lada/lada-server: src/main/java/de/intevation/lada/util/auth/HeaderAuthorization.java annotate

annotate src/main/java/de/intevation/lada/util/auth/HeaderAuthorization.java @ 1305:1e0ba37ff3d8

Removed comment.

author	Raimund Renkert <raimund.renkert@intevation.de>
date	Tue, 28 Feb 2017 14:56:14 +0100
parents	a0da035cc831
children

rev	line source
721 6eed8b5decb1 Added shibboleth authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	1 /* Copyright (C) 2013 by Bundesamt fuer Strahlenschutz
6eed8b5decb1 Added shibboleth authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	2 * Software engineering by Intevation GmbH
6eed8b5decb1 Added shibboleth authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	3 *
6eed8b5decb1 Added shibboleth authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	4 * This file is Free Software under the GNU GPL (v>=3)
6eed8b5decb1 Added shibboleth authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	5 * and comes with ABSOLUTELY NO WARRANTY! Check out
6eed8b5decb1 Added shibboleth authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	6 * the documentation coming with IMIS-Labordaten-Application for details.
6eed8b5decb1 Added shibboleth authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	7 */
6eed8b5decb1 Added shibboleth authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	8 package de.intevation.lada.util.auth;
6eed8b5decb1 Added shibboleth authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	9
6eed8b5decb1 Added shibboleth authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	10 import java.util.Arrays;
833 fa922101a462 Refactored Authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: 801 diff changeset	11 import java.util.HashMap;
721 6eed8b5decb1 Added shibboleth authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	12 import java.util.List;
833 fa922101a462 Refactored Authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: 801 diff changeset	13 import java.util.Map;
721 6eed8b5decb1 Added shibboleth authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	14
833 fa922101a462 Refactored Authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: 801 diff changeset	15 import javax.annotation.PostConstruct;
721 6eed8b5decb1 Added shibboleth authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	16 import javax.inject.Inject;
6eed8b5decb1 Added shibboleth authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	17 import javax.persistence.EntityManager;
6eed8b5decb1 Added shibboleth authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	18 import javax.servlet.http.HttpServletRequest;
6eed8b5decb1 Added shibboleth authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	19
1097 186d602e031a Merged branch schema-update into default. Tom Gottfried <tom@intevation.de> parents: 1071 diff changeset	20 import de.intevation.lada.model.land.KommentarM;
186d602e031a Merged branch schema-update into default. Tom Gottfried <tom@intevation.de> parents: 1071 diff changeset	21 import de.intevation.lada.model.land.KommentarP;
1150 cf1eb19f896b Authorize messprogramm - messmethode. Raimund Renkert <raimund.renkert@intevation.de> parents: 1104 diff changeset	22 import de.intevation.lada.model.land.Messprogramm;
cf1eb19f896b Authorize messprogramm - messmethode. Raimund Renkert <raimund.renkert@intevation.de> parents: 1104 diff changeset	23 import de.intevation.lada.model.land.MessprogrammMmt;
1097 186d602e031a Merged branch schema-update into default. Tom Gottfried <tom@intevation.de> parents: 1071 diff changeset	24 import de.intevation.lada.model.land.Messung;
186d602e031a Merged branch schema-update into default. Tom Gottfried <tom@intevation.de> parents: 1071 diff changeset	25 import de.intevation.lada.model.land.Messwert;
186d602e031a Merged branch schema-update into default. Tom Gottfried <tom@intevation.de> parents: 1071 diff changeset	26 import de.intevation.lada.model.land.Ortszuordnung;
1265 a1323ef2c330 Changed ortszuordnungs model in messprogramm. Raimund Renkert <raimund.renkert@intevation.de> parents: 1150 diff changeset	27 import de.intevation.lada.model.land.OrtszuordnungMp;
