Mercurial > lada > lada-server
annotate src/main/java/de/intevation/lada/util/auth/HeaderAuthorization.java @ 840:2fe625c91ab3
Merged branches.
| author | Raimund Renkert <raimund.renkert@intevation.de> |
|---|---|
| date | Thu, 21 Jan 2016 09:01:57 +0100 |
| parents | fa922101a462 1ed347eb856b |
| children | c481688150e8 |
| rev | line source |
|---|---|
|
721
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
1 /* Copyright (C) 2013 by Bundesamt fuer Strahlenschutz |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
2 * Software engineering by Intevation GmbH |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
3 * |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
4 * This file is Free Software under the GNU GPL (v>=3) |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
5 * and comes with ABSOLUTELY NO WARRANTY! Check out |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
6 * the documentation coming with IMIS-Labordaten-Application for details. |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
7 */ |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
8 package de.intevation.lada.util.auth; |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
9 |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
10 import java.util.ArrayList; |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
11 import java.util.Arrays; |
|
833
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
12 import java.util.HashMap; |
|
721
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
13 import java.util.List; |
|
833
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
14 import java.util.Map; |
|
721
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
15 |
|
833
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
16 import javax.annotation.PostConstruct; |
|
721
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
17 import javax.inject.Inject; |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
18 import javax.persistence.EntityManager; |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
19 import javax.servlet.http.HttpServletRequest; |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
20 |
|
833
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
21 import de.intevation.lada.model.land.LKommentarM; |
|
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
22 import de.intevation.lada.model.land.LKommentarP; |
|
721
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
23 import de.intevation.lada.model.land.LMessung; |
|
833
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
24 import de.intevation.lada.model.land.LMesswert; |
|
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
25 import de.intevation.lada.model.land.LOrtszuordnung; |
|
721
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
26 import de.intevation.lada.model.land.LProbe; |
|
772
46e0523bbd80
Authorize messungen with status and not the "fertig"-flag.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
760
diff
changeset
|
27 import de.intevation.lada.model.land.LStatusProtokoll; |
|
833
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
28 import de.intevation.lada.model.land.LZusatzWert; |
|
721
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
29 import de.intevation.lada.model.stamm.Auth; |
|
833
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
30 import de.intevation.lada.model.stamm.DatensatzErzeuger; |
|
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
31 import de.intevation.lada.model.stamm.MessprogrammKategorie; |
|
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
32 import de.intevation.lada.model.stamm.Ort; |
|
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
33 import de.intevation.lada.model.stamm.Probenehmer; |
|
721
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
34 import de.intevation.lada.util.annotation.AuthorizationConfig; |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
35 import de.intevation.lada.util.annotation.RepositoryConfig; |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
36 import de.intevation.lada.util.data.QueryBuilder; |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
37 import de.intevation.lada.util.data.Repository; |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
38 import de.intevation.lada.util.data.RepositoryType; |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
39 import de.intevation.lada.util.rest.RequestMethod; |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
40 import de.intevation.lada.util.rest.Response; |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
41 |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
42 /** |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
43 * Authorize a user via HttpServletRequest attributes. |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
44 * |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
45 * @author <a href="mailto:rrenkert@intevation.de">Raimund Renkert</a> |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
46 */ |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
47 @AuthorizationConfig(type=AuthorizationType.HEADER) |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
48 public class HeaderAuthorization implements Authorization { |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
49 |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
50 /** |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
51 * The Repository used to read from Database. |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
52 */ |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
53 @Inject |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
54 @RepositoryConfig(type=RepositoryType.RO) |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
55 private Repository repository; |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
56 |
|
833
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
57 @SuppressWarnings("rawtypes") |
|
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
58 private Map<Class, Authorizer> authorizers; |
|
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
59 @Inject ProbeAuthorizer probeAuthorizer; |
|
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
60 @Inject MessungAuthorizer messungAuthorizer; |
|
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
61 @Inject ProbeIdAuthorizer pIdAuthorizer; |
|
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
62 @Inject MessungIdAuthorizer mIdAuthorizer; |
|
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
63 @Inject NetzbetreiberAuthorizer netzAuthorizer; |
|
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
64 |
|
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
65 @SuppressWarnings("rawtypes") |
|
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
66 @PostConstruct |
|
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
67 public void init() { |
|
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
68 authorizers = new HashMap<Class, Authorizer>(); |
|
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
69 authorizers.put(LProbe.class, probeAuthorizer); |
|
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
70 authorizers.put(LMessung.class, messungAuthorizer); |
|
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
71 authorizers.put(LOrtszuordnung.class, pIdAuthorizer); |
|
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
72 authorizers.put(LKommentarP.class, pIdAuthorizer); |
|
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
73 authorizers.put(LZusatzWert.class, pIdAuthorizer); |
|
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
74 authorizers.put(LKommentarM.class, mIdAuthorizer); |
|
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
75 authorizers.put(LMesswert.class, mIdAuthorizer); |
|
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
76 authorizers.put(LStatusProtokoll.class, mIdAuthorizer); |
|
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
77 authorizers.put(Probenehmer.class, netzAuthorizer); |
