From 8150d58276fe78f3b23622fdb2b8a829369982b9 Mon Sep 17 00:00:00 2001
From: Rick Herrick <jrherrick@wustl.edu>
Date: Tue, 9 Feb 2016 20:09:20 -0600
Subject: [PATCH] Fixed issues caused by upgrade to Spring Security libraries.
---
build.gradle | 1 +
.../{config => configuration}/SwaggerConfig.java | 2 +-
.../xapi/{config => configuration}/WebConfig.java | 2 +-
.../java/org/nrg/xnat/configuration/RootConfig.java | 3 +--
.../nrg/xnat/security/XnatAuthenticationFilter.java | 4 ++--
src/main/webapp/WEB-INF/conf/xnat-security.xml | 3 ++-
src/main/webapp/xdat-templates/screens/Login.vm | 2 +-
src/main/webapp/xnat-templates/screens/Login.vm | 12 ++++++------
src/main/webapp/xnat-templates/screens/login_box.vm | 6 +++---
9 files changed, 18 insertions(+), 17 deletions(-)
rename src/main/java/org/nrg/xapi/{config => configuration}/SwaggerConfig.java (97%)
rename src/main/java/org/nrg/xapi/{config => configuration}/WebConfig.java (98%)
diff --git a/build.gradle b/build.gradle
index ad661979..604e8b6f 100644
--- a/build.gradle
+++ b/build.gradle
@@ -124,6 +124,7 @@ configurations {
all*.exclude group: 'edu.ucar', module: 'netcdf'
all*.exclude group: 'javax.jms', module: 'jms'
all*.exclude group: 'javax.mail', module: 'mail'
+ all*.exclude group: 'javax.servlet', module: 'servlet-api'
all*.exclude group: 'javax.sql', module: 'jdbc-stdext'
all*.exclude group: 'javax.transaction', module: 'jta'
all*.exclude group: 'jdbc', module: 'jdbc'
diff --git a/src/main/java/org/nrg/xapi/config/SwaggerConfig.java b/src/main/java/org/nrg/xapi/configuration/SwaggerConfig.java
similarity index 97%
rename from src/main/java/org/nrg/xapi/config/SwaggerConfig.java
rename to src/main/java/org/nrg/xapi/configuration/SwaggerConfig.java
index d5f5a43a..ff7ae3b9 100644
--- a/src/main/java/org/nrg/xapi/config/SwaggerConfig.java
+++ b/src/main/java/org/nrg/xapi/configuration/SwaggerConfig.java
@@ -1,4 +1,4 @@
-package org.nrg.xapi.config;
+package org.nrg.xapi.configuration;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
diff --git a/src/main/java/org/nrg/xapi/config/WebConfig.java b/src/main/java/org/nrg/xapi/configuration/WebConfig.java
similarity index 98%
rename from src/main/java/org/nrg/xapi/config/WebConfig.java
rename to src/main/java/org/nrg/xapi/configuration/WebConfig.java
index 721d2e38..47e3cd4b 100644
--- a/src/main/java/org/nrg/xapi/config/WebConfig.java
+++ b/src/main/java/org/nrg/xapi/configuration/WebConfig.java
@@ -1,4 +1,4 @@
-package org.nrg.xapi.config;
+package org.nrg.xapi.configuration;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
diff --git a/src/main/java/org/nrg/xnat/configuration/RootConfig.java b/src/main/java/org/nrg/xnat/configuration/RootConfig.java
index b60eea21..7307d849 100644
--- a/src/main/java/org/nrg/xnat/configuration/RootConfig.java
+++ b/src/main/java/org/nrg/xnat/configuration/RootConfig.java
@@ -23,8 +23,7 @@ import java.util.List;
"org.nrg.xdat.daos",
"org.nrg.xdat.services",
"org.nrg.xft.daos",
- "org.nrg.xft.services",
- "org.nrg.xapi.config",
+ "org.nrg.xft.services", "org.nrg.xapi.configuration",
"org.nrg.xnat.helpers.merge",
"org.nrg.xnat.services",
"org.nrg.prefs.repositories",
diff --git a/src/main/java/org/nrg/xnat/security/XnatAuthenticationFilter.java b/src/main/java/org/nrg/xnat/security/XnatAuthenticationFilter.java
index d05baf51..b1d2a3a9 100644
--- a/src/main/java/org/nrg/xnat/security/XnatAuthenticationFilter.java
+++ b/src/main/java/org/nrg/xnat/security/XnatAuthenticationFilter.java
@@ -38,8 +38,8 @@ public class XnatAuthenticationFilter extends UsernamePasswordAuthenticationFilt
@Override
public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException {
- String username = request.getParameter("j_username");
- String password = request.getParameter("j_password");
+ String username = StringUtils.isNotBlank(request.getParameter("username")) ? request.getParameter("username") : request.getParameter("j_username");
+ String password = StringUtils.isNotBlank(request.getParameter("password")) ? request.getParameter("password") : request.getParameter("j_password");
// If we didn't find a username
if (StringUtils.isBlank(username)) {
diff --git a/src/main/webapp/WEB-INF/conf/xnat-security.xml b/src/main/webapp/WEB-INF/conf/xnat-security.xml
index f41031e5..538b3761 100644
--- a/src/main/webapp/WEB-INF/conf/xnat-security.xml
+++ b/src/main/webapp/WEB-INF/conf/xnat-security.xml
@@ -78,6 +78,7 @@
<bean id="xnatLogoutHandler" class="org.nrg.xnat.security.XnatLogoutHandler"/>
