Mercurial > lada > lada-server
annotate src/main/java/de/intevation/lada/util/auth/HeaderAuthorization.java @ 1028:1c41c7b8f7c2 schema-update
Updated server application to new database model. THIS IS STILL WIP!!!
author | Raimund Renkert <raimund.renkert@intevation.de> |
---|---|
date | Fri, 08 Jul 2016 15:32:36 +0200 |
parents | c481688150e8 |
children | f92c96efa976 |
rev | line source |
---|---|
721
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
1 /* Copyright (C) 2013 by Bundesamt fuer Strahlenschutz |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
2 * Software engineering by Intevation GmbH |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
3 * |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
4 * This file is Free Software under the GNU GPL (v>=3) |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
5 * and comes with ABSOLUTELY NO WARRANTY! Check out |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
6 * the documentation coming with IMIS-Labordaten-Application for details. |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
7 */ |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
8 package de.intevation.lada.util.auth; |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
9 |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
10 import java.util.Arrays; |
833
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
11 import java.util.HashMap; |
721
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
12 import java.util.List; |
833
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
13 import java.util.Map; |
721
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
14 |
833
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
15 import javax.annotation.PostConstruct; |
721
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
16 import javax.inject.Inject; |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
17 import javax.persistence.EntityManager; |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
18 import javax.servlet.http.HttpServletRequest; |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
19 |
857
c481688150e8
Create a new user object if not exists and use user authorization for queries.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
840
diff
changeset
|
20 import org.apache.log4j.Logger; |
c481688150e8
Create a new user object if not exists and use user authorization for queries.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
840
diff
changeset
|
21 |
1028
1c41c7b8f7c2
Updated server application to new database model. THIS IS STILL WIP!!!
Raimund Renkert <raimund.renkert@intevation.de>
parents:
857
diff
changeset
|
22 import de.intevation.lada.model.land.KommentarM; |
1c41c7b8f7c2
Updated server application to new database model. THIS IS STILL WIP!!!
Raimund Renkert <raimund.renkert@intevation.de>
parents:
857
diff
changeset
|
23 import de.intevation.lada.model.land.KommentarP; |
1c41c7b8f7c2
Updated server application to new database model. THIS IS STILL WIP!!!
Raimund Renkert <raimund.renkert@intevation.de>
parents:
857
diff
changeset
|
24 import de.intevation.lada.model.land.Messung; |
1c41c7b8f7c2
Updated server application to new database model. THIS IS STILL WIP!!!
Raimund Renkert <raimund.renkert@intevation.de>
parents:
857
diff
changeset
|
25 import de.intevation.lada.model.land.Messwert; |
1c41c7b8f7c2
Updated server application to new database model. THIS IS STILL WIP!!!
Raimund Renkert <raimund.renkert@intevation.de>
parents:
857
diff
changeset
|
26 import de.intevation.lada.model.land.Ortszuordnung; |
1c41c7b8f7c2
Updated server application to new database model. THIS IS STILL WIP!!!
Raimund Renkert <raimund.renkert@intevation.de>
parents:
857
diff
changeset
|
27 import de.intevation.lada.model.land.Probe; |
1c41c7b8f7c2
Updated server application to new database model. THIS IS STILL WIP!!!
Raimund Renkert <raimund.renkert@intevation.de>
parents:
857
diff
changeset
|
28 import de.intevation.lada.model.land.StatusProtokoll; |
1c41c7b8f7c2
Updated server application to new database model. THIS IS STILL WIP!!!
Raimund Renkert <raimund.renkert@intevation.de>
parents:
857
diff
changeset
|
29 import de.intevation.lada.model.land.ZusatzWert; |
1c41c7b8f7c2
Updated server application to new database model. THIS IS STILL WIP!!!
Raimund Renkert <raimund.renkert@intevation.de>
parents:
857
diff
changeset
|
30 import de.intevation.lada.model.stammdaten.Auth; |
1c41c7b8f7c2
Updated server application to new database model. THIS IS STILL WIP!!!
Raimund Renkert <raimund.renkert@intevation.de>
parents:
857
diff
changeset
|
31 import de.intevation.lada.model.stammdaten.DatensatzErzeuger; |
1c41c7b8f7c2
Updated server application to new database model. THIS IS STILL WIP!!!