1097 186d602e031a Merged branch schema-update into default. Tom Gottfried <tom@intevation.de> parents: 1071 diff changeset	28 import de.intevation.lada.model.land.Probe;
186d602e031a Merged branch schema-update into default. Tom Gottfried <tom@intevation.de> parents: 1071 diff changeset	29 import de.intevation.lada.model.land.StatusProtokoll;
186d602e031a Merged branch schema-update into default. Tom Gottfried <tom@intevation.de> parents: 1071 diff changeset	30 import de.intevation.lada.model.land.ZusatzWert;
186d602e031a Merged branch schema-update into default. Tom Gottfried <tom@intevation.de> parents: 1071 diff changeset	31 import de.intevation.lada.model.stammdaten.Auth;
186d602e031a Merged branch schema-update into default. Tom Gottfried <tom@intevation.de> parents: 1071 diff changeset	32 import de.intevation.lada.model.stammdaten.DatensatzErzeuger;
186d602e031a Merged branch schema-update into default. Tom Gottfried <tom@intevation.de> parents: 1071 diff changeset	33 import de.intevation.lada.model.stammdaten.LadaUser;
186d602e031a Merged branch schema-update into default. Tom Gottfried <tom@intevation.de> parents: 1071 diff changeset	34 import de.intevation.lada.model.stammdaten.MessprogrammKategorie;
186d602e031a Merged branch schema-update into default. Tom Gottfried <tom@intevation.de> parents: 1071 diff changeset	35 import de.intevation.lada.model.stammdaten.Ort;
186d602e031a Merged branch schema-update into default. Tom Gottfried <tom@intevation.de> parents: 1071 diff changeset	36 import de.intevation.lada.model.stammdaten.Probenehmer;
186d602e031a Merged branch schema-update into default. Tom Gottfried <tom@intevation.de> parents: 1071 diff changeset	37 import de.intevation.lada.model.stammdaten.StatusKombi;
721 6eed8b5decb1 Added shibboleth authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	38 import de.intevation.lada.util.annotation.AuthorizationConfig;
6eed8b5decb1 Added shibboleth authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	39 import de.intevation.lada.util.annotation.RepositoryConfig;
6eed8b5decb1 Added shibboleth authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	40 import de.intevation.lada.util.data.QueryBuilder;
6eed8b5decb1 Added shibboleth authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	41 import de.intevation.lada.util.data.Repository;
6eed8b5decb1 Added shibboleth authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	42 import de.intevation.lada.util.data.RepositoryType;
6eed8b5decb1 Added shibboleth authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	43 import de.intevation.lada.util.rest.RequestMethod;
6eed8b5decb1 Added shibboleth authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	44 import de.intevation.lada.util.rest.Response;
6eed8b5decb1 Added shibboleth authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	45
6eed8b5decb1 Added shibboleth authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	46 /**
6eed8b5decb1 Added shibboleth authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	47 * Authorize a user via HttpServletRequest attributes.
6eed8b5decb1 Added shibboleth authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	48 *
6eed8b5decb1 Added shibboleth authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	49 * @author <a href="mailto:rrenkert@intevation.de">Raimund Renkert</a>
6eed8b5decb1 Added shibboleth authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	50 */
6eed8b5decb1 Added shibboleth authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	51 @AuthorizationConfig(type=AuthorizationType.HEADER)
6eed8b5decb1 Added shibboleth authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	52 public class HeaderAuthorization implements Authorization {
6eed8b5decb1 Added shibboleth authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	53
6eed8b5decb1 Added shibboleth authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	54 /**
6eed8b5decb1 Added shibboleth authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	55 * The Repository used to read from Database.
