Index: service/src/test/java/org/appfuse/service/MockUserDetailsService.java
===================================================================
--- service/src/test/java/org/appfuse/service/MockUserDetailsService.java (revision 0)
+++ service/src/test/java/org/appfuse/service/MockUserDetailsService.java (revision 0)
@@ -0,0 +1,13 @@
+package org.appfuse.service;
+
+import org.acegisecurity.userdetails.UserDetails;
+import org.acegisecurity.userdetails.UserDetailsService;
+import org.acegisecurity.userdetails.UsernameNotFoundException;
+import org.appfuse.model.User;
+import org.springframework.dao.DataAccessException;
+
+public class MockUserDetailsService implements UserDetailsService {
+ public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException, DataAccessException {
+ return new User("testuser");
+ }
+}
Index: service/src/test/java/org/appfuse/service/impl/UniversalManagerTest.java
===================================================================
--- service/src/test/java/org/appfuse/service/impl/UniversalManagerTest.java (revision 3043)
+++ service/src/test/java/org/appfuse/service/impl/UniversalManagerTest.java (working copy)
@@ -1,5 +1,6 @@
package org.appfuse.service.impl;
+import org.acegisecurity.providers.dao.DaoAuthenticationProvider;
import org.appfuse.dao.UniversalDao;
import org.appfuse.model.User;
import org.jmock.Mock;
Index: service/src/test/java/org/appfuse/util/StringUtilTest.java
===================================================================
--- service/src/test/java/org/appfuse/util/StringUtilTest.java (revision 3043)
+++ service/src/test/java/org/appfuse/util/StringUtilTest.java (working copy)
@@ -1,28 +0,0 @@
-package org.appfuse.util;
-
-import junit.framework.TestCase;
-
-
-public class StringUtilTest extends TestCase {
- public StringUtilTest(String name) {
- super(name);
- }
-
- protected void setUp() throws Exception {
- super.setUp();
- }
-
- protected void tearDown() throws Exception {
- super.tearDown();
- }
-
- public void testEncodePassword() throws Exception {
- String password = "tomcat";
- String encrypted = "536c0b339345616c1b33caf454454d8b8a190d6c";
- assertEquals(StringUtil.encodePassword(password, "SHA"), encrypted);
- }
-
- public static void main(String[] args) {
- junit.textui.TestRunner.run(StringUtilTest.class);
- }
-}
Index: service/src/test/resources/applicationContext-resources.xml
===================================================================
--- service/src/test/resources/applicationContext-resources.xml (revision 3043)
+++ service/src/test/resources/applicationContext-resources.xml (working copy)
@@ -1,7 +1,7 @@
-
+
@@ -17,4 +17,11 @@
-
\ No newline at end of file
+
+
+
+
+
+
+
+
Index: service/src/test/resources/applicationContext-test.xml
===================================================================
--- service/src/test/resources/applicationContext-test.xml (revision 3043)
+++ service/src/test/resources/applicationContext-test.xml (working copy)
@@ -15,15 +15,26 @@
-
+
+
+
-
-
-
-
-
-
-
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Index: service/src/main/java/org/appfuse/service/impl/UserManagerImpl.java
===================================================================
--- service/src/main/java/org/appfuse/service/impl/UserManagerImpl.java (revision 3043)
+++ service/src/main/java/org/appfuse/service/impl/UserManagerImpl.java (working copy)
@@ -1,15 +1,19 @@
package org.appfuse.service.impl;
+import org.acegisecurity.providers.dao.DaoAuthenticationProvider;
+import org.acegisecurity.providers.dao.SaltSource;
+import org.acegisecurity.providers.encoding.PasswordEncoder;
import org.acegisecurity.userdetails.UsernameNotFoundException;
import org.appfuse.dao.UserDao;
import org.appfuse.model.User;
import org.appfuse.service.UserExistsException;
import org.appfuse.service.UserManager;
import org.appfuse.service.UserService;
+import org.springframework.beans.factory.annotation.Required;
import org.springframework.dao.DataIntegrityViolationException;
+import javax.jws.WebService;
import javax.persistence.EntityExistsException;
-import javax.jws.WebService;
import java.util.List;
@@ -21,16 +25,29 @@
@WebService(serviceName = "UserService", endpointInterface = "org.appfuse.service.UserService")
public class UserManagerImpl extends UniversalManagerImpl implements UserManager, UserService {
private UserDao dao;
+ private DaoAuthenticationProvider authenticationProvider;
/**
* Set the Dao for communication with the data layer.
* @param dao the UserDao that communicates with the database
*/
+ @Required
public void setUserDao(UserDao dao) {
this.dao = dao;
}
/**
+ * Set the DaoAuthenticationProvider object that will provide both the
+ * PasswordEncoder and the SaltSource which will be used for password
+ * encryption when necessary.
