Ajout du hashage des mots de passe dans Acegi
Correction en conséquence de SessionService Ajout d'une vérification de duplication d'email dans UserRegister
This commit is contained in:
@@ -42,12 +42,6 @@ http://www.springframework.org/schema/beans http://www.springframework.org/schem
|
|||||||
<property name="providers">
|
<property name="providers">
|
||||||
<list>
|
<list>
|
||||||
<ref local="daoAuthenticationProvider"/>
|
<ref local="daoAuthenticationProvider"/>
|
||||||
<bean class="org.acegisecurity.providers.anonymous.AnonymousAuthenticationProvider">
|
|
||||||
<property name="key" value="changeThis"/>
|
|
||||||
</bean>
|
|
||||||
<bean class="org.acegisecurity.providers.rememberme.RememberMeAuthenticationProvider">
|
|
||||||
<property name="key" value="changeThis"/>
|
|
||||||
</bean>
|
|
||||||
</list>
|
</list>
|
||||||
</property>
|
</property>
|
||||||
</bean>
|
</bean>
|
||||||
@@ -66,6 +60,12 @@ http://www.springframework.org/schema/beans http://www.springframework.org/schem
|
|||||||
</property>
|
</property>
|
||||||
</bean>
|
</bean>
|
||||||
</property>
|
</property>
|
||||||
|
<property name="passwordEncoder" ref="passwordEncoder"/>
|
||||||
|
</bean>
|
||||||
|
|
||||||
|
<bean id="passwordEncoder"
|
||||||
|
class="org.acegisecurity.providers.encoding.ShaPasswordEncoder">
|
||||||
|
<constructor-arg value="256"/>
|
||||||
</bean>
|
</bean>
|
||||||
|
|
||||||
<bean id="userDetailsService" class="org.yacos.auth.UserDetailsService">
|
<bean id="userDetailsService" class="org.yacos.auth.UserDetailsService">
|
||||||
|
|||||||
@@ -59,7 +59,6 @@ public class UserDetails implements org.acegisecurity.userdetails.UserDetails {
|
|||||||
authorities[i] = new GrantedAuthorityImpl("ROLE_"+rolesList.get(i).getType().name());
|
authorities[i] = new GrantedAuthorityImpl("ROLE_"+rolesList.get(i).getType().name());
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
return (GrantedAuthority[]) authorities;
|
return (GrantedAuthority[]) authorities;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -45,7 +45,7 @@ public class ChoosePreferenceController extends SimpleFormController {
|
|||||||
// TODO : mock object, replace with real user management
|
// TODO : mock object, replace with real user management
|
||||||
User toto = userManager.getUser("toto");
|
User toto = userManager.getUser("toto");
|
||||||
if(toto == null){
|
if(toto == null){
|
||||||
toto = userManager.addUser("toto", "toto", "Toto", "Toto", "Toto corp.", "toto@totocorp.com");
|
toto = userManager.addUser("toto",User.hashPassword("toto"), "Toto", "Toto", "Toto corp.", "toto@totocorp.com");
|
||||||
}
|
}
|
||||||
ArrayList<Preference> preferencesList = new ArrayList<Preference>();
|
ArrayList<Preference> preferencesList = new ArrayList<Preference>();
|
||||||
Preference pref;
|
Preference pref;
|
||||||
|
|||||||
@@ -114,7 +114,7 @@ public class EvaluationController extends SimpleFormController {
|
|||||||
System.out.println("le title est: "+article.getTitle());
|
System.out.println("le title est: "+article.getTitle());
|
||||||
User toto = userManager.getUser("toto");
|
User toto = userManager.getUser("toto");
|
||||||
if(toto == null){
|
if(toto == null){
|
||||||
toto = userManager.addUser("toto", "toto", "Toto", "Toto", "Toto corp.", "toto@totocorp.com");
|
toto = userManager.addUser("toto",User.hashPassword("toto"), "Toto", "Toto", "Toto corp.", "toto@totocorp.com");
|
||||||
}
|
}
|
||||||
|
|
||||||
Report rpt =new Report(commentPCMember,commentAuthor,listeRating,toto,article);
|
Report rpt =new Report(commentPCMember,commentAuthor,listeRating,toto,article);
|
||||||
|
|||||||
@@ -96,6 +96,12 @@ public class AddConferenceController extends AbstractWizardFormController {
|
|||||||
listPersonFiltered.remove(truePerson);
|
listPersonFiltered.remove(truePerson);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public void addInvitation(String email){
|
||||||
|
PersonBean invitationBean = new PersonBean();
|
||||||
|
invitationBean.setLogin(email);
|
||||||
|
listPersonAdded.add(invitationBean);
|
||||||
|
}
|
||||||
|
|
||||||
public void deletePerson(PersonBean b) {
|
public void deletePerson(PersonBean b) {
|
||||||
|
|
||||||
PersonBean truePerson = getTruePerson(b.getLogin());
|
PersonBean truePerson = getTruePerson(b.getLogin());
|
||||||
|
|||||||
@@ -10,6 +10,8 @@ import org.springframework.validation.BindException;
|
|||||||
import org.springframework.web.servlet.ModelAndView;
|
import org.springframework.web.servlet.ModelAndView;
|
||||||
import org.springframework.web.servlet.mvc.SimpleFormController;
|
import org.springframework.web.servlet.mvc.SimpleFormController;
|
||||||
import org.springframework.web.servlet.view.RedirectView;
|
import org.springframework.web.servlet.view.RedirectView;
|
||||||
|
import org.yacos.core.exceptions.PKAlreadyUsedException;
|
||||||
|
import org.yacos.core.exceptions.UserEMailAlreadyExistsException;