6eed8b5decb1 Added shibboleth authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	56 */
6eed8b5decb1 Added shibboleth authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	57 @Inject
857 c481688150e8 Create a new user object if not exists and use user authorization for queries. Raimund Renkert <raimund.renkert@intevation.de> parents: 840 diff changeset	58 @RepositoryConfig(type=RepositoryType.RW)
721 6eed8b5decb1 Added shibboleth authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	59 private Repository repository;
6eed8b5decb1 Added shibboleth authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	60
833 fa922101a462 Refactored Authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: 801 diff changeset	61 @SuppressWarnings("rawtypes")
fa922101a462 Refactored Authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: 801 diff changeset	62 private Map<Class, Authorizer> authorizers;
fa922101a462 Refactored Authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: 801 diff changeset	63 @Inject ProbeAuthorizer probeAuthorizer;
fa922101a462 Refactored Authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: 801 diff changeset	64 @Inject MessungAuthorizer messungAuthorizer;
fa922101a462 Refactored Authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: 801 diff changeset	65 @Inject ProbeIdAuthorizer pIdAuthorizer;
fa922101a462 Refactored Authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: 801 diff changeset	66 @Inject MessungIdAuthorizer mIdAuthorizer;
fa922101a462 Refactored Authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: 801 diff changeset	67 @Inject NetzbetreiberAuthorizer netzAuthorizer;
1070 f78f90446084 Add minimalistic authorization for Messprogramm. Tom Gottfried <tom@intevation.de> parents: 857 diff changeset	68 @Inject MessprogrammAuthorizer messprogrammAuthorizer;
1265 a1323ef2c330 Changed ortszuordnungs model in messprogramm. Raimund Renkert <raimund.renkert@intevation.de> parents: 1150 diff changeset	69 @Inject MessprogrammIdAuthorizer mpIdAuthorizer;
833 fa922101a462 Refactored Authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: 801 diff changeset	70
fa922101a462 Refactored Authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: 801 diff changeset	71 @SuppressWarnings("rawtypes")
fa922101a462 Refactored Authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: 801 diff changeset	72 @PostConstruct
fa922101a462 Refactored Authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: 801 diff changeset	73 public void init() {
fa922101a462 Refactored Authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: 801 diff changeset	74 authorizers = new HashMap<Class, Authorizer>();
1097 186d602e031a Merged branch schema-update into default. Tom Gottfried <tom@intevation.de> parents: 1071 diff changeset	75 authorizers.put(Probe.class, probeAuthorizer);
186d602e031a Merged branch schema-update into default. Tom Gottfried <tom@intevation.de> parents: 1071 diff changeset	76 authorizers.put(Messung.class, messungAuthorizer);
186d602e031a Merged branch schema-update into default. Tom Gottfried <tom@intevation.de> parents: 1071 diff changeset	77 authorizers.put(Ortszuordnung.class, pIdAuthorizer);
186d602e031a Merged branch schema-update into default. Tom Gottfried <tom@intevation.de> parents: 1071 diff changeset	78 authorizers.put(KommentarP.class, pIdAuthorizer);
186d602e031a Merged branch schema-update into default. Tom Gottfried <tom@intevation.de> parents: 1071 diff changeset	79 authorizers.put(ZusatzWert.class, pIdAuthorizer);
186d602e031a Merged branch schema-update into default. Tom Gottfried <tom@intevation.de> parents: 1071 diff changeset	80 authorizers.put(KommentarM.class, mIdAuthorizer);
186d602e031a Merged branch schema-update into default. Tom Gottfried <tom@intevation.de> parents: 1071 diff changeset	81 authorizers.put(Messwert.class, mIdAuthorizer);
186d602e031a Merged branch schema-update into default. Tom Gottfried <tom@intevation.de> parents: 1071 diff changeset	82 authorizers.put(StatusProtokoll.class, mIdAuthorizer);
833 fa922101a462 Refactored Authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: 801 diff changeset	83 authorizers.put(Probenehmer.class, netzAuthorizer);
fa922101a462 Refactored Authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: 801 diff changeset	84 authorizers.put(DatensatzErzeuger.class, netzAuthorizer);
fa922101a462 Refactored Authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: 801 diff changeset	85 authorizers.put(MessprogrammKategorie.class, netzAuthorizer);
fa922101a462 Refactored Authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: 801 diff changeset	86 authorizers.put(Ort.class, netzAuthorizer);
1070 f78f90446084 Add minimalistic authorization for Messprogramm. Tom Gottfried <tom@intevation.de> parents: 857 diff changeset	87 authorizers.put(Messprogramm.class, messprogrammAuthorizer);
1150 cf1eb19f896b Authorize messprogramm - messmethode. Raimund Renkert <raimund.renkert@intevation.de> parents: 1104 diff changeset	88 authorizers.put(MessprogrammMmt.class, messprogrammAuthorizer);
1265 a1323ef2c330 Changed ortszuordnungs model in messprogramm. Raimund Renkert <raimund.renkert@intevation.de> parents: 1150 diff changeset	89 authorizers.put(OrtszuordnungMp.class, mpIdAuthorizer);
833 fa922101a462 Refactored Authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: 801 diff changeset	90 }
fa922101a462 Refactored Authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: 801 diff changeset	91
721 6eed8b5decb1 Added shibboleth authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	92 /**
6eed8b5decb1 Added shibboleth authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	93 * Request user informations using the HttpServletRequest.
