Index: I:/Projects/workspace/appfuse/service/src/test/java/org/appfuse/util/StringUtilTest.java
===================================================================
--- I:/Projects/workspace/appfuse/service/src/test/java/org/appfuse/util/StringUtilTest.java (revision 2514)
+++ I:/Projects/workspace/appfuse/service/src/test/java/org/appfuse/util/StringUtilTest.java (working copy)
@@ -1,28 +0,0 @@
-package org.appfuse.util;
-
-import junit.framework.TestCase;
-
-
-public class StringUtilTest extends TestCase {
- public StringUtilTest(String name) {
- super(name);
- }
-
- protected void setUp() throws Exception {
- super.setUp();
- }
-
- protected void tearDown() throws Exception {
- super.tearDown();
- }
-
- public void testEncodePassword() throws Exception {
- String password = "tomcat";
- String encrypted = "536c0b339345616c1b33caf454454d8b8a190d6c";
- assertEquals(StringUtil.encodePassword(password, "SHA"), encrypted);
- }
-
- public static void main(String[] args) {
- junit.textui.TestRunner.run(StringUtilTest.class);
- }
-}
Index: I:/Projects/workspace/appfuse/service/src/test/resources/applicationContext-resources.xml
===================================================================
--- I:/Projects/workspace/appfuse/service/src/test/resources/applicationContext-resources.xml (revision 2524)
+++ I:/Projects/workspace/appfuse/service/src/test/resources/applicationContext-resources.xml (working copy)
@@ -1,20 +1,43 @@
-
+
-
-
-
- classpath:jdbc.properties
- classpath:mail.properties
-
+
+
+
+ classpath:jdbc.properties
+ classpath:mail.properties
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
-
-
-
-
-
-
-
-
\ No newline at end of file
+
+
Index: I:/Projects/workspace/appfuse/service/src/main/java/org/appfuse/service/impl/UserManagerImpl.java
===================================================================
--- I:/Projects/workspace/appfuse/service/src/main/java/org/appfuse/service/impl/UserManagerImpl.java (revision 2524)
+++ I:/Projects/workspace/appfuse/service/src/main/java/org/appfuse/service/impl/UserManagerImpl.java (working copy)
@@ -2,6 +2,9 @@
import java.util.List;
+import org.acegisecurity.providers.dao.DaoAuthenticationProvider;
+import org.acegisecurity.providers.dao.SaltSource;
+import org.acegisecurity.providers.encoding.PasswordEncoder;
import org.acegisecurity.userdetails.UsernameNotFoundException;
import org.appfuse.dao.UserDao;
import org.appfuse.model.User;
@@ -23,6 +26,7 @@
*/
public class UserManagerImpl extends UniversalManagerImpl implements UserManager {
private UserDao dao;
+ private DaoAuthenticationProvider authenticationProvider;
/**
* Set the Dao for communication with the data layer.
@@ -33,6 +37,16 @@
}
/**
+ * Set the DaoAuthenticationProvider object that will provide both the
+ * PasswordEncoder and the SaltSource which will be used for password
+ * encryption when necessary.
