dhis2-devs team mailing list archive
-
dhis2-devs team
-
Mailing list archive
-
Message #08684
[Branch ~dhis2-devs-core/dhis2/trunk] Rev 2140: Temporarily disabled check for max no of failed login attempts. Added missing transactional annot...
------------------------------------------------------------
revno: 2140
committer: Lars Helge Overland <larshelge@xxxxxxxxx>
branch nick: dhis2
timestamp: Mon 2010-11-22 21:01:22 +0100
message:
Temporarily disabled check for max no of failed login attempts. Added missing transactional annotation in UserAuditService. Added null-check for UserAuditLogoutFilter. Searching for cause of mysterious login problem.
renamed:
dhis-2/dhis-web/dhis-web-commons-resources/src/main/webapp/dhis-web-commons/security/login.jsp => dhis-2/dhis-web/dhis-web-commons-resources/src/main/webapp/dhis-web-commons/security/login.html
dhis-2/dhis-web/dhis-web-commons-resources/src/main/webapp/dhis-web-commons/security/loginfailed.jsp => dhis-2/dhis-web/dhis-web-commons-resources/src/main/webapp/dhis-web-commons/security/loginfailed.html
modified:
dhis-2/dhis-api/src/main/java/org/hisp/dhis/useraudit/UserAuditService.java
dhis-2/dhis-services/dhis-service-administration/src/main/java/org/hisp/dhis/useraudit/DefaultUserAuditService.java
dhis-2/dhis-services/dhis-service-administration/src/main/java/org/hisp/dhis/useraudit/hibernate/HibernateUserAuditStore.java
dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/security/filter/UserAuditLogoutFilter.java
dhis-2/dhis-web/dhis-web-commons/src/main/resources/META-INF/dhis/beans.xml
dhis-2/dhis-web/dhis-web-commons-resources/src/main/webapp/dhis-web-commons/security/login.html
dhis-2/dhis-web/dhis-web-commons-resources/src/main/webapp/dhis-web-commons/security/loginfailed.html
--
lp:dhis2
https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk
Your team DHIS 2 developers is subscribed to branch lp:dhis2.
To unsubscribe from this branch go to https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk/+edit-subscription
=== modified file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/useraudit/UserAuditService.java'
--- dhis-2/dhis-api/src/main/java/org/hisp/dhis/useraudit/UserAuditService.java 2010-03-31 16:44:55 +0000
+++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/useraudit/UserAuditService.java 2010-11-22 20:01:22 +0000
@@ -38,8 +38,6 @@
void registerLoginFailure( String username );
- void resetLockoutTimeframe( String username );
-
int getLoginFailures( String username );
int getMaxAttempts();
=== modified file 'dhis-2/dhis-services/dhis-service-administration/src/main/java/org/hisp/dhis/useraudit/DefaultUserAuditService.java'
--- dhis-2/dhis-services/dhis-service-administration/src/main/java/org/hisp/dhis/useraudit/DefaultUserAuditService.java 2010-04-12 21:23:33 +0000
+++ dhis-2/dhis-services/dhis-service-administration/src/main/java/org/hisp/dhis/useraudit/DefaultUserAuditService.java 2010-11-22 20:01:22 +0000
@@ -68,12 +68,17 @@
this.userAuditStore = userAuditStore;
}
+ // -------------------------------------------------------------------------
+ // UserAuditService implementation
+ // -------------------------------------------------------------------------
+
@Override
+ @Transactional
public void registerLoginSuccess( String username )
{
log.info( "User login success: '" + username + "'" );
- resetLockoutTimeframe( username );
+ userAuditStore.resetLoginFailures( username, getDate() );
}
@Override
@@ -82,8 +87,8 @@
log.info( "User logout: '" + username + "'" );
}
+ @Override
@Transactional
- @Override
public void registerLoginFailure( String username )
{
log.info( "User login failure: '" + username + "'" );
@@ -100,8 +105,8 @@
}
}
+ @Override
@Transactional
- @Override
public int getLoginFailures( String username )
{
return userAuditStore.getLoginFailures( username, getDate() );
@@ -119,11 +124,9 @@
return (Integer) systemSettingManager.getSystemSetting( KEY_TIMEFRAME_MINUTES, DEFAULT_TIMEFRAME_MINUTES );
}
- @Override
- public void resetLockoutTimeframe( String username )
- {
- userAuditStore.resetLoginFailures( username, getDate() );
- }
+ // -------------------------------------------------------------------------
+ // Supportive methods
+ // -------------------------------------------------------------------------
private Date getDate()
{
=== modified file 'dhis-2/dhis-services/dhis-service-administration/src/main/java/org/hisp/dhis/useraudit/hibernate/HibernateUserAuditStore.java'
--- dhis-2/dhis-services/dhis-service-administration/src/main/java/org/hisp/dhis/useraudit/hibernate/HibernateUserAuditStore.java 2010-10-29 12:19:15 +0000
+++ dhis-2/dhis-services/dhis-service-administration/src/main/java/org/hisp/dhis/useraudit/hibernate/HibernateUserAuditStore.java 2010-11-22 20:01:22 +0000
@@ -88,6 +88,7 @@
}
//TODO: create GUI for reset and accurate logging
+
@Override
public void resetLoginFailures( String username, Date date )
{
=== renamed file 'dhis-2/dhis-web/dhis-web-commons-resources/src/main/webapp/dhis-web-commons/security/login.jsp' => 'dhis-2/dhis-web/dhis-web-commons-resources/src/main/webapp/dhis-web-commons/security/login.html'