6eed8b5decb1 Added shibboleth authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	94 *
6eed8b5decb1 Added shibboleth authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	95 * @param source The HttpServletRequest
6eed8b5decb1 Added shibboleth authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	96 * @return The UserInfo object containing username and groups.
6eed8b5decb1 Added shibboleth authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	97 */
6eed8b5decb1 Added shibboleth authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	98 @Override
6eed8b5decb1 Added shibboleth authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	99 public UserInfo getInfo(Object source) {
6eed8b5decb1 Added shibboleth authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	100 if (source instanceof HttpServletRequest) {
6eed8b5decb1 Added shibboleth authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	101 HttpServletRequest request = (HttpServletRequest)source;
6eed8b5decb1 Added shibboleth authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	102 String roleString =
6eed8b5decb1 Added shibboleth authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	103 request.getAttribute("lada.user.roles").toString();
6eed8b5decb1 Added shibboleth authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	104 UserInfo info = getGroupsFromDB(roleString);
6eed8b5decb1 Added shibboleth authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	105 info.setName(request.getAttribute("lada.user.name").toString());
857 c481688150e8 Create a new user object if not exists and use user authorization for queries. Raimund Renkert <raimund.renkert@intevation.de> parents: 840 diff changeset	106 QueryBuilder<LadaUser> builder = new QueryBuilder<LadaUser>(
c481688150e8 Create a new user object if not exists and use user authorization for queries. Raimund Renkert <raimund.renkert@intevation.de> parents: 840 diff changeset	107 repository.entityManager("stamm"),
c481688150e8 Create a new user object if not exists and use user authorization for queries. Raimund Renkert <raimund.renkert@intevation.de> parents: 840 diff changeset	108 LadaUser.class
c481688150e8 Create a new user object if not exists and use user authorization for queries. Raimund Renkert <raimund.renkert@intevation.de> parents: 840 diff changeset	109 );
c481688150e8 Create a new user object if not exists and use user authorization for queries. Raimund Renkert <raimund.renkert@intevation.de> parents: 840 diff changeset	110 builder.and("name", info.getName());
c481688150e8 Create a new user object if not exists and use user authorization for queries. Raimund Renkert <raimund.renkert@intevation.de> parents: 840 diff changeset	111 List<LadaUser> user = repository.filterPlain(builder.getQuery(), "stamm");
c481688150e8 Create a new user object if not exists and use user authorization for queries. Raimund Renkert <raimund.renkert@intevation.de> parents: 840 diff changeset	112 if (user == null \|\| user.isEmpty()) {
c481688150e8 Create a new user object if not exists and use user authorization for queries. Raimund Renkert <raimund.renkert@intevation.de> parents: 840 diff changeset	113 LadaUser newUser = new LadaUser();
c481688150e8 Create a new user object if not exists and use user authorization for queries. Raimund Renkert <raimund.renkert@intevation.de> parents: 840 diff changeset	114 newUser.setName(info.getName());
c481688150e8 Create a new user object if not exists and use user authorization for queries. Raimund Renkert <raimund.renkert@intevation.de> parents: 840 diff changeset	115 Response r = repository.create(newUser, "stamm");
c481688150e8 Create a new user object if not exists and use user authorization for queries. Raimund Renkert <raimund.renkert@intevation.de> parents: 840 diff changeset	116 user = repository.filterPlain(builder.getQuery(), "stamm");
c481688150e8 Create a new user object if not exists and use user authorization for queries. Raimund Renkert <raimund.renkert@intevation.de> parents: 840 diff changeset	117 }
c481688150e8 Create a new user object if not exists and use user authorization for queries. Raimund Renkert <raimund.renkert@intevation.de> parents: 840 diff changeset	118 info.setUserId(user.get(0).getId());
721 6eed8b5decb1 Added shibboleth authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	119 return info;
6eed8b5decb1 Added shibboleth authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	120 }
6eed8b5decb1 Added shibboleth authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	121 return null;
6eed8b5decb1 Added shibboleth authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	122 }
6eed8b5decb1 Added shibboleth authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	123
6eed8b5decb1 Added shibboleth authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	124 /**
6eed8b5decb1 Added shibboleth authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	125 * Filter a list of data objects using the user informations contained in
6eed8b5decb1 Added shibboleth authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	126 * the HttpServletRequest.