+ * @param authenticationProvider the DaoAuthenticationProvider object
+ */
+ public void setAuthenticationProvider(DaoAuthenticationProvider authenticationProvider) {
+ this.authenticationProvider = authenticationProvider;
+ }
+
+ /**
* @see org.appfuse.service.UserManager#getUser(java.lang.String)
*/
public User getUser(String userId) {
@@ -46,15 +60,25 @@
return dao.getUsers();
}
+
/**
- * @see org.appfuse.service.UserManager#saveUser(org.appfuse.model.User)
+ * @see org.appfuse.service.UserManager#saveUser(org.appfuse.model.User, boolean)
*/
- public void saveUser(User user) throws UserExistsException {
- // if new user, lowercase userId
- if (user.getVersion() == null) {
+ public void saveUser(User user, boolean passwordChanged) throws UserExistsException {
+ // if new user, lowercase userId
+ if (user.getVersion() == null) {
user.setUsername(user.getUsername().toLowerCase());
- }
-
+ }
+ // if password was changed (or new user), encrypt it
+ if (passwordChanged) {
+ PasswordEncoder passwordEncoder = authenticationProvider.getPasswordEncoder();
+ SaltSource saltSource = authenticationProvider.getSaltSource();
+ Object salt = null;
+ if (saltSource != null) {
+ salt = saltSource.getSalt(user);
+ }
+ user.setPassword(passwordEncoder.encodePassword(user.getPassword(), salt));
+ }
try {
dao.saveUser(user);
} catch (DataIntegrityViolationException e) {
@@ -63,6 +87,14 @@
throw new UserExistsException("User '" + user.getUsername() + "' already exists!");
}
}
+
+
+ /**
+ * @see org.appfuse.service.UserManager#saveUser(org.appfuse.model.User)
+ */
+ public void saveUser(User user) throws UserExistsException {
+ saveUser(user, false);
+ }
/**
* @see org.appfuse.service.UserManager#removeUser(java.lang.String)
Index: I:/Projects/workspace/appfuse/service/src/main/java/org/appfuse/service/UserManager.java
===================================================================
--- I:/Projects/workspace/appfuse/service/src/main/java/org/appfuse/service/UserManager.java (revision 2524)
+++ I:/Projects/workspace/appfuse/service/src/main/java/org/appfuse/service/UserManager.java (working copy)
@@ -43,11 +43,23 @@
public List getUsers(User user);
/**
- * Saves a user's information
+ * Saves a user's information, specifying whether the user's password
+ * has changed (and thus it might have to be encrypted) or not.
*
* @param user the user's information
+ * @param passwordChanged wether the user's password has changed or not
* @throws UserExistsException thrown when user already exists
*/
+ public void saveUser(User user, boolean passwordChanged) throws UserExistsException;
+
+ /**
+ * Saves a user's information, assuming that the user's password has
+ * not changed (and thus not encrypting it). This method is equivalent
+ * to saveUser(user, false).
+ *
+ * @param user the user's information
+ * @throws UserExistsException thrown when user already exists
+ */
public void saveUser(User user) throws UserExistsException;
/**
Index: I:/Projects/workspace/appfuse/service/src/main/java/org/appfuse/util/StringUtil.java
===================================================================
--- I:/Projects/workspace/appfuse/service/src/main/java/org/appfuse/util/StringUtil.java (revision 2514)
+++ I:/Projects/workspace/appfuse/service/src/main/java/org/appfuse/util/StringUtil.java (working copy)
@@ -1,99 +0,0 @@
-package org.appfuse.util;
-
-import java.security.MessageDigest;
-
-import org.apache.commons.codec.DecoderException;
-import org.apache.commons.codec.binary.Base64;
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-
-
-/**
- * String Utility Class This is used to encode passwords programmatically
- *
- * @author Matt Raible
- */
-public class StringUtil {
- //~ Static fields/initializers =============================================
-
- private final static Log log = LogFactory.getLog(StringUtil.class);
-
- //~ Methods ================================================================
-
- /**
- * Encode a string using algorithm specified in web.xml and return the
- * resulting encrypted password. If exception, the plain credentials
- * string is returned
- *
- * @param password Password or other credentials to use in authenticating
- * this username
- * @param algorithm Algorithm used to do the digest
- *
- * @return encypted password based on the algorithm.
- */
- public static String encodePassword(String password, String algorithm) {
- byte[] unencodedPassword = password.getBytes();
-
- MessageDigest md = null;
-
- try {
- // first create an instance, given the provider
- md = MessageDigest.getInstance(algorithm);
- } catch (Exception e) {
- log.error("Exception: " + e);
-
- return password;
- }
-
- md.reset();
-
- // call the update method one or more times
- // (useful when you don't know the size of your data, eg. stream)
- md.update(unencodedPassword);
-
- // now calculate the hash
- byte[] encodedPassword = md.digest();
-
- StringBuffer buf = new StringBuffer();
-
- for (byte anEncodedPassword : encodedPassword) {
- if ((anEncodedPassword & 0xff) < 0x10) {
- buf.append("0");
- }
-
- buf.append(Long.toString(anEncodedPassword & 0xff, 16));
- }
-
- return buf.toString();
- }
-
- /**
- * Encode a string using Base64 encoding. Used when storing passwords
- * as cookies.
- *
- * This is weak encoding in that anyone can use the decodeString
- * routine to reverse the encoding.
- *
- * @param str
- * @return String
- */
- public static String encodeString(String str) {
- Base64 encoder = new Base64();
- return String.valueOf(encoder.encode(str.getBytes())).trim();
- }
-
- /**
- * Decode a string using Base64 encoding.
