dhis2-devs team mailing list archive
-
dhis2-devs team
-
Mailing list archive
-
Message #20188
[Branch ~dhis2-devs-core/dhis2/trunk] Rev 9112: Removed persistence of login failures, logging instead. Adding ip of logged in user.
------------------------------------------------------------
revno: 9112
committer: Lars Helge Øverland <larshelge@xxxxxxxxx>
branch nick: dhis2
timestamp: Fri 2012-11-23 13:51:00 +0100
message:
Removed persistence of login failures, logging instead. Adding ip of logged in user.
removed:
dhis-2/dhis-services/dhis-service-administration/src/main/java/org/hisp/dhis/useraudit/hibernate/
dhis-2/dhis-services/dhis-service-administration/src/main/java/org/hisp/dhis/useraudit/hibernate/HibernateUserAuditStore.java
dhis-2/dhis-services/dhis-service-administration/src/test/java/org/hisp/dhis/useraudit/
dhis-2/dhis-services/dhis-service-administration/src/test/java/org/hisp/dhis/useraudit/UserAuditStoreTest.java
modified:
dhis-2/dhis-api/src/main/java/org/hisp/dhis/setting/SystemSettingManager.java
dhis-2/dhis-api/src/main/java/org/hisp/dhis/useraudit/UserAuditService.java
dhis-2/dhis-services/dhis-service-administration/src/main/java/org/hisp/dhis/useraudit/DefaultUserAuditService.java
dhis-2/dhis-services/dhis-service-administration/src/main/resources/META-INF/dhis/beans.xml
dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/startup/TableAlteror.java
dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/security/listener/AuthenticationListener.java
--
lp:dhis2
https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk
Your team DHIS 2 developers is subscribed to branch lp:dhis2.
To unsubscribe from this branch go to https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk/+edit-subscription
=== modified file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/setting/SystemSettingManager.java'
--- dhis-2/dhis-api/src/main/java/org/hisp/dhis/setting/SystemSettingManager.java 2012-11-16 03:50:03 +0000
+++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/setting/SystemSettingManager.java 2012-11-23 12:51:00 +0000
@@ -53,8 +53,6 @@
final String KEY_FORUM_INTEGRATION = "forumIntegration";
final String KEY_OMIT_INDICATORS_ZERO_NUMERATOR_DATAMART = "omitIndicatorsZeroNumeratorDataMart";
final String KEY_REPORT_TEMPLATE_DIRECTORY = "reportTemplateDirectory";
- final String KEY_MAX_NUMBER_OF_ATTEMPTS = "maxAttempts";
- final String KEY_TIMEFRAME_MINUTES = "lockoutTimeframe";
final String KEY_GOOGLE_MAPS_API_KEY = "googleMapsAPIKey";
final String KEY_FACTOR_OF_DEVIATION = "factorDeviation";
final String KEY_COMPLETENESS_OFFSET = "completenessOffset";
=== modified file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/useraudit/UserAuditService.java'
--- dhis-2/dhis-api/src/main/java/org/hisp/dhis/useraudit/UserAuditService.java 2010-11-22 20:01:22 +0000
+++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/useraudit/UserAuditService.java 2012-11-23 12:51:00 +0000
@@ -32,15 +32,9 @@
*/
public interface UserAuditService
{
- void registerLoginSuccess( String username );
+ void registerLoginSuccess( String username, String ip );
void registerLogout( String username );
- void registerLoginFailure( String username );
-
- int getLoginFailures( String username );
-
- int getMaxAttempts();
-
- int getLockoutTimeframe();
+ void registerLoginFailure( String username, String ip );
}
=== modified file 'dhis-2/dhis-services/dhis-service-administration/src/main/java/org/hisp/dhis/useraudit/DefaultUserAuditService.java'
--- dhis-2/dhis-services/dhis-service-administration/src/main/java/org/hisp/dhis/useraudit/DefaultUserAuditService.java 2012-02-02 20:01:36 +0000
+++ dhis-2/dhis-services/dhis-service-administration/src/main/java/org/hisp/dhis/useraudit/DefaultUserAuditService.java 2012-11-23 12:51:00 +0000
@@ -27,17 +27,10 @@
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
-import java.util.Calendar;
-import java.util.Date;
-
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
-import org.hisp.dhis.setting.SystemSettingManager;
import org.springframework.transaction.annotation.Transactional;
-import static org.hisp.dhis.setting.SystemSettingManager.KEY_MAX_NUMBER_OF_ATTEMPTS;