+ * @param authenticationProvider the DaoAuthenticationProvider object
+ */
+ @Required
+ public void setAuthenticationProvider(DaoAuthenticationProvider authenticationProvider) {
+ this.authenticationProvider = authenticationProvider;
+ }
+
+ /**
* {@inheritDoc}
*/
public User getUser(String userId) {
@@ -43,16 +60,52 @@
public List getUsers(User user) {
return dao.getUsers();
}
-
+
+
/**
* {@inheritDoc}
*/
public User saveUser(User user) throws UserExistsException {
- // if new user, lowercase userId
+
if (user.getVersion() == null) {
+ // if new user, lowercase userId
user.setUsername(user.getUsername().toLowerCase());
}
+
+ // Get and prepare password management-related artifacts
+ boolean passwordChanged = false;
+ if (authenticationProvider != null) {
+ PasswordEncoder passwordEncoder = authenticationProvider.getPasswordEncoder();
+ if (passwordEncoder != null) {
+ // Check whether we have to encrypt (or re-encrypt) the password
+ if (user.getVersion() == null) {
+ // New user, always encrypt
+ passwordChanged = true;
+ } else {
+ // Existing user, check password in DB
+ String currentPassword = dao.getUserPassword(user.getUsername());
+ if (currentPassword == null) {
+ passwordChanged = true;
+ } else {
+ if (!currentPassword.equals(user.getPassword())) {
+ passwordChanged = true;
+ }
+ }
+ }
+
+ // If password was changed (or new user), encrypt it
+ if (passwordChanged) {
+ user.setPassword(passwordEncoder.encodePassword(user.getPassword(), null));
+ }
+ } else {
+ log.warn("PasswordEncoder not set on AuthenticationProvider, skipping password encryption...");
+ }
+ } else {
+ log.warn("AuthenticationProvider not set, skipping password encryption...");
+
+ }
+
try {
return dao.saveUser(user);
} catch (DataIntegrityViolationException e) {
Index: service/src/main/java/org/appfuse/service/UserManager.java
===================================================================
--- service/src/main/java/org/appfuse/service/UserManager.java (revision 3043)
+++ service/src/main/java/org/appfuse/service/UserManager.java (working copy)
@@ -1,12 +1,12 @@
package org.appfuse.service;
+import java.util.List;
+
import org.acegisecurity.userdetails.UsernameNotFoundException;
import org.appfuse.dao.UserDao;
import org.appfuse.model.User;
-import java.util.List;
-
/**
* Business Service Interface to handle communication between web and
* persistence layer.
@@ -47,7 +47,7 @@
List getUsers(User user);
/**
- * Saves a user's information
+ * Saves a user's information.
*
* @param user the user's information
* @throws UserExistsException thrown when user already exists
Index: service/src/main/java/org/appfuse/util/StringUtil.java
===================================================================
--- service/src/main/java/org/appfuse/util/StringUtil.java (revision 3043)
+++ service/src/main/java/org/appfuse/util/StringUtil.java (working copy)
@@ -1,102 +0,0 @@
-package org.appfuse.util;
-
-import java.security.MessageDigest;
-
-import org.apache.commons.codec.DecoderException;
-import org.apache.commons.codec.binary.Base64;
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-
-
-/**
- * String Utility Class This is used to encode passwords programmatically
- *
- * @author Matt Raible
- */
-public final class StringUtil {
- private static final Log log = LogFactory.getLog(StringUtil.class);
-
- /**
- * Checkstyle rule: utility classes should not have public constructor
- */
- private StringUtil() {
- }
- //~ Methods ================================================================
-
- /**
- * Encode a string using algorithm specified in web.xml and return the
- * resulting encrypted password. If exception, the plain credentials
- * string is returned
- *
- * @param password Password or other credentials to use in authenticating
- * this username
- * @param algorithm Algorithm used to do the digest
- *
- * @return encypted password based on the algorithm.
- */
- public static String encodePassword(String password, String algorithm) {
- byte[] unencodedPassword = password.getBytes();
-
- MessageDigest md = null;
-
- try {
- // first create an instance, given the provider
- md = MessageDigest.getInstance(algorithm);
- } catch (Exception e) {
- log.error("Exception: " + e);
-
- return password;
- }
-
- md.reset();
-
- // call the update method one or more times
- // (useful when you don't know the size of your data, eg. stream)
- md.update(unencodedPassword);
-
- // now calculate the hash
- byte[] encodedPassword = md.digest();
-
- StringBuffer buf = new StringBuffer();
-
- for (byte anEncodedPassword : encodedPassword) {
- if ((anEncodedPassword & 0xff) < 0x10) {
- buf.append("0");
- }
-
- buf.append(Long.toString(anEncodedPassword & 0xff, 16));
- }
-
- return buf.toString();
- }
-
- /**
- * Encode a string using Base64 encoding. Used when storing passwords
- * as cookies.
