lams-github / lams_central / src / java / org / lamsfoundation / lams / security

UniversalLoginModule.java

Clone Tools

Stats

Commits this week: 0
Total Committers: 11
Last Commit: 31 Mar 24
Commits this week: 0

Lines of code count not available

Commit Activity

Commits By Day In Week
52 week commits volume
Commits By Day In Week
Commits by day
Commits By Day In Week
Commits by hour
Commits By Hour In Day
Commit calendar
 

Most active committers (90 days)

loading
loading
  • last updated a few seconds ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
Sunday 31 Mar 2024
8:07 pm

Marcin Cieslak

LDEV-5440 Add role logging

Options
    • -5
    • +10
    ./UniversalLoginModule.java
Monday 25 Mar 2024
3:30 pm

Marcin Cieslak

LDEV-5440 Add missing dependencies

Options
    • -0
    • +1
    ./UniversalLoginModule.java
  2. … 1 more file in changeset.
Saturday 23 Mar 2024
3:46 pm

Marcin Cieslak

LDEV-5440 Add compilation parameter for legacy Spring binding

Options
    • -289
    • +70
    ./UniversalLoginModule.java
  2. … 14 more files in changeset.
Tuesday 20 Feb 2024
8:53 pm

Marcin Cieslak

LDEV-5440 Further code upgrade to conform new WF libraries

Options
    • -28
    • +28
    ./UniversalLoginModule.java
  2. … 61 more files in changeset.
Tuesday 16 Jan 2024
5:38 pm

Marcin Cieslak

LDEV-5440 Revert some unnecessary package name changes

Options
    • -3
    • +3
    ./UniversalLoginModule.java
  2. … 464 more files in changeset.
5:01 pm

Marcin Cieslak

LDEV-5440 Refactor packages of imported classes

Options
    • -1
    • +1
    ./UniversalLoginModule.java
  2. … 481 more files in changeset.
Monday 15 Jan 2024
11:11 pm

Marcin Cieslak

LDEV-5440 Rewrite config files and library references

Options
    • -16
    • +16
    ./UniversalLoginModule.java
  2. … 955 more files in changeset.
Wednesday 21 Sep 2022
4:57 pm

Marcin Cieslak

Merge remote-tracking branch 'origin/LDEV-5302' into v4.7

Conflicts:

lams_admin/conf/language/lams/ApplicationResources_zh_CN.properties

lams_admin/src/java/org/lamsfoundation/lams/admin/web/controller/UserController.java

lams_admin/src/java/org/lamsfoundation/lams/admin/web/controller/UserOrgRoleSaveController.java

lams_admin/src/java/org/lamsfoundation/lams/admin/web/controller/UserRolesSaveController.java

lams_admin/web/user.jsp

lams_central/conf/language/lams/ApplicationResources_zh_CN.properties

lams_central/src/java/org/lamsfoundation/lams/web/DisplayGroupController.java

lams_common/src/java/org/lamsfoundation/lams/usermanagement/service/UserManagementService.java

Options
    • -6
    • +12
    ./UniversalLoginModule.java
  2. … 58 more files in changeset.
Monday 04 Jul 2022
8:06 am

Ernie Ghiglione

LDEV-5320 Initial commits for audits

These are some initial commits that might change via Marcin's aspect approach.

Options
    • -2
    • +2
    ./UniversalLoginModule.java
  2. … 6 more files in changeset.
Monday 21 Mar 2022
6:23 pm

Marcin Cieslak

LDEV-5302 Sysadmin is always appadmin

Options
    • -3
    • +9
    ./UniversalLoginModule.java
  2. … 2 more files in changeset.
5:09 pm

Marcin Cieslak

LDEV-5302 Rename sysadmin role to appadmin

Options
    • -4
    • +4
    ./UniversalLoginModule.java
  2. … 181 more files in changeset.
Sunday 17 Jan 2021
11:42 pm

Marcin Cieslak

LDEV-3578 Increase auth token life time for long auth delays

Options
    • -1
    • +1
    ./UniversalLoginModule.java
Tuesday 05 Nov 2019
6:52 pm

Marcin Cieslak

LDEV-4901 Rewrite session invalidation mechanism

On WildFly 8 session invalidation mechanism had some bugs. Marek

introduced a workaround in LDEV-3413. The mechanism was adjusted in

LDEV-4293, especially in this commit

https://code.lamsfoundation.org/fisheye/changelog/lams-github?cs=131ce42e64069f574a2a4a9bc1e5c4be4918e5bb

Newer WildFly versions do not seem to have this bug. A part of

workaround was removed in LDEV-4696, but invalidation mechanism stayed

as if the bugs were still present. The mechanism introduced the problem

with timeouts. Now that the bugs seems to be gone, the invalidation

mechanism was rewritten to a more straightforward version which should

have been used from the start.

It is worth keeping in mind that when one user session is present and

another is being created (another browser, integration call, sysadmin's

LoginAs feature), then user gets authenticated, then old session gets

invalidated and the user gets authenticated AGAIN by WildFly using

cached credentials. Caching is so useful that we can not turn it off. It

means that, though, we need to keep login token generated by

LoginRequestServlet for longer than just first authentication, as we get

authentication call twice. Now we keep it until it is timed out.

Options
    • -7
    • +12
    ./UniversalLoginModule.java
  2. … 3 more files in changeset.
Saturday 09 Sep 2017
4:42 pm

Marcin Cieslak

LDEV-4293 Skip isSysAdmin check when there is no session

The code that checks if user is sysadmin depends on HTTP session being

present in SessionManager. It is normally present as the authentication

request goes through SsoHandler which initiates the session. It is not

the case, though, when session gets replicated and UniversalLoginModule

is accessed directly.