|
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
78 authorizers.put(DatensatzErzeuger.class, netzAuthorizer); |
|
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
79 authorizers.put(MessprogrammKategorie.class, netzAuthorizer); |
|
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
80 authorizers.put(Ort.class, netzAuthorizer); |
|
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
81 } |
|
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
82 |
|
721
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
83 /** |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
84 * Request user informations using the HttpServletRequest. |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
85 * |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
86 * @param source The HttpServletRequest |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
87 * @return The UserInfo object containing username and groups. |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
88 */ |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
89 @Override |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
90 public UserInfo getInfo(Object source) { |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
91 if (source instanceof HttpServletRequest) { |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
92 HttpServletRequest request = (HttpServletRequest)source; |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
93 String roleString = |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
94 request.getAttribute("lada.user.roles").toString(); |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
95 UserInfo info = getGroupsFromDB(roleString); |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
96 info.setName(request.getAttribute("lada.user.name").toString()); |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
97 return info; |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
98 } |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
99 return null; |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
100 } |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
101 |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
102 /** |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
103 * Filter a list of data objects using the user informations contained in |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
104 * the HttpServletRequest. |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
105 * |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
106 * @param source The HttpServletRequest |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
107 * @param data The Response object containing the data. |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
108 * @param clazz The data object class. |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
109 * @return The Response object containing the filtered data. |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
110 */ |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
111 @Override |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
112 public <T> Response filter(Object source, Response data, Class<T> clazz) { |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
113 UserInfo userInfo = this.getInfo(source); |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
114 if (userInfo == null) { |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
115 return data; |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
116 } |
|
833
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
117 Authorizer authorizer = authorizers.get(clazz); |
|
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
118 //This is a hack... Allows wildcard for unknown classes. |
|
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
119 if (authorizer == null) { |
|
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
120 return data; |
|
721
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
121 } |
|
833
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
122 return authorizer.filter(data, userInfo, clazz); |
|
800
8c336f08e76f
Addedd method to authorize a messung using the id and the status.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
779
diff
changeset
|
123 } |
|
8c336f08e76f
Addedd method to authorize a messung using the id and the status.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
779
diff
changeset
|
124 |
|
721
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
125 /** |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
126 * Check whether a user is authorized to operate on the given data. |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
127 * |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
128 * @param source The HttpServletRequest containing user information. |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
129 * @param data The data to test. |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
130 * @param method The Http request type. |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
131 * @param clazz The data object class. |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
132 * @return True if the user is authorized else returns false. |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
133 */ |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
134 @Override |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
135 public <T> boolean isAuthorized( |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
136 Object source, |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
137 Object data, |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
138 RequestMethod method, |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
139 Class<T> clazz |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
140 ) { |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
141 UserInfo userInfo = this.getInfo(source); |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
142 if (userInfo == null) { |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
143 return false; |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
144 } |
|
833
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
145 Authorizer authorizer = authorizers.get(clazz); |
|
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
146 //This is a hack... Allows wildcard for unknown classes. |
|
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
147 if (authorizer == null) { |
|
721
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
148 return true; |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
149 } |
|
833
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
150 return authorizer.isAuthorized(data, method, userInfo, clazz); |
|
721
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
151 } |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
152 |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
153 /** |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
154 * Request the lada specific groups. |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
155 * |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
156 * @param roles The roles defined in the OpenId server. |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
157 * @return The UserInfo contianing roles and user name. |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
158 */ |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
159 private UserInfo getGroupsFromDB(String roles) { |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
160 QueryBuilder<Auth> builder = new QueryBuilder<Auth>( |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
161 repository.entityManager("stamm"), |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
162 Auth.class); |
|
726
a5c755b0cfda
Filter the group string. This should be tidied...
Dustin Demuth <dustin@intevation.de>
parents:
721
diff
changeset
|
163 roles = roles.replace("[",""); |
|
a5c755b0cfda
Filter the group string. This should be tidied...