6eed8b5decb1 Added shibboleth authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	127 *
6eed8b5decb1 Added shibboleth authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	128 * @param source The HttpServletRequest
6eed8b5decb1 Added shibboleth authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	129 * @param data The Response object containing the data.
6eed8b5decb1 Added shibboleth authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	130 * @param clazz The data object class.
6eed8b5decb1 Added shibboleth authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	131 * @return The Response object containing the filtered data.
6eed8b5decb1 Added shibboleth authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	132 */
6eed8b5decb1 Added shibboleth authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	133 @Override
6eed8b5decb1 Added shibboleth authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	134 public <T> Response filter(Object source, Response data, Class<T> clazz) {
6eed8b5decb1 Added shibboleth authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	135 UserInfo userInfo = this.getInfo(source);
6eed8b5decb1 Added shibboleth authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	136 if (userInfo == null) {
6eed8b5decb1 Added shibboleth authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	137 return data;
6eed8b5decb1 Added shibboleth authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	138 }
833 fa922101a462 Refactored Authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: 801 diff changeset	139 Authorizer authorizer = authorizers.get(clazz);
fa922101a462 Refactored Authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: 801 diff changeset	140 if (authorizer == null) {
1303 a0da035cc831 Do not allow access to unknow classes. Raimund Renkert <raimund.renkert@intevation.de> parents: 1265 diff changeset	141 return new Response(false, 699, null);
721 6eed8b5decb1 Added shibboleth authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	142 }
833 fa922101a462 Refactored Authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: 801 diff changeset	143 return authorizer.filter(data, userInfo, clazz);
800 8c336f08e76f Addedd method to authorize a messung using the id and the status. Raimund Renkert <raimund.renkert@intevation.de> parents: 779 diff changeset	144 }
8c336f08e76f Addedd method to authorize a messung using the id and the status. Raimund Renkert <raimund.renkert@intevation.de> parents: 779 diff changeset	145
721 6eed8b5decb1 Added shibboleth authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	146 /**
6eed8b5decb1 Added shibboleth authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	147 * Check whether a user is authorized to operate on the given data.
6eed8b5decb1 Added shibboleth authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	148 *
6eed8b5decb1 Added shibboleth authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	149 * @param source The HttpServletRequest containing user information.
6eed8b5decb1 Added shibboleth authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	150 * @param data The data to test.
6eed8b5decb1 Added shibboleth authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	151 * @param method The Http request type.
6eed8b5decb1 Added shibboleth authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	152 * @param clazz The data object class.
6eed8b5decb1 Added shibboleth authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	153 * @return True if the user is authorized else returns false.
6eed8b5decb1 Added shibboleth authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	154 */
6eed8b5decb1 Added shibboleth authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	155 @Override
6eed8b5decb1 Added shibboleth authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	156 public <T> boolean isAuthorized(
6eed8b5decb1 Added shibboleth authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	157 Object source,
6eed8b5decb1 Added shibboleth authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	158 Object data,
6eed8b5decb1 Added shibboleth authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	159 RequestMethod method,
6eed8b5decb1 Added shibboleth authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	160 Class<T> clazz
6eed8b5decb1 Added shibboleth authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	161 ) {
6eed8b5decb1 Added shibboleth authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	162 UserInfo userInfo = this.getInfo(source);
6eed8b5decb1 Added shibboleth authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	163 if (userInfo == null) {
6eed8b5decb1 Added shibboleth authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	164 return false;
6eed8b5decb1 Added shibboleth authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	165 }
833 fa922101a462 Refactored Authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: 801 diff changeset	166 Authorizer authorizer = authorizers.get(clazz);
1071 02915a07e186 Do not authorize everything unknown. Tom Gottfried <tom@intevation.de> parents: 1070 diff changeset	167 // Do not authorize anything unknown
833 fa922101a462 Refactored Authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: 801 diff changeset	168 if (authorizer == null) {
1071 02915a07e186 Do not authorize everything unknown. Tom Gottfried <tom@intevation.de> parents: 1070 diff changeset	169 return false;
721 6eed8b5decb1 Added shibboleth authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	170 }
833 fa922101a462 Refactored Authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: 801 diff changeset	171 return authorizer.isAuthorized(data, method, userInfo, clazz);
721 6eed8b5decb1 Added shibboleth authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	172 }
6eed8b5decb1 Added shibboleth authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	173
6eed8b5decb1 Added shibboleth authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	174 /**
6eed8b5decb1 Added shibboleth authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	175 * Request the lada specific groups.