- *
- * This is weak encoding in that anyone can use the decodeString
- * routine to reverse the encoding.
- *
- * @param str the string to encode
- * @return the encoded string
- */
- public static String encodeString(String str) {
- Base64 encoder = new Base64();
- return String.valueOf(encoder.encode(str.getBytes())).trim();
- }
-
- /**
- * Decode a string using Base64 encoding.
- *
- * @param str the string to decode
- * @return the decoded string
- */
- public static String decodeString(String str) {
- Base64 dec = new Base64();
- try {
- return String.valueOf(dec.decode(str));
- } catch (DecoderException de) {
- throw new RuntimeException(de.getMessage(), de.getCause());
- }
- }
-}
Index: service/src/main/resources/applicationContext-service.xml
===================================================================
--- service/src/main/resources/applicationContext-service.xml (revision 3043)
+++ service/src/main/resources/applicationContext-service.xml (working copy)
@@ -85,6 +85,18 @@
+
+
+
+
+
+
+
+
+
+
+
+
@@ -97,6 +109,7 @@
+
Index: archetypes/appfuse-basic-struts/src/main/resources/archetype-resources/src/main/resources/log4j.xml
===================================================================
--- archetypes/appfuse-basic-struts/src/main/resources/archetype-resources/src/main/resources/log4j.xml (revision 3043)
+++ archetypes/appfuse-basic-struts/src/main/resources/archetype-resources/src/main/resources/log4j.xml (working copy)
@@ -10,6 +10,10 @@
+
+
+
+
@@ -44,6 +48,11 @@
+
+
+
+
+
Index: data/hibernate/src/test/java/org/appfuse/dao/UserDaoTest.java
===================================================================
--- data/hibernate/src/test/java/org/appfuse/dao/UserDaoTest.java (revision 3043)
+++ data/hibernate/src/test/java/org/appfuse/dao/UserDaoTest.java (working copy)
@@ -36,6 +36,12 @@
assertTrue(user.isEnabled());
}
+ public void testGetUserPassword() throws Exception {
+ User user = dao.get(-1L);
+ String password = dao.getUserPassword(user.getUsername());
+ assertNotNull(password);
+ }
+
public void testUpdateUser() throws Exception {
User user = dao.get(-1L);
Index: data/hibernate/src/main/java/org/appfuse/dao/hibernate/UserDaoHibernate.java
===================================================================
--- data/hibernate/src/main/java/org/appfuse/dao/hibernate/UserDaoHibernate.java (revision 3043)
+++ data/hibernate/src/main/java/org/appfuse/dao/hibernate/UserDaoHibernate.java (working copy)
@@ -70,4 +70,17 @@
return (UserDetails) users.get(0);
}
}
+
+ /**
+ * {@inheritDoc}
+ */
+ public String getUserPassword(String username) {
+ List results =
+ getHibernateTemplate().find("select u.password from User u where username=?", username);
+ if (results == null || results.isEmpty()) {
+ return null;
+ }
+ return (String) results.get(0);
+ }
+
}
Index: data/hibernate/src/main/java/org/appfuse/dao/UserDao.java
===================================================================
--- data/hibernate/src/main/java/org/appfuse/dao/UserDao.java (revision 3043)
+++ data/hibernate/src/main/java/org/appfuse/dao/UserDao.java (working copy)
@@ -1,12 +1,13 @@
package org.appfuse.dao;
-import java.util.List;
-
import org.acegisecurity.userdetails.UserDetails;
import org.acegisecurity.userdetails.UsernameNotFoundException;
import org.appfuse.model.User;
+import org.springframework.transaction.annotation.Propagation;
import org.springframework.transaction.annotation.Transactional;
+import java.util.List;
+
/**
* User Data Access Object (GenericDao) interface.
