Index: I:/Projects/workspace/appfuse/service/src/test/java/org/appfuse/util/StringUtilTest.java
===================================================================
--- I:/Projects/workspace/appfuse/service/src/test/java/org/appfuse/util/StringUtilTest.java (revision 3039)
+++ I:/Projects/workspace/appfuse/service/src/test/java/org/appfuse/util/StringUtilTest.java (working copy)
@@ -1,28 +0,0 @@
-package org.appfuse.util;
-
-import junit.framework.TestCase;
-
-
-public class StringUtilTest extends TestCase {
- public StringUtilTest(String name) {
- super(name);
- }
-
- protected void setUp() throws Exception {
- super.setUp();
- }
-
- protected void tearDown() throws Exception {
- super.tearDown();
- }
-
- public void testEncodePassword() throws Exception {
- String password = "tomcat";
- String encrypted = "536c0b339345616c1b33caf454454d8b8a190d6c";
- assertEquals(StringUtil.encodePassword(password, "SHA"), encrypted);
- }
-
- public static void main(String[] args) {
- junit.textui.TestRunner.run(StringUtilTest.class);
- }
-}
Index: I:/Projects/workspace/appfuse/service/src/test/resources/applicationContext-resources.xml
===================================================================
--- I:/Projects/workspace/appfuse/service/src/test/resources/applicationContext-resources.xml (revision 3039)
+++ I:/Projects/workspace/appfuse/service/src/test/resources/applicationContext-resources.xml (working copy)
@@ -1,20 +1,43 @@
-
+
-
-
-
- classpath:jdbc.properties
- classpath:mail.properties
-
+
+
+
+ classpath:jdbc.properties
+ classpath:mail.properties
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
-
-
-
-
-
-
-
-
\ No newline at end of file
+
+
Index: I:/Projects/workspace/appfuse/service/src/main/java/org/appfuse/service/impl/UserManagerImpl.java
===================================================================
--- I:/Projects/workspace/appfuse/service/src/main/java/org/appfuse/service/impl/UserManagerImpl.java (revision 3039)
+++ I:/Projects/workspace/appfuse/service/src/main/java/org/appfuse/service/impl/UserManagerImpl.java (working copy)
@@ -1,5 +1,10 @@
package org.appfuse.service.impl;
+import java.util.List;
+
+import org.acegisecurity.providers.dao.DaoAuthenticationProvider;
+import org.acegisecurity.providers.dao.SaltSource;
+import org.acegisecurity.providers.encoding.PasswordEncoder;
import org.acegisecurity.userdetails.UsernameNotFoundException;
import org.appfuse.dao.UserDao;
import org.appfuse.model.User;
@@ -21,6 +26,7 @@
@WebService(serviceName = "UserService", endpointInterface = "org.appfuse.service.UserService")
public class UserManagerImpl extends UniversalManagerImpl implements UserManager, UserService {
private UserDao dao;
+ private DaoAuthenticationProvider authenticationProvider;
/**
* Set the Dao for communication with the data layer.
@@ -31,6 +37,16 @@
}
/**
+ * Set the DaoAuthenticationProvider object that will provide both the
+ * PasswordEncoder and the SaltSource which will be used for password
+ * encryption when necessary.
+ * @param authenticationProvider the DaoAuthenticationProvider object
+ */
+ public void setAuthenticationProvider(DaoAuthenticationProvider authenticationProvider) {
+ this.authenticationProvider = authenticationProvider;
+ }
+
+ /**
* {@inheritDoc}
*/
public User getUser(String userId) {
@@ -43,16 +59,50 @@
public List getUsers(User user) {
return dao.getUsers();
}
-
+
+
/**
* {@inheritDoc}
*/
public User saveUser(User user) throws UserExistsException {
- // if new user, lowercase userId
+
if (user.getVersion() == null) {
+ // if new user, lowercase userId
user.setUsername(user.getUsername().toLowerCase());
}
+
+ // Get and prepare password management-related artifacts
+ boolean passwordChanged = false;
+ PasswordEncoder passwordEncoder = authenticationProvider.getPasswordEncoder();
+ SaltSource saltSource = authenticationProvider.getSaltSource();
+ Object salt = null;
+ if (saltSource != null) {
+ salt = saltSource.getSalt(user);
+ }
+
+ // Check whether we have to encrypt (or re-encrypt) the password
+ if (user.getVersion() == null) {
+ // New user, always encrypt
+ passwordChanged = true;
+ } else {
+ // Existing user, check password in DB
+ String currentPassword = dao.getUserPassword(user.getUsername());
+ if (currentPassword == null) {
+ passwordChanged = true;
+ } else {
+ if (passwordEncoder != null) {
+ passwordChanged =
+ !passwordEncoder.isPasswordValid(
+ currentPassword, user.getPassword(), salt);
+ }
+ }
+ }
+ // If password was changed (or new user), encrypt it
+ if ((passwordChanged) && (passwordEncoder != null)) {
+ user.setPassword(passwordEncoder.encodePassword(user.getPassword(), salt));
+ }
+
try {
return dao.saveUser(user);
} catch (DataIntegrityViolationException e) {
Index: I:/Projects/workspace/appfuse/service/src/main/java/org/appfuse/service/UserManager.java
===================================================================
--- I:/Projects/workspace/appfuse/service/src/main/java/org/appfuse/service/UserManager.java (revision 3039)
+++ I:/Projects/workspace/appfuse/service/src/main/java/org/appfuse/service/UserManager.java (working copy)
@@ -1,12 +1,12 @@
package org.appfuse.service;
+import java.util.List;
+
import org.acegisecurity.userdetails.UsernameNotFoundException;
import org.appfuse.dao.UserDao;
import org.appfuse.model.User;
-import java.util.List;
-
/**
* Business Service Interface to handle communication between web and
* persistence layer.
@@ -47,7 +47,7 @@
List getUsers(User user);
/**
- * Saves a user's information
+ * Saves a user's information.
*
* @param user the user's information
* @throws UserExistsException thrown when user already exists
Index: I:/Projects/workspace/appfuse/service/src/main/java/org/appfuse/util/StringUtil.java
===================================================================
--- I:/Projects/workspace/appfuse/service/src/main/java/org/appfuse/util/StringUtil.java (revision 3039)
+++ I:/Projects/workspace/appfuse/service/src/main/java/org/appfuse/util/StringUtil.java (working copy)
@@ -1,102 +0,0 @@
-package org.appfuse.util;
-
-import java.security.MessageDigest;
-
-import org.apache.commons.codec.DecoderException;
-import org.apache.commons.codec.binary.Base64;
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-
-
-/**
- * String Utility Class This is used to encode passwords programmatically
- *
- * @author Matt Raible
- */
-public final class StringUtil {
- private static final Log log = LogFactory.getLog(StringUtil.class);
-
- /**
- * Checkstyle rule: utility classes should not have public constructor
- */
- private StringUtil() {
- }
- //~ Methods ================================================================
-
- /**
- * Encode a string using algorithm specified in web.xml and return the
- * resulting encrypted password. If exception, the plain credentials
- * string is returned
- *
- * @param password Password or other credentials to use in authenticating
- * this username
- * @param algorithm Algorithm used to do the digest
- *
- * @return encypted password based on the algorithm.
- */
- public static String encodePassword(String password, String algorithm) {
- byte[] unencodedPassword = password.getBytes();
-
- MessageDigest md = null;
-
- try {
- // first create an instance, given the provider
- md = MessageDigest.getInstance(algorithm);
- } catch (Exception e) {
- log.error("Exception: " + e);
-
- return password;
- }
-
- md.reset();
-
- // call the update method one or more times
- // (useful when you don't know the size of your data, eg. stream)
- md.update(unencodedPassword);
-
- // now calculate the hash
- byte[] encodedPassword = md.digest();
-
- StringBuffer buf = new StringBuffer();
-
- for (byte anEncodedPassword : encodedPassword) {
- if ((anEncodedPassword & 0xff) < 0x10) {
- buf.append("0");
- }
-
- buf.append(Long.toString(anEncodedPassword & 0xff, 16));
- }
-
- return buf.toString();
- }
-
- /**
- * Encode a string using Base64 encoding. Used when storing passwords
- * as cookies.