Raimund Renkert <raimund.renkert@intevation.de>
parents:
857
diff
changeset
|
32 import de.intevation.lada.model.stammdaten.LadaUser; |
1c41c7b8f7c2
Updated server application to new database model. THIS IS STILL WIP!!!
Raimund Renkert <raimund.renkert@intevation.de>
parents:
857
diff
changeset
|
33 import de.intevation.lada.model.stammdaten.MessprogrammKategorie; |
1c41c7b8f7c2
Updated server application to new database model. THIS IS STILL WIP!!!
Raimund Renkert <raimund.renkert@intevation.de>
parents:
857
diff
changeset
|
34 import de.intevation.lada.model.stammdaten.Ort; |
1c41c7b8f7c2
Updated server application to new database model. THIS IS STILL WIP!!!
Raimund Renkert <raimund.renkert@intevation.de>
parents:
857
diff
changeset
|
35 import de.intevation.lada.model.stammdaten.Probenehmer; |
1c41c7b8f7c2
Updated server application to new database model. THIS IS STILL WIP!!!
Raimund Renkert <raimund.renkert@intevation.de>
parents:
857
diff
changeset
|
36 import de.intevation.lada.model.stammdaten.StatusKombi; |
721
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
37 import de.intevation.lada.util.annotation.AuthorizationConfig; |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
38 import de.intevation.lada.util.annotation.RepositoryConfig; |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
39 import de.intevation.lada.util.data.QueryBuilder; |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
40 import de.intevation.lada.util.data.Repository; |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
41 import de.intevation.lada.util.data.RepositoryType; |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
42 import de.intevation.lada.util.rest.RequestMethod; |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
43 import de.intevation.lada.util.rest.Response; |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
44 |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
45 /** |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
46 * Authorize a user via HttpServletRequest attributes. |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
47 * |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
48 * @author <a href="mailto:rrenkert@intevation.de">Raimund Renkert</a> |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
49 */ |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
50 @AuthorizationConfig(type=AuthorizationType.HEADER) |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
51 public class HeaderAuthorization implements Authorization { |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
52 |
857
c481688150e8
Create a new user object if not exists and use user authorization for queries.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
840
diff
changeset
|
53 @Inject |
c481688150e8
Create a new user object if not exists and use user authorization for queries.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
840
diff
changeset
|
54 private Logger logger; |
c481688150e8
Create a new user object if not exists and use user authorization for queries.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
840
diff
changeset
|
55 |
721
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
56 /** |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
57 * The Repository used to read from Database. |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
58 */ |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
59 @Inject |
857
c481688150e8
Create a new user object if not exists and use user authorization for queries.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
840
diff
changeset
|
60 @RepositoryConfig(type=RepositoryType.RW) |
721
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
61 private Repository repository; |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
62 |
833
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
63 @SuppressWarnings("rawtypes") |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
64 private Map<Class, Authorizer> authorizers; |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
65 @Inject ProbeAuthorizer probeAuthorizer; |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
66 @Inject MessungAuthorizer messungAuthorizer; |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
67 @Inject ProbeIdAuthorizer pIdAuthorizer; |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
68 @Inject MessungIdAuthorizer mIdAuthorizer; |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
69 @Inject NetzbetreiberAuthorizer netzAuthorizer; |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
70 |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
71 @SuppressWarnings("rawtypes") |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
72 @PostConstruct |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
73 public void init() { |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
74 authorizers = new HashMap<Class, Authorizer>(); |
1028
1c41c7b8f7c2
Updated server application to new database model. THIS IS STILL WIP!!!
Raimund Renkert <raimund.renkert@intevation.de>
parents:
857
diff
changeset
|
75 authorizers.put(Probe.class, probeAuthorizer); |
1c41c7b8f7c2
Updated server application to new database model. THIS IS STILL WIP!!!
Raimund Renkert <raimund.renkert@intevation.de>
parents:
857
diff
changeset
|
76 authorizers.put(Messung.class, messungAuthorizer); |
1c41c7b8f7c2
Updated server application to new database model. THIS IS STILL WIP!!!
Raimund Renkert <raimund.renkert@intevation.de>
parents:
857
diff
changeset
|
77 authorizers.put(Ortszuordnung.class, pIdAuthorizer); |
1c41c7b8f7c2
Updated server application to new database model. THIS IS STILL WIP!!!
Raimund Renkert <raimund.renkert@intevation.de>
parents:
857
diff
changeset
|
78 authorizers.put(KommentarP.class, pIdAuthorizer); |
1c41c7b8f7c2
Updated server application to new database model. THIS IS STILL WIP!!!