*
@@ -36,4 +37,13 @@
* @return the persisted User object
*/
User saveUser(User user);
+
+ /**
+ * Retrieves the password in DB for a user
+ * @param username the user's username
+ * @return the password in DB, if the user is already persisted
+ */
+ @Transactional(propagation = Propagation.NOT_SUPPORTED)
+ String getUserPassword(String username);
+
}
Index: data/common/src/main/java/org/appfuse/Constants.java
===================================================================
--- data/common/src/main/java/org/appfuse/Constants.java (revision 3043)
+++ data/common/src/main/java/org/appfuse/Constants.java (working copy)
@@ -16,16 +16,6 @@
public static final String BUNDLE_KEY = "ApplicationResources";
/**
- * The encryption algorithm key to be used for passwords
- */
- public static final String ENC_ALGORITHM = "algorithm";
-
- /**
- * A flag to indicate if passwords should be encrypted
- */
- public static final String ENCRYPT_PASSWORD = "encryptPassword";
-
- /**
* File separator from System properties
*/
public static final String FILE_SEP = System.getProperty("file.separator");
Index: data/jpa/src/test/java/org/appfuse/dao/UserDaoTest.java
===================================================================
--- data/jpa/src/test/java/org/appfuse/dao/UserDaoTest.java (revision 3043)
+++ data/jpa/src/test/java/org/appfuse/dao/UserDaoTest.java (working copy)
@@ -40,6 +40,12 @@
assertTrue(user.isEnabled());
}
+ public void testGetUserPassword() throws Exception {
+ User user = dao.get(-1L);
+ String password = dao.getUserPassword(user.getUsername());
+ assertNotNull(password);
+ }
+
public void testUpdateUser() throws Exception {
User user = dao.get(-1L);
Index: data/jpa/src/main/java/org/appfuse/dao/UserDao.java
===================================================================
--- data/jpa/src/main/java/org/appfuse/dao/UserDao.java (revision 3043)
+++ data/jpa/src/main/java/org/appfuse/dao/UserDao.java (working copy)
@@ -36,4 +36,12 @@
* @return the persisted User object
*/
User saveUser(User user);
+
+ /**
+ * Retrieves the password in DB for a user
+ * @param username the user's username
+ * @return the password in DB, if the user is already persisted
+ */
+ String getUserPassword(String username);
+
}
Index: data/jpa/src/main/java/org/appfuse/dao/jpa/UserDaoJpa.java
===================================================================
--- data/jpa/src/main/java/org/appfuse/dao/jpa/UserDaoJpa.java (revision 3043)
+++ data/jpa/src/main/java/org/appfuse/dao/jpa/UserDaoJpa.java (working copy)
@@ -65,4 +65,18 @@
entityManager.flush();
return u;
}
+
+ /**
+ * {@inheritDoc}
+ */
+ @Transactional
+ public String getUserPassword(String username) {
+ Query q = this.entityManager.createQuery("select u.password from User u where username=?");
+ q.setParameter(1, username);
+ List results = q.getResultList();
+ if (results == null || results.isEmpty()) {
+ return null;
+ }
+ return results.get(0);
+ }
}
Index: data/ibatis/src/test/java/org/appfuse/dao/UserDaoTest.java
===================================================================
--- data/ibatis/src/test/java/org/appfuse/dao/UserDaoTest.java (revision 3043)
+++ data/ibatis/src/test/java/org/appfuse/dao/UserDaoTest.java (working copy)
@@ -36,6 +36,12 @@
assertTrue(user.isEnabled());
}
+ public void testGetUserPassword() throws Exception {
+ User user = dao.get(-1L);
+ String password = dao.getUserPassword(user.getUsername());
+ assertNotNull(password);
+ }
+
public void testUpdateUser() throws Exception {
User user = dao.get(-1L);
Index: data/ibatis/src/main/java/org/appfuse/dao/UserDao.java
===================================================================
--- data/ibatis/src/main/java/org/appfuse/dao/UserDao.java (revision 3043)
+++ data/ibatis/src/main/java/org/appfuse/dao/UserDao.java (working copy)
@@ -36,4 +36,12 @@
* @return the persisted User object
*/
User saveUser(User user);
+
+ /**
+ * Retrieves the password in DB for a user
+ * @param username the user's username
+ * @return the password in DB, if the user is already persisted
+ */
+ String getUserPassword(String username);
+
}
Index: data/ibatis/src/main/java/org/appfuse/dao/ibatis/UserDaoiBatis.java
===================================================================
--- data/ibatis/src/main/java/org/appfuse/dao/ibatis/UserDaoiBatis.java (revision 3043)
+++ data/ibatis/src/main/java/org/appfuse/dao/ibatis/UserDaoiBatis.java (working copy)