6eed8b5decb1 Added shibboleth authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	176 *
6eed8b5decb1 Added shibboleth authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	177 * @param roles The roles defined in the OpenId server.
6eed8b5decb1 Added shibboleth authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	178 * @return The UserInfo contianing roles and user name.
6eed8b5decb1 Added shibboleth authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	179 */
6eed8b5decb1 Added shibboleth authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	180 private UserInfo getGroupsFromDB(String roles) {
6eed8b5decb1 Added shibboleth authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	181 QueryBuilder<Auth> builder = new QueryBuilder<Auth>(
6eed8b5decb1 Added shibboleth authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	182 repository.entityManager("stamm"),
6eed8b5decb1 Added shibboleth authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	183 Auth.class);
726 a5c755b0cfda Filter the group string. This should be tidied... Dustin Demuth <dustin@intevation.de> parents: 721 diff changeset	184 roles = roles.replace("[","");
a5c755b0cfda Filter the group string. This should be tidied... Dustin Demuth <dustin@intevation.de> parents: 721 diff changeset	185 roles = roles.replace("]","");
a5c755b0cfda Filter the group string. This should be tidied... Dustin Demuth <dustin@intevation.de> parents: 721 diff changeset	186 roles = roles.replace(" ","");
a5c755b0cfda Filter the group string. This should be tidied... Dustin Demuth <dustin@intevation.de> parents: 721 diff changeset	187 String[] mst = roles.split(",");
a5c755b0cfda Filter the group string. This should be tidied... Dustin Demuth <dustin@intevation.de> parents: 721 diff changeset	188 builder.andIn("ldapGroup", Arrays.asList(mst));
721 6eed8b5decb1 Added shibboleth authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	189 Response response = repository.filter(builder.getQuery(), "stamm");
6eed8b5decb1 Added shibboleth authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	190 @SuppressWarnings("unchecked")
6eed8b5decb1 Added shibboleth authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	191 List<Auth> auth = (List<Auth>)response.getData();
6eed8b5decb1 Added shibboleth authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	192 UserInfo userInfo = new UserInfo();
838 1ed347eb856b Use auth objects in user info to keep mst <-> function association. Raimund Renkert <raimund.renkert@intevation.de> parents: 801 diff changeset	193 userInfo.setAuth(auth);
721 6eed8b5decb1 Added shibboleth authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	194 return userInfo;
6eed8b5decb1 Added shibboleth authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	195 }
6eed8b5decb1 Added shibboleth authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	196
6eed8b5decb1 Added shibboleth authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	197 /**
6eed8b5decb1 Added shibboleth authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	198 * Test whether a probe is readonly.
6eed8b5decb1 Added shibboleth authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	199 *
6eed8b5decb1 Added shibboleth authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	200 * @param probeId The probe Id.
6eed8b5decb1 Added shibboleth authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	201 * @return True if the probe is readonly.
