Author: taylor
Date: Mon May 6 00:38:09 2019
New Revision: 1858719
URL: http://svn.apache.org/viewvc?rev=1858719&view=rev
Log:
JS2-1369: IP WhiteList Feature
Modified:
portals/jetspeed-2/portal/trunk/components/jetspeed-portal/pom.xml
portals/jetspeed-2/portal/trunk/components/jetspeed-portal/src/main/java/org/apache/jetspeed/administration/PortalAdministrationImpl.java
portals/jetspeed-2/portal/trunk/components/jetspeed-portal/src/main/java/org/apache/jetspeed/security/impl/LoginValidationValveImpl.java
portals/jetspeed-2/portal/trunk/components/jetspeed-security/pom.xml
portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/UserPasswordCredentialPolicyManagerImpl.java
portals/jetspeed-2/portal/trunk/jetspeed-installer/pom.xml
portals/jetspeed-2/portal/trunk/jetspeed-portal-resources/src/main/resources/assembly/administration.xml
portals/jetspeed-2/portal/trunk/jetspeed-portal-resources/src/main/resources/conf/jetspeed/jetspeed.properties
Modified: portals/jetspeed-2/portal/trunk/components/jetspeed-portal/pom.xml
URL:
http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/components/jetspeed-portal/pom.xml?rev=1858719&r1=1858718&r2=1858719&view=diff
==============================================================================
--- portals/jetspeed-2/portal/trunk/components/jetspeed-portal/pom.xml
(original)
+++ portals/jetspeed-2/portal/trunk/components/jetspeed-portal/pom.xml Mon May
6 00:38:09 2019
@@ -20,10 +20,12 @@
<project xmlns="http://maven.apache.org/POM/4.0.0";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
http://maven.apache.org/maven-v4_0_0.xsd";>
<modelVersion>4.0.0</modelVersion>
+
<prerequisites>
- <maven>2.0.9</maven>
+ <maven>3.3.1</maven>
</prerequisites>
+
<artifactId>jetspeed-portal</artifactId>
<name>Jetspeed-2 Portal Components</name>
<description>Jetspeed-2 Portal Components</description>
Modified:
portals/jetspeed-2/portal/trunk/components/jetspeed-portal/src/main/java/org/apache/jetspeed/administration/PortalAdministrationImpl.java
URL:
http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/components/jetspeed-portal/src/main/java/org/apache/jetspeed/administration/PortalAdministrationImpl.java?rev=1858719&r1=1858718&r2=1858719&view=diff
==============================================================================
---
portals/jetspeed-2/portal/trunk/components/jetspeed-portal/src/main/java/org/apache/jetspeed/administration/PortalAdministrationImpl.java
(original)
+++
portals/jetspeed-2/portal/trunk/components/jetspeed-portal/src/main/java/org/apache/jetspeed/administration/PortalAdministrationImpl.java
Mon May 6 00:38:09 2019
@@ -114,6 +114,14 @@ public class PortalAdministrationImpl im
*/
protected String adminRole;
+ /**
+ * email BCC for administrative emails
+ * @since 2.3.2
+ */
+ protected String emailBcc;
+
+ public final static String CONFIGURATION_EMAIL_BCC = "email.bcc";
+
public PortalAdministrationImpl(UserManager userManager,
RoleManager roleManager,
GroupManager groupManager,
@@ -150,7 +158,7 @@ public class PortalAdministrationImpl im
public void start() {
this.defaultRoles =
configuration.getList(PortalConfigurationConstants.REGISTRATION_ROLES_DEFAULT);
this.defaultGroups =
configuration.getList(PortalConfigurationConstants.REGISTRATION_GROUPS_DEFAULT);
-
+ this.emailBcc = configuration.getString(CONFIGURATION_EMAIL_BCC, null);
String[] profileRuleNames =
configuration.getStringArray(PortalConfigurationConstants.PROFILER_RULE_NAMES_DEFAULT);
String[] profileRuleValues =
configuration.getStringArray(PortalConfigurationConstants.PROFILER_RULE_VALUES_DEFAULT);
defaultRules = new HashMap<String, String>();
@@ -412,6 +420,9 @@ public class PortalAdministrationImpl im
}
msg.setSubject(subject);
msg.setTo(to);
+ if (emailBcc != null) {
+ msg.setBcc(emailBcc);
+ }
msg.setText(text);
ClassLoader currentCL = Thread.currentThread().getContextClassLoader();
Modified:
portals/jetspeed-2/portal/trunk/components/jetspeed-portal/src/main/java/org/apache/jetspeed/security/impl/LoginValidationValveImpl.java
URL:
http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/components/jetspeed-portal/src/main/java/org/apache/jetspeed/security/impl/LoginValidationValveImpl.java?rev=1858719&r1=1858718&r2=1858719&view=diff
