fixed missing check for disabled accounts
This commit is contained in:
@ -1,62 +1,62 @@
|
||||
[main]
|
||||
|
||||
# Context factory required for LDAP
|
||||
${shiro.contextFactory}
|
||||
|
||||
cacheManager = org.apache.shiro.cache.MemoryConstrainedCacheManager
|
||||
securityManager.cacheManager = $cacheManager
|
||||
|
||||
# DataSource Setup
|
||||
datasource = org.apache.shiro.jndi.JndiObjectFactory
|
||||
datasource.resourceName = java:/jboss/accountDs
|
||||
datasource.resourceRef = true
|
||||
|
||||
# HashService
|
||||
hashService = org.apache.shiro.crypto.hash.DefaultHashService
|
||||
hashService.hashIterations = 500000
|
||||
hashService.hashAlgorithmName = SHA-512
|
||||
hashService.generatePublicSalt = true
|
||||
|
||||
# Password service
|
||||
passwordService = org.apache.shiro.authc.credential.DefaultPasswordService
|
||||
passwordService.hashService = $hashService
|
||||
|
||||
# Required password matcher
|
||||
${shiro.passwordMatcher}
|
||||
|
||||
# LDAP Realm setup
|
||||
${shiro.ldapRealm}
|
||||
|
||||
# JDBC Realm setup
|
||||
jdbcRealm = org.apache.shiro.realm.jdbc.JdbcRealm
|
||||
jdbcRealm.permissionsLookupEnabled=true
|
||||
jdbcRealm.authenticationQuery = SELECT accl.account_password from account acc, account_login accl, account_role accr, application_role appr WHERE accl.account = acc.id AND acc.id = accr.account AND accr.account_role = appr.id AND appr.application = '143a2bd3-7e0b-4162-a76e-3031331c7dfe' AND acc.status not in ('LOCKED','DELETED') AND acc.username = ?
|
||||
jdbcRealm.userRolesQuery = select r.role_name from application_role r, account_role ar, account a WHERE a.username = ? AND a.id = ar.account AND ar.account_role = r.id
|
||||
jdbcRealm.permissionsQuery = select permission_name from application_role appr, role_permission rp, application_permission appp WHERE appr.role_name = ? AND appr.application = '${applicationUuid}' AND rp.application_role = appr.id AND rp.role_permission = appp.id
|
||||
jdbcRealm.credentialsMatcher = $passwordMatcher
|
||||
jdbcRealm.dataSource = $datasource
|
||||
|
||||
# Activate realms
|
||||
authcStrategy = ${shiro.authcStrategy}
|
||||
securityManager.realms = ${shiro.realms}
|
||||
securityManager.authenticator.authenticationStrategy = $authcStrategy
|
||||
|
||||
# Setup authentication filter
|
||||
authc = de.muehlencord.shirofaces.filter.FacesAjaxAwarePassThruAuthenticationFilter
|
||||
authc.loginUrl = /login.xhtml
|
||||
authc.successUrl = /web/index.xhtml
|
||||
|
||||
roles.unauthorizedUrl = /error/accessDenied.xhtml
|
||||
|
||||
#
|
||||
# filter setup
|
||||
#
|
||||
[urls]
|
||||
/public/**=anon
|
||||
/resources/**=anon
|
||||
/fonts/**=anon
|
||||
/javax.faces.resource/**=anon
|
||||
/login.xhtml=authc
|
||||
/logout.xhtml=logout
|
||||
/**=authc
|
||||
# /web/**=authc
|
||||
[main]
|
||||
|
||||
# Context factory required for LDAP
|
||||
${shiro.contextFactory}
|
||||
|
||||
cacheManager = org.apache.shiro.cache.MemoryConstrainedCacheManager
|
||||
securityManager.cacheManager = $cacheManager
|
||||
|
||||
# DataSource Setup
|
||||
datasource = org.apache.shiro.jndi.JndiObjectFactory
|
||||
datasource.resourceName = java:/jboss/accountDs
|
||||
datasource.resourceRef = true
|
||||
|
||||
# HashService
|
||||
hashService = org.apache.shiro.crypto.hash.DefaultHashService
|
||||
hashService.hashIterations = 500000
|
||||
hashService.hashAlgorithmName = SHA-512
|
||||
hashService.generatePublicSalt = true
|
||||
|
||||
# Password service
|
||||
passwordService = org.apache.shiro.authc.credential.DefaultPasswordService
|
||||
passwordService.hashService = $hashService
|
||||
|
||||
# Required password matcher
|
||||
${shiro.passwordMatcher}
|
||||
|
||||
# LDAP Realm setup
|
||||
${shiro.ldapRealm}
|
||||
|
||||
# JDBC Realm setup
|
||||
jdbcRealm = org.apache.shiro.realm.jdbc.JdbcRealm
|
||||
jdbcRealm.permissionsLookupEnabled=true
|
||||
jdbcRealm.authenticationQuery = SELECT accl.account_password from account acc, account_login accl, account_role accr, application_role appr WHERE accl.account = acc.id AND acc.id = accr.account AND accr.account_role = appr.id AND appr.application = '143a2bd3-7e0b-4162-a76e-3031331c7dfe' AND acc.status not in ('LOCKED','DELETED','DISABLED') AND acc.username = ?
|
||||
jdbcRealm.userRolesQuery = select r.role_name from application_role r, account_role ar, account a WHERE a.username = ? AND a.id = ar.account AND ar.account_role = r.id
|
||||
jdbcRealm.permissionsQuery = select permission_name from application_role appr, role_permission rp, application_permission appp WHERE appr.role_name = ? AND appr.application = '${applicationUuid}' AND rp.application_role = appr.id AND rp.role_permission = appp.id
|
||||
jdbcRealm.credentialsMatcher = $passwordMatcher
|
||||
jdbcRealm.dataSource = $datasource
|
||||
|
||||
# Activate realms
|
||||
authcStrategy = ${shiro.authcStrategy}
|
||||
securityManager.realms = ${shiro.realms}
|
||||
securityManager.authenticator.authenticationStrategy = $authcStrategy
|
||||
|
||||
# Setup authentication filter
|
||||
authc = de.muehlencord.shirofaces.filter.FacesAjaxAwarePassThruAuthenticationFilter
|
||||
authc.loginUrl = /login.xhtml
|
||||
authc.successUrl = /web/index.xhtml
|
||||
|
||||
roles.unauthorizedUrl = /error/accessDenied.xhtml
|
||||
|
||||
#
|
||||
# filter setup
|
||||
#
|
||||
[urls]
|
||||
/public/**=anon
|
||||
/resources/**=anon
|
||||
/fonts/**=anon
|
||||
/javax.faces.resource/**=anon
|
||||
/login.xhtml=authc
|
||||
/logout.xhtml=logout
|
||||
/**=authc
|
||||
# /web/**=authc
|
||||
|
||||
Reference in New Issue
Block a user