@@ -137,4 +137,12 @@
return user;
}
+
+
+ /**
+ * {@inheritDoc}
+ */
+ public String getUserPassword(String username) {
+ return (String) getSqlMapClientTemplate().queryForObject("getUserPassword", username);
+ }
}
Index: data/ibatis/src/main/resources/sqlmaps/UserSQL.xml
===================================================================
--- data/ibatis/src/main/resources/sqlmaps/UserSQL.xml (revision 3043)
+++ data/ibatis/src/main/resources/sqlmaps/UserSQL.xml (working copy)
@@ -114,4 +114,11 @@
delete from user_role where user_id = #id#
]]>
+
+
+
Index: web/jsf/src/test/resources/applicationContext-test.xml
===================================================================
--- web/jsf/src/test/resources/applicationContext-test.xml (revision 0)
+++ web/jsf/src/test/resources/applicationContext-test.xml (revision 0)
@@ -0,0 +1,11 @@
+
+
+
+
+
+
+
+
+
+
Index: web/jsf/src/main/java/org/appfuse/webapp/action/UserForm.java
===================================================================
--- web/jsf/src/main/java/org/appfuse/webapp/action/UserForm.java (revision 3043)
+++ web/jsf/src/main/java/org/appfuse/webapp/action/UserForm.java (working copy)
@@ -6,14 +6,13 @@
import org.acegisecurity.AccessDeniedException;
import org.acegisecurity.context.SecurityContext;
import org.acegisecurity.context.SecurityContextHolder;
-import org.apache.commons.lang.StringUtils;
+
import org.appfuse.Constants;
import org.appfuse.model.Role;
import org.appfuse.model.User;
import org.appfuse.service.RoleManager;
import org.appfuse.service.UserExistsException;
import org.appfuse.util.ConvertUtil;
-import org.appfuse.util.StringUtil;
import org.appfuse.webapp.util.RequestUtil;
import javax.servlet.http.HttpServletRequest;
@@ -63,7 +62,7 @@
log.debug("Entering 'cancel' method");
}
- if (!StringUtils.equals(getParameter("from"), "list")) {
+ if (!"list".equals(getParameter("from"))) {
return "mainMenu";
} else {
return "cancel";
@@ -112,24 +111,6 @@
}
public String save() throws IOException {
- String password = user.getPassword();
- String originalPassword = getParameter("userForm:originalPassword");
-
- Boolean encrypt = (Boolean) getConfiguration().get(Constants.ENCRYPT_PASSWORD);
- boolean doEncrypt = (encrypt != null) && encrypt;
-
- if (doEncrypt && (StringUtils.equals(getParameter("encryptPass"), "true") ||
- !StringUtils.equals(password, originalPassword))) {
- String algorithm = (String) getConfiguration().get(Constants.ENC_ALGORITHM);
-
- if (algorithm == null) { // should only happen for test case
- log.debug("assuming testcase, setting algorigthm to 'SHA'");
- algorithm = "SHA";
- }
-
- user.setPassword(StringUtil.encodePassword(password, algorithm));
- }
-
// workaround for plain ol' HTML input tags that don't seem to set
// properties on the managed bean
setUserRoles(getRequest().getParameterValues("userForm:userRoles"));
@@ -156,7 +137,7 @@
return "editProfile";
}
- if (!StringUtils.equals(getParameter("from"), "list")) {
+ if (!"list".equals(getParameter("from"))) {
// add success messages
addMessage("user.saved");
Index: web/jsf/src/main/java/org/appfuse/webapp/action/SignupForm.java
===================================================================
--- web/jsf/src/main/java/org/appfuse/webapp/action/SignupForm.java (revision 3043)
+++ web/jsf/src/main/java/org/appfuse/webapp/action/SignupForm.java (working copy)
@@ -7,7 +7,6 @@
import org.appfuse.model.User;
import org.appfuse.service.RoleManager;
import org.appfuse.service.UserExistsException;
-import org.appfuse.util.StringUtil;
import org.appfuse.webapp.util.RequestUtil;
import javax.servlet.http.HttpServletResponse;
@@ -36,21 +35,6 @@
}
public String save() throws Exception {
- Boolean encrypt = (Boolean) getConfiguration().get(Constants.ENCRYPT_PASSWORD);
-
- if (encrypt != null && encrypt) {
- String algorithm = (String) getConfiguration().get(Constants.ENC_ALGORITHM);
-
- if (algorithm == null) { // should only happen for test case
- if (log.isDebugEnabled()) {
- log.debug("assuming testcase, setting algorithm to 'SHA'");
- }
- algorithm = "SHA";
- }
-
- user.setPassword(StringUtil.encodePassword(user.getPassword(), algorithm));
- }
-
user.setEnabled(true);
// Set the default user role on this new user
Index: web/spring/src/main/java/org/appfuse/webapp/controller/UserFormController.java
