From 6bad0e75a6037ffb2c21d94ce116a1b9116d9a0b Mon Sep 17 00:00:00 2001 From: jomu Date: Wed, 12 Dec 2018 16:37:09 +0100 Subject: [PATCH] fixed missing check for disabled accounts --- account-ui/src/main/webapp/WEB-INF/shiro.ini | 124 +++++++++---------- 1 file changed, 62 insertions(+), 62 deletions(-) diff --git a/account-ui/src/main/webapp/WEB-INF/shiro.ini b/account-ui/src/main/webapp/WEB-INF/shiro.ini index a47f5aa..1c05288 100644 --- a/account-ui/src/main/webapp/WEB-INF/shiro.ini +++ b/account-ui/src/main/webapp/WEB-INF/shiro.ini @@ -1,62 +1,62 @@ -[main] - -# Context factory required for LDAP -${shiro.contextFactory} - -cacheManager = org.apache.shiro.cache.MemoryConstrainedCacheManager -securityManager.cacheManager = $cacheManager - -# DataSource Setup -datasource = org.apache.shiro.jndi.JndiObjectFactory -datasource.resourceName = java:/jboss/accountDs -datasource.resourceRef = true - -# HashService -hashService = org.apache.shiro.crypto.hash.DefaultHashService -hashService.hashIterations = 500000 -hashService.hashAlgorithmName = SHA-512 -hashService.generatePublicSalt = true - -# Password service -passwordService = org.apache.shiro.authc.credential.DefaultPasswordService -passwordService.hashService = $hashService - -# Required password matcher -${shiro.passwordMatcher} - -# LDAP Realm setup -${shiro.ldapRealm} - -# JDBC Realm setup -jdbcRealm = org.apache.shiro.realm.jdbc.JdbcRealm -jdbcRealm.permissionsLookupEnabled=true -jdbcRealm.authenticationQuery = SELECT accl.account_password from account acc, account_login accl, account_role accr, application_role appr WHERE accl.account = acc.id AND acc.id = accr.account AND accr.account_role = appr.id AND appr.application = '143a2bd3-7e0b-4162-a76e-3031331c7dfe' AND acc.status not in ('LOCKED','DELETED') AND acc.username = ? -jdbcRealm.userRolesQuery = select r.role_name from application_role r, account_role ar, account a WHERE a.username = ? AND a.id = ar.account AND ar.account_role = r.id -jdbcRealm.permissionsQuery = select permission_name from application_role appr, role_permission rp, application_permission appp WHERE appr.role_name = ? AND appr.application = '${applicationUuid}' AND rp.application_role = appr.id AND rp.role_permission = appp.id -jdbcRealm.credentialsMatcher = $passwordMatcher -jdbcRealm.dataSource = $datasource - -# Activate realms -authcStrategy = ${shiro.authcStrategy} -securityManager.realms = ${shiro.realms} -securityManager.authenticator.authenticationStrategy = $authcStrategy - -# Setup authentication filter -authc = de.muehlencord.shirofaces.filter.FacesAjaxAwarePassThruAuthenticationFilter -authc.loginUrl = /login.xhtml -authc.successUrl = /web/index.xhtml - -roles.unauthorizedUrl = /error/accessDenied.xhtml - -# -# filter setup -# -[urls] -/public/**=anon -/resources/**=anon -/fonts/**=anon -/javax.faces.resource/**=anon -/login.xhtml=authc -/logout.xhtml=logout -/**=authc -# /web/**=authc +[main] + +# Context factory required for LDAP +${shiro.contextFactory} + +cacheManager = org.apache.shiro.cache.MemoryConstrainedCacheManager +securityManager.cacheManager = $cacheManager + +# DataSource Setup +datasource = org.apache.shiro.jndi.JndiObjectFactory +datasource.resourceName = java:/jboss/accountDs +datasource.resourceRef = true + +# HashService +hashService = org.apache.shiro.crypto.hash.DefaultHashService +hashService.hashIterations = 500000 +hashService.hashAlgorithmName = SHA-512 +hashService.generatePublicSalt = true + +# Password service +passwordService = org.apache.shiro.authc.credential.DefaultPasswordService +passwordService.hashService = $hashService + +# Required password matcher +${shiro.passwordMatcher} + +# LDAP Realm setup +${shiro.ldapRealm} + +# JDBC Realm setup +jdbcRealm = org.apache.shiro.realm.jdbc.JdbcRealm +jdbcRealm.permissionsLookupEnabled=true +jdbcRealm.authenticationQuery = SELECT accl.account_password from account acc, account_login accl, account_role accr, application_role appr WHERE accl.account = acc.id AND acc.id = accr.account AND accr.account_role = appr.id AND appr.application = '143a2bd3-7e0b-4162-a76e-3031331c7dfe' AND acc.status not in ('LOCKED','DELETED','DISABLED') AND acc.username = ? +jdbcRealm.userRolesQuery = select r.role_name from application_role r, account_role ar, account a WHERE a.username = ? AND a.id = ar.account AND ar.account_role = r.id +jdbcRealm.permissionsQuery = select permission_name from application_role appr, role_permission rp, application_permission appp WHERE appr.role_name = ? AND appr.application = '${applicationUuid}' AND rp.application_role = appr.id AND rp.role_permission = appp.id +jdbcRealm.credentialsMatcher = $passwordMatcher +jdbcRealm.dataSource = $datasource + +# Activate realms +authcStrategy = ${shiro.authcStrategy} +securityManager.realms = ${shiro.realms} +securityManager.authenticator.authenticationStrategy = $authcStrategy + +# Setup authentication filter +authc = de.muehlencord.shirofaces.filter.FacesAjaxAwarePassThruAuthenticationFilter +authc.loginUrl = /login.xhtml +authc.successUrl = /web/index.xhtml + +roles.unauthorizedUrl = /error/accessDenied.xhtml + +# +# filter setup +# +[urls] +/public/**=anon +/resources/**=anon +/fonts/**=anon +/javax.faces.resource/**=anon +/login.xhtml=authc +/logout.xhtml=logout +/**=authc +# /web/**=authc