Raimund Renkert <raimund.renkert@intevation.de>
parents:
857
diff
changeset
|
79 authorizers.put(ZusatzWert.class, pIdAuthorizer); |
1c41c7b8f7c2
Updated server application to new database model. THIS IS STILL WIP!!!
Raimund Renkert <raimund.renkert@intevation.de>
parents:
857
diff
changeset
|
80 authorizers.put(KommentarM.class, mIdAuthorizer); |
1c41c7b8f7c2
Updated server application to new database model. THIS IS STILL WIP!!!
Raimund Renkert <raimund.renkert@intevation.de>
parents:
857
diff
changeset
|
81 authorizers.put(Messwert.class, mIdAuthorizer); |
1c41c7b8f7c2
Updated server application to new database model. THIS IS STILL WIP!!!
Raimund Renkert <raimund.renkert@intevation.de>
parents:
857
diff
changeset
|
82 authorizers.put(StatusProtokoll.class, mIdAuthorizer); |
833
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
83 authorizers.put(Probenehmer.class, netzAuthorizer); |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
84 authorizers.put(DatensatzErzeuger.class, netzAuthorizer); |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
85 authorizers.put(MessprogrammKategorie.class, netzAuthorizer); |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
86 authorizers.put(Ort.class, netzAuthorizer); |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
87 } |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
88 |
721
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
89 /** |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
90 * Request user informations using the HttpServletRequest. |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
91 * |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
92 * @param source The HttpServletRequest |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
93 * @return The UserInfo object containing username and groups. |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
94 */ |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
95 @Override |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
96 public UserInfo getInfo(Object source) { |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
97 if (source instanceof HttpServletRequest) { |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
98 HttpServletRequest request = (HttpServletRequest)source; |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
99 String roleString = |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
100 request.getAttribute("lada.user.roles").toString(); |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
101 UserInfo info = getGroupsFromDB(roleString); |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
102 info.setName(request.getAttribute("lada.user.name").toString()); |
857
c481688150e8
Create a new user object if not exists and use user authorization for queries.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
840
diff
changeset
|
103 QueryBuilder<LadaUser> builder = new QueryBuilder<LadaUser>( |
c481688150e8
Create a new user object if not exists and use user authorization for queries.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
840
diff
changeset
|
104 repository.entityManager("stamm"), |
c481688150e8
Create a new user object if not exists and use user authorization for queries.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
840
diff
changeset
|
105 LadaUser.class |
c481688150e8
Create a new user object if not exists and use user authorization for queries.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
840
diff
changeset
|
106 ); |
c481688150e8
Create a new user object if not exists and use user authorization for queries.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
840
diff
changeset
|
107 builder.and("name", info.getName()); |
c481688150e8
Create a new user object if not exists and use user authorization for queries.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
840
diff
changeset
|
108 List<LadaUser> user = repository.filterPlain(builder.getQuery(), "stamm"); |
c481688150e8
Create a new user object if not exists and use user authorization for queries.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
840
diff
changeset
|
109 if (user == null || user.isEmpty()) { |
c481688150e8
Create a new user object if not exists and use user authorization for queries.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
840
diff
changeset
|
110 LadaUser newUser = new LadaUser(); |
c481688150e8
Create a new user object if not exists and use user authorization for queries.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
840
diff
changeset
|
111 newUser.setName(info.getName()); |
c481688150e8
Create a new user object if not exists and use user authorization for queries.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
840
diff
changeset
|
112 Response r = repository.create(newUser, "stamm"); |
c481688150e8
Create a new user object if not exists and use user authorization for queries.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
840
diff
changeset
|
113 user = repository.filterPlain(builder.getQuery(), "stamm"); |
c481688150e8
Create a new user object if not exists and use user authorization for queries.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
840
diff
changeset
|
114 } |
c481688150e8
Create a new user object if not exists and use user authorization for queries.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
840
diff
changeset
|
115 info.setUserId(user.get(0).getId()); |
721
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
116 return info; |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
117 } |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
118 return null; |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
119 } |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
120 |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
121 /** |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
122 * Filter a list of data objects using the user informations contained in |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
123 * the HttpServletRequest. |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
124 * |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
125 * @param source The HttpServletRequest |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
126 * @param data The Response object containing the data. |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
127 * @param clazz The data object class. |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
128 * @return The Response object containing the filtered data. |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
129 */ |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
130 @Override |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
131 public <T> Response filter(Object source, Response data, Class<T> clazz) { |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
132 UserInfo userInfo = this.getInfo(source); |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
133 if (userInfo == null) { |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
