annotate src/main/java/de/intevation/lada/util/auth/HeaderAuthorization.java @ 840:2fe625c91ab3

Merged branches.
author Raimund Renkert <raimund.renkert@intevation.de>
date Thu, 21 Jan 2016 09:01:57 +0100
parents fa922101a462 1ed347eb856b
children c481688150e8
rev   line source
721
6eed8b5decb1 Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff changeset
1 /* Copyright (C) 2013 by Bundesamt fuer Strahlenschutz
6eed8b5decb1 Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff changeset
2 * Software engineering by Intevation GmbH
6eed8b5decb1 Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff changeset
3 *
6eed8b5decb1 Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff changeset
4 * This file is Free Software under the GNU GPL (v>=3)
6eed8b5decb1 Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff changeset
5 * and comes with ABSOLUTELY NO WARRANTY! Check out
6eed8b5decb1 Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff changeset
6 * the documentation coming with IMIS-Labordaten-Application for details.
6eed8b5decb1 Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff changeset
7 */
6eed8b5decb1 Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff changeset
8 package de.intevation.lada.util.auth;
6eed8b5decb1 Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff changeset
9
6eed8b5decb1 Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff changeset
10 import java.util.ArrayList;
6eed8b5decb1 Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff changeset
11 import java.util.Arrays;
833
fa922101a462 Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents: 801
diff changeset
12 import java.util.HashMap;
721
6eed8b5decb1 Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff changeset
13 import java.util.List;
833
fa922101a462 Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents: 801
diff changeset
14 import java.util.Map;
721
6eed8b5decb1 Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff changeset
15
833
fa922101a462 Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents: 801
diff changeset
16 import javax.annotation.PostConstruct;
721
6eed8b5decb1 Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff changeset
17 import javax.inject.Inject;
6eed8b5decb1 Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff changeset
18 import javax.persistence.EntityManager;
6eed8b5decb1 Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff changeset
19 import javax.servlet.http.HttpServletRequest;
6eed8b5decb1 Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff changeset
20
833
fa922101a462 Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents: 801
diff changeset
21 import de.intevation.lada.model.land.LKommentarM;
fa922101a462 Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents: 801
diff changeset
22 import de.intevation.lada.model.land.LKommentarP;
721
6eed8b5decb1 Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff changeset
23 import de.intevation.lada.model.land.LMessung;
833
fa922101a462 Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents: 801
diff changeset
24 import de.intevation.lada.model.land.LMesswert;
fa922101a462 Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents: 801
diff changeset
25 import de.intevation.lada.model.land.LOrtszuordnung;
721
6eed8b5decb1 Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff changeset
26 import de.intevation.lada.model.land.LProbe;
772
46e0523bbd80 Authorize messungen with status and not the "fertig"-flag.
Raimund Renkert <raimund.renkert@intevation.de>
parents: 760
diff changeset
27 import de.intevation.lada.model.land.LStatusProtokoll;
833
fa922101a462 Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents: 801
diff changeset
28 import de.intevation.lada.model.land.LZusatzWert;
721
6eed8b5decb1 Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff changeset
29 import de.intevation.lada.model.stamm.Auth;
833
fa922101a462 Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents: 801
diff changeset
30 import de.intevation.lada.model.stamm.DatensatzErzeuger;
fa922101a462 Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents: 801
diff changeset
31 import de.intevation.lada.model.stamm.MessprogrammKategorie;
fa922101a462 Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents: 801
diff changeset
32 import de.intevation.lada.model.stamm.Ort;
fa922101a462 Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents: 801
diff changeset
33 import de.intevation.lada.model.stamm.Probenehmer;
721
6eed8b5decb1 Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff changeset
34 import de.intevation.lada.util.annotation.AuthorizationConfig;
6eed8b5decb1 Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff changeset
35 import de.intevation.lada.util.annotation.RepositoryConfig;
6eed8b5decb1 Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff changeset
36 import de.intevation.lada.util.data.QueryBuilder;
6eed8b5decb1 Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff changeset
37 import de.intevation.lada.util.data.Repository;
6eed8b5decb1 Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff changeset
38 import de.intevation.lada.util.data.RepositoryType;
6eed8b5decb1 Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff changeset
39 import de.intevation.lada.util.rest.RequestMethod;
6eed8b5decb1 Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff changeset
40 import de.intevation.lada.util.rest.Response;
6eed8b5decb1 Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff changeset
41
6eed8b5decb1 Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff changeset
42 /**
6eed8b5decb1 Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff changeset
43 * Authorize a user via HttpServletRequest attributes.