- *
- * This is weak encoding in that anyone can use the decodeString
- * routine to reverse the encoding.
- *
- * @param str the string to encode
- * @return the encoded string
- */
- public static String encodeString(String str) {
- Base64 encoder = new Base64();
- return String.valueOf(encoder.encode(str.getBytes())).trim();
- }
-
- /**
- * Decode a string using Base64 encoding.
- *
- * @param str the string to decode
- * @return the decoded string
- */
- public static String decodeString(String str) {
- Base64 dec = new Base64();
- try {
- return String.valueOf(dec.decode(str));
- } catch (DecoderException de) {
- throw new RuntimeException(de.getMessage(), de.getCause());
- }
- }
-}
Index: I:/Projects/workspace/appfuse/service/src/main/resources/applicationContext-service.xml
===================================================================
--- I:/Projects/workspace/appfuse/service/src/main/resources/applicationContext-service.xml (revision 3039)
+++ I:/Projects/workspace/appfuse/service/src/main/resources/applicationContext-service.xml (working copy)
@@ -97,6 +97,7 @@
+
Index: I:/Projects/workspace/appfuse/data/hibernate/src/test/java/org/appfuse/dao/UserDaoTest.java
===================================================================
--- I:/Projects/workspace/appfuse/data/hibernate/src/test/java/org/appfuse/dao/UserDaoTest.java (revision 3039)
+++ I:/Projects/workspace/appfuse/data/hibernate/src/test/java/org/appfuse/dao/UserDaoTest.java (working copy)
@@ -36,6 +36,12 @@
assertTrue(user.isEnabled());
}
+ public void testGetUserPassword() throws Exception {
+ User user = dao.get(-1L);
+ String password = dao.getUserPassword(user.getUsername());
+ assertNotNull(password);
+ }
+
public void testUpdateUser() throws Exception {
User user = dao.get(-1L);
Index: I:/Projects/workspace/appfuse/data/hibernate/src/main/java/org/appfuse/dao/hibernate/UserDaoHibernate.java
===================================================================
--- I:/Projects/workspace/appfuse/data/hibernate/src/main/java/org/appfuse/dao/hibernate/UserDaoHibernate.java (revision 3039)
+++ I:/Projects/workspace/appfuse/data/hibernate/src/main/java/org/appfuse/dao/hibernate/UserDaoHibernate.java (working copy)
@@ -70,4 +70,17 @@
return (UserDetails) users.get(0);
}
}
+
+ /**
+ * {@inheritDoc}
+ */
+ public String getUserPassword(String username) {
+ List results =
+ getHibernateTemplate().find("select u.password from User u where username=?", username);
+ if (results == null || results.isEmpty()) {
+ return null;
+ }
+ return (String) results.get(0);
+ }
+
}
Index: I:/Projects/workspace/appfuse/data/hibernate/src/main/java/org/appfuse/dao/UserDao.java
===================================================================
--- I:/Projects/workspace/appfuse/data/hibernate/src/main/java/org/appfuse/dao/UserDao.java (revision 3039)
+++ I:/Projects/workspace/appfuse/data/hibernate/src/main/java/org/appfuse/dao/UserDao.java (working copy)
@@ -36,4 +36,12 @@
* @return the persisted User object
*/
User saveUser(User user);
+
+ /**
+ * Retrieves the password in DB for a user
+ * @param the username
+ * @return the password in DB, if the user is already persisted
+ */
+ String getUserPassword(String username);
+
}
Index: I:/Projects/workspace/appfuse/data/common/src/main/java/org/appfuse/Constants.java
===================================================================
--- I:/Projects/workspace/appfuse/data/common/src/main/java/org/appfuse/Constants.java (revision 3039)
+++ I:/Projects/workspace/appfuse/data/common/src/main/java/org/appfuse/Constants.java (working copy)
@@ -16,16 +16,6 @@
public static final String BUNDLE_KEY = "ApplicationResources";
/**
- * The encryption algorithm key to be used for passwords
- */
- public static final String ENC_ALGORITHM = "algorithm";
-
- /**
- * A flag to indicate if passwords should be encrypted
- */
- public static final String ENCRYPT_PASSWORD = "encryptPassword";
-
- /**
* File separator from System properties
*/
public static final String FILE_SEP = System.getProperty("file.separator");
Index: I:/Projects/workspace/appfuse/data/jpa/src/test/java/org/appfuse/dao/UserDaoTest.java
===================================================================
--- I:/Projects/workspace/appfuse/data/jpa/src/test/java/org/appfuse/dao/UserDaoTest.java (revision 3039)
+++ I:/Projects/workspace/appfuse/data/jpa/src/test/java/org/appfuse/dao/UserDaoTest.java (working copy)
@@ -40,6 +40,12 @@
assertTrue(user.isEnabled());
}
+ public void testGetUserPassword() throws Exception {
+ User user = dao.get(-1L);
+ String password = dao.getUserPassword(user.getUsername());
+ assertNotNull(password);
+ }
+
public void testUpdateUser() throws Exception {
User user = dao.get(-1L);
Index: I:/Projects/workspace/appfuse/data/jpa/src/main/java/org/appfuse/dao/UserDao.java
===================================================================
--- I:/Projects/workspace/appfuse/data/jpa/src/main/java/org/appfuse/dao/UserDao.java (revision 3039)
+++ I:/Projects/workspace/appfuse/data/jpa/src/main/java/org/appfuse/dao/UserDao.java (working copy)
@@ -36,4 +36,12 @@
* @return the persisted User object
*/
User saveUser(User user);
+
+ /**
+ * Retrieves the password in DB for a user
+ * @param the username
+ * @return the password in DB, if the user is already persisted
+ */
+ String getUserPassword(String username);
+
}
Index: I:/Projects/workspace/appfuse/data/jpa/src/main/java/org/appfuse/dao/jpa/UserDaoJpa.java
===================================================================
--- I:/Projects/workspace/appfuse/data/jpa/src/main/java/org/appfuse/dao/jpa/UserDaoJpa.java (revision 3039)
+++ I:/Projects/workspace/appfuse/data/jpa/src/main/java/org/appfuse/dao/jpa/UserDaoJpa.java (working copy)
@@ -65,4 +65,18 @@
entityManager.flush();
return u;
}
+
+ /**
+ * {@inheritDoc}
+ */
+ @Transactional
+ public String getUserPassword(String username) {
+ Query q = this.entityManager.createQuery("select u.password from User u where username=?");
+ q.setParameter(1, username);
+ List results = q.getResultList();
+ if (results == null || results.isEmpty()) {
+ return null;
+ }
+ return results.get(0);
+ }
}
Index: I:/Projects/workspace/appfuse/data/ibatis/src/test/java/org/appfuse/dao/UserDaoTest.java
===================================================================
--- I:/Projects/workspace/appfuse/data/ibatis/src/test/java/org/appfuse/dao/UserDaoTest.java (revision 3039)
+++ I:/Projects/workspace/appfuse/data/ibatis/src/test/java/org/appfuse/dao/UserDaoTest.java (working copy)
@@ -36,6 +36,12 @@
assertTrue(user.isEnabled());
}
+ public void testGetUserPassword() throws Exception {
+ User user = dao.get(-1L);
+ String password = dao.getUserPassword(user.getUsername());
+ assertNotNull(password);
+ }
+
public void testUpdateUser() throws Exception {
User user = dao.get(-1L);
Index: I:/Projects/workspace/appfuse/data/ibatis/src/main/java/org/appfuse/dao/UserDao.java
===================================================================
--- I:/Projects/workspace/appfuse/data/ibatis/src/main/java/org/appfuse/dao/UserDao.java (revision 3039)
+++ I:/Projects/workspace/appfuse/data/ibatis/src/main/java/org/appfuse/dao/UserDao.java (working copy)
@@ -36,4 +36,12 @@
* @return the persisted User object
*/
User saveUser(User user);
+
+ /**
+ * Retrieves the password in DB for a user
+ * @param the username
+ * @return the password in DB, if the user is already persisted
+ */
+ String getUserPassword(String username);
+
}
Index: I:/Projects/workspace/appfuse/data/ibatis/src/main/java/org/appfuse/dao/ibatis/UserDaoiBatis.java
===================================================================