===================================================================
--- web/spring/src/main/java/org/appfuse/webapp/controller/UserFormController.java (revision 3043)
+++ web/spring/src/main/java/org/appfuse/webapp/controller/UserFormController.java (working copy)
@@ -13,7 +13,6 @@
import org.appfuse.service.RoleManager;
import org.appfuse.service.UserExistsException;
import org.appfuse.service.UserManager;
-import org.appfuse.util.StringUtil;
import org.appfuse.webapp.util.RequestUtil;
import org.springframework.validation.BindException;
import org.springframework.web.servlet.ModelAndView;
@@ -74,19 +73,7 @@
return new ModelAndView(getSuccessView());
} else {
- Boolean encrypt = (Boolean) getConfiguration().get(Constants.ENCRYPT_PASSWORD);
-
- if (StringUtils.equals(request.getParameter("encryptPass"), "true") && (encrypt != null && encrypt)) {
- String algorithm = (String) getConfiguration().get(Constants.ENC_ALGORITHM);
-
- if (algorithm == null) { // should only happen for test case
- log.debug("assuming testcase, setting algorithm to 'SHA'");
- algorithm = "SHA";
- }
-
- user.setPassword(StringUtil.encodePassword(user.getPassword(), algorithm));
- }
-
+
// only attempt to change roles if user is admin for other users,
// formBackingObject() method will handle populating
if (request.isUserInRole(Constants.ADMIN_ROLE)) {
@@ -103,7 +90,7 @@
Integer originalVersion = user.getVersion();
try {
- user = getUserManager().saveUser(user);
+ getUserManager().saveUser(user);
} catch (AccessDeniedException ade) {
// thrown by UserSecurityAdvice configured in aop:advisor userManagerSecurity
log.warn(ade.getMessage());
Index: web/spring/src/main/java/org/appfuse/webapp/controller/SignupController.java
===================================================================
--- web/spring/src/main/java/org/appfuse/webapp/controller/SignupController.java (revision 3043)
+++ web/spring/src/main/java/org/appfuse/webapp/controller/SignupController.java (working copy)
@@ -7,7 +7,6 @@
import org.appfuse.model.User;
import org.appfuse.service.RoleManager;
import org.appfuse.service.UserExistsException;
-import org.appfuse.util.StringUtil;
import org.appfuse.webapp.util.RequestUtil;
import org.springframework.validation.BindException;
import org.springframework.web.servlet.ModelAndView;
@@ -42,27 +41,14 @@
User user = (User) command;
Locale locale = request.getLocale();
-
- Boolean encrypt = (Boolean) getConfiguration().get(Constants.ENCRYPT_PASSWORD);
-
- if (encrypt != null && encrypt) {
- String algorithm = (String) getConfiguration().get(Constants.ENC_ALGORITHM);
-
- if (algorithm == null) { // should only happen for test case
- log.debug("assuming testcase, setting algorithm to 'SHA'");
- algorithm = "SHA";
- }
-
- user.setPassword(StringUtil.encodePassword(user.getPassword(), algorithm));
- }
-
+
user.setEnabled(true);
// Set the default user role on this new user
user.addRole(roleManager.getRole(Constants.USER_ROLE));
try {
- user = this.getUserManager().saveUser(user);
+ this.getUserManager().saveUser(user);
} catch (AccessDeniedException ade) {
// thrown by UserSecurityAdvice configured in aop:advisor userManagerSecurity
log.warn(ade.getMessage());
Index: web/struts/src/main/java/org/appfuse/webapp/action/SignupAction.java
===================================================================
--- web/struts/src/main/java/org/appfuse/webapp/action/SignupAction.java (revision 3043)
+++ web/struts/src/main/java/org/appfuse/webapp/action/SignupAction.java (working copy)
@@ -8,7 +8,6 @@
import org.appfuse.Constants;
import org.appfuse.model.User;
import org.appfuse.service.UserExistsException;
-import org.appfuse.util.StringUtil;
import org.appfuse.webapp.util.RequestUtil;
import javax.servlet.http.HttpServletResponse;
@@ -67,28 +66,13 @@
* @throws Exception when bad things happen
*/
public String save() throws Exception {
- Boolean encrypt = (Boolean) getConfiguration().get(Constants.ENCRYPT_PASSWORD);
-
- if (encrypt != null && encrypt) {
- String algorithm = (String) getConfiguration().get(Constants.ENC_ALGORITHM);
-
- if (algorithm == null) { // should only happen for test case
- if (log.isDebugEnabled()) {
- log.debug("assuming testcase, setting algorithm to 'SHA'");
- }
- algorithm = "SHA";
- }
-
- user.setPassword(StringUtil.encodePassword(user.getPassword(), algorithm));
- }
-
user.setEnabled(true);
// Set the default user role on this new user