6eed8b5decb1 Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff changeset
44 *
6eed8b5decb1 Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff changeset
45 * @author <a href="mailto:rrenkert@intevation.de">Raimund Renkert</a>
6eed8b5decb1 Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff changeset
46 */
6eed8b5decb1 Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff changeset
47 @AuthorizationConfig(type=AuthorizationType.HEADER)
6eed8b5decb1 Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff changeset
48 public class HeaderAuthorization implements Authorization {
6eed8b5decb1 Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff changeset
49
6eed8b5decb1 Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff changeset
50 /**
6eed8b5decb1 Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff changeset
51 * The Repository used to read from Database.
6eed8b5decb1 Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff changeset
52 */
6eed8b5decb1 Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff changeset
53 @Inject
6eed8b5decb1 Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff changeset
54 @RepositoryConfig(type=RepositoryType.RO)
6eed8b5decb1 Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff changeset
55 private Repository repository;
6eed8b5decb1 Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff changeset
56
833
fa922101a462 Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents: 801
diff changeset
57 @SuppressWarnings("rawtypes")
fa922101a462 Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents: 801
diff changeset
58 private Map<Class, Authorizer> authorizers;
fa922101a462 Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents: 801
diff changeset
59 @Inject ProbeAuthorizer probeAuthorizer;
fa922101a462 Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents: 801
diff changeset
60 @Inject MessungAuthorizer messungAuthorizer;
fa922101a462 Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents: 801
diff changeset
61 @Inject ProbeIdAuthorizer pIdAuthorizer;
fa922101a462 Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents: 801
diff changeset
62 @Inject MessungIdAuthorizer mIdAuthorizer;
fa922101a462 Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents: 801
diff changeset
63 @Inject NetzbetreiberAuthorizer netzAuthorizer;
fa922101a462 Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents: 801
diff changeset
64
fa922101a462 Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents: 801
diff changeset
65 @SuppressWarnings("rawtypes")
fa922101a462 Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents: 801
diff changeset
66 @PostConstruct
fa922101a462 Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents: 801
diff changeset
67 public void init() {
fa922101a462 Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents: 801
diff changeset
68 authorizers = new HashMap<Class, Authorizer>();
fa922101a462 Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents: 801
diff changeset
69 authorizers.put(LProbe.class, probeAuthorizer);
fa922101a462 Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents: 801
diff changeset
70 authorizers.put(LMessung.class, messungAuthorizer);
fa922101a462 Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents: 801
diff changeset
71 authorizers.put(LOrtszuordnung.class, pIdAuthorizer);
fa922101a462 Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents: 801
diff changeset
72 authorizers.put(LKommentarP.class, pIdAuthorizer);
fa922101a462 Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents: 801
diff changeset
73 authorizers.put(LZusatzWert.class, pIdAuthorizer);
fa922101a462 Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents: 801
diff changeset
74 authorizers.put(LKommentarM.class, mIdAuthorizer);
fa922101a462 Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents: 801
diff changeset
75 authorizers.put(LMesswert.class, mIdAuthorizer);
fa922101a462 Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents: 801
diff changeset
76 authorizers.put(LStatusProtokoll.class, mIdAuthorizer);
fa922101a462 Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents: 801
diff changeset
77 authorizers.put(Probenehmer.class, netzAuthorizer);
fa922101a462 Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents: 801
diff changeset
78 authorizers.put(DatensatzErzeuger.class, netzAuthorizer);
fa922101a462 Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents: 801
diff changeset
79 authorizers.put(MessprogrammKategorie.class, netzAuthorizer);
fa922101a462 Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents: 801
diff changeset
80 authorizers.put(Ort.class, netzAuthorizer);
fa922101a462 Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents: 801
diff changeset
81 }
fa922101a462 Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents: 801
diff changeset
82
721
6eed8b5decb1 Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff changeset
83 /**
6eed8b5decb1 Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff changeset
84 * Request user informations using the HttpServletRequest.
6eed8b5decb1 Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff changeset
85 *
6eed8b5decb1 Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff changeset
86 * @param source The HttpServletRequest
6eed8b5decb1 Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff changeset
87 * @return The UserInfo object containing username and groups.