--- I:/Projects/workspace/appfuse/data/ibatis/src/main/java/org/appfuse/dao/ibatis/UserDaoiBatis.java (revision 3039)
+++ I:/Projects/workspace/appfuse/data/ibatis/src/main/java/org/appfuse/dao/ibatis/UserDaoiBatis.java (working copy)
@@ -137,4 +137,12 @@
return user;
}
+
+
+ /**
+ * {@inheritDoc}
+ */
+ public String getUserPassword(String username) {
+ return (String) getSqlMapClientTemplate().queryForObject("getUserPassword", username);
+ }
}
Index: I:/Projects/workspace/appfuse/data/ibatis/src/main/resources/sqlmaps/UserSQL.xml
===================================================================
--- I:/Projects/workspace/appfuse/data/ibatis/src/main/resources/sqlmaps/UserSQL.xml (revision 3039)
+++ I:/Projects/workspace/appfuse/data/ibatis/src/main/resources/sqlmaps/UserSQL.xml (working copy)
@@ -114,4 +114,11 @@
delete from user_role where user_id = #id#
]]>
+
+
+
Index: I:/Projects/workspace/appfuse/web/spring/src/test/resources/applicationContext-test.xml
===================================================================
--- I:/Projects/workspace/appfuse/web/spring/src/test/resources/applicationContext-test.xml (revision 0)
+++ I:/Projects/workspace/appfuse/web/spring/src/test/resources/applicationContext-test.xml (revision 0)
@@ -0,0 +1,24 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Index: I:/Projects/workspace/appfuse/web/spring/src/main/java/org/appfuse/webapp/controller/UserFormController.java
===================================================================
--- I:/Projects/workspace/appfuse/web/spring/src/main/java/org/appfuse/webapp/controller/UserFormController.java (revision 3039)
+++ I:/Projects/workspace/appfuse/web/spring/src/main/java/org/appfuse/webapp/controller/UserFormController.java (working copy)
@@ -13,7 +13,6 @@
import org.appfuse.service.RoleManager;
import org.appfuse.service.UserExistsException;
import org.appfuse.service.UserManager;
-import org.appfuse.util.StringUtil;
import org.appfuse.webapp.util.RequestUtil;
import org.springframework.validation.BindException;
import org.springframework.web.servlet.ModelAndView;
@@ -74,19 +73,7 @@
return new ModelAndView(getSuccessView());
} else {
- Boolean encrypt = (Boolean) getConfiguration().get(Constants.ENCRYPT_PASSWORD);
-
- if (StringUtils.equals(request.getParameter("encryptPass"), "true") && (encrypt != null && encrypt)) {
- String algorithm = (String) getConfiguration().get(Constants.ENC_ALGORITHM);
-
- if (algorithm == null) { // should only happen for test case
- log.debug("assuming testcase, setting algorithm to 'SHA'");
- algorithm = "SHA";
- }
-
- user.setPassword(StringUtil.encodePassword(user.getPassword(), algorithm));
- }
-
+
// only attempt to change roles if user is admin for other users,
// formBackingObject() method will handle populating
if (request.isUserInRole(Constants.ADMIN_ROLE)) {
@@ -103,7 +90,7 @@
Integer originalVersion = user.getVersion();
try {
- user = getUserManager().saveUser(user);
+ getUserManager().saveUser(user);
} catch (AccessDeniedException ade) {
// thrown by UserSecurityAdvice configured in aop:advisor userManagerSecurity
log.warn(ade.getMessage());
Index: I:/Projects/workspace/appfuse/web/spring/src/main/java/org/appfuse/webapp/controller/SignupController.java
===================================================================
--- I:/Projects/workspace/appfuse/web/spring/src/main/java/org/appfuse/webapp/controller/SignupController.java (revision 3039)
+++ I:/Projects/workspace/appfuse/web/spring/src/main/java/org/appfuse/webapp/controller/SignupController.java (working copy)
@@ -7,7 +7,6 @@
import org.appfuse.model.User;
import org.appfuse.service.RoleManager;
import org.appfuse.service.UserExistsException;
-import org.appfuse.util.StringUtil;
import org.appfuse.webapp.util.RequestUtil;
import org.springframework.validation.BindException;
import org.springframework.web.servlet.ModelAndView;
@@ -42,27 +41,14 @@
User user = (User) command;
Locale locale = request.getLocale();
-
- Boolean encrypt = (Boolean) getConfiguration().get(Constants.ENCRYPT_PASSWORD);
-
- if (encrypt != null && encrypt) {
- String algorithm = (String) getConfiguration().get(Constants.ENC_ALGORITHM);
-
- if (algorithm == null) { // should only happen for test case
- log.debug("assuming testcase, setting algorithm to 'SHA'");
- algorithm = "SHA";
- }
-
- user.setPassword(StringUtil.encodePassword(user.getPassword(), algorithm));
- }
-
+
user.setEnabled(true);
// Set the default user role on this new user
user.addRole(roleManager.getRole(Constants.USER_ROLE));
try {
- user = this.getUserManager().saveUser(user);
+ this.getUserManager().saveUser(user);
} catch (AccessDeniedException ade) {
// thrown by UserSecurityAdvice configured in aop:advisor userManagerSecurity
log.warn(ade.getMessage());
Index: I:/Projects/workspace/appfuse/web/spring/src/main/java/org/appfuse/webapp/controller/BaseControllerTestCase.java
===================================================================
--- I:/Projects/workspace/appfuse/web/spring/src/main/java/org/appfuse/webapp/controller/BaseControllerTestCase.java (revision 3039)
+++ I:/Projects/workspace/appfuse/web/spring/src/main/java/org/appfuse/webapp/controller/BaseControllerTestCase.java (working copy)
@@ -28,7 +28,8 @@
"classpath:/applicationContext-service.xml",
"classpath*:/applicationContext.xml", // for modular archetypes
"/WEB-INF/applicationContext*.xml",
- "/WEB-INF/dispatcher-servlet.xml"
+ "/WEB-INF/dispatcher-servlet.xml",
+ "/applicationContext-test.xml"
};
}
Index: I:/Projects/workspace/appfuse/web/jsf/src/test/resources/applicationContext-test.xml
===================================================================
--- I:/Projects/workspace/appfuse/web/jsf/src/test/resources/applicationContext-test.xml (revision 0)
+++ I:/Projects/workspace/appfuse/web/jsf/src/test/resources/applicationContext-test.xml (revision 0)
@@ -0,0 +1,24 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Index: I:/Projects/workspace/appfuse/web/jsf/src/main/java/org/appfuse/webapp/action/UserForm.java
===================================================================
--- I:/Projects/workspace/appfuse/web/jsf/src/main/java/org/appfuse/webapp/action/UserForm.java (revision 3039)
+++ I:/Projects/workspace/appfuse/web/jsf/src/main/java/org/appfuse/webapp/action/UserForm.java (working copy)
@@ -13,7 +13,6 @@
import org.appfuse.service.RoleManager;
import org.appfuse.service.UserExistsException;
import org.appfuse.util.ConvertUtil;
-import org.appfuse.util.StringUtil;
import org.appfuse.webapp.util.RequestUtil;
import javax.servlet.http.HttpServletRequest;
@@ -112,24 +111,7 @@
}
public String save() throws IOException {
- String password = user.getPassword();
- String originalPassword = getParameter("userForm:originalPassword");
-
- Boolean encrypt = (Boolean) getConfiguration().get(Constants.ENCRYPT_PASSWORD);
- boolean doEncrypt = (encrypt != null) && encrypt;
- if (doEncrypt && (StringUtils.equals(getParameter("encryptPass"), "true") ||
- !StringUtils.equals(password, originalPassword))) {
- String algorithm = (String) getConfiguration().get(Constants.ENC_ALGORITHM);
-
- if (algorithm == null) { // should only happen for test case
- log.debug("assuming testcase, setting algorigthm to 'SHA'");
- algorithm = "SHA";
- }
-
- user.setPassword(StringUtil.encodePassword(password, algorithm));
- }
-
// workaround for plain ol' HTML input tags that don't seem to set
// properties on the managed bean
setUserRoles(getRequest().getParameterValues("userForm:userRoles"));
@@ -142,7 +124,7 @@
Integer originalVersion = user.getVersion();
try {
- user = userManager.saveUser(user);