6eed8b5decb1 Added shibboleth authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	202 */
6eed8b5decb1 Added shibboleth authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	203 @Override
6eed8b5decb1 Added shibboleth authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	204 public boolean isReadOnly(Integer probeId) {
6eed8b5decb1 Added shibboleth authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	205 EntityManager manager = repository.entityManager("land");
1097 186d602e031a Merged branch schema-update into default. Tom Gottfried <tom@intevation.de> parents: 1071 diff changeset	206 QueryBuilder<Messung> builder =
186d602e031a Merged branch schema-update into default. Tom Gottfried <tom@intevation.de> parents: 1071 diff changeset	207 new QueryBuilder<Messung>(
721 6eed8b5decb1 Added shibboleth authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	208 manager,
1097 186d602e031a Merged branch schema-update into default. Tom Gottfried <tom@intevation.de> parents: 1071 diff changeset	209 Messung.class);
721 6eed8b5decb1 Added shibboleth authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	210 builder.and("probeId", probeId);
6eed8b5decb1 Added shibboleth authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	211 Response response = repository.filter(builder.getQuery(), "land");
6eed8b5decb1 Added shibboleth authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	212 @SuppressWarnings("unchecked")
1097 186d602e031a Merged branch schema-update into default. Tom Gottfried <tom@intevation.de> parents: 1071 diff changeset	213 List<Messung> messungen = (List<Messung>) response.getData();
772 46e0523bbd80 Authorize messungen with status and not the "fertig"-flag. Raimund Renkert <raimund.renkert@intevation.de> parents: 760 diff changeset	214 for (int i = 0; i < messungen.size(); i++) {
46e0523bbd80 Authorize messungen with status and not the "fertig"-flag. Raimund Renkert <raimund.renkert@intevation.de> parents: 760 diff changeset	215 if (messungen.get(i).getStatus() == null) {
840 2fe625c91ab3 Merged branches. Raimund Renkert <raimund.renkert@intevation.de> parents: 833 838 diff changeset	216 continue;
772 46e0523bbd80 Authorize messungen with status and not the "fertig"-flag. Raimund Renkert <raimund.renkert@intevation.de> parents: 760 diff changeset	217 }
1097 186d602e031a Merged branch schema-update into default. Tom Gottfried <tom@intevation.de> parents: 1071 diff changeset	218 StatusProtokoll status = repository.getByIdPlain(
186d602e031a Merged branch schema-update into default. Tom Gottfried <tom@intevation.de> parents: 1071 diff changeset	219 StatusProtokoll.class, messungen.get(i).getStatus(), "land");
186d602e031a Merged branch schema-update into default. Tom Gottfried <tom@intevation.de> parents: 1071 diff changeset	220 StatusKombi kombi = repository.getByIdPlain(
186d602e031a Merged branch schema-update into default. Tom Gottfried <tom@intevation.de> parents: 1071 diff changeset	221 StatusKombi.class, status.getStatusKombi(), "stamm");
186d602e031a Merged branch schema-update into default. Tom Gottfried <tom@intevation.de> parents: 1071 diff changeset	222 if (kombi.getStatusWert().getId() != 0 &&
186d602e031a Merged branch schema-update into default. Tom Gottfried <tom@intevation.de> parents: 1071 diff changeset	223 kombi.getStatusWert().getId() != 4) {
772 46e0523bbd80 Authorize messungen with status and not the "fertig"-flag. Raimund Renkert <raimund.renkert@intevation.de> parents: 760 diff changeset	224 return true;
46e0523bbd80 Authorize messungen with status and not the "fertig"-flag. Raimund Renkert <raimund.renkert@intevation.de> parents: 760 diff changeset	225 }
721 6eed8b5decb1 Added shibboleth authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	226 }
772 46e0523bbd80 Authorize messungen with status and not the "fertig"-flag. Raimund Renkert <raimund.renkert@intevation.de> parents: 760 diff changeset	227 return false;
721 6eed8b5decb1 Added shibboleth authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	228 }
6eed8b5decb1 Added shibboleth authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	229
6eed8b5decb1 Added shibboleth authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	230 /**
6eed8b5decb1 Added shibboleth authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	231 * Check whether a user is authorized to operate on the given probe.
6eed8b5decb1 Added shibboleth authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	232 *
6eed8b5decb1 Added shibboleth authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	233 * @param userInfo The user information.
6eed8b5decb1 Added shibboleth authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	234 * @param data The probe data to test.
6eed8b5decb1 Added shibboleth authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	235 * @return True if the user is authorized else returns false.
