( KEY_REPORT_FRAMEWORK, reportFramework );
@@ -147,8 +163,7 @@
systemSettingManager.saveSystemSetting( KEY_FORUM_INTEGRATION, forumIntegration );
systemSettingManager.saveSystemSetting( KEY_OMIT_INDICATORS_ZERO_NUMERATOR_DATAMART,
omitIndicatorsZeroNumeratorDataMart );
- systemSettingManager
- .saveSystemSetting( KEY_DISABLE_DATAENTRYFORM_WHEN_COMPLETED, disableDataEntryWhenCompleted );
+ systemSettingManager.saveSystemSetting( KEY_DISABLE_DATAENTRYFORM_WHEN_COMPLETED, disableDataEntryWhenCompleted );
return SUCCESS;
}
=== modified file 'dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-settings/src/main/resources/org/hisp/dhis/settings/i18n_module.properties'
--- dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-settings/src/main/resources/org/hisp/dhis/settings/i18n_module.properties 2010-02-10 17:00:47 +0000
+++ dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-settings/src/main/resources/org/hisp/dhis/settings/i18n_module.properties 2010-03-31 16:44:55 +0000
@@ -13,6 +13,8 @@
custom = Custom
user_settings = User settings
application_title = Application title
+max_attempts = Maximum no. of failed attempts before lockout
+lockout_timeframe = Minutes of lockout
top_background_color = Top background colour
left_background_color = Left background colour
title_color = Title text colour
=== modified file 'dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-settings/src/main/webapp/dhis-web-maintenance-settings/systemSettings.vm'
--- dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-settings/src/main/webapp/dhis-web-maintenance-settings/systemSettings.vm 2009-12-21 05:32:40 +0000
+++ dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-settings/src/main/webapp/dhis-web-maintenance-settings/systemSettings.vm 2010-03-31 16:44:55 +0000
@@ -7,6 +7,14 @@
<p><input type="text" name="applicationTitle" style="width:30em" value="$!applicationTitle"></p>
+<h4>$i18n.getString( "max_attempts" )</h4>
+
+<p><input type="text" name="maxAttempts" style="width:30em" value="$!maxAttempts"></p>
+
+<h4>$i18n.getString( "lockout_timeframe" )</h4>
+
+<p><input type="text" name="lockoutTimeframe" style="width:30em" value="$!lockoutTimeframe"></p>
+
<h4>$i18n.getString( "flag" )</h4>
<p>