+ userManager.saveUser(user);
} catch (AccessDeniedException ade) {
// thrown by UserSecurityAdvice configured in aop:advisor userManagerSecurity
log.warn(ade.getMessage());
Index: I:/Projects/workspace/appfuse/web/jsf/src/main/java/org/appfuse/webapp/action/BasePageTestCase.java
===================================================================
--- I:/Projects/workspace/appfuse/web/jsf/src/main/java/org/appfuse/webapp/action/BasePageTestCase.java (revision 3039)
+++ I:/Projects/workspace/appfuse/web/jsf/src/main/java/org/appfuse/webapp/action/BasePageTestCase.java (working copy)
@@ -182,6 +182,7 @@
"classpath:/applicationContext-dao.xml",
"classpath:/applicationContext-service.xml",
"classpath*:/applicationContext.xml", // for modular archetypes
- "/WEB-INF/applicationContext*.xml"};
+ "/WEB-INF/applicationContext*.xml",
+ "/applicationContext-test.xml"};
}
}
\ No newline at end of file
Index: I:/Projects/workspace/appfuse/web/jsf/src/main/java/org/appfuse/webapp/action/SignupForm.java
===================================================================
--- I:/Projects/workspace/appfuse/web/jsf/src/main/java/org/appfuse/webapp/action/SignupForm.java (revision 3039)
+++ I:/Projects/workspace/appfuse/web/jsf/src/main/java/org/appfuse/webapp/action/SignupForm.java (working copy)
@@ -7,7 +7,6 @@
import org.appfuse.model.User;
import org.appfuse.service.RoleManager;
import org.appfuse.service.UserExistsException;
-import org.appfuse.util.StringUtil;
import org.appfuse.webapp.util.RequestUtil;
import javax.servlet.http.HttpServletResponse;
@@ -36,28 +35,14 @@
}
public String save() throws Exception {
- Boolean encrypt = (Boolean) getConfiguration().get(Constants.ENCRYPT_PASSWORD);
-
- if (encrypt != null && encrypt) {
- String algorithm = (String) getConfiguration().get(Constants.ENC_ALGORITHM);
-
- if (algorithm == null) { // should only happen for test case
- if (log.isDebugEnabled()) {
- log.debug("assuming testcase, setting algorithm to 'SHA'");
- }
- algorithm = "SHA";
- }
-
- user.setPassword(StringUtil.encodePassword(user.getPassword(), algorithm));
- }
-
+
user.setEnabled(true);
// Set the default user role on this new user
user.addRole(roleManager.getRole(Constants.USER_ROLE));
try {
- user = userManager.saveUser(user);
+ userManager.saveUser(user);
} catch (AccessDeniedException ade) {
// thrown by UserSecurityAdvice configured in aop:advisor userManagerSecurity
log.warn(ade.getMessage());
Index: I:/Projects/workspace/appfuse/web/struts/src/test/resources/applicationContext-test.xml
===================================================================
--- I:/Projects/workspace/appfuse/web/struts/src/test/resources/applicationContext-test.xml (revision 0)
+++ I:/Projects/workspace/appfuse/web/struts/src/test/resources/applicationContext-test.xml (revision 0)
@@ -0,0 +1,24 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Index: I:/Projects/workspace/appfuse/web/struts/src/main/java/org/appfuse/webapp/action/SignupAction.java
===================================================================
--- I:/Projects/workspace/appfuse/web/struts/src/main/java/org/appfuse/webapp/action/SignupAction.java (revision 3039)
+++ I:/Projects/workspace/appfuse/web/struts/src/main/java/org/appfuse/webapp/action/SignupAction.java (working copy)
@@ -8,7 +8,6 @@
import org.appfuse.Constants;
import org.appfuse.model.User;
import org.appfuse.service.UserExistsException;
-import org.appfuse.util.StringUtil;
import org.appfuse.webapp.util.RequestUtil;
import javax.servlet.http.HttpServletResponse;
@@ -67,28 +66,13 @@
* @throws Exception when bad things happen
*/
public String save() throws Exception {
- Boolean encrypt = (Boolean) getConfiguration().get(Constants.ENCRYPT_PASSWORD);
-
- if (encrypt != null && encrypt) {
- String algorithm = (String) getConfiguration().get(Constants.ENC_ALGORITHM);
-
- if (algorithm == null) { // should only happen for test case
- if (log.isDebugEnabled()) {
- log.debug("assuming testcase, setting algorithm to 'SHA'");
- }
- algorithm = "SHA";
- }
-
- user.setPassword(StringUtil.encodePassword(user.getPassword(), algorithm));
- }
-
user.setEnabled(true);
// Set the default user role on this new user
user.addRole(roleManager.getRole(Constants.USER_ROLE));
try {
- user = userManager.saveUser(user);
+ userManager.saveUser(user);
} catch (AccessDeniedException ade) {
// thrown by UserSecurityAdvice configured in aop:advisor userManagerSecurity
log.warn(ade.getMessage());
Index: I:/Projects/workspace/appfuse/web/struts/src/main/java/org/appfuse/webapp/action/BaseActionTestCase.java
===================================================================
--- I:/Projects/workspace/appfuse/web/struts/src/main/java/org/appfuse/webapp/action/BaseActionTestCase.java (revision 3039)
+++ I:/Projects/workspace/appfuse/web/struts/src/main/java/org/appfuse/webapp/action/BaseActionTestCase.java (working copy)
@@ -25,7 +25,8 @@
"classpath:/applicationContext-dao.xml",
"classpath:/applicationContext-service.xml",
"classpath*:/applicationContext.xml", // for modular archetypes
- "/WEB-INF/applicationContext*.xml"
+ "/WEB-INF/applicationContext*.xml",
+ "/applicationContext-test.xml"
};
}
Index: I:/Projects/workspace/appfuse/web/struts/src/main/java/org/appfuse/webapp/action/UserAction.java
===================================================================
--- I:/Projects/workspace/appfuse/web/struts/src/main/java/org/appfuse/webapp/action/UserAction.java (revision 3039)
+++ I:/Projects/workspace/appfuse/web/struts/src/main/java/org/appfuse/webapp/action/UserAction.java (working copy)
@@ -12,7 +12,6 @@
import org.appfuse.model.Role;
import org.appfuse.model.User;
import org.appfuse.service.UserExistsException;
-import org.appfuse.util.StringUtil;
import org.appfuse.webapp.util.RequestUtil;
import javax.servlet.http.HttpServletRequest;
@@ -156,20 +155,8 @@
* @return success if everything worked, otherwise input
* @throws IOException when setting "access denied" fails on response
*/
- public String save() throws IOException {
- Boolean encrypt = (Boolean) getConfiguration().get(Constants.ENCRYPT_PASSWORD);
+ public String save() throws Exception {
- if ("true".equals(getRequest().getParameter("encryptPass")) && (encrypt != null && encrypt)) {
- String algorithm = (String) getConfiguration().get(Constants.ENC_ALGORITHM);
-
- if (algorithm == null) { // should only happen for test case
- log.debug("assuming testcase, setting algorithm to 'SHA'");
- algorithm = "SHA";
- }
-
- user.setPassword(StringUtil.encodePassword(user.getPassword(), algorithm));
- }
-
Integer originalVersion = user.getVersion();
boolean isNew = ("".equals(getRequest().getParameter("user.version")));
@@ -186,7 +173,7 @@
}
try {
- user = userManager.saveUser(user);
+ userManager.saveUser(user);
} catch (AccessDeniedException ade) {
// thrown by UserSecurityAdvice configured in aop:advisor userManagerSecurity
log.warn(ade.getMessage());
Index: I:/Projects/workspace/appfuse/web/common/src/test/java/org/appfuse/webapp/listener/StartupListenerTest.java
===================================================================
--- I:/Projects/workspace/appfuse/web/common/src/test/java/org/appfuse/webapp/listener/StartupListenerTest.java (revision 3039)
+++ I:/Projects/workspace/appfuse/web/common/src/test/java/org/appfuse/webapp/listener/StartupListenerTest.java (working copy)
@@ -33,7 +33,8 @@
sc.addInitParameter(ContextLoader.CONFIG_LOCATION_PARAM,
"classpath:/applicationContext-dao.xml, " +
"classpath:/applicationContext-service.xml, " +
- "classpath:/applicationContext-resources.xml");
+ "classpath:/applicationContext-resources.xml, " +