- *
- * @param str
- * @return String
- */
- public static String decodeString(String str) {
- Base64 dec = new Base64();
- try {
- return String.valueOf(dec.decode(str));
- } catch (DecoderException de) {
- throw new RuntimeException(de.getMessage(), de.getCause());
- }
- }
-}
Index: I:/Projects/workspace/appfuse/service/src/main/resources/applicationContext-service.xml
===================================================================
--- I:/Projects/workspace/appfuse/service/src/main/resources/applicationContext-service.xml (revision 2524)
+++ I:/Projects/workspace/appfuse/service/src/main/resources/applicationContext-service.xml (working copy)
@@ -100,6 +100,7 @@
+
Index: I:/Projects/workspace/appfuse/data/common/src/main/java/org/appfuse/Constants.java
===================================================================
--- I:/Projects/workspace/appfuse/data/common/src/main/java/org/appfuse/Constants.java (revision 2524)
+++ I:/Projects/workspace/appfuse/data/common/src/main/java/org/appfuse/Constants.java (working copy)
@@ -16,12 +16,6 @@
/** The name of the ResourceBundle used in this application */
public static final String BUNDLE_KEY = "ApplicationResources";
- /** The encryption algorithm key to be used for passwords */
- public static final String ENC_ALGORITHM = "algorithm";
-
- /** A flag to indicate if passwords should be encrypted */
- public static final String ENCRYPT_PASSWORD = "encryptPassword";
-
/** File separator from System properties */
public static final String FILE_SEP = System.getProperty("file.separator");
Index: I:/Projects/workspace/appfuse/web/spring/src/test/resources/applicationContext-test.xml
===================================================================
--- I:/Projects/workspace/appfuse/web/spring/src/test/resources/applicationContext-test.xml (revision 0)
+++ I:/Projects/workspace/appfuse/web/spring/src/test/resources/applicationContext-test.xml (revision 0)
@@ -0,0 +1,24 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Index: I:/Projects/workspace/appfuse/web/spring/src/main/java/org/appfuse/webapp/controller/UserFormController.java
===================================================================
--- I:/Projects/workspace/appfuse/web/spring/src/main/java/org/appfuse/webapp/controller/UserFormController.java (revision 2523)
+++ I:/Projects/workspace/appfuse/web/spring/src/main/java/org/appfuse/webapp/controller/UserFormController.java (working copy)
@@ -19,7 +19,6 @@
import org.appfuse.service.RoleManager;
import org.appfuse.service.UserManager;
import org.appfuse.service.UserExistsException;
-import org.appfuse.util.StringUtil;
import org.appfuse.webapp.util.RequestUtil;
import org.springframework.validation.BindException;
import org.springframework.web.servlet.ModelAndView;
@@ -78,19 +77,10 @@
return new ModelAndView(getSuccessView());
} else {
- Boolean encrypt = (Boolean) getConfiguration().get(Constants.ENCRYPT_PASSWORD);
+
+ boolean passwordChanged =
+ (StringUtils.equals(request.getParameter("encryptPass"), "true"));
- if (StringUtils.equals(request.getParameter("encryptPass"), "true") && (encrypt != null && encrypt)) {
- String algorithm = (String) getConfiguration().get(Constants.ENC_ALGORITHM);
-
- if (algorithm == null) { // should only happen for test case
- log.debug("assuming testcase, setting algorithm to 'SHA'");
- algorithm = "SHA";
- }
-
- user.setPassword(StringUtil.encodePassword(user.getPassword(), algorithm));
- }
-
// only attempt to change roles if user is admin for other users,
// formBackingObject() method will handle populating
if (request.isUserInRole(Constants.ADMIN_ROLE)) {
@@ -107,7 +97,7 @@
Integer originalVersion = user.getVersion();
try {
- getUserManager().saveUser(user);
+ getUserManager().saveUser(user, passwordChanged);
} catch (UserExistsException e) {
log.warn(e.getMessage());
Index: I:/Projects/workspace/appfuse/web/spring/src/main/java/org/appfuse/webapp/controller/SignupController.java
