dhis2-devs team mailing list archive
-
dhis2-devs team
-
Mailing list archive
-
Message #14069
[Branch ~dhis2-devs-core/dhis2/trunk] Rev 4632: Updated security solution to use struts actions for login/loginfailed pages. Also extended Abstra...
------------------------------------------------------------
revno: 4632
committer: Morten Olav Hansen <mortenoh@xxxxxxxxx>
branch nick: dhis2
timestamp: Wed 2011-09-21 20:20:11 +0200
message:
Updated security solution to use struts actions for login/loginfailed pages. Also extended AbstractSpringSecurityCurrentUserService to support anonymous users (for dhis-web-commons/security namespace).
removed:
dhis-2/dhis-web/dhis-web-commons-resources/src/main/webapp/dhis-web-commons/security/login.html
dhis-2/dhis-web/dhis-web-commons-resources/src/main/webapp/dhis-web-commons/security/loginfailed.html
added:
dhis-2/dhis-web/dhis-web-commons-resources/src/main/webapp/dhis-web-commons/security/login.vm
dhis-2/dhis-web/dhis-web-commons-resources/src/main/webapp/dhis-web-commons/security/loginfailed.vm
modified:
dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/security/spring/AbstractSpringSecurityCurrentUserService.java
dhis-2/dhis-web/dhis-web-commons-resources/src/main/webapp/dhis-web-commons/javascripts/commons.js
dhis-2/dhis-web/dhis-web-commons/src/main/resources/META-INF/dhis/security.xml
dhis-2/dhis-web/dhis-web-commons/src/main/resources/dhis-web-commons.xml
dhis-2/dhis-web/dhis-web-light/pom.xml
dhis-2/dhis-web/dhis-web-light/src/main/java/org/hisp/dhis/light/action/ProvideContentAction.java
dhis-2/pom.xml
--
lp:dhis2
https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk
Your team DHIS 2 developers is subscribed to branch lp:dhis2.
To unsubscribe from this branch go to https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk/+edit-subscription
=== modified file 'dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/security/spring/AbstractSpringSecurityCurrentUserService.java'
--- dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/security/spring/AbstractSpringSecurityCurrentUserService.java 2010-05-03 13:44:59 +0000
+++ dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/security/spring/AbstractSpringSecurityCurrentUserService.java 2011-09-21 18:20:11 +0000
@@ -34,7 +34,6 @@
/**
* @author Torgeir Lorange Ostby
- * @version $Id: AbstractAcegiCurrentUserService.java 3109 2007-03-19 17:05:21Z torgeilo $
*/
public abstract class AbstractSpringSecurityCurrentUserService
implements CurrentUserService
@@ -48,6 +47,22 @@
return null;
}
+ /*
+ * If getPrincipal returns a string, it means that the user has been
+ * authenticated anonymous (String == anonymousUser).
+ */
+ if ( authentication.getPrincipal() instanceof String )
+ {
+ String principal = (String) authentication.getPrincipal();
+
+ if ( principal.compareTo( "anonymousUser" ) != 0 )
+ {
+ return null;
+ }
+
+ return principal;
+ }
+
UserDetails userDetails = (UserDetails) authentication.getPrincipal();
return userDetails.getUsername();
=== modified file 'dhis-2/dhis-web/dhis-web-commons-resources/src/main/webapp/dhis-web-commons/javascripts/commons.js'
--- dhis-2/dhis-web/dhis-web-commons-resources/src/main/webapp/dhis-web-commons/javascripts/commons.js 2011-09-21 03:42:11 +0000
+++ dhis-2/dhis-web/dhis-web-commons-resources/src/main/webapp/dhis-web-commons/javascripts/commons.js 2011-09-21 18:20:11 +0000
@@ -14,7 +14,7 @@
*/
function referrerBack( defaultUrl ) {
if(document.referrer !== undefined && document.referrer != "") {
- if(document.referrer.indexOf("login.html") == -1) {
+ if(document.referrer.indexOf("login.action") == -1) {