|
||||||
import org.yacos.core.users.IUserManager;
|
import org.yacos.core.users.IUserManager;
|
||||||
import org.yacos.core.users.User;
|
import org.yacos.core.users.User;
|
||||||
import org.yacos.web.system.form.FormUser;
|
import org.yacos.web.system.form.FormUser;
|
||||||
@@ -30,26 +32,28 @@ public class SUserRegistrationController extends SimpleFormController {
|
|||||||
*/
|
*/
|
||||||
@Override
|
@Override
|
||||||
protected ModelAndView onSubmit(HttpServletRequest request,
|
protected ModelAndView onSubmit(HttpServletRequest request,
|
||||||
HttpServletResponse response, Object command, BindException errors)
|
HttpServletResponse response, Object command, BindException errors) {
|
||||||
throws Exception {
|
|
||||||
FormUser userCommand = (FormUser) command;
|
FormUser userCommand = (FormUser) command;
|
||||||
|
|
||||||
// Tries to retrieve the current user : case of user modification
|
// Tries to retrieve the current user : case of user modification
|
||||||
User user = SessionService.getInstance().getCurrentUser();
|
User user = SessionService.getInstance().getCurrentUser();
|
||||||
|
|
||||||
if( (userCommand.getIsNew()) && (userManager.getUser(userCommand.getLogin()) != null)){
|
|
||||||
errors.rejectValue("login", "form.register.error.alreadyExists");
|
|
||||||
return new ModelAndView(new RedirectView(getFormView()));
|
|
||||||
}
|
|
||||||
|
|
||||||
if( userCommand.getIsNew() ){
|
if( userCommand.getIsNew() ){
|
||||||
userManager.addUser(
|
try {
|
||||||
userCommand.getLogin(),
|
userManager.addUser(
|
||||||
userCommand.getPassword(),
|
userCommand.getLogin(),
|
||||||
userCommand.getFirstName(),
|
User.hashPassword(userCommand.getPassword()),
|
||||||
userCommand.getLastName(),
|
userCommand.getFirstName(),
|
||||||
userCommand.getOrganization(),
|
userCommand.getLastName(),
|
||||||
userCommand.getEmail());
|
userCommand.getOrganization(),
|
||||||
|
userCommand.getEmail());
|
||||||
|
} catch (PKAlreadyUsedException e) {
|
||||||
|
errors.rejectValue("login", "form.register.error.alreadyExists");
|
||||||
|
return new ModelAndView(new RedirectView(getFormView()));
|
||||||
|
} catch (UserEMailAlreadyExistsException e) {
|
||||||
|
errors.rejectValue("email", "form.register.error.alreadyExists");
|
||||||
|
return new ModelAndView(new RedirectView(getFormView()));
|
||||||
|
}
|
||||||
} else {
|
} else {
|
||||||
user.setEmail(userCommand.getEmail());
|
user.setEmail(userCommand.getEmail());
|
||||||
user.setFirstName(userCommand.getFirstName());
|
user.setFirstName(userCommand.getFirstName());
|
||||||
|
|||||||
@@ -7,7 +7,10 @@ import javax.servlet.ServletContext;
|
|||||||
import javax.servlet.http.HttpServletRequest;
|
import javax.servlet.http.HttpServletRequest;
|
||||||
import org.acegisecurity.Authentication;
|
import org.acegisecurity.Authentication;
|
||||||
import org.acegisecurity.context.SecurityContextHolder;
|
import org.acegisecurity.context.SecurityContextHolder;
|
||||||
|
import org.acegisecurity.providers.UsernamePasswordAuthenticationToken;
|
||||||
import org.acegisecurity.providers.dao.DaoAuthenticationProvider;
|
import org.acegisecurity.providers.dao.DaoAuthenticationProvider;
|
||||||
|
import org.acegisecurity.providers.encoding.ShaPasswordEncoder;
|
||||||
|
import org.acegisecurity.userdetails.UserDetails;
|
||||||
import org.springframework.web.util.WebUtils;
|
import org.springframework.web.util.WebUtils;
|
||||||
import org.yacos.auth.UserDetailsService;
|
import org.yacos.auth.UserDetailsService;
|
||||||
import org.yacos.core.conferences.Conference;
|
import org.yacos.core.conferences.Conference;
|
||||||
@@ -107,9 +110,12 @@ public class SessionService {
|
|||||||
request.setAttribute("currentConference", currentConference);
|
request.setAttribute("currentConference", currentConference);
|
||||||
// Refreshing user credentials
|
// Refreshing user credentials
|
||||||
Authentication currentAuthentication = SecurityContextHolder.getContext().getAuthentication();
|
Authentication currentAuthentication = SecurityContextHolder.getContext().getAuthentication();
|
||||||
DaoAuthenticationProvider authProvider = new DaoAuthenticationProvider();
|
if(currentAuthentication instanceof UsernamePasswordAuthenticationToken){
|
||||||
authProvider.setUserDetailsService(new UserDetailsService());
|
DaoAuthenticationProvider authProvider = new DaoAuthenticationProvider();
|
||||||
SecurityContextHolder.getContext().setAuthentication(authProvider.authenticate(currentAuthentication));
|
authProvider.setPasswordEncoder(new ShaPasswordEncoder(256));
|
||||||
|
authProvider.setUserDetailsService(new UserDetailsService());
|
||||||
|
SecurityContextHolder.getContext().setAuthentication(authProvider.authenticate(currentAuthentication));
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|||||||
Reference in New Issue
Block a user