+ "/applicationContext-test.xml");
springListener = new ContextLoaderListener();
springListener.contextInitialized(new ServletContextEvent(sc));
Index: I:/Projects/workspace/appfuse/web/common/src/test/resources/applicationContext-test.xml
===================================================================
--- I:/Projects/workspace/appfuse/web/common/src/test/resources/applicationContext-test.xml (revision 0)
+++ I:/Projects/workspace/appfuse/web/common/src/test/resources/applicationContext-test.xml (revision 0)
@@ -0,0 +1,24 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Index: I:/Projects/workspace/appfuse/web/common/src/main/java/org/appfuse/webapp/listener/StartupListener.java
===================================================================
--- I:/Projects/workspace/appfuse/web/common/src/main/java/org/appfuse/webapp/listener/StartupListener.java (revision 3039)
+++ I:/Projects/workspace/appfuse/web/common/src/main/java/org/appfuse/webapp/listener/StartupListener.java (working copy)
@@ -2,7 +2,8 @@
import org.acegisecurity.providers.AuthenticationProvider;
import org.acegisecurity.providers.ProviderManager;
-import org.acegisecurity.providers.encoding.Md5PasswordEncoder;
+import org.acegisecurity.providers.dao.DaoAuthenticationProvider;
+import org.acegisecurity.providers.encoding.PasswordEncoder;
import org.acegisecurity.providers.rememberme.RememberMeAuthenticationProvider;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
@@ -53,25 +54,17 @@
ApplicationContext ctx =
WebApplicationContextUtils.getRequiredWebApplicationContext(context);
- boolean encryptPassword = false;
+ PasswordEncoder passwordEncoder = null;
try {
ProviderManager provider = (ProviderManager) ctx.getBean("authenticationManager");
for (Object o : provider.getProviders()) {
AuthenticationProvider p = (AuthenticationProvider) o;
if (p instanceof RememberMeAuthenticationProvider) {
config.put("rememberMeEnabled", Boolean.TRUE);
+ } else if (p instanceof DaoAuthenticationProvider) {
+ passwordEncoder = ((DaoAuthenticationProvider) p).getPasswordEncoder();
}
}
-
- if (ctx.containsBean("passwordEncoder")) {
- encryptPassword = true;
- config.put(Constants.ENCRYPT_PASSWORD, Boolean.TRUE);
- String algorithm = "SHA";
- if (ctx.getBean("passwordEncoder") instanceof Md5PasswordEncoder) {
- algorithm = "MD5";
- }
- config.put(Constants.ENC_ALGORITHM, algorithm);
- }
} catch (NoSuchBeanDefinitionException n) {
log.debug("authenticationManager bean not found, assuming test and ignoring...");
// ignore, should only happen when testing
@@ -82,9 +75,8 @@
// output the retrieved values for the Init and Context Parameters
if (log.isDebugEnabled()) {
log.debug("Remember Me Enabled? " + config.get("rememberMeEnabled"));
- log.debug("Encrypt Passwords? " + encryptPassword);
- if (encryptPassword) {
- log.debug("Encryption Algorithm: " + config.get(Constants.ENC_ALGORITHM));
+ if (passwordEncoder != null) {
+ log.debug("Password Encryptor Class: " + passwordEncoder.getClass().getName());
}
log.debug("Populating drop-downs...");
}
Index: I:/Projects/workspace/appfuse/web/common/src/main/webapp/WEB-INF/security.xml
===================================================================
--- I:/Projects/workspace/appfuse/web/common/src/main/webapp/WEB-INF/security.xml (revision 3039)
+++ I:/Projects/workspace/appfuse/web/common/src/main/webapp/WEB-INF/security.xml (working copy)
@@ -120,10 +120,12 @@
-
+
+
+
+
Index: I:/Projects/workspace/appfuse/web/tapestry/src/test/resources/applicationContext-test.xml
===================================================================
--- I:/Projects/workspace/appfuse/web/tapestry/src/test/resources/applicationContext-test.xml (revision 0)
+++ I:/Projects/workspace/appfuse/web/tapestry/src/test/resources/applicationContext-test.xml (revision 0)
@@ -0,0 +1,24 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Index: I:/Projects/workspace/appfuse/web/tapestry/src/main/java/org/appfuse/webapp/pages/UserForm.java
===================================================================
--- I:/Projects/workspace/appfuse/web/tapestry/src/main/java/org/appfuse/webapp/pages/UserForm.java (revision 3039)
+++ I:/Projects/workspace/appfuse/web/tapestry/src/main/java/org/appfuse/webapp/pages/UserForm.java (working copy)
@@ -1,232 +1,212 @@
-package org.appfuse.webapp.pages;
-
-import org.acegisecurity.Authentication;
-import org.acegisecurity.AuthenticationTrustResolver;
-import org.acegisecurity.AuthenticationTrustResolverImpl;
-import org.acegisecurity.AccessDeniedException;
-import org.acegisecurity.context.SecurityContext;
-import org.acegisecurity.context.SecurityContextHolder;
-import org.apache.commons.lang.StringUtils;
-import org.apache.tapestry.IRequestCycle;
-import org.apache.tapestry.engine.ILink;
-import org.apache.tapestry.event.PageBeginRenderListener;
-import org.apache.tapestry.event.PageEvent;
-import org.apache.tapestry.form.IPropertySelectionModel;
-import org.apache.tapestry.valid.IValidationDelegate;
-import org.apache.tapestry.valid.ValidationConstraint;
-import org.appfuse.Constants;
-import org.appfuse.model.Role;
-import org.appfuse.model.User;
-import org.appfuse.service.MailEngine;
-import org.appfuse.service.RoleManager;
-import org.appfuse.service.UserExistsException;
-import org.appfuse.service.UserManager;
-import org.appfuse.util.StringUtil;
-import org.appfuse.webapp.util.RequestUtil;
-import org.appfuse.webapp.pages.admin.UserList;
-import org.springframework.mail.SimpleMailMessage;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import java.util.ArrayList;
-import java.util.Iterator;
-import java.util.List;
-import java.io.IOException;
-
-public abstract class UserForm extends BasePage implements PageBeginRenderListener {
- public abstract IPropertySelectionModel getAvailableRoles();
- public abstract void setAvailableRoles(IPropertySelectionModel model);
- public abstract List getUserRoles();
- public abstract void setUserRoles(List roles);
- public abstract IPropertySelectionModel getCountries();
- public abstract void setCountries(IPropertySelectionModel model);
- public abstract MailEngine getMailEngine();
- public abstract SimpleMailMessage getMailMessage();
- public abstract UserManager getUserManager();
- public abstract RoleManager getRoleManager();
- public abstract void setUser(User user);
- public abstract User getUser();
- public abstract void setFrom(String from);
- public abstract String getFrom();
-
- public void pageBeginRender(PageEvent event) {
- // if user doing an add, create an empty user with default settings
- if ((getUser() == null) && !event.getRequestCycle().isRewinding()) {
- setUser(new User());
- setFrom("list"); // shows role selection
- getUser().addRole(new Role(Constants.USER_ROLE));
- } else if (event.getRequestCycle().isRewinding()) { // before population
- setUser(new User());
- }
-
- // initialize drop-downs
- if (getAvailableRoles() == null) {
- List roles = (List) getServletContext().getAttribute(Constants.AVAILABLE_ROLES);
- setAvailableRoles(new OptionsModel(roles));
- }
-
- List selectedRoles = new ArrayList(getUser().getRoles().size());
-
- for (Iterator it = getUser().getRoles().iterator();
- (it != null) && it.hasNext();) {
- Role role = it.next();
- selectedRoles.add(role.getName());
- }
- setUserRoles(selectedRoles);
-
- if (getCountries() == null) {
- setCountries(new CountryModel(getLocale()));
- }
-
- // if user logged in with remember me, display a warning that they can't change passwords
- log.debug("checking for remember me login...");
-
- AuthenticationTrustResolver resolver = new AuthenticationTrustResolverImpl();