location.href = document.referrer;
return;
}
=== removed file 'dhis-2/dhis-web/dhis-web-commons-resources/src/main/webapp/dhis-web-commons/security/login.html'
--- dhis-2/dhis-web/dhis-web-commons-resources/src/main/webapp/dhis-web-commons/security/login.html 2011-09-19 08:08:56 +0000
+++ dhis-2/dhis-web/dhis-web-commons-resources/src/main/webapp/dhis-web-commons/security/login.html 1970-01-01 00:00:00 +0000
@@ -1,48 +0,0 @@
-<!DOCTYPE HTML>
-<html>
- <head>
- <title>DHIS 2</title>
- <script type="text/javascript" src="../javascripts/jQuery/jquery.min.js"></script>
- <script type="text/javascript">
- $(document).ready(function() {
- $('#j_username').focus();
-
- $('#loginForm').bind('submit', function() {
- $('#submit').attr('disabled', 'disabled');
- $('#reset').attr('disabled', 'disabled');
-
- sessionStorage.removeItem( 'orgUnitSelected' );
- });
- });
- </script>
- <link type="text/css" rel="stylesheet" media="screen" href="../css/login.css">
- <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
- </head>
- <body>
- <div class="loginField" align="center">
- <div><img alt="" src="logo_banner.png"></div>
-
- <div style="margin-top:2%">
- <form id='loginForm' action="../../dhis-web-commons-security/login.action" method="post">
- <table>
- <tr>
- <td><label for="j_username">Username</label></td>
- <td><input type="text" id="j_username" name="j_username" style="width:240px; height:20px;"></td>
- </tr>
- <tr>
- <td><label for="j_password">Password</label></td>
- <td><input type="password" id="j_password" name="j_password" style="width:240px; height:20px;"></td>
- </tr>
- <tr>
- <td></td>
- <td>
- <input id='submit' type="submit" value="Login" style="width:120px; height:26px;">
- <input id='reset' type="reset" value="Clear" style="width:120px; height:26px;">
- </td>
- </tr>
- </table>
- </form>
- </div>
- </div>
- </body>
-</html>
=== added file 'dhis-2/dhis-web/dhis-web-commons-resources/src/main/webapp/dhis-web-commons/security/login.vm'
--- dhis-2/dhis-web/dhis-web-commons-resources/src/main/webapp/dhis-web-commons/security/login.vm 1970-01-01 00:00:00 +0000
+++ dhis-2/dhis-web/dhis-web-commons-resources/src/main/webapp/dhis-web-commons/security/login.vm 2011-09-21 18:20:11 +0000
@@ -0,0 +1,48 @@
+<!DOCTYPE HTML>
+<html>
+ <head>
+ <title>DHIS 2</title>
+ <script type="text/javascript" src="../javascripts/jQuery/jquery.min.js"></script>
+ <script type="text/javascript">
+ $(document).ready(function() {
+ $('#j_username').focus();
+
+ $('#loginForm').bind('submit', function() {
+ $('#submit').attr('disabled', 'disabled');
+ $('#reset').attr('disabled', 'disabled');
+
+ sessionStorage.removeItem( 'orgUnitSelected' );
+ });
+ });
+ </script>
+ <link type="text/css" rel="stylesheet" media="screen" href="../css/login.css">
+ <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+ </head>
+ <body>
+ <div class="loginField" align="center">
+ <div><img alt="" src="logo_banner.png"></div>
+
+ <div style="margin-top:2%">
+ <form id='loginForm' action="../../dhis-web-commons-security/login.action" method="post">
+ <table>
+ <tr>
+ <td><label for="j_username">Username</label></td>
+ <td><input type="text" id="j_username" name="j_username" style="width:240px; height:20px;"></td>
+ </tr>
+ <tr>
+ <td><label for="j_password">Password</label></td>
+ <td><input type="password" id="j_password" name="j_password" style="width:240px; height:20px;"></td>
+ </tr>
+ <tr>
+ <td></td>
+ <td>
+ <input id='submit' type="submit" value="Login" style="width:120px; height:26px;">
+ <input id='reset' type="reset" value="Clear" style="width:120px; height:26px;">
+ </td>
+ </tr>
