Changeset 4209

Timestamp:

12/20/13 15:59:51 (10 years ago)

Author:

olhsha

Message:

following Eric's instruction in security management in Dasish: removing a separate security DB, making authentication tables the part of the main DB, keeping hashed passwords. Used spring-security configuration for hashes with BCryptPasswordEncoder as recommended.

Location:

DASISH/t5.6/backend/annotator-backend/trunk/annotator-backend

Files:

• nb-configuration.xml (modified) (1 diff)
• pom.xml (modified) (1 diff)
• src/main/java/eu/dasish/annotation/backend/rest/AnnotationResource.java (modified) (4 diffs)
• src/main/resources/spring-config/applicationContext-security.xml (modified) (2 diffs)
• src/main/resources/spring-config/bCryptPasswordEncoder.xml (added)
• src/main/resources/spring-config/cachedRepresentationDao.xml (modified) (1 diff)
• src/main/resources/spring-config/securityDataSource.xml (deleted)
• src/test/java/eu/dasish/annotation/backend/rest/AnnotationsTest.java (modified) (1 diff)
• src/test/java/eu/dasish/annotation/backend/rest/BCryptTestUserPasswordEncoder.java (added)

DASISH/t5.6/backend/annotator-backend/trunk/annotator-backend/nb-configuration.xml

@@ -20 +20 @@
         <config-files>
             <config-file>src/main/resources/spring-config/applicationContext-security.xml</config-file>
-            <config-file>src/main/resources/spring-config/securityDataSource.xml</config-file>
-            <config-file>src/test/resources/spring-test-config/jaxbMarshallerFactory.xml</config-file>
-            <config-file>src/test/resources/spring-integrity-test-config/dataSource.xml</config-file>
-            <config-file>src/test/resources/spring-integrity-test-config/annotationDao.xml</config-file>
-            <config-file>src/test/resources/spring-integrity-test-config/userDao.xml</config-file>
-            <config-file>src/test/resources/spring-integrity-test-config/targetDao.xml</config-file>
-            <config-file>src/test/resources/spring-integrity-test-config/cachedRepresentationDao.xml</config-file>
-            <config-file>src/test/resources/spring-integrity-test-config/componentscan.xml</config-file>
-            <config-file>src/test/resources/spring-integrity-test-config/dbIntegrityService.xml</config-file>
-            <config-file>src/test/resources/spring-integrity-test-config/JaxbMarshallerFactory.xml</config-file>
+            <config-file>src/main/resources/spring-config/bCryptPasswordEncoder.xml</config-file>
         </config-files>
         <config-file-groups/>

DASISH/t5.6/backend/annotator-backend/trunk/annotator-backend/pom.xml

@@ -246 +246 @@
     <properties>
         <jersey.version>1.17.1</jersey.version>
-        <spring.version>3.0.0.RELEASE</spring.version>
+        <spring.version>3.2.0.RELEASE</spring.version>
         <slf4j.version>1.7.5</slf4j.version>
         <glassfish.version>3.1.1</glassfish.version>

DASISH/t5.6/backend/annotator-backend/trunk/annotator-backend/src/main/java/eu/dasish/annotation/backend/rest/AnnotationResource.java

@@ -124 +124 @@
             return rootElement;
         } else {
-            httpServletResponse.sendError(HttpServletResponse.SC_FORBIDDEN);
+            httpServletResponse.sendError(HttpServletResponse.SC_FORBIDDEN, "The logged-in user cannot read the annotation.");
             return null;
         }
@@ -145 +145 @@
             return new ObjectFactory().createTargetList(TargetList);
         } else {
-            httpServletResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED);
+            httpServletResponse.sendError(HttpServletResponse.SC_FORBIDDEN, "The logged-in user cannot read the annotation.");
             return null;
         }
@@ -188 +188 @@
             return new ObjectFactory().createPermissionList(permissionList);
         } else {
-            httpServletResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED);
+            httpServletResponse.sendError(HttpServletResponse.SC_FORBIDDEN, "The logged-in user cannot read the annotation.");
             return null;
         }
@@ -209 +209 @@
             return result + " annotation(s) deleted.";
         } else {
-            httpServletResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED);
+            httpServletResponse.sendError(HttpServletResponse.SC_FORBIDDEN, "The logged-in user cannot delete the annotation. Only the owner can delete the annotation.");
             return null;
         }

DASISH/t5.6/backend/annotator-backend/trunk/annotator-backend/src/main/resources/spring-config/applicationContext-security.xml

@@ -25 +25 @@
            http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
            http://www.springframework.org/schema/security
-           http://www.springframework.org/schema/security/spring-security-3.0.xsd">    
+           http://www.springframework.org/schema/security/spring-security-3.2.xsd">    
 
 
@@ -36 +36 @@
 </http>
 
-
 <authentication-manager>
     <authentication-provider>
-        <jdbc-user-service data-source-ref="securityDataSource"/>
+        <password-encoder ref="bCryptPasswordEncoder"/>
+        <jdbc-user-service data-source-ref="dataSource"/>
     </authentication-provider>
 </authentication-manager>

DASISH/t5.6/backend/annotator-backend/trunk/annotator-backend/src/main/resources/spring-config/cachedRepresentationDao.xml

@@ -21 +21 @@
 <beans xmlns="http://www.springframework.org/schema/beans"
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-
        xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
 ">

DASISH/t5.6/backend/annotator-backend/trunk/annotator-backend/src/test/java/eu/dasish/annotation/backend/rest/AnnotationsTest.java

@@ -250 +250 @@
         return resource.header(HttpHeaders.AUTHORIZATION, "Basic "  + new String(Base64.encode(DummyPrincipal.DUMMY_PRINCIPAL.getName()+":olhapassword")));
     }
+    
+    
 }