134 return data; |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
135 } |
833
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
136 Authorizer authorizer = authorizers.get(clazz); |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
137 //This is a hack... Allows wildcard for unknown classes. |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
138 if (authorizer == null) { |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
139 return data; |
721
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
140 } |
833
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
141 return authorizer.filter(data, userInfo, clazz); |
800
8c336f08e76f
Addedd method to authorize a messung using the id and the status.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
779
diff
changeset
|
142 } |
8c336f08e76f
Addedd method to authorize a messung using the id and the status.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
779
diff
changeset
|
143 |
721
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
144 /** |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
145 * Check whether a user is authorized to operate on the given data. |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
146 * |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
147 * @param source The HttpServletRequest containing user information. |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
148 * @param data The data to test. |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
149 * @param method The Http request type. |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
150 * @param clazz The data object class. |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
151 * @return True if the user is authorized else returns false. |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
152 */ |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
153 @Override |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
154 public <T> boolean isAuthorized( |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
155 Object source, |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
156 Object data, |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
157 RequestMethod method, |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
158 Class<T> clazz |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
159 ) { |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
160 UserInfo userInfo = this.getInfo(source); |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
161 if (userInfo == null) { |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
162 return false; |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
163 } |
833
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
164 Authorizer authorizer = authorizers.get(clazz); |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
165 //This is a hack... Allows wildcard for unknown classes. |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
166 if (authorizer == null) { |
721
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
167 return true; |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
168 } |
833
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
169 return authorizer.isAuthorized(data, method, userInfo, clazz); |
721
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
170 } |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
171 |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
172 /** |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
173 * Request the lada specific groups. |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
174 * |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
175 * @param roles The roles defined in the OpenId server. |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
176 * @return The UserInfo contianing roles and user name. |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
177 */ |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
178 private UserInfo getGroupsFromDB(String roles) { |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
179 QueryBuilder<Auth> builder = new QueryBuilder<Auth>( |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
180 repository.entityManager("stamm"), |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
181 Auth.class); |
726
a5c755b0cfda
Filter the group string. This should be tidied...
Dustin Demuth <dustin@intevation.de>
parents:
721
diff
changeset
|
182 roles = roles.replace("[",""); |
a5c755b0cfda
Filter the group string. This should be tidied...
Dustin Demuth <dustin@intevation.de>
parents:
721
diff
changeset
|
183 roles = roles.replace("]",""); |
a5c755b0cfda
Filter the group string. This should be tidied...
Dustin Demuth <dustin@intevation.de>
parents:
721
diff
changeset
|
184 roles = roles.replace(" ",""); |
a5c755b0cfda
Filter the group string. This should be tidied...
Dustin Demuth <dustin@intevation.de>
parents:
721
diff
changeset
|
185 String[] mst = roles.split(","); |
a5c755b0cfda
Filter the group string. This should be tidied...
Dustin Demuth <dustin@intevation.de>
parents:
721
diff
changeset
|
186 builder.andIn("ldapGroup", Arrays.asList(mst)); |
721
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
187 Response response = repository.filter(builder.getQuery(), "stamm"); |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
188 @SuppressWarnings("unchecked") |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
189 List<Auth> auth = (List<Auth>)response.getData(); |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
190 UserInfo userInfo = new UserInfo(); |
838
1ed347eb856b
Use auth objects in user info to keep mst <-> function association.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
191 userInfo.setAuth(auth); |
721
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
192 return userInfo; |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
193 } |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
194 |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
195 /** |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
196 * Test whether a probe is readonly. |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
197 * |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
198 * @param probeId The probe Id. |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
199 * @return True if the probe is readonly. |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
200 */ |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
201 @Override |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
202 public boolean isReadOnly(Integer probeId) { |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
203 EntityManager manager = repository.entityManager("land"); |
1028
1c41c7b8f7c2
Updated server application to new database model. THIS IS STILL WIP!!!
Raimund Renkert <raimund.renkert@intevation.de>
parents:
857
diff
changeset
|
204 QueryBuilder<Messung> builder = |
1c41c7b8f7c2
Updated server application to new database model. THIS IS STILL WIP!!!