===================================================================
--- I:/Projects/workspace/appfuse/web/spring/src/main/java/org/appfuse/webapp/controller/SignupController.java (revision 2523)
+++ I:/Projects/workspace/appfuse/web/spring/src/main/java/org/appfuse/webapp/controller/SignupController.java (working copy)
@@ -9,7 +9,6 @@
import org.appfuse.model.User;
import org.appfuse.service.RoleManager;
import org.appfuse.service.UserExistsException;
-import org.appfuse.util.StringUtil;
import org.appfuse.webapp.util.RequestUtil;
import org.springframework.beans.factory.NoSuchBeanDefinitionException;
@@ -53,27 +52,14 @@
User user = (User) command;
Locale locale = request.getLocale();
-
- Boolean encrypt = (Boolean) getConfiguration().get(Constants.ENCRYPT_PASSWORD);
- if (encrypt != null && encrypt.booleanValue()) {
- String algorithm = (String) getConfiguration().get(Constants.ENC_ALGORITHM);
-
- if (algorithm == null) { // should only happen for test case
- log.debug("assuming testcase, setting algorithm to 'SHA'");
- algorithm = "SHA";
- }
-
- user.setPassword(StringUtil.encodePassword(user.getPassword(), algorithm));
- }
-
user.setEnabled(true);
// Set the default user role on this new user
user.addRole(roleManager.getRole(Constants.USER_ROLE));
try {
- this.getUserManager().saveUser(user);
+ this.getUserManager().saveUser(user, true);
} catch (UserExistsException e) {
log.warn(e.getMessage());
Index: I:/Projects/workspace/appfuse/web/spring/src/main/java/org/appfuse/webapp/controller/BaseControllerTestCase.java
===================================================================
--- I:/Projects/workspace/appfuse/web/spring/src/main/java/org/appfuse/webapp/controller/BaseControllerTestCase.java (revision 2523)
+++ I:/Projects/workspace/appfuse/web/spring/src/main/java/org/appfuse/webapp/controller/BaseControllerTestCase.java (working copy)
@@ -31,7 +31,8 @@
"classpath*:/applicationContext-service.xml",
"classpath*:/applicationContext.xml", // for modular archetypes
"/WEB-INF/applicationContext*.xml",
- "/WEB-INF/dispatcher-servlet.xml"
+ "/WEB-INF/dispatcher-servlet.xml",
+ "/applicationContext-test.xml"
};
}
Index: I:/Projects/workspace/appfuse/web/jsf/src/test/resources/applicationContext-test.xml
===================================================================
--- I:/Projects/workspace/appfuse/web/jsf/src/test/resources/applicationContext-test.xml (revision 0)
+++ I:/Projects/workspace/appfuse/web/jsf/src/test/resources/applicationContext-test.xml (revision 0)
@@ -0,0 +1,24 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Index: I:/Projects/workspace/appfuse/web/jsf/src/main/java/org/appfuse/webapp/action/UserForm.java
===================================================================
--- I:/Projects/workspace/appfuse/web/jsf/src/main/java/org/appfuse/webapp/action/UserForm.java (revision 2523)
+++ I:/Projects/workspace/appfuse/web/jsf/src/main/java/org/appfuse/webapp/action/UserForm.java (working copy)
@@ -18,7 +18,6 @@
import org.appfuse.service.RoleManager;
import org.appfuse.service.UserExistsException;
import org.appfuse.util.ConvertUtil;
-import org.appfuse.util.StringUtil;
import org.appfuse.webapp.util.RequestUtil;
/**
@@ -106,21 +105,10 @@
String password = user.getPassword();
String originalPassword = getParameter("userForm:originalPassword");
- Boolean encrypt = (Boolean) getConfiguration().get(Constants.ENCRYPT_PASSWORD);
- boolean doEncrypt = (encrypt != null) && encrypt;
+ boolean passwordChanged =
+ (StringUtils.equals(getParameter("encryptPass"), "true") ||
+ !StringUtils.equals(password, originalPassword));
- if (doEncrypt && (StringUtils.equals(getParameter("encryptPass"), "true") ||
- !StringUtils.equals(password, originalPassword))) {
- String algorithm = (String) getConfiguration().get(Constants.ENC_ALGORITHM);
-
- if (algorithm == null) { // should only happen for test case
