Clone Tools
  • last updated 20 mins ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
ISIS-2156 hotfix: disable HttpSessions creation when basic-auth strategy

- several principal and related objects have been improved to procude

less stress on the heap

- smoketests added that also test for the absence of a HttpSession when

using basic-auth strategy against a rest endpoint

- also moves the new restclient introduced with v2 from applib to a new

extension module 'restclient'

- improvements to the restclient to also handle scalar value types

    • -2
    • +15
    ./secman/shiro/AuthInfoForApplicationUser.java
    • -0
    • +99
    ./secman/shiro/PrincipalCollectionForApplicationUserOnSingleRealm.java
    • -64
    • +51
    ./secman/shiro/PrincipalForApplicationUser.java
  1. … 31 more files in changeset.
ISIS-2156 bump shiro version 1.3.2 -> 1.4.1

- despite the unresolved shiro issue [1], however the mentioned

workaround appears to work:

filterChainResolver =

org.apache.shiro.web.filter.mgt.PathMatchingFilterChainResolver

[1] https://issues.apache.org/jira/browse/SHIRO-610

    • -4
    • +17
    ./secman/shiro/AuthInfoForApplicationUser.java
    • -15
    • +40
    ./secman/shiro/IsisModuleSecurityRealm.java
  1. … 4 more files in changeset.
ISIS-2156 enables smoketest for stress-testing the restful endpoint

- we now have the infrastructure to reproduce the memory leak issue

- also adds an optimization to the IsisModuleSecurityRealm, to not

authenticate a user twice per request

findings so far, PrincipalForApplicationUser indeed does not get garbage

collected

    • -0
    • +21
    ./secman/shiro/IsisModuleSecurityRealm.java
  1. … 2 more files in changeset.
batch update source format:

- Add missing '@Override' annotations

- Correct indentation

- Add file header (JAutodoc)

    • -2
    • +2
    ./secman/shiro/AuthInfoForApplicationUser.java
    • -3
    • +3
    ./secman/shiro/AuthenticationStrategyForIsisModuleSecurityRealm.java
    • -1
    • +1
    ./secman/shiro/IsisBootSecmanRealmShiro.java
    • -52
    • +52
    ./secman/shiro/IsisModuleSecurityRealm.java
    • -5
    • +5
    ./secman/shiro/PrincipalForApplicationUser.java
    • -4
    • +4
    ./secman/shiro/SecurityRealmServiceUsingShiro.java
  1. … 1061 more files in changeset.
batch update source format: organize imports and reorder

0=java

1=javax

2=com

3=org

4=org.apache.isis

5=org.isisaddons

6=org.incode

7=#

    • -9
    • +10
    ./secman/shiro/IsisModuleSecurityRealm.java
    • -1
    • +2
    ./secman/shiro/PermissionForMember.java
    • -2
    • +3
    ./secman/shiro/PrincipalForApplicationUser.java
    • -1
    • +2
    ./secman/shiro/SecurityRealmServiceUsingShiro.java
  1. … 797 more files in changeset.
ISIS-2156 allow for ShiroWebModule to be primed with a custom ini file

- also renames module 'smoketest' -> 'smoketests'

  1. … 87 more files in changeset.
ISIS-2157 minor: code cleanup and deduplication

    • -35
    • +27
    ./secman/shiro/IsisModuleSecurityRealm.java
ISIS-2157 fixes auto-create user related vulnerability

When using delegated authentication, desired behavior is to auto-create

user accounts in the DB only if these do successfully authenticate with

the delegated authentication mechanism, while the newly created user

will be disabled by default.

    • -31
    • +51
    ./secman/shiro/IsisModuleSecurityRealm.java
ISIS-2157 adds a FIXME[2157] marker to the problematic code

    • -12
    • +8
    ./secman/shiro/IsisModuleSecurityRealm.java
ISIS-2156 adds smoketest for Secman using delegated LDAP authentication

- testing for proper user auto-creation (initial state disabled)

- testing proper login/logout for existing user

    • -12
    • +17
    ./secman/shiro/AuthenticationStrategyForIsisModuleSecurityRealm.java
    • -1
    • +2
    ./secman/shiro/PrincipalCollectionWithSinglePrincipalForApplicationUserInAnyRealm.java
  1. … 8 more files in changeset.
ISIS-2156 adds smoketests for shiro

- testing the simple ini realm

- testing the module security (secman) realm (just a stub)

- also adds an embedded LDAP server for testing

    • -12
    • +5
    ./secman/shiro/AuthInfoForApplicationUser.java
    • -26
    • +18
    ./secman/shiro/IsisModuleSecurityRealm.java
  1. … 9 more files in changeset.
ISIS-2125 batch-update license headers for *.java files

    • -0
    • +18
    ./secman/shiro/AuthInfoForApplicationUser.java
    • -0
    • +18
    ./secman/shiro/AuthenticationStrategyForIsisModuleSecurityRealm.java
    • -0
    • +18
    ./secman/shiro/IsisModuleSecurityRealm.java
    • -0
    • +18
    ./secman/shiro/PermissionForMember.java
    • -0
    • +18
    ./secman/shiro/PermissionResolverForIsisShiroAuthorizor.java
    • -0
    • +18
    ./secman/shiro/PrincipalCollectionWithSinglePrincipalForApplicationUserInAnyRealm.java
    • -0
    • +18
    ./secman/shiro/PrincipalForApplicationUser.java
    • -0
    • +18
    ./secman/shiro/SecurityRealmServiceUsingShiro.java
  1. … 324 more files in changeset.
ISIS-2151 working on provisioning by Spring

- updates the demo-app to use the security manager extension

- yet sub menu entries are not placed correctly

- some services still need to be recognized by Spring for provisioning

but at least the demo does launch

    • -0
    • +30
    ./secman/shiro/IsisBootSecmanRealmShiro.java
  1. … 19 more files in changeset.
ISIS-2151 restructure module hierarchy, also splitting out encryption

    • -0
    • +49
    ./secman/shiro/AuthInfoForApplicationUser.java
    • -0
    • +35
    ./secman/shiro/AuthenticationStrategyForIsisModuleSecurityRealm.java
    • -0
    • +230
    ./secman/shiro/IsisModuleSecurityRealm.java
    • -0
    • +60
    ./secman/shiro/PermissionForMember.java
    • -0
    • +15
    ./secman/shiro/PermissionResolverForIsisShiroAuthorizor.java
    • -0
    • +35
    ./secman/shiro/PrincipalCollectionWithSinglePrincipalForApplicationUserInAnyRealm.java
    • -0
    • +136
    ./secman/shiro/PrincipalForApplicationUser.java
    • -0
    • +15
    ./secman/shiro/SecurityRealmServiceUsingShiro.java
    • -0
    • +41
    ./secman/shiro/ShiroUtils.java
  1. … 212 more files in changeset.