dhis2-devs team mailing list archive

Thread
Date

[Branch ~dhis2-devs-core/dhis2/trunk] Rev 8667: Impl automatic authentication after account creation

To: DHIS 2 developers <dhis2-devs@xxxxxxxxxxxxxxxxxxx>
From: noreply@xxxxxxxxxxxxx
Date: Tue, 23 Oct 2012 13:39:20 -0000
Reply-to: noreply@xxxxxxxxxxxxx
Sender: bounces@xxxxxxxxxxxxx

------------------------------------------------------------
revno: 8667
committer: Lars Helge Øverland <larshelge@xxxxxxxxx>
branch nick: dhis2
timestamp: Tue 2012-10-23 15:38:24 +0200
message:
  Impl automatic authentication after account creation
modified:
  dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/AccountController.java
  dhis-2/dhis-web/dhis-web-commons/src/main/resources/META-INF/dhis/security.xml


--
lp:dhis2
https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk

Your team DHIS 2 developers is subscribed to branch lp:dhis2.
To unsubscribe from this branch go to https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk/+edit-subscription

=== modified file 'dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/AccountController.java'
--- dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/AccountController.java	2012-10-23 11:27:59 +0000
+++ dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/AccountController.java	2012-10-23 13:38:24 +0000
@@ -32,12 +32,14 @@
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
 
 import org.apache.commons.lang.StringUtils;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.hisp.dhis.api.utils.ContextUtils;
 import org.hisp.dhis.configuration.ConfigurationService;
+import org.hisp.dhis.security.PasswordManager;
 import org.hisp.dhis.system.util.ValidationUtils;
 import org.hisp.dhis.user.User;
 import org.hisp.dhis.user.UserAuthorityGroup;
@@ -87,6 +89,9 @@
     @Autowired
     private ConfigurationService configurationService;
     
+    @Autowired
+    private PasswordManager passwordManager;
+    
     @RequestMapping( method = RequestMethod.POST, produces = ContextUtils.CONTENT_TYPE_TEXT )
     public @ResponseBody String createAccount( 
         @RequestParam String username,
@@ -219,7 +224,7 @@
         
         credentials = new UserCredentials();
         credentials.setUsername( username );
-        credentials.setPassword( password );
+        credentials.setPassword( passwordManager.encodePassword( username, password ) );
         credentials.setUser( user );
         credentials.getUserAuthorityGroups().add( userRole );
         
@@ -229,10 +234,10 @@
         
         userService.addUser( user );
         userService.addUserCredentials( credentials );
-        
-        log.info( "Created user successfully with username: " + username );
-        
-        authenticate( user, userRole );
+
+        authenticate( username, password, userRole, request );
+        
+        log.info( "Created user with username: " + username );
         
         response.setStatus( HttpServletResponse.SC_CREATED );
         return "Account created";
@@ -269,17 +274,18 @@
         return result != null ? result.split( SPLIT ) : null;
     }
     
-    private void authenticate( User user, UserAuthorityGroup userRole )
+    private void authenticate( String username, String rawPassword, UserAuthorityGroup userRole, HttpServletRequest request )
     {
-        String uname = user.getUserCredentials().getUsername();
-        String passwd = user.getUserCredentials().getPassword();
-        
         UsernamePasswordAuthenticationToken token = 
-            new UsernamePasswordAuthenticationToken( uname, passwd, getAuthorities( userRole ) );
-        
+            new UsernamePasswordAuthenticationToken( username, rawPassword, getAuthorities( userRole ) );
+
         Authentication auth = authenticationManager.authenticate( token );
         
         SecurityContextHolder.getContext().setAuthentication( auth );
+
+        HttpSession session = request.getSession();
+        
+        session.setAttribute( "SPRING_SECURITY_CONTEXT", SecurityContextHolder.getContext() );
     }
     
     private Collection<GrantedAuthority> getAuthorities( UserAuthorityGroup userRole )

=== modified file 'dhis-2/dhis-web/dhis-web-commons/src/main/resources/META-INF/dhis/security.xml'
--- dhis-2/dhis-web/dhis-web-commons/src/main/resources/META-INF/dhis/security.xml	2012-10-23 10:51:10 +0000
+++ dhis-2/dhis-web/dhis-web-commons/src/main/resources/META-INF/dhis/security.xml	2012-10-23 13:38:24 +0000
@@ -39,7 +39,8 @@
     <sec:logout logout-url="/dhis-web-commons-security/logout.action" />
     <sec:intercept-url pattern="/dhis-web-commons/i18nJavaScript.action" access="permitAll()" />
     <sec:intercept-url pattern="/dhis-web-commons/security/**" access="permitAll()" />
-    <sec:intercept-url pattern="/api/account/**" access="permitAll()" />
+    <sec:intercept-url pattern="/api/account/username" access="permitAll()" />
+    <sec:intercept-url pattern="/api/account" access="permitAll()" />
     <sec:intercept-url pattern="/**" access="isAuthenticated()" />
     <sec:custom-filter ref="automaticAccessFilter" before="LOGOUT_FILTER" />
   </sec:http>