--- dhis-2/dhis-web/dhis-web-commons-resources/src/main/webapp/dhis-web-commons/security/login.jsp 2010-11-18 09:42:34 +0000
+++ dhis-2/dhis-web/dhis-web-commons-resources/src/main/webapp/dhis-web-commons/security/login.html 2010-11-22 20:01:22 +0000
@@ -1,37 +1,20 @@
-<jsp:useBean id="userAuditService" type="org.hisp.dhis.useraudit.UserAuditService" scope="application" />
-<jsp:useBean id="userAuditStore" type="org.hisp.dhis.useraudit.UserAuditStore" scope="application" />
-
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>DHIS 2</title>
+ <script type="text/javascript" src="../util/jquery.js"></script>
<script type="text/javascript">
- function f(){
- document.getElementById( 'j_username' ).focus();
- }
+ $(document).ready(function() {
+ $('#j_username').focus();
+ });
</script>
<link type="text/css" rel="stylesheet" media="screen" href="../css/login.css">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
- <body onload="f()">
+ <body>
<div class="loginField" align="center">
<p><img alt="" src="logo_banner.png"></p>
- <%
- Object obj = session.getAttribute( "SPRING_SECURITY_LAST_USERNAME" );
- boolean formVisible = true;
- if( obj != null )
- {
- String username = obj.toString();
- if( userAuditService.getLoginFailures(username) >= userAuditService.getMaxAttempts() )
- {
- formVisible = false;
- %>
- <span class="loginMessage">Maximum Tries exceeded. Please try after <%=userAuditService.getLockoutTimeframe() %> mins</span>
- <%
- }
- }
- %>
- <% if(formVisible){%>
+
<form action="../../dhis-web-commons-security/login.action" method="post">
<table>
<tr>
@@ -52,7 +35,6 @@
</tr>
</table>
</form>
- <% } %>
</div>
</body>
</html>
=== renamed file 'dhis-2/dhis-web/dhis-web-commons-resources/src/main/webapp/dhis-web-commons/security/loginfailed.jsp' => 'dhis-2/dhis-web/dhis-web-commons-resources/src/main/webapp/dhis-web-commons/security/loginfailed.html'
--- dhis-2/dhis-web/dhis-web-commons-resources/src/main/webapp/dhis-web-commons/security/loginfailed.jsp 2010-11-18 09:42:34 +0000
+++ dhis-2/dhis-web/dhis-web-commons-resources/src/main/webapp/dhis-web-commons/security/loginfailed.html 2010-11-22 20:01:22 +0000
@@ -1,6 +1,3 @@
-<jsp:useBean id="userAuditService" type="org.hisp.dhis.useraudit.UserAuditService" scope="application" />
-<jsp:useBean id="userAuditStore" type="org.hisp.dhis.useraudit.UserAuditStore" scope="application" />
-
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
@@ -17,22 +14,7 @@
<body>
<div class="loginField" align="center">
<p><img alt="" src="logo_banner.png"></p>
- <%
- Object obj = session.getAttribute( "SPRING_SECURITY_LAST_USERNAME" );
- boolean formVisible = true;
- if( obj != null )
- {
- String username = obj.toString();
- if( userAuditService.getLoginFailures(username) >= userAuditService.getMaxAttempts() )
- {
- formVisible = false;
- %>
- <span class="loginMessage">Maximum Tries exceeded... Please try after <%=userAuditService.getLockoutTimeframe() %> mins</span>
- <%
- }
- }
- %>
- <% if( formVisible ){%>
+
<form action="../../dhis-web-commons-security/login.action" method="post">
<table>
<tr>
@@ -56,8 +38,7 @@
</tr>
</table>
</form>
- <span class="loginMessage">Wrong username or password. Please try again.</span>
- <% } %>
+ <span class="loginMessage">Wrong username or password. Please try again.</span>
</div>
</body>
</html>
=== modified file 'dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/security/filter/UserAuditLogoutFilter.java'
--- dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/security/filter/UserAuditLogoutFilter.java 2010-10-07 07:10:30 +0000
+++ dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/security/filter/UserAuditLogoutFilter.java 2010-11-22 20:01:22 +0000
@@ -52,7 +52,7 @@
public void logout( HttpServletRequest request, HttpServletResponse response, Authentication authentication )
{
- if ( authentication != null )
+ if ( authentication != null && authentication.getPrincipal() != null )
{
String username = ((UserDetails) authentication.getPrincipal()).getUsername();
userAuditService.registerLogout( username );
=== modified file 'dhis-2/dhis-web/dhis-web-commons/src/main/resources/META-INF/dhis/beans.xml'
--- dhis-2/dhis-web/dhis-web-commons/src/main/resources/META-INF/dhis/beans.xml 2010-11-20 08:23:34 +0000
+++ dhis-2/dhis-web/dhis-web-commons/src/main/resources/META-INF/dhis/beans.xml 2010-11-22 20:01:22 +0000
@@ -318,7 +318,7 @@
</bean>
<bean id="failureHandler" class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler" >
- <property name="defaultFailureUrl" value="/dhis-web-commons/security/loginfailed.jsp" />
+ <property name="defaultFailureUrl" value="/dhis-web-commons/security/loginfailed.html" />
</bean>
<bean id="logoutFilter" class="org.springframework.security.web.authentication.logout.LogoutFilter">
@@ -360,7 +360,7 @@
<bean id="requiredLoginFilter" class="org.hisp.dhis.security.filter.RequiredLoginFilter">
<property name="currentUserService" ref="org.hisp.dhis.user.CurrentUserService" />
- <property name="loginPageUrl" value="/dhis-web-commons/security/login.jsp" />
+ <property name="loginPageUrl" value="/dhis-web-commons/security/login.html" />
</bean>
<bean class="org.springframework.web.context.support.ServletContextAttributeExporter">