- SecurityContext ctx = SecurityContextHolder.getContext();
-
- if (ctx != null) {
- Authentication auth = ctx.getAuthentication();
-
- if (resolver.isRememberMe(auth)) {
- getSession().setAttribute("cookieLogin", "true");
-
- // add warning message
- setMessage(getText("userProfile.cookieLogin"));
- }
- }
- }
-
- public ILink cancel(IRequestCycle cycle) {
- log.debug("Entering 'cancel' method");
-
- if (getFrom() != null && getFrom().equalsIgnoreCase("list")) {
- return getEngineService().getLink(false, "admin/UserList");
- } else {
- return getEngineService().getLink(false, "mainMenu");
- }
- }
-
- public ILink save(IRequestCycle cycle) throws UserExistsException, IOException {
- log.debug("entered save method");
-
- HttpServletRequest request = getRequest();
-
- // make sure the password fields match
- IValidationDelegate delegate = getDelegate();
-
- if (!StringUtils.equals(getUser().getPassword(), getUser().getConfirmPassword())) {
- addError("confirmPasswordField", getMessages().format("errors.twofields",
- getText("user.confirmPassword"), getText("user.password")),
- ValidationConstraint.CONSISTENCY);
- }
-
- if (delegate.getHasErrors()) {
- return null;
- }
-
- String password = getUser().getPassword();
- String originalPassword = getRequest().getParameter("originalPassword");
-
- Boolean encrypt = (Boolean) getConfiguration().get(Constants.ENCRYPT_PASSWORD);
- boolean doEncrypt = (encrypt != null) && encrypt;
-
- if (doEncrypt && (StringUtils.equals(getRequest().getParameter("encryptPass"), "true") ||
- !StringUtils.equals("S"+password, originalPassword)) ||
- ("X".equals(request.getParameter(("version"))))) {
- String algorithm = (String) getConfiguration().get(Constants.ENC_ALGORITHM);
-
- if (algorithm == null) { // should only happen for test case
- log.debug("assuming testcase, setting algorigthm to 'SHA'");
- algorithm = "SHA";
- }
-
- getUser().setPassword(StringUtil.encodePassword(password, algorithm));
- }
-
- // workaround for input tags that don't aren't set by Tapestry (who knows why)
- boolean fromList = StringUtils.equals(getFrom(), "list");
- String[] userRoles;
-
- if (fromList) {
- userRoles = getRequest().getParameterValues("userRoles");
- } else {
- userRoles = getRequest().getParameterValues("hiddenUserRoles");
- }
-
- User user = getUser();
- UserManager userManager = getUserManager();
-
- user.getRoles().clear();
- for (int i = 0; (userRoles != null) && (i < userRoles.length); i++) {
- String roleName = userRoles[i];
- user.addRole(getRoleManager().getRole(roleName));
- }
-
- Integer originalVersion = user.getVersion();
-
- try {
- user = userManager.saveUser(user);
- } catch (AccessDeniedException ade) {
- // thrown by UserSecurityAdvice configured in aop:advisor userManagerSecurity
- log.warn(ade.getMessage());
- getResponse().sendError(HttpServletResponse.SC_FORBIDDEN);
- return null;
- } catch (UserExistsException e) {
- addError("emailField", getMessages().format("errors.existing.user", user.getUsername(),
- user.getEmail()), ValidationConstraint.CONSISTENCY);
- getUser().setPassword(user.getConfirmPassword());
- getUser().setVersion(originalVersion);
- return null;
- }
-
- if (!fromList && user.getUsername().equals(getRequest().getRemoteUser())) {
- // add success messages
- MainMenu nextPage = (MainMenu) cycle.getPage("mainMenu");
- nextPage.setMessage(getText("user.saved", user.getFullName()));
- return getEngineService().getLink(false, nextPage.getPageName());
- } else {
- // add success messages
- if ("X".equals(request.getParameter(("version")))) {
- sendNewUserEmail(request, user);
- UserList nextPage = (UserList) cycle.getPage("admin/UserList");
- nextPage.setMessage(getText("user.added", user.getFullName()));
- return getEngineService().getLink(false, nextPage.getPageName());
- } else {
- setMessage(getText("user.updated.byAdmin", user.getFullName()));
- return null; // return to current pages
- }
- }
- }
-
- public ILink delete(IRequestCycle cycle) {
- log.debug("entered delete method");
-
- getUserManager().removeUser(getUser().getId().toString());
-
- UserList nextPage = (UserList) cycle.getPage("admin/UserList");
- nextPage.setMessage(getText("user.deleted", getUser().getFullName()));
- return getEngineService().getLink(false, nextPage.getPageName());
- }
-
- private void sendNewUserEmail(HttpServletRequest request, User user) {
- // Send user an e-mail
- if (log.isDebugEnabled()) {
- log.debug("Sending user '" + user.getUsername() + "' an account information e-mail");
- }
-
- SimpleMailMessage message = getMailMessage();
- message.setTo(user.getFullName() + "<" + user.getEmail() + ">");
-
- StringBuffer msg = new StringBuffer();
- msg.append(getText("newuser.email.message", user.getFullName()));
- msg.append("\n\n").append(getText("user.username"));
- msg.append(": ").append(user.getUsername()).append("\n");
- msg.append(getText("user.password")).append(": ");
- msg.append(user.getPassword());
- msg.append("\n\nLogin at: ").append(RequestUtil.getAppURL(request));
- message.setText(msg.toString());
-
- message.setSubject(getText("signup.email.subject"));
- getMailEngine().send(message);
- }
-}
+package org.appfuse.webapp.pages;
+
+import org.acegisecurity.Authentication;
+import org.acegisecurity.AuthenticationTrustResolver;
+import org.acegisecurity.AuthenticationTrustResolverImpl;
+import org.acegisecurity.AccessDeniedException;
+import org.acegisecurity.context.SecurityContext;
+import org.acegisecurity.context.SecurityContextHolder;
+import org.apache.commons.lang.StringUtils;
+import org.apache.tapestry.IRequestCycle;
+import org.apache.tapestry.engine.ILink;
+import org.apache.tapestry.event.PageBeginRenderListener;
+import org.apache.tapestry.event.PageEvent;
+import org.apache.tapestry.form.IPropertySelectionModel;
+import org.apache.tapestry.valid.IValidationDelegate;
+import org.apache.tapestry.valid.ValidationConstraint;
+import org.appfuse.Constants;
+import org.appfuse.model.Role;
+import org.appfuse.model.User;
+import org.appfuse.service.MailEngine;
+import org.appfuse.service.RoleManager;
+import org.appfuse.service.UserExistsException;
+import org.appfuse.service.UserManager;
+import org.appfuse.webapp.util.RequestUtil;
+import org.appfuse.webapp.pages.admin.UserList;
+import org.springframework.mail.SimpleMailMessage;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.util.ArrayList;
+import java.util.Iterator;
+import java.util.List;
+import java.io.IOException;
+
+public abstract class UserForm extends BasePage implements PageBeginRenderListener {
+ public abstract IPropertySelectionModel getAvailableRoles();
+ public abstract void setAvailableRoles(IPropertySelectionModel model);
+ public abstract List getUserRoles();
+ public abstract void setUserRoles(List roles);
+ public abstract IPropertySelectionModel getCountries();
+ public abstract void setCountries(IPropertySelectionModel model);
+ public abstract MailEngine getMailEngine();
+ public abstract SimpleMailMessage getMailMessage();
+ public abstract UserManager getUserManager();
+ public abstract RoleManager getRoleManager();
+ public abstract void setUser(User user);
+ public abstract User getUser();
+ public abstract void setFrom(String from);
+ public abstract String getFrom();
+
+ public void pageBeginRender(PageEvent event) {
+ // if user doing an add, create an empty user with default settings
+ if ((getUser() == null) && !event.getRequestCycle().isRewinding()) {
+ setUser(new User());
+ setFrom("list"); // shows role selection
+ getUser().addRole(new Role(Constants.USER_ROLE));
+ } else if (event.getRequestCycle().isRewinding()) { // before population
+ setUser(new User());
+ }
+
+ // initialize drop-downs