<security:http auto-config="false" use-expressions="true" entry-point-ref="loginUrlAuthenticationEntryPoint">
+ <security:csrf disabled="true"/>
<security:custom-filter position="CHANNEL_FILTER" ref="channelProcessingFilter"/>
<security:custom-filter before="FORM_LOGIN_FILTER" ref="customAuthenticationFilter"/>
<security:custom-filter after="BASIC_AUTH_FILTER" ref="customBasicAuthenticationFilter"/>
@@ -223,7 +224,7 @@
<value>/app/template/XDATScreen_UpdateUser.vm</value>
<value>/app/action/ModifyPassword</value>
<value>/app/template/Login.vm</value>
- <value>/j_spring_security_check</value>
+ <value>/login</value>
</list>
</property>
</bean>
diff --git a/src/main/webapp/xdat-templates/screens/Login.vm b/src/main/webapp/xdat-templates/screens/Login.vm
index d90eddc7..278fb5ff 100644
--- a/src/main/webapp/xdat-templates/screens/Login.vm
+++ b/src/main/webapp/xdat-templates/screens/Login.vm
@@ -5,7 +5,7 @@ $page.addAttribute("onLoad", "document.getElementById('username').focus();")
<div valign="top">
<br>
<br>
- <form name="form1" method="post" action="$content.getURI("/j_spring_security_check")">
+ <form name="form1" method="post" action="$content.getURI("/login")">
<table valign="top" align="center">
#if ( $data.getMessage() && $data.getMessage()!="" )
<tr><td colspan="2"><div class="error">$data.getMessage()</div><br><br>
diff --git a/src/main/webapp/xnat-templates/screens/Login.vm b/src/main/webapp/xnat-templates/screens/Login.vm
index a226b370..e741ef93 100644
--- a/src/main/webapp/xnat-templates/screens/Login.vm
+++ b/src/main/webapp/xnat-templates/screens/Login.vm
@@ -67,7 +67,7 @@ $page.setTitle("$siteId - Please Login")
</div>
<hr style="margin: 2em 0" />
<div id="login_box">
- <form name="form1" method="post" action="$content.getURI("/j_spring_security_check")" class="friendlyForm" id="login_form">
+ <form name="form1" method="post" action="$content.getURI("/login")" class="friendlyForm" id="login_form">
#if($login_methods && $login_methods.size() == 0)
<input type="hidden" id="login_method" name="login_method" value="Database">
#elseif($login_methods && $login_methods.size() > 1)
@@ -79,10 +79,10 @@ $page.setTitle("$siteId - Please Login")
</select>
#end
<p><label for="username">User</label>
- <input type="text" id="username" name="j_username"></p>
+ <input type="text" id="username" name="username"></p>
<p><label for="password">Password</label>
- <input type="password" name="j_password" autocomplete="off"></p>
+ <input type="password" name="password" autocomplete="off"></p>
<p class="form-submit">
<span id="register_forgot">
@@ -142,7 +142,7 @@ $page.setTitle("$siteId - Please Login")
</div>
#end
- <form name="form1" method="post" action="$content.getURI("/j_spring_security_check")" class="friendlyForm" id="login_form">
+ <form name="form1" method="post" action="$content.getURI("/login")" class="friendlyForm" id="login_form">
#if($login_methods && $login_methods.size() == 0)
<input type="hidden" id="login_method" name="login_method" value="Database">
#elseif($login_methods && $login_methods.size() > 1)
@@ -154,10 +154,10 @@ $page.setTitle("$siteId - Please Login")
</select>
#end
<p><label for="username">User</label>
- <input type="text" id="username" name="j_username"></p>
+ <input type="text" id="username" name="username"></p>
<p><label for="password">Password</label>
- <input type="password" name="j_password" autocomplete="off"></p>
+ <input type="password" name="password" autocomplete="off"></p>
<p class="form-submit">
<span id="register_forgot">
diff --git a/src/main/webapp/xnat-templates/screens/login_box.vm b/src/main/webapp/xnat-templates/screens/login_box.vm
index cb948c60..7c040abf 100644
--- a/src/main/webapp/xnat-templates/screens/login_box.vm
+++ b/src/main/webapp/xnat-templates/screens/login_box.vm
@@ -1,5 +1,5 @@
#* @vtlvariable name="login_methods" type="java.util.List" *#
-<form name="form1" method="post" action="$content.getURI('')/j_spring_security_check">
+<form name="form1" method="post" action="$content.getURI('')/login">
#set($showLoginMethodRow = true)
#if(!($login_methods) || $login_methods.size() == 1)
<input type="hidden" id="login_method" name="login_method" value="$login_methods.get(0)"/>
@@ -21,11 +21,11 @@
#end
<tr>
#formLabel("User")
- <td><input type="text" id="username" name="j_username"></td>
+ <td><input type="text" id="username" name="username"></td>
</tr>
<tr>
#formLabel("Password")
- <td><input type="password" name="j_password" autocomplete="off"></td>
+ <td><input type="password" name="password" autocomplete="off"></td>
</tr>
<tr>
<td></td>
--
GitLab