6eed8b5decb1 Added shibboleth authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	236 */
6eed8b5decb1 Added shibboleth authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	237 @Override
833 fa922101a462 Refactored Authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: 801 diff changeset	238 public <T> boolean isAuthorized(
fa922101a462 Refactored Authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: 801 diff changeset	239 UserInfo userInfo,
fa922101a462 Refactored Authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: 801 diff changeset	240 Object data,
fa922101a462 Refactored Authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: 801 diff changeset	241 Class<T> clazz
fa922101a462 Refactored Authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: 801 diff changeset	242 ) {
fa922101a462 Refactored Authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: 801 diff changeset	243 Authorizer authorizer = authorizers.get(clazz);
fa922101a462 Refactored Authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: 801 diff changeset	244 if (authorizer == null) {
1303 a0da035cc831 Do not allow access to unknow classes. Raimund Renkert <raimund.renkert@intevation.de> parents: 1265 diff changeset	245 return false;
801 d0510a89e701 Updated the authorization to fit the needs of the new status workflow. Raimund Renkert <raimund.renkert@intevation.de> parents: 800 diff changeset	246 }
833 fa922101a462 Refactored Authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: 801 diff changeset	247 return authorizer.isAuthorized(data, RequestMethod.GET, userInfo, clazz);
779 64adf06df02f Use status to get readonly flag for messungen. Raimund Renkert <raimund.renkert@intevation.de> parents: 772 diff changeset	248 }
1104 657f35a7467d Added method to authorize new objects. Raimund Renkert <raimund.renkert@intevation.de> parents: 1097 diff changeset	249
657f35a7467d Added method to authorize new objects. Raimund Renkert <raimund.renkert@intevation.de> parents: 1097 diff changeset	250 /**
657f35a7467d Added method to authorize new objects. Raimund Renkert <raimund.renkert@intevation.de> parents: 1097 diff changeset	251 * Check whether a user is authorized to operate on the given probe.
657f35a7467d Added method to authorize new objects. Raimund Renkert <raimund.renkert@intevation.de> parents: 1097 diff changeset	252 *
657f35a7467d Added method to authorize new objects. Raimund Renkert <raimund.renkert@intevation.de> parents: 1097 diff changeset	253 * @param userInfo The user information.
657f35a7467d Added method to authorize new objects. Raimund Renkert <raimund.renkert@intevation.de> parents: 1097 diff changeset	254 * @param data The probe data to test.
657f35a7467d Added method to authorize new objects. Raimund Renkert <raimund.renkert@intevation.de> parents: 1097 diff changeset	255 * @return True if the user is authorized else returns false.
657f35a7467d Added method to authorize new objects. Raimund Renkert <raimund.renkert@intevation.de> parents: 1097 diff changeset	256 */
657f35a7467d Added method to authorize new objects. Raimund Renkert <raimund.renkert@intevation.de> parents: 1097 diff changeset	257 @Override
657f35a7467d Added method to authorize new objects. Raimund Renkert <raimund.renkert@intevation.de> parents: 1097 diff changeset	258 public <T> boolean isAuthorizedOnNew(
657f35a7467d Added method to authorize new objects. Raimund Renkert <raimund.renkert@intevation.de> parents: 1097 diff changeset	259 UserInfo userInfo,
657f35a7467d Added method to authorize new objects. Raimund Renkert <raimund.renkert@intevation.de> parents: 1097 diff changeset	260 Object data,
657f35a7467d Added method to authorize new objects. Raimund Renkert <raimund.renkert@intevation.de> parents: 1097 diff changeset	261 Class<T> clazz
657f35a7467d Added method to authorize new objects. Raimund Renkert <raimund.renkert@intevation.de> parents: 1097 diff changeset	262 ) {
657f35a7467d Added method to authorize new objects. Raimund Renkert <raimund.renkert@intevation.de> parents: 1097 diff changeset	263 Authorizer authorizer = authorizers.get(clazz);
657f35a7467d Added method to authorize new objects. Raimund Renkert <raimund.renkert@intevation.de> parents: 1097 diff changeset	264 if (authorizer == null) {
1303 a0da035cc831 Do not allow access to unknow classes. Raimund Renkert <raimund.renkert@intevation.de> parents: 1265 diff changeset	265 return false;
1104 657f35a7467d Added method to authorize new objects. Raimund Renkert <raimund.renkert@intevation.de> parents: 1097 diff changeset	266 }
657f35a7467d Added method to authorize new objects. Raimund Renkert <raimund.renkert@intevation.de> parents: 1097 diff changeset	267 return authorizer.isAuthorized(data, RequestMethod.POST, userInfo, clazz);
657f35a7467d Added method to authorize new objects. Raimund Renkert <raimund.renkert@intevation.de> parents: 1097 diff changeset	268 }
721 6eed8b5decb1 Added shibboleth authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	269 }

Mercurial > lada > lada-server

annotate src/main/java/de/intevation/lada/util/auth/HeaderAuthorization.java @ 1305:1e0ba37ff3d8