dhis2-devs team mailing list archive

Thread
Date

[Branch ~dhis2-devs-core/dhis2/trunk] Rev 19475: minor changes, moved DefaultClientDetailsService to service-core where it belongs, moves auth-man...

To: DHIS 2 developers <dhis2-devs@xxxxxxxxxxxxxxxxxxx>
From: noreply@xxxxxxxxxxxxx
Date: Sun, 21 Jun 2015 04:36:25 -0000
Reply-to: noreply@xxxxxxxxxxxxx
Sender: bounces@xxxxxxxxxxxxx

------------------------------------------------------------
revno: 19475
committer: Morten Olav Hansen <mortenoh@xxxxxxxxx>
branch nick: dhis2
timestamp: Sun 2015-06-21 11:35:23 +0700
message:
  minor changes, moved DefaultClientDetailsService to service-core where it belongs, moves auth-manager config from web-common to service-core
removed:
  dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/security/oauth2/
  dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/security/oauth2/DefaultClientDetailsService.java
added:
  dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/security/oauth2/
  dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/security/oauth2/DefaultClientDetailsService.java
modified:
  dhis-2/dhis-services/dhis-service-core/src/main/resources/META-INF/dhis/security.xml
  dhis-2/dhis-web/dhis-web-commons/src/main/resources/META-INF/dhis/beans.xml
  dhis-2/dhis-web/dhis-web-commons/src/main/resources/META-INF/dhis/security.xml


--
lp:dhis2
https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk

Your team DHIS 2 developers is subscribed to branch lp:dhis2.
To unsubscribe from this branch go to https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk/+edit-subscription

=== added directory 'dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/security/oauth2'
=== added file 'dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/security/oauth2/DefaultClientDetailsService.java'
--- dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/security/oauth2/DefaultClientDetailsService.java	1970-01-01 00:00:00 +0000
+++ dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/security/oauth2/DefaultClientDetailsService.java	2015-06-21 04:35:23 +0000
@@ -0,0 +1,88 @@
+package org.hisp.dhis.security.oauth2;
+
+/*
+ * Copyright (c) 2004-2015, University of Oslo
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * Redistributions of source code must retain the above copyright notice, this
+ * list of conditions and the following disclaimer.
+ *
+ * Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ * Neither the name of the HISP project nor the names of its contributors may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
+ * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
+ * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+import org.hisp.dhis.oauth2.OAuth2Client;
+import org.hisp.dhis.oauth2.OAuth2ClientService;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.oauth2.provider.ClientDetails;
+import org.springframework.security.oauth2.provider.ClientDetailsService;
+import org.springframework.security.oauth2.provider.ClientRegistrationException;
+import org.springframework.security.oauth2.provider.client.BaseClientDetails;
+
+import java.util.HashSet;
+import java.util.Set;
+
+/**
+ * @author Morten Olav Hansen <mortenoh@xxxxxxxxx>
+ */
+public class DefaultClientDetailsService implements ClientDetailsService
+{
+    @Autowired
+    private OAuth2ClientService oAuth2ClientService;
+
+    @Override
+    public ClientDetails loadClientByClientId( String clientId ) throws ClientRegistrationException
+    {
+        ClientDetails clientDetails = clientDetails( oAuth2ClientService.getOAuth2ClientByClientId( clientId ) );
+
+        if ( clientDetails == null )
+        {
+            throw new ClientRegistrationException( "Invalid client_id" );
+        }
+
+        return clientDetails;
+    }
+
+    private ClientDetails clientDetails( OAuth2Client client )
+    {
+        if ( client == null )
+        {
+            return null;
+        }
+
+        Set<String> grantTypes = new HashSet<>();
+        grantTypes.add( "password" );
+        grantTypes.add( "authorization_code" );
+        grantTypes.add( "refresh_token" );
+        grantTypes.add( "client_credentials" );
+        grantTypes.add( "implicit" );
+
+        Set<String> scopes = new HashSet<>();
+        scopes.add( "ALL" );
+
+        BaseClientDetails clientDetails = new BaseClientDetails();
+        clientDetails.setClientId( client.getCid() );
+        clientDetails.setClientSecret( client.getSecret() );
+        clientDetails.setAuthorizedGrantTypes( grantTypes );
+        clientDetails.setScope( scopes );
+
+        return clientDetails;
+    }
+}

=== modified file 'dhis-2/dhis-services/dhis-service-core/src/main/resources/META-INF/dhis/security.xml'
--- dhis-2/dhis-services/dhis-service-core/src/main/resources/META-INF/dhis/security.xml	2014-12-04 06:39:46 +0000
+++ dhis-2/dhis-services/dhis-service-core/src/main/resources/META-INF/dhis/security.xml	2015-06-21 04:35:23 +0000
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<beans xmlns="http://www.springframework.org/schema/beans"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
-  xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.1.xsd";>
+<beans xmlns="http://www.springframework.org/schema/beans"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xmlns:sec="http://www.springframework.org/schema/security";
+  xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.1.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd";>
 