-import static org.hisp.dhis.setting.SystemSettingManager.KEY_TIMEFRAME_MINUTES;
-
/**
* @author Saptarshi Purkayastha
* @author Lars Helge Overland
@@ -47,38 +40,14 @@
{
private static final Log log = LogFactory.getLog( DefaultUserAuditService.class );
- private static final int DEFAULT_MAX_NUMBER_OF_ATTEMPTS = 5;
- private static final int DEFAULT_TIMEFRAME_MINUTES = 10;
-
- // -------------------------------------------------------------------------
- // Dependencies
- // -------------------------------------------------------------------------
-
- private SystemSettingManager systemSettingManager;
-
- public void setSystemSettingManager( SystemSettingManager systemSettingManager )
- {
- this.systemSettingManager = systemSettingManager;
- }
-
- private UserAuditStore userAuditStore;
-
- public void setUserAuditStore( UserAuditStore userAuditStore )
- {
- this.userAuditStore = userAuditStore;
- }
-
// -------------------------------------------------------------------------
// UserAuditService implementation
// -------------------------------------------------------------------------
@Override
- @Transactional
- public void registerLoginSuccess( String username )
+ public void registerLoginSuccess( String username, String ip )
{
- log.info( "User login success: '" + username + "'" );
-
- userAuditStore.resetLoginFailures( username, getDate() );
+ log.info( "Login success for user: '" + username + "', ip: '" + ip + "'" );
}
@Override
@@ -89,52 +58,8 @@
@Override
@Transactional
- public void registerLoginFailure( String username )
- {
- log.info( "User login failure: '" + username + "'" );
-
- userAuditStore.saveLoginFailure( new LoginFailure( username, new Date() ) );
-
- int no = userAuditStore.getLoginFailures( username, getDate() );
-
- int max = (Integer) systemSettingManager.getSystemSetting( KEY_MAX_NUMBER_OF_ATTEMPTS, DEFAULT_MAX_NUMBER_OF_ATTEMPTS );
-
- if ( no >= max )
- {
- log.info( "Max number of login attempts exceeded: '" + username + "'" );
- }
- }
-
- @Override
- @Transactional
- public int getLoginFailures( String username )
- {
- return userAuditStore.getLoginFailures( username, getDate() );
- }
-
- @Override
- public int getMaxAttempts()
- {
- return (Integer) systemSettingManager.getSystemSetting( KEY_MAX_NUMBER_OF_ATTEMPTS, DEFAULT_MAX_NUMBER_OF_ATTEMPTS );
- }
-
- @Override
- public int getLockoutTimeframe()
- {
- return (Integer) systemSettingManager.getSystemSetting( KEY_TIMEFRAME_MINUTES, DEFAULT_TIMEFRAME_MINUTES );
- }
-
- // -------------------------------------------------------------------------
- // Supportive methods
- // -------------------------------------------------------------------------
-
- private Date getDate()
- {
- int timeframe = (Integer) systemSettingManager.getSystemSetting( KEY_TIMEFRAME_MINUTES, DEFAULT_TIMEFRAME_MINUTES );
-
- Calendar cal = Calendar.getInstance();
- cal.add( Calendar.MINUTE, timeframe * -1 );
-
- return cal.getTime();
+ public void registerLoginFailure( String username, String ip )
+ {
+ log.info( "Login failure for user: '" + username + "', ip: '" + ip + "'" );
}
}
=== removed directory 'dhis-2/dhis-services/dhis-service-administration/src/main/java/org/hisp/dhis/useraudit/hibernate'
=== removed file 'dhis-2/dhis-services/dhis-service-administration/src/main/java/org/hisp/dhis/useraudit/hibernate/HibernateUserAuditStore.java'
--- dhis-2/dhis-services/dhis-service-administration/src/main/java/org/hisp/dhis/useraudit/hibernate/HibernateUserAuditStore.java 2011-12-26 10:07:59 +0000
+++ dhis-2/dhis-services/dhis-service-administration/src/main/java/org/hisp/dhis/useraudit/hibernate/HibernateUserAuditStore.java 1970-01-01 00:00:00 +0000
@@ -1,107 +0,0 @@
-package org.hisp.dhis.useraudit.hibernate;
-
-/*
- * Copyright (c) 2004-2012, University of Oslo
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions are met:
- * * Redistributions of source code must retain the above copyright notice, this
- * list of conditions and the following disclaimer.
- * * Redistributions in binary form must reproduce the above copyright notice,
- * this list of conditions and the following disclaimer in the documentation
- * and/or other materials provided with the distribution.