The fix skips the check in no session is present, which means that

sysadmin will need to authenticate same as regular user, which is OK for

this edge situation. Session failover still works.

Options
    • -6
    • +10
    ./UniversalLoginModule.java
Thursday 01 Dec 2016
11:08 am

SanjanaPabsetti <Sanjana.pabsetti@gmail.com>

LDEV-4030 :Disable login for a few minutes after X number of attempts

Options
    • -1
    • +1
    ./UniversalLoginModule.java
  2. … 5 more files in changeset.
Wednesday 11 May 2016
3:30 pm

Marcin Cieslak

LDEV-3776: Remove $Id CVS keyword.

Options
    • -1
    • +1
    ./UniversalLoginModule.java
  2. … 1074 more files in changeset.
Thursday 05 May 2016
4:11 pm

Marcin Cieslak

LDEV-3776: Clean up and format all LAMS Java code.

Options
    • -309
    • +289
    ./UniversalLoginModule.java
  2. … 2120 more files in changeset.
4:11 pm

Marcin Cieslak

LDEV-3776: Clean up and format all LAMS Java code.

Options
    • -13
    • +14
    ./UniversalLoginModule.java
  2. … 1860 more files in changeset.
Wednesday 16 Mar 2016
8:14 pm

Marcin Cieslak

LDEV-3674: Remove multiple Flash elements: Authoring, icons, themes, i18n files, WDDX libraries and classes, methods, servlets etc. Rename/rewrite methods for Flashless use.

Options
    • -24
    • +6
    ./UniversalLoginModule.java
  2. … 420 more files in changeset.
Friday 23 Oct 2015
4:42 pm

Marcin Cieslak

LDEV-3578: Use single-use passwords for internal authentication in LoginRequestServlet and LoginAsAction.

Options
    • -7
    • +18
    ./UniversalLoginModule.java
  2. … 3 more files in changeset.
Wednesday 21 Oct 2015
7:44 pm

Marcin Cieslak

LDEV-3578: Convert passwords from sha1 to sha256 with salt after successful authentication and on password change. Remove password hashing in browser. Change internal authentication mechanism for LoginRequestServlet and LoginAsAction.

Options
    • -23
    • +33
    ./UniversalLoginModule.java
  2. … 23 more files in changeset.
Monday 19 Oct 2015
8:21 pm

Marcin Cieslak

LDEV-3591: Flatten UniversalLoginModule hierarchy - it was just a single leaf anyway. Format code. Clean up logs, errors and comments. Move queries from config files to code.

Options
    • -204
    • +332
    ./UniversalLoginModule.java
  2. … 12 more files in changeset.
Friday 28 Nov 2014
8:27 pm

Marcin Cieslak

LDEV-3383: Remove Web authentication method.

Options
    • -3
    • +0
    ./UniversalLoginModule.java
  2. … 5 more files in changeset.
8:11 pm

Marcin Cieslak

LDEV-3383: Remove Web authentication method.

Options
    • -4
    • +0
    ./UniversalLoginModule.java
  2. … 5 more files in changeset.
Tuesday 25 Nov 2014
5:39 pm

Marcin Cieslak

LDEV-3335, LDEV-3340: Make SessionManager a storage for servlet context, so it can be accesses by other classes at any time. Remove obsolete SSO classes.

Options
    • -2
    • +1
    ./UniversalLoginModule.java
  2. … 15 more files in changeset.
4:43 pm

Marcin Cieslak

LDEV-3335, LDEV-3340: Remove or simplify SSO components. Fix sysadmin LoginAs functionality.

Options
    • -2
    • +3
    ./UniversalLoginModule.java
  2. … 17 more files in changeset.
Wednesday 19 Nov 2014
12:21 am

Marcin Cieslak

LDEV-3335, LDEV-3334: Use SSO mechanism introduced in WildFly 9. Do not create web.xml files with XDoclet as it can not produce them based on 3.1 schema. Use static ones instead. Make SessionManager just a proxy to webserver's HTTP session. Remov custom shared sessions and JSESSIONIDSSO cookie as they are obsolete. Remove own session monitoring as the container should take care of invalidation. Move injecting UserDTO into session to SsoHandler intead of UniversalLoginModule as an authentication request may not reach the latter due to WildFly credentials caching.

Options
    • -308
    • +282
    ./UniversalLoginModule.java
  2. … 226 more files in changeset.
Wednesday 15 Oct 2014
12:43 am

Marcin Cieslak

LDEV-3275: Remove duplicate error log.

Options
    • -1
    • +0
    ./UniversalLoginModule.java
Tuesday 14 Oct 2014
8:49 pm

Marcin Cieslak

LDEV-3275: Add SsoConsumer in LAMS Central as requests (index.jsp, index.do) immediate after j_security_check are also being authenticated. They also are considered an authentication attempt, but they bypass shared session creation in SsoProducer and it causes errors. This was addressed by a simple check - no shared session in UniversalLoginModule, no authentication attempt.

Options
    • -2
    • +2
    ./UniversalLoginModule.java
  2. … 2 more files in changeset.
Tuesday 30 Sep 2014
9:11 pm

Marcin Cieslak

LDEV-3315: Clean up roles and paths to secured resources in all modules. Remove AUTHOR ADMIN role.

Options
    • -287
    • +307
    ./UniversalLoginModule.java
  2. … 72 more files in changeset.