- log.debug("assuming testcase, setting algorigthm to 'SHA'");
- algorithm = "SHA";
- }
-
- user.setPassword(StringUtil.encodePassword(password, algorithm));
- }
-
// workaround for plain ol' HTML input tags that don't seem to set
// properties on the managed bean
setUserRoles(getRequest().getParameterValues("userForm:userRoles"));
@@ -133,7 +121,7 @@
Integer originalVersion = user.getVersion();
try {
- userManager.saveUser(user);
+ userManager.saveUser(user, passwordChanged);
} catch (UserExistsException e) {
log.warn(e.getMessage());
addError("errors.existing.user",
Index: I:/Projects/workspace/appfuse/web/jsf/src/main/java/org/appfuse/webapp/action/BasePageTestCase.java
===================================================================
--- I:/Projects/workspace/appfuse/web/jsf/src/main/java/org/appfuse/webapp/action/BasePageTestCase.java (revision 2523)
+++ I:/Projects/workspace/appfuse/web/jsf/src/main/java/org/appfuse/webapp/action/BasePageTestCase.java (working copy)
@@ -47,7 +47,8 @@
"classpath*:/applicationContext-dao.xml, " +
"classpath*:/applicationContext-service.xml," +
"classpath*:/applicationContext.xml," + // for modular archetypes
- "/WEB-INF/applicationContext*.xml");
+ "/WEB-INF/applicationContext*.xml, " +
+ "/applicationContext-test.xml");
ServletContextListener contextListener = new ContextLoaderListener();
ServletContextEvent event = new ServletContextEvent(servletContext);
Index: I:/Projects/workspace/appfuse/web/jsf/src/main/java/org/appfuse/webapp/action/SignupForm.java
===================================================================
--- I:/Projects/workspace/appfuse/web/jsf/src/main/java/org/appfuse/webapp/action/SignupForm.java (revision 2523)
+++ I:/Projects/workspace/appfuse/web/jsf/src/main/java/org/appfuse/webapp/action/SignupForm.java (working copy)
@@ -10,7 +10,6 @@
import org.appfuse.model.User;
import org.appfuse.service.RoleManager;
import org.appfuse.service.UserExistsException;
-import org.appfuse.util.StringUtil;
import org.appfuse.webapp.util.RequestUtil;
import org.springframework.beans.factory.NoSuchBeanDefinitionException;
import org.springframework.context.ApplicationContext;
@@ -39,28 +38,14 @@
}
public String save() throws Exception {
- Boolean encrypt = (Boolean) getConfiguration().get(Constants.ENCRYPT_PASSWORD);
- if (encrypt != null && encrypt.booleanValue()) {
- String algorithm = (String) getConfiguration().get(Constants.ENC_ALGORITHM);
-
- if (algorithm == null) { // should only happen for test case
- if (log.isDebugEnabled()) {
- log.debug("assuming testcase, setting algorithm to 'SHA'");
- }
- algorithm = "SHA";
- }
-
- user.setPassword(StringUtil.encodePassword(user.getPassword(), algorithm));
- }
-
user.setEnabled(true);
// Set the default user role on this new user
user.addRole(roleManager.getRole(Constants.USER_ROLE));
try {
- userManager.saveUser(user);
+ userManager.saveUser(user, true);
} catch (UserExistsException e) {
log.warn(e.getMessage());
addMessage("errors.existing.user",
Index: I:/Projects/workspace/appfuse/web/struts/src/test/resources/applicationContext-test.xml
===================================================================
--- I:/Projects/workspace/appfuse/web/struts/src/test/resources/applicationContext-test.xml (revision 0)
+++ I:/Projects/workspace/appfuse/web/struts/src/test/resources/applicationContext-test.xml (revision 0)
@@ -0,0 +1,24 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Index: I:/Projects/workspace/appfuse/web/struts/src/main/java/org/appfuse/webapp/action/SignupAction.java
===================================================================
--- I:/Projects/workspace/appfuse/web/struts/src/main/java/org/appfuse/webapp/action/SignupAction.java (revision 2523)
+++ I:/Projects/workspace/appfuse/web/struts/src/main/java/org/appfuse/webapp/action/SignupAction.java (working copy)
@@ -6,7 +6,6 @@
import org.appfuse.Constants;