Raimund Renkert <raimund.renkert@intevation.de>
parents:
857
diff
changeset
|
205 new QueryBuilder<Messung>( |
721
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
206 manager, |
1028
1c41c7b8f7c2
Updated server application to new database model. THIS IS STILL WIP!!!
Raimund Renkert <raimund.renkert@intevation.de>
parents:
857
diff
changeset
|
207 Messung.class); |
721
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
208 builder.and("probeId", probeId); |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
209 Response response = repository.filter(builder.getQuery(), "land"); |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
210 @SuppressWarnings("unchecked") |
1028
1c41c7b8f7c2
Updated server application to new database model. THIS IS STILL WIP!!!
Raimund Renkert <raimund.renkert@intevation.de>
parents:
857
diff
changeset
|
211 List<Messung> messungen = (List<Messung>) response.getData(); |
772
46e0523bbd80
Authorize messungen with status and not the "fertig"-flag.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
760
diff
changeset
|
212 for (int i = 0; i < messungen.size(); i++) { |
46e0523bbd80
Authorize messungen with status and not the "fertig"-flag.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
760
diff
changeset
|
213 if (messungen.get(i).getStatus() == null) { |
840 | 214 continue; |
772
46e0523bbd80
Authorize messungen with status and not the "fertig"-flag.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
760
diff
changeset
|
215 } |
1028
1c41c7b8f7c2
Updated server application to new database model. THIS IS STILL WIP!!!
Raimund Renkert <raimund.renkert@intevation.de>
parents:
857
diff
changeset
|
216 StatusProtokoll status = repository.getByIdPlain( |
1c41c7b8f7c2
Updated server application to new database model. THIS IS STILL WIP!!!
Raimund Renkert <raimund.renkert@intevation.de>
parents:
857
diff
changeset
|
217 StatusProtokoll.class, messungen.get(i).getStatus(), "land"); |
1c41c7b8f7c2
Updated server application to new database model. THIS IS STILL WIP!!!
Raimund Renkert <raimund.renkert@intevation.de>
parents:
857
diff
changeset
|
218 StatusKombi kombi = repository.getByIdPlain( |
1c41c7b8f7c2
Updated server application to new database model. THIS IS STILL WIP!!!
Raimund Renkert <raimund.renkert@intevation.de>
parents:
857
diff
changeset
|
219 StatusKombi.class, status.getStatusKombi(), "stamm"); |
1c41c7b8f7c2
Updated server application to new database model. THIS IS STILL WIP!!!
Raimund Renkert <raimund.renkert@intevation.de>
parents:
857
diff
changeset
|
220 if (kombi.getStatusWert().getId() != 0 && |
1c41c7b8f7c2
Updated server application to new database model. THIS IS STILL WIP!!!
Raimund Renkert <raimund.renkert@intevation.de>
parents:
857
diff
changeset
|
221 kombi.getStatusWert().getId() != 4) { |
772
46e0523bbd80
Authorize messungen with status and not the "fertig"-flag.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
760
diff
changeset
|
222 return true; |
46e0523bbd80
Authorize messungen with status and not the "fertig"-flag.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
760
diff
changeset
|
223 } |
721
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
224 } |
772
46e0523bbd80
Authorize messungen with status and not the "fertig"-flag.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
760
diff
changeset
|
225 return false; |
721
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
226 } |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
227 |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
228 /** |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
229 * Check whether a user is authorized to operate on the given probe. |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
230 * |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
231 * @param userInfo The user information. |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
232 * @param data The probe data to test. |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
233 * @return True if the user is authorized else returns false. |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
234 */ |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
235 @Override |
833
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
236 public <T> boolean isAuthorized( |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
237 UserInfo userInfo, |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
238 Object data, |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
239 Class<T> clazz |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
240 ) { |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
241 Authorizer authorizer = authorizers.get(clazz); |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
242 //This is a hack... Allows wildcard for unknown classes. |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
243 if (authorizer == null) { |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
244 return true; |
801
d0510a89e701
Updated the authorization to fit the needs of the new status workflow.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
800
diff
changeset
|
245 } |
833
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
246 return authorizer.isAuthorized(data, RequestMethod.GET, userInfo, clazz); |
779
64adf06df02f
Use status to get readonly flag for messungen.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
772
diff
changeset
|
247 } |
721
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
248 } |