[Hyperic-hq-discuss] hq r14225 - in trunk: src/org/hyperic/hq/ui/security web/META-INF

[<dcr...@hy...>]

Author: dcrutchf
Date: 2010-01-22 16:33:09 -0800 (Fri, 22 Jan 2010)
New Revision: 14225
URL: http://svn.hyperic.org/?view=rev&root=Hyperic+HQ&revision=14225

Modified:
   trunk/src/org/hyperic/hq/ui/security/SessionInitializationStrategy.java
   trunk/web/META-INF/security-context.xml
Log:
Implemented and wired up a RedirectStrategy to handle user registration for user authenticating via external auth sources

Modified: trunk/src/org/hyperic/hq/ui/security/SessionInitializationStrategy.java
===================================================================
--- trunk/src/org/hyperic/hq/ui/security/SessionInitializationStrategy.java	2010-01-22 23:22:31 UTC (rev 14224)
+++ trunk/src/org/hyperic/hq/ui/security/SessionInitializationStrategy.java	2010-01-23 00:33:09 UTC (rev 14225)
@@ -50,10 +50,10 @@
     private static Log log = LogFactory.getLog(SessionInitializationStrategy.class.getName());
     
     public void onAuthentication(Authentication authentication, HttpServletRequest request, HttpServletResponse response) throws SessionAuthenticationException {
-        if (log.isDebugEnabled()) {
-            log.debug("Initializing User Preferences...");
-        }
+        final boolean debug = log.isDebugEnabled();
         
+        if (debug) log.debug("Initializing User Preferences...");
+        
         // The following is logic taken from the old HQ Authentication Filter
         try {
             AuthzSubjectManagerLocal authzSubjectManager = AuthzSubjectManagerEJBImpl.getOne();
@@ -78,10 +78,6 @@
                 needsRegistration = subjPojo.getEmailAddress() == null || subjPojo.getEmailAddress().length() == 0;
             }
             
-            if (needsRegistration && log.isDebugEnabled()) {
-                log.debug("Authentic user but no HQ entity...must have authenticated against LDAP/Kerberos/Other authentication handler...needs registration");
-            }
-            
             // figure out if the user has a principal
             boolean hasPrincipal = authBoss.isUser(sessionId, subject.getName());
             ConfigResponse preferences = needsRegistration ? new ConfigResponse() : getUserPreferences(ctx, sessionId, subject.getId(), authzBoss);
@@ -90,9 +86,7 @@
             // Add WebUser to Session
             session.setAttribute(Constants.WEBUSER_SES_ATTR, webUser);
             
-            if (log.isDebugEnabled()) {
-                log.debug("WebUser object created and stashed in the session");
-            }
+            if (debug) log.debug("WebUser object created and stashed in the session");
             
             // TODO - We should use Spring Security for handling user permissions...
             Map<String, Boolean> userOperationsMap = new HashMap<String, Boolean>();
@@ -102,9 +96,7 @@
                 session.setAttribute(Constants.PASSWORD_SES_ATTR, authentication.getCredentials().toString());
                 session.setAttribute(Constants.NEEDS_REGISTRATION, Boolean.TRUE);
                 
-                if (log.isDebugEnabled()) {
-                    log.debug("Stashing registration parameters in the session for later use");
-                }
+                if (debug) log.debug("Stashing registration parameters in the session for later use");
             } else {
                 userOperationsMap = loadUserPermissions(webUser.getSessionId(), authzBoss);
             }
@@ -115,9 +107,9 @@
             loadDashboard(ctx, webUser, authzBoss);
             setXlibFlag(session);
             
-            if (log.isDebugEnabled()) {
-                log.debug("Stashing user operations in the session");
-            }
+            if (debug) log.debug("Stashing user operations in the session");
+            
+            if (debug && needsRegistration) log.debug("Authentic user but no HQ entity, must have authenticated outside of HQ...needs registration");
         } catch (SessionException e) {
             log.error(e);
             

Modified: trunk/web/META-INF/security-context.xml
===================================================================
--- trunk/web/META-INF/security-context.xml	2010-01-22 23:22:31 UTC (rev 14224)
+++ trunk/web/META-INF/security-context.xml	2010-01-23 00:33:09 UTC (rev 14225)
@@ -10,7 +10,7 @@
            http://www.springframework.org/schema/security/spring-security-3.0.xsd"> 
 	<!-- Auto wire our custom security beans -->
 	<context:component-scan base-package="org.hyperic.hq.ui.security" />
-		
+	
 	<bean id="filterChainProxy" class="org.springframework.security.web.FilterChainProxy">
 		<sec:filter-chain-map path-type="ant">
 			<sec:filter-chain pattern="/login.jsp" filters="none" />
@@ -67,7 +67,7 @@
 			<bean class="org.springframework.security.web.access.AccessDeniedHandlerImpl" />
 		</property>
 	</bean>
-	
+
 	<!-- For form-based authentication -->
 	<bean id="formBasedAuthenticationFilter" class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter">
 		<property name="authenticationManager" ref="authenticationManager" />
@@ -75,6 +75,11 @@
 		<property name="authenticationSuccessHandler">
 			<bean class="org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler">
 				<property name="defaultTargetUrl" value="/Dashboard.do" />
+				<property name="redirectStrategy">
+					<bean class="org.hyperic.hq.ui.security.RegistrationRedirectStrategy">
+						<constructor-arg value="/admin/user/UserAdmin.do?mode=register" />
+					</bean>
+				</property>
 			</bean>
 		</property>
 		<property name="authenticationFailureHandler">
@@ -113,7 +118,7 @@
 		</property>
 		<property name="securityMetadataSource">
 			<sec:filter-security-metadata-source>
-				<sec:intercept-url pattern="/login.jsp" />
+				<sec:intercept-url pattern="/login.jsp" access="ROLE_ANONYMOUS" />
 		    	<sec:intercept-url pattern="/favicon.ico" />  
 		    	<sec:intercept-url pattern="/css/**" />  
 		    	<sec:intercept-url pattern="/js/**" />