- * * Neither the name of the HISP project nor the names of its contributors may
- * be used to endorse or promote products derived from this software without
- * specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
- * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
- * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
- * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-import java.util.Collection;
-import java.util.Date;
-
-import org.hibernate.Query;
-import org.hibernate.Session;
-import org.hibernate.SessionFactory;
-import org.hisp.dhis.useraudit.LoginFailure;
-import org.hisp.dhis.useraudit.UserAuditStore;
-
-/**
- * @author Lars Helge Overland
- */
-public class HibernateUserAuditStore
- implements UserAuditStore
-{
- private SessionFactory sessionFactory;
-
- public void setSessionFactory( SessionFactory sessionFactory )
- {
- this.sessionFactory = sessionFactory;
- }
-
- @Override
- public void saveLoginFailure( LoginFailure login )
- {
- sessionFactory.getCurrentSession().save( login );
- }
-
- @SuppressWarnings("unchecked")
- @Override
- public Collection<LoginFailure> getAllLoginFailures()
- {
- return sessionFactory.getCurrentSession().createCriteria( LoginFailure.class ).list();
- }
-
- @Override
- public void deleteLoginFailures( String username )
- {
- String hql = "delete from LoginFailure where username = :username";
-
- sessionFactory.getCurrentSession().createQuery( hql ).setString( "username", username ).executeUpdate();
- }
-
- @Override
- public int getLoginFailures( String username, Date date )
- {
- Session session = sessionFactory.getCurrentSession();
-
- String hql = "select count(*) from LoginFailure where username = :username and date > :date";
-
- Query q = session.createQuery( hql );
-
- q.setString( "username", username );
- q.setTimestamp( "date", date );
-
- Long no = (Long) q.list().get( 0 );
-
- return no.intValue();
- }
-
- //TODO: create GUI for reset and accurate logging
-
- @Override
- public void resetLoginFailures( String username, Date date )
- {
- Session session = sessionFactory.getCurrentSession();
-
- String hql = "delete from LoginFailure where username = :username and date > :date";
-
- Query q = session.createQuery( hql );
-
- q.setString( "username", username );
-
- q.setTimestamp( "date", date );
-
- q.executeUpdate();
- }
-}
=== modified file 'dhis-2/dhis-services/dhis-service-administration/src/main/resources/META-INF/dhis/beans.xml'
--- dhis-2/dhis-services/dhis-service-administration/src/main/resources/META-INF/dhis/beans.xml 2012-07-21 17:19:38 +0000
+++ dhis-2/dhis-services/dhis-service-administration/src/main/resources/META-INF/dhis/beans.xml 2012-11-23 12:51:00 +0000
@@ -93,14 +93,7 @@
<!-- User audit -->
- <bean id="org.hisp.dhis.useraudit.UserAuditService" class="org.hisp.dhis.useraudit.DefaultUserAuditService">
- <property name="userAuditStore" ref="org.hisp.dhis.useraudit.UserAuditStore" />
- <property name="systemSettingManager" ref="org.hisp.dhis.setting.SystemSettingManager" />
- </bean>
-
- <bean id="org.hisp.dhis.useraudit.UserAuditStore" class="org.hisp.dhis.useraudit.hibernate.HibernateUserAuditStore">
- <property name="sessionFactory" ref="sessionFactory" />
- </bean>
+ <bean id="org.hisp.dhis.useraudit.UserAuditService" class="org.hisp.dhis.useraudit.DefaultUserAuditService"/>
<!--DeletionHandler -->
=== removed directory 'dhis-2/dhis-services/dhis-service-administration/src/test/java/org/hisp/dhis/useraudit'
=== removed file 'dhis-2/dhis-services/dhis-service-administration/src/test/java/org/hisp/dhis/useraudit/UserAuditStoreTest.java'
--- dhis-2/dhis-services/dhis-service-administration/src/test/java/org/hisp/dhis/useraudit/UserAuditStoreTest.java 2012-11-20 17:04:08 +0000
+++ dhis-2/dhis-services/dhis-service-administration/src/test/java/org/hisp/dhis/useraudit/UserAuditStoreTest.java 1970-01-01 00:00:00 +0000
@@ -1,71 +0,0 @@
-package org.hisp.dhis.useraudit;
-
-/*
- * Copyright (c) 2004-2012, University of Oslo
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions are met:
- * * Redistributions of source code must retain the above copyright notice, this
- * list of conditions and the following disclaimer.
- * * Redistributions in binary form must reproduce the above copyright notice,
- * this list of conditions and the following disclaimer in the documentation
- * and/or other materials provided with the distribution.