import org.appfuse.model.User;
-import org.appfuse.util.StringUtil;
import org.appfuse.service.UserExistsException;
import org.appfuse.webapp.util.RequestUtil;
@@ -53,28 +52,13 @@
}
public String save() throws Exception {
- Boolean encrypt = (Boolean) getConfiguration().get(Constants.ENCRYPT_PASSWORD);
-
- if (encrypt != null && encrypt.booleanValue()) {
- String algorithm = (String) getConfiguration().get(Constants.ENC_ALGORITHM);
-
- if (algorithm == null) { // should only happen for test case
- if (log.isDebugEnabled()) {
- log.debug("assuming testcase, setting algorithm to 'SHA'");
- }
- algorithm = "SHA";
- }
-
- user.setPassword(StringUtil.encodePassword(user.getPassword(), algorithm));
- }
-
user.setEnabled(true);
// Set the default user role on this new user
user.addRole(roleManager.getRole(Constants.USER_ROLE));
try {
- userManager.saveUser(user);
+ userManager.saveUser(user, true);
} catch (UserExistsException e) {
log.warn(e.getMessage());
List args = new ArrayList();
Index: I:/Projects/workspace/appfuse/web/struts/src/main/java/org/appfuse/webapp/action/BaseActionTestCase.java
===================================================================
--- I:/Projects/workspace/appfuse/web/struts/src/main/java/org/appfuse/webapp/action/BaseActionTestCase.java (revision 2523)
+++ I:/Projects/workspace/appfuse/web/struts/src/main/java/org/appfuse/webapp/action/BaseActionTestCase.java (working copy)
@@ -25,7 +25,8 @@
"classpath*:/applicationContext-dao.xml",
"classpath*:/applicationContext-service.xml",
"classpath*:/applicationContext.xml", // for modular archetypes
- "/WEB-INF/applicationContext*.xml"
+ "/WEB-INF/applicationContext*.xml",
+ "/applicationContext-test.xml"
};
}
Index: I:/Projects/workspace/appfuse/web/struts/src/main/java/org/appfuse/webapp/action/UserAction.java
===================================================================
--- I:/Projects/workspace/appfuse/web/struts/src/main/java/org/appfuse/webapp/action/UserAction.java (revision 2523)
+++ I:/Projects/workspace/appfuse/web/struts/src/main/java/org/appfuse/webapp/action/UserAction.java (working copy)
@@ -10,7 +10,6 @@
import org.appfuse.model.Role;
import org.appfuse.model.User;
import org.appfuse.service.UserExistsException;
-import org.appfuse.util.StringUtil;
import org.appfuse.webapp.util.RequestUtil;
import javax.servlet.http.HttpServletRequest;
@@ -124,19 +123,9 @@
}
public String save() throws Exception {
- Boolean encrypt = (Boolean) getConfiguration().get(Constants.ENCRYPT_PASSWORD);
+ boolean passwordChanged =
+ ("true".equals(getRequest().getParameter("encryptPass")));
- if ("true".equals(getRequest().getParameter("encryptPass")) && (encrypt != null && encrypt)) {
- String algorithm = (String) getConfiguration().get(Constants.ENC_ALGORITHM);
-
- if (algorithm == null) { // should only happen for test case
- log.debug("assuming testcase, setting algorithm to 'SHA'");
- algorithm = "SHA";
- }
-
- user.setPassword(StringUtil.encodePassword(user.getPassword(), algorithm));
- }
-
Integer originalVersion = user.getVersion();
boolean isNew = ("".equals(getRequest().getParameter("user.version")));
@@ -152,7 +141,7 @@
}
try {
- userManager.saveUser(user);
+ userManager.saveUser(user, passwordChanged);
} catch (UserExistsException e) {
log.warn(e.getMessage());
List args = new ArrayList();
Index: I:/Projects/workspace/appfuse/web/common/src/test/java/org/appfuse/webapp/listener/StartupListenerTest.java
===================================================================
--- I:/Projects/workspace/appfuse/web/common/src/test/java/org/appfuse/webapp/listener/StartupListenerTest.java (revision 2522)
+++ I:/Projects/workspace/appfuse/web/common/src/test/java/org/appfuse/webapp/listener/StartupListenerTest.java (working copy)
@@ -33,7 +33,8 @@
sc.addInitParameter(ContextLoader.CONFIG_LOCATION_PARAM,
"classpath*:/applicationContext-dao.xml, " +
"classpath*:/applicationContext-service.xml, " +
