Nemcio/SCM-Manager
1
0
Fork 0
mirror of https://github.com/scm-manager/scm-manager.git synced 2025-11-09 23:15:43 +01:00
Code Issues Packages Projects Releases Activity

replace scm-manager 1.x security api with apache shiro and use PasswordService for stronger password hashes

Browse Source
This commit is contained in:
Sebastian Sdorra
2014-12-14 12:26:03 +01:00
parent 876f501644
commit 4fa8e6e88a
32 changed files with 661 additions and 3974 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
scm-webapp/src/main/java/sonia/scm/ScmSecurityModule.java
View File

@@ -37,9 +37,12 @@ package sonia.scm;
import com.google.inject.name.Names;
import org.apache.shiro.authc.credential.DefaultPasswordService;
import org.apache.shiro.authc.credential.PasswordService;
import org.apache.shiro.crypto.hash.DefaultHashService;
import org.apache.shiro.guice.web.ShiroWebModule;
import sonia.scm.security.ScmRealm;
import sonia.scm.security.DefaultRealm;
import static org.apache.shiro.guice.web.ShiroWebModule.ROLES;
@@ -54,6 +57,11 @@ import javax.servlet.ServletContext;
public class ScmSecurityModule extends ShiroWebModule
{
/** Field description */
private static final int ITERATIONS = 8192;
//~--- constructors ---------------------------------------------------------
/**
* Constructs ...
*
@@ -75,9 +83,13 @@ public class ScmSecurityModule extends ShiroWebModule
@SuppressWarnings("unchecked")
protected void configureShiroWeb()
{
bind(PasswordService.class).toInstance(createPasswordService());
// expose password service to global injector
expose(PasswordService.class);
// bind realm
bindRealm().to(ScmRealm.class);
bindRealm().to(DefaultRealm.class);
// bind constant
bindConstant().annotatedWith(Names.named("shiro.loginUrl")).to(
@@ -86,4 +98,21 @@ public class ScmSecurityModule extends ShiroWebModule
// disable access to mustache resources
addFilterChain("/**.mustache", config(ROLES, "nobody"));
}
/**
* Creates a {@link PasswordService} with a smaller size of iteration, because
* large iterations will slow down subversion.
*
* @return instance of {@link PasswordService}
*/
private PasswordService createPasswordService()
{
DefaultPasswordService passwordService = new DefaultPasswordService();
DefaultHashService hashService = new DefaultHashService();
hashService.setHashIterations(ITERATIONS);
passwordService.setHashService(hashService);
return passwordService;
}
}