+ </table>
+ </form>
+ </div>
+ </div>
+ </body>
+</html>
=== removed file 'dhis-2/dhis-web/dhis-web-commons-resources/src/main/webapp/dhis-web-commons/security/loginfailed.html'
--- dhis-2/dhis-web/dhis-web-commons-resources/src/main/webapp/dhis-web-commons/security/loginfailed.html 2011-09-19 08:08:56 +0000
+++ dhis-2/dhis-web/dhis-web-commons-resources/src/main/webapp/dhis-web-commons/security/loginfailed.html 1970-01-01 00:00:00 +0000
@@ -1,47 +0,0 @@
-<!DOCTYPE HTML>
-<html>
- <head>
- <title>DHIS 2</title>
- <script type="text/javascript" src="../javascripts/jQuery/jquery.min.js"></script>
- <script type="text/javascript">
- $(document).ready(function() {
- $('#j_username').focus();
-
- $('#loginForm').bind('submit', function() {
- $('#submit').attr('disabled', 'disabled');
- $('#reset').attr('disabled', 'disabled');
- });
- });
- </script>
- <link type="text/css" rel="stylesheet" media="screen" href="../css/login.css">
- <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
- </head>
- <body>
- <div class="loginField" align="center">
- <div><img alt="" src="logo_banner.png"></div>
-
- <div style="margin-top:2%">
- <form id='loginForm' action="../../dhis-web-commons-security/login.action" method="post">
- <table>
- <tr>
- <td><label for="j_username">Username</label></td>
- <td><input type="text" id="j_username" name="j_username" style="width:240px; height:20px;"></td>
- </tr>
- <tr>
- <td><label for="j_password">Password</label></td>
- <td><input type="password" id="j_password" name="j_password" style="width:240px; height:20px;"></td>
- </tr>
- <tr>
- <td></td>
- <td>
- <input id='submit' type="submit" value="Login" style="width:120px; height:26px;">
- <input id='reset' type="reset" value="Clear" style="width:120px; height:26px;">
- </td>
- </tr>
- </table>
- </form>
- </div>
- <span class="loginMessage">Wrong username or password. Please try again.</span>
- </div>
- </body>
-</html>
=== added file 'dhis-2/dhis-web/dhis-web-commons-resources/src/main/webapp/dhis-web-commons/security/loginfailed.vm'
--- dhis-2/dhis-web/dhis-web-commons-resources/src/main/webapp/dhis-web-commons/security/loginfailed.vm 1970-01-01 00:00:00 +0000
+++ dhis-2/dhis-web/dhis-web-commons-resources/src/main/webapp/dhis-web-commons/security/loginfailed.vm 2011-09-21 18:20:11 +0000
@@ -0,0 +1,47 @@
+<!DOCTYPE HTML>
+<html>
+ <head>
+ <title>DHIS 2</title>
+ <script type="text/javascript" src="../javascripts/jQuery/jquery.min.js"></script>
+ <script type="text/javascript">
+ $(document).ready(function() {
+ $('#j_username').focus();
+
+ $('#loginForm').bind('submit', function() {
+ $('#submit').attr('disabled', 'disabled');
+ $('#reset').attr('disabled', 'disabled');
+ });
+ });
+ </script>
+ <link type="text/css" rel="stylesheet" media="screen" href="../css/login.css">
+ <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+ </head>
+ <body>
+ <div class="loginField" align="center">
+ <div><img alt="" src="logo_banner.png"></div>
+
+ <div style="margin-top:2%">
+ <form id='loginForm' action="../../dhis-web-commons-security/login.action" method="post">
+ <table>
+ <tr>
+ <td><label for="j_username">Username</label></td>
+ <td><input type="text" id="j_username" name="j_username" style="width:240px; height:20px;"></td>
+ </tr>
+ <tr>
+ <td><label for="j_password">Password</label></td>
+ <td><input type="password" id="j_password" name="j_password" style="width:240px; height:20px;"></td>
+ </tr>
+ <tr>
+ <td></td>
+ <td>
+ <input id='submit' type="submit" value="Login" style="width:120px; height:26px;">
+ <input id='reset' type="reset" value="Clear" style="width:120px; height:26px;">
