fixed missing check for disabled accounts
This commit is contained in:
@ -1,62 +1,62 @@
|
|||||||
[main]
|
[main]
|
||||||
|
|
||||||
# Context factory required for LDAP
|
# Context factory required for LDAP
|
||||||
${shiro.contextFactory}
|
${shiro.contextFactory}
|
||||||
|
|
||||||
cacheManager = org.apache.shiro.cache.MemoryConstrainedCacheManager
|
cacheManager = org.apache.shiro.cache.MemoryConstrainedCacheManager
|
||||||
securityManager.cacheManager = $cacheManager
|
securityManager.cacheManager = $cacheManager
|
||||||
|
|
||||||
# DataSource Setup
|
# DataSource Setup
|
||||||
datasource = org.apache.shiro.jndi.JndiObjectFactory
|
datasource = org.apache.shiro.jndi.JndiObjectFactory
|
||||||
datasource.resourceName = java:/jboss/accountDs
|
datasource.resourceName = java:/jboss/accountDs
|
||||||
datasource.resourceRef = true
|
datasource.resourceRef = true
|
||||||
|
|
||||||
# HashService
|
# HashService
|
||||||
hashService = org.apache.shiro.crypto.hash.DefaultHashService
|
hashService = org.apache.shiro.crypto.hash.DefaultHashService
|
||||||
hashService.hashIterations = 500000
|
hashService.hashIterations = 500000
|
||||||
hashService.hashAlgorithmName = SHA-512
|
hashService.hashAlgorithmName = SHA-512
|
||||||
hashService.generatePublicSalt = true
|
hashService.generatePublicSalt = true
|
||||||
|
|
||||||
# Password service
|
# Password service
|
||||||
passwordService = org.apache.shiro.authc.credential.DefaultPasswordService
|
passwordService = org.apache.shiro.authc.credential.DefaultPasswordService
|
||||||
passwordService.hashService = $hashService
|
passwordService.hashService = $hashService
|
||||||
|
|
||||||
# Required password matcher
|
# Required password matcher
|
||||||
${shiro.passwordMatcher}
|
${shiro.passwordMatcher}
|
||||||
|
|
||||||
# LDAP Realm setup
|
# LDAP Realm setup
|
||||||
${shiro.ldapRealm}
|
${shiro.ldapRealm}
|
||||||
|
|
||||||
# JDBC Realm setup
|
# JDBC Realm setup
|
||||||
jdbcRealm = org.apache.shiro.realm.jdbc.JdbcRealm
|
jdbcRealm = org.apache.shiro.realm.jdbc.JdbcRealm
|
||||||
jdbcRealm.permissionsLookupEnabled=true
|
jdbcRealm.permissionsLookupEnabled=true
|
||||||
jdbcRealm.authenticationQuery = SELECT accl.account_password from account acc, account_login accl, account_role accr, application_role appr WHERE accl.account = acc.id AND acc.id = accr.account AND accr.account_role = appr.id AND appr.application = '143a2bd3-7e0b-4162-a76e-3031331c7dfe' AND acc.status not in ('LOCKED','DELETED') AND acc.username = ?
|
jdbcRealm.authenticationQuery = SELECT accl.account_password from account acc, account_login accl, account_role accr, application_role appr WHERE accl.account = acc.id AND acc.id = accr.account AND accr.account_role = appr.id AND appr.application = '143a2bd3-7e0b-4162-a76e-3031331c7dfe' AND acc.status not in ('LOCKED','DELETED','DISABLED') AND acc.username = ?
|
||||||
jdbcRealm.userRolesQuery = select r.role_name from application_role r, account_role ar, account a WHERE a.username = ? AND a.id = ar.account AND ar.account_role = r.id
|
jdbcRealm.userRolesQuery = select r.role_name from application_role r, account_role ar, account a WHERE a.username = ? AND a.id = ar.account AND ar.account_role = r.id
|
||||||
jdbcRealm.permissionsQuery = select permission_name from application_role appr, role_permission rp, application_permission appp WHERE appr.role_name = ? AND appr.application = '${applicationUuid}' AND rp.application_role = appr.id AND rp.role_permission = appp.id
|
jdbcRealm.permissionsQuery = select permission_name from application_role appr, role_permission rp, application_permission appp WHERE appr.role_name = ? AND appr.application = '${applicationUuid}' AND rp.application_role = appr.id AND rp.role_permission = appp.id
|
||||||
jdbcRealm.credentialsMatcher = $passwordMatcher
|
jdbcRealm.credentialsMatcher = $passwordMatcher
|
||||||
jdbcRealm.dataSource = $datasource
|
jdbcRealm.dataSource = $datasource
|
||||||
|
|
||||||
# Activate realms
|
# Activate realms
|
||||||
authcStrategy = ${shiro.authcStrategy}
|
authcStrategy = ${shiro.authcStrategy}
|
||||||
securityManager.realms = ${shiro.realms}
|
securityManager.realms = ${shiro.realms}
|
||||||
securityManager.authenticator.authenticationStrategy = $authcStrategy
|
securityManager.authenticator.authenticationStrategy = $authcStrategy
|
||||||
|
|
||||||
# Setup authentication filter
|
# Setup authentication filter
|
||||||
authc = de.muehlencord.shirofaces.filter.FacesAjaxAwarePassThruAuthenticationFilter
|
authc = de.muehlencord.shirofaces.filter.FacesAjaxAwarePassThruAuthenticationFilter
|
||||||
authc.loginUrl = /login.xhtml
|
authc.loginUrl = /login.xhtml
|
||||||
authc.successUrl = /web/index.xhtml
|
authc.successUrl = /web/index.xhtml
|
||||||
|
|
||||||
roles.unauthorizedUrl = /error/accessDenied.xhtml
|
roles.unauthorizedUrl = /error/accessDenied.xhtml
|
||||||
|
|
||||||
#
|
#
|
||||||
# filter setup
|
# filter setup
|
||||||
#
|
#
|
||||||
[urls]
|
[urls]
|
||||||
/public/**=anon
|
/public/**=anon
|
||||||
/resources/**=anon
|
/resources/**=anon
|
||||||
/fonts/**=anon
|
/fonts/**=anon
|
||||||
/javax.faces.resource/**=anon
|
/javax.faces.resource/**=anon
|
||||||
/login.xhtml=authc
|
/login.xhtml=authc
|
||||||
/logout.xhtml=logout
|
/logout.xhtml=logout
|
||||||
/**=authc
|
/**=authc
|
||||||
# /web/**=authc
|
# /web/**=authc
|
||||||
|
|||||||
Reference in New Issue
Block a user