+ if (getAvailableRoles() == null) {
+ List roles = (List) getServletContext().getAttribute(Constants.AVAILABLE_ROLES);
+ setAvailableRoles(new OptionsModel(roles));
+ }
+
+ List selectedRoles = new ArrayList(getUser().getRoles().size());
+
+ for (Iterator it = getUser().getRoles().iterator();
+ (it != null) && it.hasNext();) {
+ Role role = it.next();
+ selectedRoles.add(role.getName());
+ }
+ setUserRoles(selectedRoles);
+
+ if (getCountries() == null) {
+ setCountries(new CountryModel(getLocale()));
+ }
+
+ // if user logged in with remember me, display a warning that they can't change passwords
+ log.debug("checking for remember me login...");
+
+ AuthenticationTrustResolver resolver = new AuthenticationTrustResolverImpl();
+ SecurityContext ctx = SecurityContextHolder.getContext();
+
+ if (ctx != null) {
+ Authentication auth = ctx.getAuthentication();
+
+ if (resolver.isRememberMe(auth)) {
+ getSession().setAttribute("cookieLogin", "true");
+
+ // add warning message
+ setMessage(getText("userProfile.cookieLogin"));
+ }
+ }
+ }
+
+ public ILink cancel(IRequestCycle cycle) {
+ log.debug("Entering 'cancel' method");
+
+ if (getFrom() != null && getFrom().equalsIgnoreCase("list")) {
+ return getEngineService().getLink(false, "admin/UserList");
+ } else {
+ return getEngineService().getLink(false, "mainMenu");
+ }
+ }
+
+ public ILink save(IRequestCycle cycle) throws UserExistsException, IOException {
+ log.debug("entered save method");
+
+ HttpServletRequest request = getRequest();
+
+ // make sure the password fields match
+ IValidationDelegate delegate = getDelegate();
+
+ if (!StringUtils.equals(getUser().getPassword(), getUser().getConfirmPassword())) {
+ addError("confirmPasswordField", getMessages().format("errors.twofields",
+ getText("user.confirmPassword"), getText("user.password")),
+ ValidationConstraint.CONSISTENCY);
+ }
+
+ if (delegate.getHasErrors()) {
+ return null;
+ }
+
+ // workaround for input tags that don't aren't set by Tapestry (who knows why)
+ boolean fromList = StringUtils.equals(getFrom(), "list");
+ String[] userRoles;
+
+ if (fromList) {
+ userRoles = getRequest().getParameterValues("userRoles");
+ } else {
+ userRoles = getRequest().getParameterValues("hiddenUserRoles");
+ }
+
+ User user = getUser();
+ UserManager userManager = getUserManager();
+
+ user.getRoles().clear();
+ for (int i = 0; (userRoles != null) && (i < userRoles.length); i++) {
+ String roleName = userRoles[i];
+ user.addRole(getRoleManager().getRole(roleName));
+ }
+
+ Integer originalVersion = user.getVersion();
+
+ try {
+ userManager.saveUser(user);
+ } catch (AccessDeniedException ade) {
+ // thrown by UserSecurityAdvice configured in aop:advisor userManagerSecurity
+ log.warn(ade.getMessage());
+ getResponse().sendError(HttpServletResponse.SC_FORBIDDEN);
+ return null;
+ } catch (UserExistsException e) {
+ addError("emailField", getMessages().format("errors.existing.user", user.getUsername(),
+ user.getEmail()), ValidationConstraint.CONSISTENCY);
+ getUser().setPassword(user.getConfirmPassword());
+ getUser().setVersion(originalVersion);
+ return null;
+ }
+
+ if (!fromList && user.getUsername().equals(getRequest().getRemoteUser())) {
+ // add success messages
+ MainMenu nextPage = (MainMenu) cycle.getPage("mainMenu");
+ nextPage.setMessage(getText("user.saved", user.getFullName()));
+ return getEngineService().getLink(false, nextPage.getPageName());
+ } else {
+ // add success messages
+ if ("X".equals(request.getParameter(("version")))) {
+ sendNewUserEmail(request, user);
+ UserList nextPage = (UserList) cycle.getPage("UserList");
+ nextPage.setMessage(getText("user.added", user.getFullName()));
+ return getEngineService().getLink(false, nextPage.getPageName());
+ } else {
+ setMessage(getText("user.updated.byAdmin", user.getFullName()));
+ return null; // return to current pages
+ }
+ }
+ }
+
+ public ILink delete(IRequestCycle cycle) {
+ log.debug("entered delete method");
+
+ getUserManager().removeUser(getUser().getId().toString());
+
+ UserList nextPage = (UserList) cycle.getPage("UserList");
+ nextPage.setMessage(getText("user.deleted", getUser().getFullName()));
+ return getEngineService().getLink(false, nextPage.getPageName());
+ }
+
+ private void sendNewUserEmail(HttpServletRequest request, User user) {
+ // Send user an e-mail
+ if (log.isDebugEnabled()) {
+ log.debug("Sending user '" + user.getUsername() + "' an account information e-mail");
+ }
+
+ SimpleMailMessage message = getMailMessage();
+ message.setTo(user.getFullName() + "<" + user.getEmail() + ">");
+
+ StringBuffer msg = new StringBuffer();
+ msg.append(getText("newuser.email.message", user.getFullName()));
+ msg.append("\n\n").append(getText("user.username"));
+ msg.append(": ").append(user.getUsername()).append("\n");
+ msg.append(getText("user.password")).append(": ");
+ msg.append(user.getPassword());
+ msg.append("\n\nLogin at: ").append(RequestUtil.getAppURL(request));
+ message.setText(msg.toString());
+
+ message.setSubject(getText("signup.email.subject"));
+ getMailEngine().send(message);
+ }
+}
Index: I:/Projects/workspace/appfuse/web/tapestry/src/main/java/org/appfuse/webapp/pages/BasePageTestCase.java
===================================================================
--- I:/Projects/workspace/appfuse/web/tapestry/src/main/java/org/appfuse/webapp/pages/BasePageTestCase.java (revision 3039)
+++ I:/Projects/workspace/appfuse/web/tapestry/src/main/java/org/appfuse/webapp/pages/BasePageTestCase.java (working copy)
@@ -27,7 +27,8 @@
"classpath:/applicationContext-dao.xml",
"classpath:/applicationContext-service.xml",
"classpath*:/applicationContext.xml", // for modular archetypes
- "/WEB-INF/applicationContext*.xml"
+ "/WEB-INF/applicationContext*.xml",
+ "/applicationContext-test.xml"
};
}
Index: I:/Projects/workspace/appfuse/web/tapestry/src/main/java/org/appfuse/webapp/pages/SignupForm.java
===================================================================
--- I:/Projects/workspace/appfuse/web/tapestry/src/main/java/org/appfuse/webapp/pages/SignupForm.java (revision 3039)
+++ I:/Projects/workspace/appfuse/web/tapestry/src/main/java/org/appfuse/webapp/pages/SignupForm.java (working copy)
@@ -1,138 +1,123 @@
-package org.appfuse.webapp.pages;
-
-import org.acegisecurity.AccessDeniedException;
-import org.acegisecurity.context.SecurityContextHolder;
-import org.acegisecurity.providers.UsernamePasswordAuthenticationToken;
-import org.apache.commons.lang.StringUtils;
-import org.apache.tapestry.IRequestCycle;
-import org.apache.tapestry.event.PageBeginRenderListener;
-import org.apache.tapestry.event.PageEvent;
-import org.apache.tapestry.form.IPropertySelectionModel;
-import org.apache.tapestry.valid.IValidationDelegate;
-import org.apache.tapestry.valid.ValidationConstraint;
-import org.appfuse.Constants;
-import org.appfuse.model.User;
-import org.appfuse.service.MailEngine;
-import org.appfuse.service.RoleManager;
-import org.appfuse.service.UserExistsException;
-import org.appfuse.service.UserManager;
-import org.appfuse.util.StringUtil;
-import org.appfuse.webapp.util.RequestUtil;
-import org.springframework.mail.SimpleMailMessage;
-
-import javax.servlet.http.HttpServletResponse;
-import java.io.IOException;
-
-public abstract class SignupForm extends BasePage implements PageBeginRenderListener {
- private IPropertySelectionModel countries;
- public abstract UserManager getUserManager();
- public abstract RoleManager getRoleManager();
- public abstract MailEngine getMailEngine();
- public abstract SimpleMailMessage getMailMessage();
- public abstract void setUser(User user);
- public abstract User getUser();