+ </td>
+ </tr>
+ </table>
+ </form>
+ </div>
+ <span class="loginMessage">Wrong username or password. Please try again.</span>
+ </div>
+ </body>
+</html>
=== modified file 'dhis-2/dhis-web/dhis-web-commons/src/main/resources/META-INF/dhis/security.xml'
--- dhis-2/dhis-web/dhis-web-commons/src/main/resources/META-INF/dhis/security.xml 2011-09-02 11:50:59 +0000
+++ dhis-2/dhis-web/dhis-web-commons/src/main/resources/META-INF/dhis/security.xml 2011-09-21 18:20:11 +0000
@@ -27,12 +27,12 @@
<sec:http access-decision-manager-ref="accessDecisionManager" use-expressions="true" realm="DHIS2">
<sec:form-login default-target-url="/" always-use-default-target="false"
- login-processing-url="/dhis-web-commons-security/login.action" authentication-failure-url="/dhis-web-commons/security/loginfailed.html"
- login-page="/dhis-web-commons/security/login.html" authentication-success-handler-ref="defaultAuthenticationSuccessHandler" />
+ login-processing-url="/dhis-web-commons-security/login.action" authentication-failure-url="/dhis-web-commons/security/loginfailed.action"
+ login-page="/dhis-web-commons/security/login.action" authentication-success-handler-ref="defaultAuthenticationSuccessHandler" />
<sec:http-basic />
<sec:logout logout-url="/dhis-web-commons-security/logout.action" />
- <sec:intercept-url pattern="/dhis-web-commons/security/**" filters="none" />
+ <sec:intercept-url pattern="/dhis-web-commons/security/**" access="permitAll"/>
<sec:intercept-url pattern="/dhis-web-commons/javascripts/**" filters="none" />
<sec:intercept-url pattern="/dhis-web-commons/css/**" filters="none" />
<sec:intercept-url pattern="/favicon.ico" filters="none" />
=== modified file 'dhis-2/dhis-web/dhis-web-commons/src/main/resources/dhis-web-commons.xml'
--- dhis-2/dhis-web/dhis-web-commons/src/main/resources/dhis-web-commons.xml 2011-09-08 10:38:20 +0000
+++ dhis-2/dhis-web/dhis-web-commons/src/main/resources/dhis-web-commons.xml 2011-09-21 18:20:11 +0000
@@ -105,8 +105,22 @@
</package>
+ <!-- Security -->
+ <package name="dhis-web-commons-security" extends="dhis-web-commons" namespace="/dhis-web-commons/security">
+
+ <action name="login" class="org.hisp.dhis.commons.action.NoAction">
+ <result name="success" type="velocity">/dhis-web-commons/security/login.vm</result>
+ <param name="onExceptionReturn">plainTextError</param>
+ </action>
+
+ <action name="loginfailed" class="org.hisp.dhis.commons.action.NoAction">
+ <result name="success" type="velocity">/dhis-web-commons/security/loginfailed.vm</result>
+ <param name="onExceptionReturn">plainTextError</param>
+ </action>
+
+ </package>
+
<!-- Organisation Unit Selection Tree -->
-
<package name="dhis-web-commons-oust" extends="dhis-web-commons" namespace="/dhis-web-commons/oust">
<action name="expandSubtree" class="org.hisp.dhis.oust.action.ExpandSubtreeAction">
=== modified file 'dhis-2/dhis-web/dhis-web-light/pom.xml'
--- dhis-2/dhis-web/dhis-web-light/pom.xml 2011-08-28 17:52:59 +0000
+++ dhis-2/dhis-web/dhis-web-light/pom.xml 2011-09-21 18:20:11 +0000
@@ -1,26 +1,25 @@
-<project xmlns="http://maven.apache.org/POM/4.0.0";
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
+<project xmlns="http://maven.apache.org/POM/4.0.0"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd";>
<modelVersion>4.0.0</modelVersion>
-
+
<parent>
<groupId>org.hisp.dhis</groupId>
<artifactId>dhis-web</artifactId>
<version>2.5-SNAPSHOT</version>
</parent>
-
+
<artifactId>dhis-web-light</artifactId>
<packaging>war</packaging>
<name>DHIS Web Light</name>
-
+
<build>
<finalName>dhis-web-light</finalName>
</build>
-
+