- "classpath:/applicationContext-resources.xml");
+ "classpath:/applicationContext-resources.xml, " +
+ "/applicationContext-test.xml");
springListener = new ContextLoaderListener();
springListener.contextInitialized(new ServletContextEvent(sc));
Index: I:/Projects/workspace/appfuse/web/common/src/test/resources/applicationContext-test.xml
===================================================================
--- I:/Projects/workspace/appfuse/web/common/src/test/resources/applicationContext-test.xml (revision 0)
+++ I:/Projects/workspace/appfuse/web/common/src/test/resources/applicationContext-test.xml (revision 0)
@@ -0,0 +1,24 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Index: I:/Projects/workspace/appfuse/web/common/src/main/java/org/appfuse/webapp/listener/StartupListener.java
===================================================================
--- I:/Projects/workspace/appfuse/web/common/src/main/java/org/appfuse/webapp/listener/StartupListener.java (revision 2522)
+++ I:/Projects/workspace/appfuse/web/common/src/main/java/org/appfuse/webapp/listener/StartupListener.java (working copy)
@@ -3,6 +3,7 @@
import org.acegisecurity.providers.AuthenticationProvider;
import org.acegisecurity.providers.ProviderManager;
import org.acegisecurity.providers.encoding.Md5PasswordEncoder;
+import org.acegisecurity.providers.encoding.PasswordEncoder;
import org.acegisecurity.providers.rememberme.RememberMeAuthenticationProvider;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
@@ -53,6 +54,7 @@
WebApplicationContextUtils.getRequiredWebApplicationContext(context);
boolean encryptPassword = false;
+ PasswordEncoder passwordEncoder = null;
try {
ProviderManager provider = (ProviderManager) ctx.getBean("authenticationManager");
for (Object o : provider.getProviders()) {
@@ -61,16 +63,6 @@
config.put("rememberMeEnabled", Boolean.TRUE);
}
}
-
- if (ctx.containsBean("passwordEncoder")) {
- encryptPassword = true;
- config.put(Constants.ENCRYPT_PASSWORD, Boolean.TRUE);
- String algorithm = "SHA";
- if (ctx.getBean("passwordEncoder") instanceof Md5PasswordEncoder) {
- algorithm = "MD5";
- }
- config.put(Constants.ENC_ALGORITHM, algorithm);
- }
} catch (NoSuchBeanDefinitionException n) {
// ignore, should only happen when testing
}
@@ -82,7 +74,7 @@
log.debug("Remember Me Enabled? " + config.get("rememberMeEnabled"));
log.debug("Encrypt Passwords? " + encryptPassword);
if (encryptPassword) {
- log.debug("Encryption Algorithm: " + config.get(Constants.ENC_ALGORITHM));
+ log.debug("Password Encryptor Class: " + passwordEncoder.getClass().getName());
}
log.debug("Populating drop-downs...");
}
Index: I:/Projects/workspace/appfuse/web/common/src/main/webapp/WEB-INF/security.xml
===================================================================
--- I:/Projects/workspace/appfuse/web/common/src/main/webapp/WEB-INF/security.xml (revision 2522)
+++ I:/Projects/workspace/appfuse/web/common/src/main/webapp/WEB-INF/security.xml (working copy)
@@ -122,8 +122,6 @@
-
Index: I:/Projects/workspace/appfuse/web/tapestry/src/test/resources/applicationContext-test.xml
===================================================================
--- I:/Projects/workspace/appfuse/web/tapestry/src/test/resources/applicationContext-test.xml (revision 0)
+++ I:/Projects/workspace/appfuse/web/tapestry/src/test/resources/applicationContext-test.xml (revision 0)
@@ -0,0 +1,24 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Index: I:/Projects/workspace/appfuse/web/tapestry/src/main/java/org/appfuse/webapp/pages/UserForm.java
===================================================================
--- I:/Projects/workspace/appfuse/web/tapestry/src/main/java/org/appfuse/webapp/pages/UserForm.java (revision 2523)
+++ I:/Projects/workspace/appfuse/web/tapestry/src/main/java/org/appfuse/webapp/pages/UserForm.java (working copy)
@@ -26,7 +26,6 @@
import org.appfuse.service.RoleManager;