-
- public IPropertySelectionModel getCountries() {
- if (countries == null) {
- countries = new CountryModel(getLocale());
- }
- return countries;
- }
-
- public void pageBeginRender(PageEvent event) {
- if (getUser() == null) {
- setUser(new User());
- }
- }
-
- public void cancel(IRequestCycle cycle) throws IOException {
- if (log.isDebugEnabled()) {
- log.debug("entered cancel method");
- }
- getResponse().sendRedirect(getRequest().getContextPath());
- }
-
- public void save(IRequestCycle cycle) throws IOException {
- log.debug("entered save method");
-
- // make sure the password fields match
- IValidationDelegate delegate = getDelegate();
- if (!StringUtils.equals(getUser().getPassword(), getUser().getConfirmPassword())) {
- addError("confirmPasswordField", getText("errors.twofields",
- new Object[]{getText("user.confirmPassword"), getText("user.password")}),
- ValidationConstraint.CONSISTENCY);
- }
-
- if (delegate.getHasErrors()) {
- return;
- }
-
- User user = getUser();
-
- Boolean encrypt = (Boolean) getConfiguration().get(Constants.ENCRYPT_PASSWORD);
-
- if (encrypt != null && encrypt) {
- String algorithm = (String) getConfiguration().get(Constants.ENC_ALGORITHM);
-
- if (algorithm == null) { // should only happen for test case
- if (log.isDebugEnabled()) {
- log.debug("assuming testcase, setting algorithm to 'SHA'");
- }
- algorithm = "SHA";
- }
- user.setPassword(StringUtil.encodePassword(user.getPassword(), algorithm));
- }
-
- user.setEnabled(true);
-
- // Set the default user role on this new user
- user.addRole(getRoleManager().getRole(Constants.USER_ROLE));
-
- try {
- user = getUserManager().saveUser(user);
- } catch (AccessDeniedException ade) {
- // thrown by UserSecurityAdvice configured in aop:advisor userManagerSecurity
- log.warn(ade.getMessage());
- getResponse().sendError(HttpServletResponse.SC_FORBIDDEN);
- return;
- } catch (UserExistsException e) {
- addError("usernameField", getMessages().format("errors.existing.user", user.getUsername(),
- user.getEmail()), ValidationConstraint.CONSISTENCY);
- // redisplay the unencrypted passwords
- user.setPassword(user.getConfirmPassword());
- return;
- }
-
- getSession().setAttribute(Constants.REGISTERED, Boolean.TRUE);
-
- // log user in automatically
- UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken(
- user.getUsername(), user.getConfirmPassword(), user.getAuthorities());
- auth.setDetails(user);
- SecurityContextHolder.getContext().setAuthentication(auth);
-
- // Send user an e-mail
- if (log.isDebugEnabled()) {
- log.debug("Sending user '" + user.getUsername() + "' an account information e-mail");
- }
-
- SimpleMailMessage message = getMailMessage();
- message.setTo(user.getFullName() + "<" + user.getEmail() + ">");
-
- StringBuffer msg = new StringBuffer();
- msg.append(getText("signup.email.message"));
- msg.append("\n\n").append(getText("user.username"));
- msg.append(": ").append(user.getUsername()).append("\n");
- msg.append(getText("user.password")).append(": ");
- msg.append(user.getPassword());
- msg.append("\n\nLogin at: ").append(RequestUtil.getAppURL(getRequest()));
- message.setText(msg.toString());
- message.setSubject(getText("signup.email.subject"));
-
- getMailEngine().send(message);
-
- getSession().setAttribute("message", getText("user.registered"));
- getResponse().sendRedirect(getRequest().getContextPath());
- }
-}
-
+package org.appfuse.webapp.pages;
+
+import org.acegisecurity.AccessDeniedException;
+import org.acegisecurity.context.SecurityContextHolder;
+import org.acegisecurity.providers.UsernamePasswordAuthenticationToken;
+import org.apache.commons.lang.StringUtils;
+import org.apache.tapestry.IRequestCycle;
+import org.apache.tapestry.event.PageBeginRenderListener;
+import org.apache.tapestry.event.PageEvent;
+import org.apache.tapestry.form.IPropertySelectionModel;
+import org.apache.tapestry.valid.IValidationDelegate;
+import org.apache.tapestry.valid.ValidationConstraint;
+import org.appfuse.Constants;
+import org.appfuse.model.User;
+import org.appfuse.service.MailEngine;
+import org.appfuse.service.RoleManager;
+import org.appfuse.service.UserExistsException;
+import org.appfuse.service.UserManager;
+import org.appfuse.webapp.util.RequestUtil;
+import org.springframework.mail.SimpleMailMessage;
+
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+
+public abstract class SignupForm extends BasePage implements PageBeginRenderListener {
+ private IPropertySelectionModel countries;
+ public abstract UserManager getUserManager();
+ public abstract RoleManager getRoleManager();
+ public abstract MailEngine getMailEngine();
+ public abstract SimpleMailMessage getMailMessage();
+ public abstract void setUser(User user);
+ public abstract User getUser();
+
+ public IPropertySelectionModel getCountries() {
+ if (countries == null) {
+ countries = new CountryModel(getLocale());
+ }
+ return countries;
+ }
+
+ public void pageBeginRender(PageEvent event) {
+ if (getUser() == null) {
+ setUser(new User());
+ }
+ }
+
+ public void cancel(IRequestCycle cycle) throws IOException {
+ if (log.isDebugEnabled()) {
+ log.debug("entered cancel method");
+ }
+ getResponse().sendRedirect(getRequest().getContextPath());
+ }
+
+ public void save(IRequestCycle cycle) throws IOException {
+ log.debug("entered save method");
+
+ // make sure the password fields match
+ IValidationDelegate delegate = getDelegate();
+ if (!StringUtils.equals(getUser().getPassword(), getUser().getConfirmPassword())) {
+ addError("confirmPasswordField", getText("errors.twofields",
+ new Object[] {getText("user.confirmPassword"), getText("user.password")}),
+ ValidationConstraint.CONSISTENCY);
+ }
+
+ if (delegate.getHasErrors()) {
+ return;
+ }
+
+ User user = getUser();
+
+ user.setEnabled(true);
+
+ // Set the default user role on this new user
+ user.addRole(getRoleManager().getRole(Constants.USER_ROLE));
+
+ try {
+ getUserManager().saveUser(user);
+ } catch (AccessDeniedException ade) {
+ // thrown by UserSecurityAdvice configured in aop:advisor userManagerSecurity
+ log.warn(ade.getMessage());
+ getResponse().sendError(HttpServletResponse.SC_FORBIDDEN);
+ return;
+ } catch (UserExistsException e) {
+ addError("usernameField", getMessages().format("errors.existing.user", user.getUsername(),
+ user.getEmail()), ValidationConstraint.CONSISTENCY);
+ // redisplay the unencrypted passwords
+ user.setPassword(user.getConfirmPassword());
+ return;
+ }
+
+ getSession().setAttribute(Constants.REGISTERED, Boolean.TRUE);
+
+ // log user in automatically
+ UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken(
+ user.getUsername(), user.getConfirmPassword(), user.getAuthorities());
+ auth.setDetails(user);
+ SecurityContextHolder.getContext().setAuthentication(auth);
+
+ // Send user an e-mail
+ if (log.isDebugEnabled()) {
+ log.debug("Sending user '" + user.getUsername() + "' an account information e-mail");
+ }
+
+ SimpleMailMessage message = getMailMessage();
+ message.setTo(user.getFullName() + "<" + user.getEmail() + ">");
+
+ StringBuffer msg = new StringBuffer();
+ msg.append(getText("signup.email.message"));
+ msg.append("\n\n" + getText("user.username"));
+ msg.append(": " + user.getUsername() + "\n");
+ msg.append(getText("user.password") + ": ");
+ msg.append(user.getPassword());
+ msg.append("\n\nLogin at: " + RequestUtil.getAppURL(getRequest()));
+ message.setText(msg.toString());
+ message.setSubject(getText("signup.email.subject"));
+
+ getMailEngine().send(message);
+
+ getSession().setAttribute("message", getText("user.registered"));
+ getResponse().sendRedirect(getRequest().getContextPath());
+ }
+}
+