6eed8b5decb1 Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff changeset
88 */
6eed8b5decb1 Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff changeset
89 @Override
6eed8b5decb1 Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff changeset
90 public UserInfo getInfo(Object source) {
6eed8b5decb1 Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff changeset
91 if (source instanceof HttpServletRequest) {
6eed8b5decb1 Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff changeset
92 HttpServletRequest request = (HttpServletRequest)source;
6eed8b5decb1 Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff changeset
93 String roleString =
6eed8b5decb1 Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff changeset
94 request.getAttribute("lada.user.roles").toString();
6eed8b5decb1 Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff changeset
95 UserInfo info = getGroupsFromDB(roleString);
6eed8b5decb1 Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff changeset
96 info.setName(request.getAttribute("lada.user.name").toString());
6eed8b5decb1 Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff changeset
97 return info;
6eed8b5decb1 Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff changeset
98 }
6eed8b5decb1 Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff changeset
99 return null;
6eed8b5decb1 Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff changeset
100 }
6eed8b5decb1 Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff changeset
101
6eed8b5decb1 Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff changeset
102 /**
6eed8b5decb1 Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff changeset
103 * Filter a list of data objects using the user informations contained in
6eed8b5decb1 Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff changeset
104 * the HttpServletRequest.
6eed8b5decb1 Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff changeset
105 *
6eed8b5decb1 Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff changeset
106 * @param source The HttpServletRequest
6eed8b5decb1 Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff changeset
107 * @param data The Response object containing the data.
6eed8b5decb1 Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff changeset
108 * @param clazz The data object class.
6eed8b5decb1 Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff changeset
109 * @return The Response object containing the filtered data.
6eed8b5decb1 Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff changeset
110 */
6eed8b5decb1 Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff changeset
111 @Override
6eed8b5decb1 Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff changeset
112 public <T> Response filter(Object source, Response data, Class<T> clazz) {
6eed8b5decb1 Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff changeset
113 UserInfo userInfo = this.getInfo(source);
6eed8b5decb1 Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff changeset
114 if (userInfo == null) {
6eed8b5decb1 Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff changeset
115 return data;
6eed8b5decb1 Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff changeset
116 }
833
fa922101a462 Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents: 801
diff changeset
117 Authorizer authorizer = authorizers.get(clazz);
fa922101a462 Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents: 801
diff changeset
118 //This is a hack... Allows wildcard for unknown classes.
fa922101a462 Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents: 801
diff changeset
119 if (authorizer == null) {
fa922101a462 Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents: 801
diff changeset
120 return data;
721
6eed8b5decb1 Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff changeset
121 }
833
fa922101a462 Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents: 801
diff changeset
122 return authorizer.filter(data, userInfo, clazz);
800
8c336f08e76f Addedd method to authorize a messung using the id and the status.
Raimund Renkert <raimund.renkert@intevation.de>
parents: 779
diff changeset
123 }
8c336f08e76f Addedd method to authorize a messung using the id and the status.
Raimund Renkert <raimund.renkert@intevation.de>
parents: 779
diff changeset
124
721
6eed8b5decb1 Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff changeset
125 /**
6eed8b5decb1 Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff changeset
126 * Check whether a user is authorized to operate on the given data.
6eed8b5decb1 Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff changeset
127 *
6eed8b5decb1 Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff changeset
128 * @param source The HttpServletRequest containing user information.
6eed8b5decb1 Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff changeset
129 * @param data The data to test.
6eed8b5decb1 Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff changeset
130 * @param method The Http request type.
6eed8b5decb1 Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff changeset
131 * @param clazz The data object class.
6eed8b5decb1 Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff changeset
132 * @return True if the user is authorized else returns false.
6eed8b5decb1 Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff changeset
133 */
6eed8b5decb1 Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff changeset
134 @Override
6eed8b5decb1 Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff changeset
135 public <T> boolean isAuthorized(
6eed8b5decb1 Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff changeset
136 Object source,
6eed8b5decb1 Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff changeset
137 Object data,
6eed8b5decb1 Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff changeset
138 RequestMethod method,
6eed8b5decb1 Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff changeset
139 Class<T> clazz
6eed8b5decb1 Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff changeset
140 ) {
6eed8b5decb1 Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff changeset
141 UserInfo userInfo = this.getInfo(source);
6eed8b5decb1 Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff changeset
142 if (userInfo == null) {
6eed8b5decb1 Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff changeset
143 return false;
6eed8b5decb1 Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff changeset
144 }
833
fa922101a462 Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents: 801
diff changeset
145 Authorizer authorizer = authorizers.get(clazz);
fa922101a462 Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents: 801
diff changeset
146 //This is a hack... Allows wildcard for unknown classes.
fa922101a462 Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents: 801
diff changeset
147 if (authorizer == null) {
721
6eed8b5decb1 Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff changeset
148 return true;
6eed8b5decb1 Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff changeset
149 }
833
fa922101a462 Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents: 801
diff changeset
150 return authorizer.isAuthorized(data, method, userInfo, clazz);
721
6eed8b5decb1 Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff changeset
151 }
6eed8b5decb1 Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff changeset
152
6eed8b5decb1 Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff changeset
153 /**
6eed8b5decb1 Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff changeset
154 * Request the lada specific groups.