   <bean id="md5PasswordEncoder" class="org.springframework.security.authentication.encoding.Md5PasswordEncoder" />
 
@@ -52,4 +52,44 @@
     <property name="systemSettingManager" ref="org.hisp.dhis.setting.SystemSettingManager" />
     <property name="i18nManager" ref="org.hisp.dhis.i18n.I18nManager" />
   </bean>
+
+  <!-- Security : Authentication providers -->
+
+  <sec:authentication-manager alias="authenticationManager">
+    <sec:authentication-provider ref="migrationAuthenticationProvider" />
+  </sec:authentication-manager>
+
+  <!--
+  As of 2.17 user password hashes are being migrated from MD5(password, username) to bCrypt(password).
+  The migration is implemented in the migrationAuthenticationProvider configured above.
+  Once migration is complete, the authentication-manager configuration above can be
+  replaced by the one given below (commented). At that point the system will no longer accept
+  authentication request from users which are still stored with an MD5 hash in the database.
+
+  <sec:authentication-manager alias="authenticationManager">
+    <sec:authentication-provider user-service-ref="userDetailsService">
+      <sec:password-encoder ref="bCryptPasswordEncoder" />
+    </sec:authentication-provider>
+  </sec:authentication-manager>
+  -->
+
+  <!-- OAuth2 -->
+  <bean id="clientDetailsService" class="org.hisp.dhis.security.oauth2.DefaultClientDetailsService" />
+
+  <bean id="tokenStore" class="org.springframework.security.oauth2.provider.token.store.InMemoryTokenStore" />
+
+  <bean id="tokenServices" class="org.springframework.security.oauth2.provider.token.DefaultTokenServices">
+    <property name="tokenStore" ref="tokenStore" />
+    <property name="supportRefreshToken" value="true" />
+  </bean>
+
+  <bean id="clientDetailsUserService" class="org.springframework.security.oauth2.provider.client.ClientDetailsUserDetailsService">
+    <constructor-arg ref="clientDetailsService" />
+  </bean>
+
+  <sec:authentication-manager id="clientAuthenticationManager">
+    <sec:authentication-provider user-service-ref="clientDetailsUserService" />
+  </sec:authentication-manager>
+  <!-- End OAuth2 -->
+
 </beans>

=== removed directory 'dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/security/oauth2'
=== removed file 'dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/security/oauth2/DefaultClientDetailsService.java'
--- dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/security/oauth2/DefaultClientDetailsService.java	2015-06-15 04:03:19 +0000
+++ dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/security/oauth2/DefaultClientDetailsService.java	1970-01-01 00:00:00 +0000
@@ -1,88 +0,0 @@
-package org.hisp.dhis.security.oauth2;
-
-/*
- * Copyright (c) 2004-2015, University of Oslo
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions are met:
- * Redistributions of source code must retain the above copyright notice, this
- * list of conditions and the following disclaimer.
- *
- * Redistributions in binary form must reproduce the above copyright notice,
- * this list of conditions and the following disclaimer in the documentation
- * and/or other materials provided with the distribution.
- * Neither the name of the HISP project nor the names of its contributors may
- * be used to endorse or promote products derived from this software without
- * specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
- * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
- * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
- * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-import org.hisp.dhis.oauth2.OAuth2Client;
-import org.hisp.dhis.oauth2.OAuth2ClientService;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.security.oauth2.provider.ClientDetails;
-import org.springframework.security.oauth2.provider.ClientDetailsService;
-import org.springframework.security.oauth2.provider.ClientRegistrationException;
-import org.springframework.security.oauth2.provider.client.BaseClientDetails;
-
-import java.util.HashSet;
-import java.util.Set;
-
-/**
- * @author Morten Olav Hansen <mortenoh@xxxxxxxxx>
- */
-public class DefaultClientDetailsService implements ClientDetailsService
-{
-    @Autowired
-    private OAuth2ClientService oAuth2ClientService;
-
-    @Override
-    public ClientDetails loadClientByClientId( String clientId ) throws ClientRegistrationException
-    {
-        ClientDetails clientDetails = clientDetails( oAuth2ClientService.getOAuth2ClientByClientId( clientId ) );
-
-        if ( clientDetails == null )
-        {
-            throw new ClientRegistrationException( "Invalid client_id" );
-        }
-
-        return clientDetails;
-    }
-
-    private ClientDetails clientDetails( OAuth2Client client )
-    {
-        if ( client == null )
-        {
-            return null;
-        }
-
-        Set<String> grantTypes = new HashSet<>();
-        grantTypes.add( "password" );
-        grantTypes.add( "authorization_code" );
-        grantTypes.add( "refresh_token" );
-        grantTypes.add( "client_credentials" );
-        grantTypes.add( "implicit" );
-
-        Set<String> scopes = new HashSet<>();
-        scopes.add( "ALL" );
-
-        BaseClientDetails clientDetails = new BaseClientDetails();
-        clientDetails.setClientId( client.getCid() );
-        clientDetails.setClientSecret( client.getSecret() );
-        clientDetails.setAuthorizedGrantTypes( grantTypes );
-        clientDetails.setScope( scopes );
-
-        return clientDetails;
-    }
-}