<dependencies>
-
+
<!-- DHIS -->
-
+
<dependency>
<groupId>org.hisp.dhis</groupId>
<artifactId>dhis-web-commons</artifactId>
@@ -38,15 +37,14 @@
<groupId>org.hisp.dhis</groupId>
<artifactId>dhis-service-core</artifactId>
</dependency>
-
+
<!-- Other -->
-
<dependency>
<groupId>jfree</groupId>
<artifactId>jfreechart</artifactId>
- </dependency>
+ </dependency>
</dependencies>
-
+
<properties>
<rootDir>../../</rootDir>
</properties>
=== modified file 'dhis-2/dhis-web/dhis-web-light/src/main/java/org/hisp/dhis/light/action/ProvideContentAction.java'
--- dhis-2/dhis-web/dhis-web-light/src/main/java/org/hisp/dhis/light/action/ProvideContentAction.java 2011-04-07 08:52:20 +0000
+++ dhis-2/dhis-web/dhis-web-light/src/main/java/org/hisp/dhis/light/action/ProvideContentAction.java 2011-09-21 18:20:11 +0000
@@ -22,21 +22,21 @@
// -------------------------------------------------------------------------
private DashboardService dashboardService;
-
+
public void setDashboardService( DashboardService dashboardService )
{
this.dashboardService = dashboardService;
}
-
+
private DashboardManager dashboardManager;
-
+
public void setDashboardManager( DashboardManager dashboardManager )
{
this.dashboardManager = dashboardManager;
}
private CurrentUserService currentUserService;
-
+
public void setCurrentUserService( CurrentUserService currentUserService )
{
this.currentUserService = currentUserService;
@@ -47,7 +47,7 @@
// -------------------------------------------------------------------------
private List<ReportTable> reportTables;
-
+
public List<ReportTable> getReportTables()
{
return reportTables;
@@ -59,7 +59,7 @@
{
return documents;
}
-
+
private List<String> charts = new ArrayList<String>();
public List<String> getCharts()
@@ -78,20 +78,20 @@
for ( int i = 0; i < 8; i++ )
{
- String id = config.getAreaItems().get( DashboardManager.CHART_AREA_PREFIX + ( i + 1 ) );
-
+ String id = config.getAreaItems().get( DashboardManager.CHART_AREA_PREFIX + (i + 1) );
+
if ( id != null )
{
charts.add( id );
}
}
-
+
User user = currentUserService.getCurrentUser();
-
+
DashboardContent content = dashboardService.getDashboardContent( user );
-
+
reportTables = content.getReportTables();
-
+
documents = content.getDocuments();
return SUCCESS;
=== modified file 'dhis-2/pom.xml'
--- dhis-2/pom.xml 2011-09-20 17:29:30 +0000
+++ dhis-2/pom.xml 2011-09-21 18:20:11 +0000
@@ -54,6 +54,12 @@
<name>Dhis2 External Dependencies Repository</name>
<url>http://dhis.uio.no/maven/external</url>
</repository>
+ <repository>
+ <id>org.springframework.maven.milestone</id>
+ <name>Spring Maven Milestone Repository</name>
+ <url>http://maven.springframework.org/milestone</url>
+ </repository>
+
<!--
<repository>
<id>jboss-public-repository-group</id>
@@ -219,7 +225,7 @@
<artifactId>dhis-service-sms</artifactId>
<version>${project.version}</version>
</dependency>
-
+
<!--dependency>
<groupId>org.hisp.dhis</groupId>
<artifactId>dhis-service-excel-reporting</artifactId>
@@ -367,6 +373,12 @@
<artifactId>spring-security-config</artifactId>
<version>${spring.security.version}</version>
</dependency>
+ <!-- Spring Mobile -->
+ <dependency>
+ <groupId>org.springframework.mobile</groupId>
+ <artifactId>spring-mobile-device</artifactId>
+ <version>1.0.0.M3</version>
+ </dependency>
<!--Other -->
<dependency>
<groupId>org.apache.struts</groupId>
@@ -453,9 +465,9 @@
<groupId>net.sf.json-lib</groupId>
<artifactId>json-lib</artifactId>
<version>2.4</version>
- <classifier>jdk15</classifier>
+ <classifier>jdk15</classifier>
</dependency>
-
+
<!-- Apache Commons -->
<dependency>
<groupId>commons-collections</groupId>