import org.appfuse.service.UserExistsException;
import org.appfuse.service.UserManager;
-import org.appfuse.util.StringUtil;
import org.appfuse.webapp.util.RequestUtil;
import org.springframework.mail.SimpleMailMessage;
@@ -123,23 +122,12 @@
String password = getUser().getPassword();
String originalPassword = getRequest().getParameter("originalPassword");
-
- Boolean encrypt = (Boolean) getConfiguration().get(Constants.ENCRYPT_PASSWORD);
- boolean doEncrypt = (encrypt != null) && encrypt;
-
- if (doEncrypt && (StringUtils.equals(getRequest().getParameter("encryptPass"), "true") ||
- !StringUtils.equals("S"+password, originalPassword)) ||
- ("X".equals(request.getParameter(("version"))))) {
- String algorithm = (String) getConfiguration().get(Constants.ENC_ALGORITHM);
- if (algorithm == null) { // should only happen for test case
- log.debug("assuming testcase, setting algorigthm to 'SHA'");
- algorithm = "SHA";
- }
-
- getUser().setPassword(StringUtil.encodePassword(password, algorithm));
- }
-
+ boolean passwordChanged =
+ ((StringUtils.equals(getRequest().getParameter("encryptPass"), "true") ||
+ !StringUtils.equals("S"+password, originalPassword)) ||
+ ("X".equals(request.getParameter(("version")))));
+
// workaround for input tags that don't aren't set by Tapestry (who knows why)
boolean fromList = StringUtils.equals(getFrom(), "list");
String[] userRoles;
@@ -162,7 +150,7 @@
Integer originalVersion = user.getVersion();
try {
- userManager.saveUser(user);
+ userManager.saveUser(user, passwordChanged);
} catch (UserExistsException e) {
log.warn(e.getMessage());
addError("emailField",
Index: I:/Projects/workspace/appfuse/web/tapestry/src/main/java/org/appfuse/webapp/pages/BasePageTestCase.java
===================================================================
--- I:/Projects/workspace/appfuse/web/tapestry/src/main/java/org/appfuse/webapp/pages/BasePageTestCase.java (revision 2523)
+++ I:/Projects/workspace/appfuse/web/tapestry/src/main/java/org/appfuse/webapp/pages/BasePageTestCase.java (working copy)
@@ -30,7 +30,8 @@
"classpath*:/applicationContext-dao.xml",
"classpath*:/applicationContext-service.xml",
"classpath*:/applicationContext.xml", // for modular archetypes
- "/WEB-INF/applicationContext*.xml"
+ "/WEB-INF/applicationContext*.xml",
+ "/applicationContext-test.xml"
};
}
Index: I:/Projects/workspace/appfuse/web/tapestry/src/main/java/org/appfuse/webapp/pages/SignupForm.java
===================================================================
--- I:/Projects/workspace/appfuse/web/tapestry/src/main/java/org/appfuse/webapp/pages/SignupForm.java (revision 2523)
+++ I:/Projects/workspace/appfuse/web/tapestry/src/main/java/org/appfuse/webapp/pages/SignupForm.java (working copy)
@@ -19,7 +19,6 @@
import org.appfuse.service.RoleManager;
import org.appfuse.service.UserExistsException;
import org.appfuse.service.UserManager;
-import org.appfuse.util.StringUtil;
import org.appfuse.webapp.util.RequestUtil;
import org.springframework.beans.factory.NoSuchBeanDefinitionException;
import org.springframework.context.ApplicationContext;
@@ -73,27 +72,13 @@
User user = getUser();
- Boolean encrypt = (Boolean) getConfiguration().get(Constants.ENCRYPT_PASSWORD);
-
- if (encrypt != null && encrypt) {
- String algorithm = (String) getConfiguration().get(Constants.ENC_ALGORITHM);
-
- if (algorithm == null) { // should only happen for test case
- if (log.isDebugEnabled()) {
- log.debug("assuming testcase, setting algorithm to 'SHA'");
- }
- algorithm = "SHA";
- }
- user.setPassword(StringUtil.encodePassword(user.getPassword(), algorithm));
- }
-
user.setEnabled(true);
// Set the default user role on this new user
user.addRole(getRoleManager().getRole(Constants.USER_ROLE));
try {
- getUserManager().saveUser(user);
+ getUserManager().saveUser(user, true);
} catch (UserExistsException e) {
log.warn(e.getMessage());
addError("usernameField",