==============================================================================
---
portals/jetspeed-2/portal/trunk/components/jetspeed-portal/src/main/java/org/apache/jetspeed/security/impl/LoginValidationValveImpl.java
(original)
+++
portals/jetspeed-2/portal/trunk/components/jetspeed-portal/src/main/java/org/apache/jetspeed/security/impl/LoginValidationValveImpl.java
Mon May 6 00:38:09 2019
@@ -31,6 +31,11 @@ import org.apache.jetspeed.security.User
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import javax.servlet.http.HttpServletRequest;
+import java.io.IOException;
+import java.security.Principal;
+import java.util.ArrayList;
+import java.util.Enumeration;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
@@ -150,8 +155,10 @@ public class LoginValidationValveImpl ex
{
if (request.getSessionAttribute(LoginConstants.LOGIN_CHECK) ==
null)
{
- clearSessionAttributes(request);
-
request.getRequest().getSession().setAttribute(LoginConstants.LOGIN_CHECK,
"true");
+ if (ipWhiteListAllowed(request)) {
+ clearSessionAttributes(request);
+
request.getRequest().getSession().setAttribute(LoginConstants.LOGIN_CHECK,
"true");
+ }
}
}
@@ -179,4 +186,60 @@ public class LoginValidationValveImpl ex
return "LoginValidationValve";
}
+
+ protected boolean ipWhiteListAllowed(RequestContext requestContext) throws
IOException {
+ Boolean enabled =
Jetspeed.getConfiguration().getBoolean("whitelist.enabled", false);
+ if (enabled) {
+ Boolean debug =
Jetspeed.getConfiguration().getBoolean("whitelist.debug", false);
+ if (debug) {
+ System.out.println("remote address = " +
requestContext.getRequest().getRemoteAddr());
+ System.out.println("X-Forwarded-For: " +
requestContext.getRequest().getHeader("X-Forwarded-For"));
+ Enumeration headerNames =
requestContext.getRequest().getHeaderNames();
+ while (headerNames.hasMoreElements()) {
+ String headerName = (String) headerNames.nextElement();
+ System.out.println("header: " + headerName + " = " +
requestContext.getRequest().getHeader(headerName));
+ }
+ }
+ String urlContext = requestContext.getRequest().getContextPath();
+ Principal userPrincipal = requestContext.getUserPrincipal();
+ if (userPrincipal == null) {
+ return true;
+ }
+ List<String> list =
Jetspeed.getConfiguration().getList("whitelist.ip." + userPrincipal.getName());
+ // empty list: allow access
+ if (list == null || list.size() == 0) return true;
+ // trim nasty trailing spaces
+ List<String> whiteList = new ArrayList<>();
+ for (String token : list) {
+ if (!token.trim().equals("")) {
+ whiteList.add(token);
+ }
+ }
+ if (whiteList.size() == 0) return true;
+ boolean blackListed = true;
+ for (String ip : whiteList) {
+ if (ip.equals(getClientIp(requestContext.getRequest()))) {
+ blackListed = false;
+ break;
+ }
+ }
+ if (blackListed) {
+ String restrictedUrl =
Jetspeed.getConfiguration().getString("whitelist.redirect.page",
"/portal/restricted.psml");
+ requestContext.getResponse().sendRedirect(urlContext +
"/login/logout?org.apache.jetspeed.login.destination=" + urlContext +
restrictedUrl);
+ return false;
+ }
+ }
+ return true;
+ }
+
+ private String getClientIp(HttpServletRequest request) {
+ String remoteAddr = "";
+ if (request != null) {
+ remoteAddr = request.getHeader("X-FORWARDED-FOR");
+ if (remoteAddr == null || "".equals(remoteAddr)) {
+ remoteAddr = request.getRemoteAddr();
+ }
+ }
+ return remoteAddr;
+ }
}
Modified: portals/jetspeed-2/portal/trunk/components/jetspeed-security/pom.xml
URL:
http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/components/jetspeed-security/pom.xml?rev=1858719&r1=1858718&r2=1858719&view=diff
==============================================================================
--- portals/jetspeed-2/portal/trunk/components/jetspeed-security/pom.xml
(original)
+++ portals/jetspeed-2/portal/trunk/components/jetspeed-security/pom.xml Mon
May 6 00:38:09 2019
@@ -21,7 +21,7 @@
<modelVersion>4.0.0</modelVersion>
<prerequisites>
- <maven>2.0.9</maven>
+ <maven>3.3.1</maven>
</prerequisites>
<artifactId>jetspeed-security</artifactId>
Modified:
portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/UserPasswordCredentialPolicyManagerImpl.java
URL:
http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/UserPasswordCredentialPolicyManagerImpl.java?rev=1858719&r1=1858718&r2=1858719&view=diff
==============================================================================
---
portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/UserPasswordCredentialPolicyManagerImpl.java
(original)
+++
portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/UserPasswordCredentialPolicyManagerImpl.java
Mon May 6 00:38:09 2019
@@ -208,7 +208,10 @@ public class UserPasswordCredentialPolic
{
pci.beforeSetPassword(credential, newPassword,
authenticated);
}
- credential.setUpdateRequired(false);
+ // TODO: DST: 2019-03-25: this breaks forgotten password
feature with auto-require update
+ if (credential.getOldPassword() != null) {
+ credential.setUpdateRequired(false);
+ }
}
credential.setPassword(newPassword, encoder != null);
credential.clearNewPasswordSet();
Modified: portals/jetspeed-2/portal/trunk/jetspeed-installer/pom.xml
URL:
http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/jetspeed-installer/pom.xml?rev=1858719&r1=1858718&r2=1858719&view=diff
==============================================================================
--- portals/jetspeed-2/portal/trunk/jetspeed-installer/pom.xml (original)
+++ portals/jetspeed-2/portal/trunk/jetspeed-installer/pom.xml Mon May 6
00:38:09 2019
@@ -22,10 +22,10 @@
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
http://maven.apache.org/maven-v4_0_0.xsd";>
<modelVersion>4.0.0</modelVersion>
- <prerequisites>
+<!-- <prerequisites>
<maven>2.0.9</maven>
</prerequisites>
-
+-->
<artifactId>jetspeed-installer-pom</artifactId>
<name>Jetspeed-2 Installer</name>
<parent>
Modified:
portals/jetspeed-2/portal/trunk/jetspeed-portal-resources/src/main/resources/assembly/administration.xml
URL:
http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/jetspeed-portal-resources/src/main/resources/assembly/administration.xml?rev=1858719&r1=1858718&r2=1858719&view=diff
==============================================================================
---
portals/jetspeed-2/portal/trunk/jetspeed-portal-resources/src/main/resources/assembly/administration.xml
(original)
+++
portals/jetspeed-2/portal/trunk/jetspeed-portal-resources/src/main/resources/assembly/administration.xml
Mon May 6 00:38:09 2019
@@ -32,6 +32,9 @@
<property name="javaMailProperties">
<props>
<prop key="mail.smtp.auth">${email.smtp.auth}</prop>
+ <prop key="mail.smtp.starttls.required">true</prop>
+ <prop key="mail.smtp.starttls.enable">true</prop>
+ <prop key="mail.smtp.ssl.trust">${email.smtp.server.address}</prop>
</props>
</property>
</bean>
Modified:
portals/jetspeed-2/portal/trunk/jetspeed-portal-resources/src/main/resources/conf/jetspeed/jetspeed.properties
URL:
http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/jetspeed-portal-resources/src/main/resources/conf/jetspeed/jetspeed.properties?rev=1858719&r1=1858718&r2=1858719&view=diff
==============================================================================
---
portals/jetspeed-2/portal/trunk/jetspeed-portal-resources/src/main/resources/conf/jetspeed/jetspeed.properties
(original)
+++
portals/jetspeed-2/portal/trunk/jetspeed-portal-resources/src/main/resources/conf/jetspeed/jetspeed.properties
Mon May 6 00:38:09 2019
@@ -278,6 +278,10 @@ email.smtp.user.name=
email.smtp.user.password=
#mail.smtp.auth
email.smtp.auth=false
+# email BCC for Administrative emails
+# @since 2.3.2
+email.bcc =
+
#-------------------------------------------------------------------------
# L A Y O U T
@@ -480,5 +484,18 @@ resource.loader.filesystem = true
#-------------------------------------------------------------------------
factory.portlet.extensions = false
+#-------------------------------------------------------------------------
+# White List Feature
+# since 2.3.2
+#-------------------------------------------------------------------------
+whitelist.enabled=false
+whitelist.debug=false
+whitelist.redirect.page=/portal/restricted.psml
+# examples
+# whitelist.ip.kathy=
+# whitelist.ip.dave = 127.0.0.1, 0:0:0:0:0:0:0:1
+# whitelist.ip.devmgr=10.1.10.181, 0:0:0:0:0:0:0:1
+# whitelist.ip.rick=10.1.10.181
-
+# Remember Me Portal Filter cookie name
+rmpf.accesstoken.cookie.name = js_at
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
