jomu/shared
1
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases 7 Activity

fixed BLOCKED users are accepted

Browse Source
This commit is contained in:
Joern Muehlencord
2019-08-14 12:00:45 +02:00
parent 54f2e56a4c
commit 8205ffaec3
2 changed files with 306 additions and 306 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
account/src/main/java/de/muehlencord/shared/account/shiro/filter/JWTAuthenticationFilter.java
View File

@ -93,7 +93,7 @@ public final class JWTAuthenticationFilter extends AuthenticatingFilter {
if (isLoggedAttempt(request, response)) { if (isLoggedAttempt(request, response)) {
String jwtToken = getAuthzHeader(request); String jwtToken = getAuthzHeader(request);
if (LOGGER.isTraceEnabled()) { if (LOGGER.isTraceEnabled()) {
LOGGER.trace("found jwtToke in header = {}", jwtToken); LOGGER.trace("found jwtToken in header = {}", jwtToken);
} }
if (jwtToken != null) { if (jwtToken != null) {

4
account/src/main/java/de/muehlencord/shared/account/shiro/realm/AccountRealm.java
View File

@ -49,11 +49,11 @@ public class AccountRealm extends JdbcRealm {
private static final Logger LOGGER = LoggerFactory.getLogger(AccountRealm.class); private static final Logger LOGGER = LoggerFactory.getLogger(AccountRealm.class);
protected String applicationId = null; protected String applicationId = null;
protected String jwtAuthenticationQuery = "select ak.api_key from account a, api_key ak where ak.account = a.id and a.username = ? and a.status not in ('LOCKED','DELETED','DISABLED') ORDER BY ak.issued_on ASC"; protected String jwtAuthenticationQuery = "select ak.api_key from account a, api_key ak where ak.account = a.id and a.username = ? and a.status not in ('BLOCKED','DELETED','DISABLED') ORDER BY ak.issued_on ASC";
protected CredentialsMatcher jwtMatcher = new JwtMatcher(); protected CredentialsMatcher jwtMatcher = new JwtMatcher();
public AccountRealm() { public AccountRealm() {
this.authenticationQuery = "select al.account_password from account a, account_login al where al.account = a.id and a.username = ? and status not in ('LOCKED','DELETED','DISABLED')"; this.authenticationQuery = "select al.account_password from account a, account_login al where al.account = a.id and a.username = ? and status not in ('BLOCKED','DELETED','DISABLED')";
this.userRolesQuery = "select r.role_name from application_role r, account_role ar, account a WHERE a.username = ? AND a.id = ar.account AND ar.account_role = r.id AND r.application = ?"; this.userRolesQuery = "select r.role_name from application_role r, account_role ar, account a WHERE a.username = ? AND a.id = ar.account AND ar.account_role = r.id AND r.application = ?";
this.permissionsQuery = "select permission_name from application_role appr, role_permission rp, application_permission appp WHERE appr.role_name = ? AND appr.application = ? AND rp.application_role = appr.id AND rp.role_permission = appp.id"; this.permissionsQuery = "select permission_name from application_role appr, role_permission rp, application_permission appp WHERE appr.role_name = ? AND appr.application = ? AND rp.application_role = appr.id AND rp.role_permission = appp.id";
this.permissionsLookupEnabled = true; this.permissionsLookupEnabled = true;