user.addRole(roleManager.getRole(Constants.USER_ROLE));
try {
- user = userManager.saveUser(user);
+ userManager.saveUser(user);
} catch (AccessDeniedException ade) {
// thrown by UserSecurityAdvice configured in aop:advisor userManagerSecurity
log.warn(ade.getMessage());
Index: web/struts/src/main/java/org/appfuse/webapp/action/UserAction.java
===================================================================
--- web/struts/src/main/java/org/appfuse/webapp/action/UserAction.java (revision 3043)
+++ web/struts/src/main/java/org/appfuse/webapp/action/UserAction.java (working copy)
@@ -12,7 +12,6 @@
import org.appfuse.model.Role;
import org.appfuse.model.User;
import org.appfuse.service.UserExistsException;
-import org.appfuse.util.StringUtil;
import org.appfuse.webapp.util.RequestUtil;
import javax.servlet.http.HttpServletRequest;
@@ -156,20 +155,8 @@
* @return success if everything worked, otherwise input
* @throws IOException when setting "access denied" fails on response
*/
- public String save() throws IOException {
- Boolean encrypt = (Boolean) getConfiguration().get(Constants.ENCRYPT_PASSWORD);
+ public String save() throws Exception {
- if ("true".equals(getRequest().getParameter("encryptPass")) && (encrypt != null && encrypt)) {
- String algorithm = (String) getConfiguration().get(Constants.ENC_ALGORITHM);
-
- if (algorithm == null) { // should only happen for test case
- log.debug("assuming testcase, setting algorithm to 'SHA'");
- algorithm = "SHA";
- }
-
- user.setPassword(StringUtil.encodePassword(user.getPassword(), algorithm));
- }
-
Integer originalVersion = user.getVersion();
boolean isNew = ("".equals(getRequest().getParameter("user.version")));
@@ -186,7 +173,7 @@
}
try {
- user = userManager.saveUser(user);
+ userManager.saveUser(user);
} catch (AccessDeniedException ade) {
// thrown by UserSecurityAdvice configured in aop:advisor userManagerSecurity
log.warn(ade.getMessage());
Index: web/common/src/test/java/org/appfuse/webapp/listener/StartupListenerTest.java
===================================================================
--- web/common/src/test/java/org/appfuse/webapp/listener/StartupListenerTest.java (revision 3043)
+++ web/common/src/test/java/org/appfuse/webapp/listener/StartupListenerTest.java (working copy)
@@ -33,7 +33,8 @@
sc.addInitParameter(ContextLoader.CONFIG_LOCATION_PARAM,
"classpath:/applicationContext-dao.xml, " +
"classpath:/applicationContext-service.xml, " +
- "classpath:/applicationContext-resources.xml");
+ "classpath:/applicationContext-resources.xml, " +
+ "/applicationContext-test.xml");
springListener = new ContextLoaderListener();
springListener.contextInitialized(new ServletContextEvent(sc));
Index: web/common/src/test/resources/applicationContext-test.xml
===================================================================
--- web/common/src/test/resources/applicationContext-test.xml (revision 0)
+++ web/common/src/test/resources/applicationContext-test.xml (revision 0)
@@ -0,0 +1,11 @@
+
+
+
+
+
+
+
+
+
+
Index: web/common/src/main/java/org/appfuse/webapp/listener/StartupListener.java
===================================================================
--- web/common/src/main/java/org/appfuse/webapp/listener/StartupListener.java (revision 3043)
+++ web/common/src/main/java/org/appfuse/webapp/listener/StartupListener.java (working copy)
@@ -2,7 +2,8 @@
import org.acegisecurity.providers.AuthenticationProvider;
import org.acegisecurity.providers.ProviderManager;
-import org.acegisecurity.providers.encoding.Md5PasswordEncoder;
+import org.acegisecurity.providers.dao.DaoAuthenticationProvider;
+import org.acegisecurity.providers.encoding.PasswordEncoder;
import org.acegisecurity.providers.rememberme.RememberMeAuthenticationProvider;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
@@ -53,25 +54,17 @@
ApplicationContext ctx =
WebApplicationContextUtils.getRequiredWebApplicationContext(context);
- boolean encryptPassword = false;
+ PasswordEncoder passwordEncoder = null;
try {
ProviderManager provider = (ProviderManager) ctx.getBean("authenticationManager");
for (Object o : provider.getProviders()) {
AuthenticationProvider p = (AuthenticationProvider) o;
if (p instanceof RememberMeAuthenticationProvider) {
config.put("rememberMeEnabled", Boolean.TRUE);
+ } else if (p instanceof DaoAuthenticationProvider) {
+ passwordEncoder = ((DaoAuthenticationProvider) p).getPasswordEncoder();