- * * Neither the name of the HISP project nor the names of its contributors may
- * be used to endorse or promote products derived from this software without
- * specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
- * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
- * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
- * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-import org.hisp.dhis.DhisSpringTest;
-import org.junit.Test;
-
-import static org.junit.Assert.*;
-
-/**
- * @author Lars Helge Overland
- */
-public class UserAuditStoreTest
- extends DhisSpringTest
-{
- private UserAuditStore userAuditStore;
-
- @Override
- public void setUpTest()
- {
- userAuditStore = (UserAuditStore) getBean( UserAuditStore.ID );
- }
-
- @Test
- public void save()
- {
- userAuditStore.saveLoginFailure( new LoginFailure( "userA", getDate( 2000, 1, 3 ) ) );
- userAuditStore.saveLoginFailure( new LoginFailure( "userA", getDate( 2000, 1, 4 ) ) );
- userAuditStore.saveLoginFailure( new LoginFailure( "userB", getDate( 2000, 1, 5 ) ) );
-
- assertNotNull( userAuditStore.getAllLoginFailures() );
- assertEquals( 3, userAuditStore.getAllLoginFailures().size() );
- }
-
- @Test
- public void get()
- {
- userAuditStore.saveLoginFailure( new LoginFailure( "userA", getDate( 2000, 1, 3 ) ) );
- userAuditStore.saveLoginFailure( new LoginFailure( "userA", getDate( 2000, 1, 4 ) ) );
- userAuditStore.saveLoginFailure( new LoginFailure( "userA", getDate( 2000, 1, 5 ) ) );
- userAuditStore.saveLoginFailure( new LoginFailure( "userA", getDate( 2000, 1, 6 ) ) );
- userAuditStore.saveLoginFailure( new LoginFailure( "userB", getDate( 2000, 1, 7 ) ) );
-
- assertEquals( 2, userAuditStore.getLoginFailures( "userA", getDate( 2000, 1, 4 ) ) );
- }
-}
=== modified file 'dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/startup/TableAlteror.java'
--- dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/startup/TableAlteror.java 2012-11-12 13:53:15 +0000
+++ dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/startup/TableAlteror.java 2012-11-23 12:51:00 +0000
@@ -43,7 +43,6 @@
/**
* @author Lars Helge Overland
- * @version $Id$
*/
public class TableAlteror
extends AbstractStartupRoutine
@@ -108,6 +107,7 @@
executeSql( "DROP TABLE indicator_indicatorgroupsetmembers" );
executeSql( "DROP TABLE maplegendsetindicator" );
executeSql( "DROP TABLE maplegendsetdataelement" );
+ executeSql( "DROP TABLE loginfailure" );
executeSql( "ALTER TABLE dataelementcategoryoption drop column categoryid" );
executeSql( "ALTER TABLE reporttable DROP column paramleafparentorganisationunit" );
executeSql( "ALTER TABLE reporttable DROP column dimension_type" );
=== modified file 'dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/security/listener/AuthenticationListener.java'
--- dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/security/listener/AuthenticationListener.java 2011-12-26 10:07:59 +0000
+++ dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/security/listener/AuthenticationListener.java 2012-11-23 12:51:00 +0000
@@ -34,6 +34,7 @@
import org.springframework.security.authentication.event.AbstractAuthenticationFailureEvent;
import org.springframework.security.authentication.event.AuthenticationSuccessEvent;
import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.web.authentication.WebAuthenticationDetails;
import org.springframework.util.Assert;
/**
@@ -65,7 +66,7 @@
// -------------------------------------------------------------------------
public void onApplicationEvent( ApplicationEvent applicationEvent )
- {
+ {
Assert.notNull( applicationEvent );
if ( applicationEvent instanceof AuthenticationSuccessEvent )
@@ -73,16 +74,20 @@
AuthenticationSuccessEvent event = (AuthenticationSuccessEvent) applicationEvent;
String username = ((UserDetails) event.getAuthentication().getPrincipal()).getUsername();
+
+ WebAuthenticationDetails details = (WebAuthenticationDetails) event.getAuthentication().getDetails();
- userAuditService.registerLoginSuccess( username );
+ userAuditService.registerLoginSuccess( username, details.getRemoteAddress() );
userService.setLastLogin( username );
}
else if ( applicationEvent instanceof AbstractAuthenticationFailureEvent )
{
AbstractAuthenticationFailureEvent event = (AbstractAuthenticationFailureEvent) applicationEvent;
+
+ WebAuthenticationDetails details = (WebAuthenticationDetails) event.getAuthentication().getDetails();
- userAuditService.registerLoginFailure( (String) event.getAuthentication().getPrincipal() );
+ userAuditService.registerLoginFailure( (String) event.getAuthentication().getPrincipal(), details.getRemoteAddress() );
}
}
}