Dustin Demuth <dustin@intevation.de>
parents:
721
diff
changeset
|
164 roles = roles.replace("]",""); |
|
a5c755b0cfda
Filter the group string. This should be tidied...
Dustin Demuth <dustin@intevation.de>
parents:
721
diff
changeset
|
165 roles = roles.replace(" ",""); |
|
a5c755b0cfda
Filter the group string. This should be tidied...
Dustin Demuth <dustin@intevation.de>
parents:
721
diff
changeset
|
166 String[] mst = roles.split(","); |
|
a5c755b0cfda
Filter the group string. This should be tidied...
Dustin Demuth <dustin@intevation.de>
parents:
721
diff
changeset
|
167 builder.andIn("ldapGroup", Arrays.asList(mst)); |
|
721
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
168 Response response = repository.filter(builder.getQuery(), "stamm"); |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
169 @SuppressWarnings("unchecked") |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
170 List<Auth> auth = (List<Auth>)response.getData(); |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
171 UserInfo userInfo = new UserInfo(); |
|
838
1ed347eb856b
Use auth objects in user info to keep mst <-> function association.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
172 userInfo.setAuth(auth); |
|
721
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
173 return userInfo; |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
174 } |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
175 |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
176 /** |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
177 * Test whether a probe is readonly. |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
178 * |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
179 * @param probeId The probe Id. |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
180 * @return True if the probe is readonly. |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
181 */ |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
182 @Override |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
183 public boolean isReadOnly(Integer probeId) { |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
184 EntityManager manager = repository.entityManager("land"); |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
185 QueryBuilder<LMessung> builder = |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
186 new QueryBuilder<LMessung>( |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
187 manager, |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
188 LMessung.class); |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
189 builder.and("probeId", probeId); |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
190 Response response = repository.filter(builder.getQuery(), "land"); |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
191 @SuppressWarnings("unchecked") |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
192 List<LMessung> messungen = (List<LMessung>) response.getData(); |
|
772
46e0523bbd80
Authorize messungen with status and not the "fertig"-flag.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
760
diff
changeset
|
193 for (int i = 0; i < messungen.size(); i++) { |
|
46e0523bbd80
Authorize messungen with status and not the "fertig"-flag.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
760
diff
changeset
|
194 if (messungen.get(i).getStatus() == null) { |
| 840 | 195 continue; |
|
772
46e0523bbd80
Authorize messungen with status and not the "fertig"-flag.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
760
diff
changeset
|
196 } |
|
46e0523bbd80
Authorize messungen with status and not the "fertig"-flag.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
760
diff
changeset
|
197 LStatusProtokoll status = repository.getByIdPlain( |
|
46e0523bbd80
Authorize messungen with status and not the "fertig"-flag.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
760
diff
changeset
|
198 LStatusProtokoll.class, messungen.get(i).getStatus(), "land"); |
|
46e0523bbd80
Authorize messungen with status and not the "fertig"-flag.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
760
diff
changeset
|
199 if (status.getStatusWert() != 0 && status.getStatusWert() != 4) { |
|
46e0523bbd80
Authorize messungen with status and not the "fertig"-flag.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
760
diff
changeset
|
200 return true; |
|
46e0523bbd80
Authorize messungen with status and not the "fertig"-flag.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
760
diff
changeset
|
201 } |
|
721
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
202 } |
|
772
46e0523bbd80
Authorize messungen with status and not the "fertig"-flag.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
760
diff
changeset
|
203 return false; |
|
721
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
204 } |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
205 |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
206 /** |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
207 * Check whether a user is authorized to operate on the given probe. |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
208 * |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
209 * @param userInfo The user information. |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
210 * @param data The probe data to test. |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
211 * @return True if the user is authorized else returns false. |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
212 */ |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
213 @Override |
|
833
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
214 public <T> boolean isAuthorized( |
|
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
215 UserInfo userInfo, |
|
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
216 Object data, |
|
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
217 Class<T> clazz |
|
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
218 ) { |
|
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
219 Authorizer authorizer = authorizers.get(clazz); |
|
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
220 //This is a hack... Allows wildcard for unknown classes. |
|
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
221 if (authorizer == null) { |
|
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
222 return true; |
|
801
d0510a89e701
Updated the authorization to fit the needs of the new status workflow.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
800
diff
changeset
|
223 } |
|
833
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
224 return authorizer.isAuthorized(data, RequestMethod.GET, userInfo, clazz); |
|
779
64adf06df02f
Use status to get readonly flag for messungen.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
772
diff
changeset
|
225 } |
|
721
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
226 } |