}
}
-
- if (ctx.containsBean("passwordEncoder")) {
- encryptPassword = true;
- config.put(Constants.ENCRYPT_PASSWORD, Boolean.TRUE);
- String algorithm = "SHA";
- if (ctx.getBean("passwordEncoder") instanceof Md5PasswordEncoder) {
- algorithm = "MD5";
- }
- config.put(Constants.ENC_ALGORITHM, algorithm);
- }
} catch (NoSuchBeanDefinitionException n) {
log.debug("authenticationManager bean not found, assuming test and ignoring...");
// ignore, should only happen when testing
@@ -82,9 +75,8 @@
// output the retrieved values for the Init and Context Parameters
if (log.isDebugEnabled()) {
log.debug("Remember Me Enabled? " + config.get("rememberMeEnabled"));
- log.debug("Encrypt Passwords? " + encryptPassword);
- if (encryptPassword) {
- log.debug("Encryption Algorithm: " + config.get(Constants.ENC_ALGORITHM));
+ if (passwordEncoder != null) {
+ log.debug("Password Encryptor: " + passwordEncoder.getClass().getName());
}
log.debug("Populating drop-downs...");
}
Index: web/common/src/main/resources/log4j.xml
===================================================================
--- web/common/src/main/resources/log4j.xml (revision 3043)
+++ web/common/src/main/resources/log4j.xml (working copy)
@@ -9,7 +9,7 @@
value="%p [%t] %c{1}.%M(%L) | %m%n"/>
-
+
Index: web/common/src/main/webapp/WEB-INF/security.xml
===================================================================
--- web/common/src/main/webapp/WEB-INF/security.xml (revision 3043)
+++ web/common/src/main/webapp/WEB-INF/security.xml (working copy)
@@ -100,18 +100,13 @@
-
-
-
-
-
-
@@ -120,10 +115,19 @@
-
+
+
+
+
+
Index: web/tapestry/src/main/java/org/appfuse/webapp/pages/UserForm.java
===================================================================
--- web/tapestry/src/main/java/org/appfuse/webapp/pages/UserForm.java (revision 3043)
+++ web/tapestry/src/main/java/org/appfuse/webapp/pages/UserForm.java (working copy)
@@ -21,7 +21,6 @@
import org.appfuse.service.RoleManager;
import org.appfuse.service.UserExistsException;
import org.appfuse.service.UserManager;
-import org.appfuse.util.StringUtil;
import org.appfuse.webapp.util.RequestUtil;
import org.appfuse.webapp.pages.admin.UserList;
import org.springframework.mail.SimpleMailMessage;
@@ -124,25 +123,6 @@
return null;
}
- String password = getUser().getPassword();
- String originalPassword = getRequest().getParameter("originalPassword");
-
- Boolean encrypt = (Boolean) getConfiguration().get(Constants.ENCRYPT_PASSWORD);
- boolean doEncrypt = (encrypt != null) && encrypt;
-
- if (doEncrypt && (StringUtils.equals(getRequest().getParameter("encryptPass"), "true") ||
- !StringUtils.equals("S"+password, originalPassword)) ||
- ("X".equals(request.getParameter(("version"))))) {
- String algorithm = (String) getConfiguration().get(Constants.ENC_ALGORITHM);
-
- if (algorithm == null) { // should only happen for test case
- log.debug("assuming testcase, setting algorigthm to 'SHA'");
- algorithm = "SHA";
- }
-
- getUser().setPassword(StringUtil.encodePassword(password, algorithm));
- }
-
// workaround for input tags that don't aren't set by Tapestry (who knows why)
boolean fromList = StringUtils.equals(getFrom(), "list");
String[] userRoles;
Index: web/tapestry/src/main/java/org/appfuse/webapp/pages/SignupForm.java
===================================================================
--- web/tapestry/src/main/java/org/appfuse/webapp/pages/SignupForm.java (revision 3043)
+++ web/tapestry/src/main/java/org/appfuse/webapp/pages/SignupForm.java (working copy)
@@ -16,7 +16,6 @@
import org.appfuse.service.RoleManager;
import org.appfuse.service.UserExistsException;
import org.appfuse.service.UserManager;
-import org.appfuse.util.StringUtil;
import org.appfuse.webapp.util.RequestUtil;
import org.springframework.mail.SimpleMailMessage;
@@ -68,21 +67,6 @@
}
User user = getUser();
-
- Boolean encrypt = (Boolean) getConfiguration().get(Constants.ENCRYPT_PASSWORD);
-
- if (encrypt != null && encrypt) {
- String algorithm = (String) getConfiguration().get(Constants.ENC_ALGORITHM);
-
- if (algorithm == null) { // should only happen for test case
- if (log.isDebugEnabled()) {
- log.debug("assuming testcase, setting algorithm to 'SHA'");
- }
- algorithm = "SHA";
- }
- user.setPassword(StringUtil.encodePassword(user.getPassword(), algorithm));
- }
-
user.setEnabled(true);
// Set the default user role on this new user