=== modified file 'dhis-2/dhis-web/dhis-web-commons/src/main/resources/META-INF/dhis/beans.xml'
--- dhis-2/dhis-web/dhis-web-commons/src/main/resources/META-INF/dhis/beans.xml	2015-05-05 04:23:07 +0000
+++ dhis-2/dhis-web/dhis-web-commons/src/main/resources/META-INF/dhis/beans.xml	2015-06-21 04:35:23 +0000
@@ -255,7 +255,7 @@
     </property>
   </bean>
 
-  <bean id="org.hisp.dhis.oust.action.GetUserCountAction" class="org.hisp.dhis.oust.action.GetUserCountAction" scope="prototype"></bean>
+  <bean id="org.hisp.dhis.oust.action.GetUserCountAction" class="org.hisp.dhis.oust.action.GetUserCountAction" scope="prototype"/>
 
   <!-- Security import -->
   <import resource="security.xml" />

=== modified file 'dhis-2/dhis-web/dhis-web-commons/src/main/resources/META-INF/dhis/security.xml'
--- dhis-2/dhis-web/dhis-web-commons/src/main/resources/META-INF/dhis/security.xml	2015-06-15 04:05:35 +0000
+++ dhis-2/dhis-web/dhis-web-commons/src/main/resources/META-INF/dhis/security.xml	2015-06-21 04:35:23 +0000
@@ -5,8 +5,6 @@
     http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.2.xsd
     http://www.springframework.org/schema/security/oauth2 http://www.springframework.org/schema/security/spring-security-oauth2.xsd";>
 
-  <bean id="clientDetailsService" class="org.hisp.dhis.security.oauth2.DefaultClientDetailsService" />
-
   <!-- /oauth/authorize
   <sec:http pattern="/oauth/authorize/**" access-denied-page="/login.jsp?authorization_error=true" disable-url-rewriting="true">
       <sec:intercept-url pattern="/oauth/authorize/**" access="IS_AUTHENTICATED_FULLY" />
@@ -35,21 +33,6 @@
     <oauth:password />
   </oauth:authorization-server>
 
-  <sec:authentication-manager id="clientAuthenticationManager">
-    <sec:authentication-provider user-service-ref="clientDetailsUserService" />
-  </sec:authentication-manager>
-
-  <bean id="clientDetailsUserService" class="org.springframework.security.oauth2.provider.client.ClientDetailsUserDetailsService">
-    <constructor-arg ref="clientDetailsService" />
-  </bean>
-
-  <bean id="tokenStore" class="org.springframework.security.oauth2.provider.token.store.InMemoryTokenStore" />
-
-  <bean id="tokenServices" class="org.springframework.security.oauth2.provider.token.DefaultTokenServices">
-    <property name="tokenStore" ref="tokenStore" />
-    <property name="supportRefreshToken" value="true" />
-  </bean>
-
   <bean id="oauthAuthenticationEntryPoint"
     class="org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint">
     <property name="realmName" value="dhis2/oauth2" />
@@ -179,26 +162,6 @@
     <property name="userService" ref="org.hisp.dhis.user.UserService" />
   </bean>
 
-  <!-- Security : Authentication providers -->
-
-  <sec:authentication-manager alias="authenticationManager">
-    <sec:authentication-provider ref="migrationAuthenticationProvider" />
-  </sec:authentication-manager>
-
-  <!--
-  As of 2.17 user password hashes are being migrated from MD5(password, username) to bCrypt(password).
-  The migration is implemented in the migrationAuthenticationProvider configured above.
-  Once migration is complete, the authentication-manager configuration above can be
-  replaced by the one given below (commented). At that point the system will no longer accept
-  authentication request from users which are still stored with an MD5 hash in the database.
-
-  <sec:authentication-manager alias="authenticationManager">
-    <sec:authentication-provider user-service-ref="userDetailsService">
-      <sec:password-encoder ref="bCryptPasswordEncoder" />
-    </sec:authentication-provider>
-  </sec:authentication-manager>
-  -->
-
   <!-- Security : AccessProvider -->
 
   <bean id="databaseAutomaticAccessProvider" class="org.hisp.dhis.security.DatabaseAutomaticAccessProvider">
@@ -213,6 +176,7 @@
 
   <!-- Security : AccessDecision/Voter -->
 
+  <bean id="scopeVoter" class="org.springframework.security.oauth2.provider.vote.ScopeVoter" />
   <bean id="authenticatedVoter" class="org.springframework.security.access.vote.AuthenticatedVoter" />
   <bean id="webExpressionVoter" class="org.springframework.security.web.access.expression.WebExpressionVoter" />
   <bean id="externalAccessVoter" class="org.hisp.dhis.security.vote.ExternalAccessVoter" />