dhis2-devs team mailing list archive
-
dhis2-devs team
-
Mailing list archive
-
Message #38154
[Branch ~dhis2-devs-core/dhis2/trunk] Rev 19478: downgrade to spring-security-oauth2 2.0.5 for now, 2.0.6+ changed behavior for session based reso...
------------------------------------------------------------
revno: 19478
committer: Morten Olav Hansen <mortenoh@xxxxxxxxx>
branch nick: dhis2
timestamp: Sun 2015-06-21 17:51:09 +0700
message:
downgrade to spring-security-oauth2 2.0.5 for now, 2.0.6+ changed behavior for session based resources, need to look more into this before updating again (resource server filter is now enabled)
modified:
dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/security/oauth2/DefaultClientDetailsService.java
dhis-2/dhis-web/dhis-web-commons/src/main/resources/META-INF/dhis/security.xml
dhis-2/pom.xml
--
lp:dhis2
https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk
Your team DHIS 2 developers is subscribed to branch lp:dhis2.
To unsubscribe from this branch go to https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk/+edit-subscription
=== modified file 'dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/security/oauth2/DefaultClientDetailsService.java'
--- dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/security/oauth2/DefaultClientDetailsService.java 2015-06-21 04:35:23 +0000
+++ dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/security/oauth2/DefaultClientDetailsService.java 2015-06-21 10:51:09 +0000
@@ -28,6 +28,7 @@
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
+import com.google.common.collect.Sets;
import org.hisp.dhis.oauth2.OAuth2Client;
import org.hisp.dhis.oauth2.OAuth2ClientService;
import org.springframework.beans.factory.annotation.Autowired;
@@ -36,7 +37,6 @@
import org.springframework.security.oauth2.provider.ClientRegistrationException;
import org.springframework.security.oauth2.provider.client.BaseClientDetails;
-import java.util.HashSet;
import java.util.Set;
/**
@@ -47,6 +47,11 @@
@Autowired
private OAuth2ClientService oAuth2ClientService;
+ private final Set<String> GRANT_TYPES =
+ Sets.newHashSet( "password", "authorization_code", "refresh_token" );
+
+ private final Set<String> SCOPES = Sets.newHashSet( "ALL" );
+
@Override
public ClientDetails loadClientByClientId( String clientId ) throws ClientRegistrationException
{
@@ -67,21 +72,11 @@
return null;
}
- Set<String> grantTypes = new HashSet<>();
- grantTypes.add( "password" );
- grantTypes.add( "authorization_code" );
- grantTypes.add( "refresh_token" );
- grantTypes.add( "client_credentials" );
- grantTypes.add( "implicit" );
-
- Set<String> scopes = new HashSet<>();
- scopes.add( "ALL" );
-
BaseClientDetails clientDetails = new BaseClientDetails();
clientDetails.setClientId( client.getCid() );
clientDetails.setClientSecret( client.getSecret() );
- clientDetails.setAuthorizedGrantTypes( grantTypes );
- clientDetails.setScope( scopes );
+ clientDetails.setAuthorizedGrantTypes( GRANT_TYPES );
+ clientDetails.setScope( SCOPES );
return clientDetails;
}
=== modified file 'dhis-2/dhis-web/dhis-web-commons/src/main/resources/META-INF/dhis/security.xml'
--- dhis-2/dhis-web/dhis-web-commons/src/main/resources/META-INF/dhis/security.xml 2015-06-21 09:33:34 +0000
+++ dhis-2/dhis-web/dhis-web-commons/src/main/resources/META-INF/dhis/security.xml 2015-06-21 10:51:09 +0000
@@ -115,7 +115,7 @@
<sec:intercept-url pattern="/api/account/password" access="permitAll()" />
<sec:intercept-url pattern="/api/account" access="permitAll()" />
<sec:intercept-url pattern="/**" access="isAuthenticated()" />
- <!-- <sec:custom-filter ref="resourceServerFilter" before="PRE_AUTH_FILTER" /> -->
+ <sec:custom-filter ref="resourceServerFilter" before="PRE_AUTH_FILTER" />
<sec:custom-filter ref="automaticAccessFilter" before="LOGOUT_FILTER" />
<sec:custom-filter ref="corsFilter" before="BASIC_AUTH_FILTER" />
<sec:custom-filter ref="customAuthenticationFilter" before="FORM_LOGIN_FILTER" />
=== modified file 'dhis-2/pom.xml'
--- dhis-2/pom.xml 2015-06-18 08:03:48 +0000
+++ dhis-2/pom.xml 2015-06-21 10:51:09 +0000
@@ -1032,7 +1032,7 @@
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<spring.version>4.1.6.RELEASE</spring.version>
<spring.security.version>3.2.7.RELEASE</spring.security.version>
- <spring.security.oauth2.version>2.0.7.RELEASE</spring.security.oauth2.version>
+ <spring.security.oauth2.version>2.0.5.RELEASE</spring.security.oauth2.version>
<struts.version>2.3.16.3</struts.version>
<hibernate.version>4.2.19.Final</hibernate.version>
<hibernate-validator.version>4.3.1.Final</hibernate-validator.version>
