=== modified file 'dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/security/AbstractAutomaticAccessProvider.java' --- dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/security/AbstractAutomaticAccessProvider.java 2010-03-04 18:36:11 +0000 +++ dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/security/AbstractAutomaticAccessProvider.java 2010-03-04 20:36:59 +0000 @@ -36,6 +36,9 @@ import org.springframework.security.GrantedAuthorityImpl; /** + * Abstract automatic access provider class. Delegates methods initialise() and + * access() to implementing classes. + * * @author Torgeir Lorange Ostby * @version $Id: AbstractAutomaticAccessProvider.java 6352 2008-11-20 15:49:52Z larshelg $ */ @@ -66,7 +69,6 @@ protected abstract void initialise(); - public final void init() { if ( isEnabled() ) @@ -79,7 +81,7 @@ // Support methods // ------------------------------------------------------------------------- - protected boolean isEnabled() + private boolean isEnabled() { return ( userStore.getAllUsers().size() == 0); } === modified file 'dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/security/AutomaticAccessProvider.java' --- dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/security/AutomaticAccessProvider.java 2009-03-03 16:46:36 +0000 +++ dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/security/AutomaticAccessProvider.java 2010-03-04 20:36:59 +0000 @@ -28,6 +28,9 @@ */ /** + * This interface provides a mechanism for accessing the applications in situations + * where no users exist in the database. + * * @author Torgeir Lorange Ostby * @version $Id: AutomaticAccessProvider.java 3160 2007-03-24 20:15:06Z torgeilo $ */ === modified file 'dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/security/DatabaseAutomaticAccessProvider.java' --- dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/security/DatabaseAutomaticAccessProvider.java 2010-03-04 16:57:53 +0000 +++ dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/security/DatabaseAutomaticAccessProvider.java 2010-03-04 20:36:59 +0000 @@ -34,6 +34,8 @@ import org.hisp.dhis.user.UserCredentials; /** + * This access provider will put a user with all granted authorities in the database. + * * @author Torgeir Lorange Ostby * @version $Id: DatabaseAutomaticAccessProvider.java 3513 2007-08-04 16:16:40Z * torgeilo $ === modified file 'dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/security/GhostAutomaticAccessProvider.java' --- dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/security/GhostAutomaticAccessProvider.java 2010-01-28 15:23:28 +0000 +++ dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/security/GhostAutomaticAccessProvider.java 2010-03-04 20:36:59 +0000 @@ -33,6 +33,10 @@ import org.springframework.security.userdetails.UserDetails; /** + * This access provider will put an Authentication object with all GrantedAuthorities + * in the SecurityContext in any case. This means that any user will be authenticated + * and the login effectively bypassed. + * * @author Torgeir Lorange Ostby * @version $Id: GhostAutomaticAccessProvider.java 3160 2007-03-24 20:15:06Z torgeilo $ */ === modified file 'dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/security/filter/AutomaticAccessFilter.java' --- dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/security/filter/AutomaticAccessFilter.java 2009-03-03 16:46:36 +0000 +++ dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/security/filter/AutomaticAccessFilter.java 2010-03-04 20:36:59 +0000 @@ -42,6 +42,11 @@ import org.hisp.dhis.security.AutomaticAccessProvider; /** + * This filter provides access to the system in situations where no users exists + * in the database. Access providers can be registered with the accessProviders map. + * The access provider to use must be defined as an init parameter in web.xml in + * the various web modules. + * * @author Torgeir Lorange Ostby * @version $Id: AutomaticAccessFilter.java 3160 2007-03-24 20:15:06Z torgeilo $ */