6eed8b5decb1 Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff changeset
155 *
6eed8b5decb1 Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff changeset
156 * @param roles The roles defined in the OpenId server.
6eed8b5decb1 Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff changeset
157 * @return The UserInfo contianing roles and user name.
6eed8b5decb1 Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff changeset
158 */
6eed8b5decb1 Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff changeset
159 private UserInfo getGroupsFromDB(String roles) {
6eed8b5decb1 Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff changeset
160 QueryBuilder<Auth> builder = new QueryBuilder<Auth>(
6eed8b5decb1 Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff changeset
161 repository.entityManager("stamm"),
6eed8b5decb1 Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff changeset
162 Auth.class);
726
a5c755b0cfda Filter the group string. This should be tidied...
Dustin Demuth <dustin@intevation.de>
parents: 721
diff changeset
163 roles = roles.replace("[","");
a5c755b0cfda Filter the group string. This should be tidied...
Dustin Demuth <dustin@intevation.de>
parents: 721
diff changeset
164 roles = roles.replace("]","");
a5c755b0cfda Filter the group string. This should be tidied...
Dustin Demuth <dustin@intevation.de>
parents: 721
diff changeset
165 roles = roles.replace(" ","");
a5c755b0cfda Filter the group string. This should be tidied...
Dustin Demuth <dustin@intevation.de>
parents: 721
diff changeset
166 String[] mst = roles.split(",");
a5c755b0cfda Filter the group string. This should be tidied...
Dustin Demuth <dustin@intevation.de>
parents: 721
diff changeset
167 builder.andIn("ldapGroup", Arrays.asList(mst));
721
6eed8b5decb1 Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff changeset
168 Response response = repository.filter(builder.getQuery(), "stamm");
6eed8b5decb1 Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff changeset
169 @SuppressWarnings("unchecked")
6eed8b5decb1 Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff changeset
170 List<Auth> auth = (List<Auth>)response.getData();
6eed8b5decb1 Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff changeset
171 UserInfo userInfo = new UserInfo();
838
1ed347eb856b Use auth objects in user info to keep mst <-> function association.
Raimund Renkert <raimund.renkert@intevation.de>
parents: 801
diff changeset
172 userInfo.setAuth(auth);
721
6eed8b5decb1 Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff changeset
173 return userInfo;
6eed8b5decb1 Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff changeset
174 }
6eed8b5decb1 Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff changeset
175
6eed8b5decb1 Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff changeset
176 /**
6eed8b5decb1 Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff changeset
177 * Test whether a probe is readonly.
6eed8b5decb1 Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff changeset
178 *
6eed8b5decb1 Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff changeset
179 * @param probeId The probe Id.
6eed8b5decb1 Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff changeset
180 * @return True if the probe is readonly.
6eed8b5decb1 Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff changeset
181 */
6eed8b5decb1 Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff changeset
182 @Override
6eed8b5decb1 Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff changeset
183 public boolean isReadOnly(Integer probeId) {
6eed8b5decb1 Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff changeset
184 EntityManager manager = repository.entityManager("land");
6eed8b5decb1 Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff changeset
185 QueryBuilder<LMessung> builder =
6eed8b5decb1 Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff changeset
186 new QueryBuilder<LMessung>(
6eed8b5decb1 Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff changeset
187 manager,
6eed8b5decb1 Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff changeset
188 LMessung.class);
6eed8b5decb1 Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff changeset
189 builder.and("probeId", probeId);
6eed8b5decb1 Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff changeset
190 Response response = repository.filter(builder.getQuery(), "land");
6eed8b5decb1 Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff changeset
191 @SuppressWarnings("unchecked")
6eed8b5decb1 Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff changeset
192 List<LMessung> messungen = (List<LMessung>) response.getData();
772
46e0523bbd80 Authorize messungen with status and not the "fertig"-flag.
Raimund Renkert <raimund.renkert@intevation.de>
parents: 760
diff changeset
193 for (int i = 0; i < messungen.size(); i++) {
46e0523bbd80 Authorize messungen with status and not the "fertig"-flag.
Raimund Renkert <raimund.renkert@intevation.de>
parents: 760
diff changeset
194 if (messungen.get(i).getStatus() == null) {
840
2fe625c91ab3 Merged branches.
Raimund Renkert <raimund.renkert@intevation.de>
parents: 833 838
diff changeset
195 continue;
772
46e0523bbd80 Authorize messungen with status and not the "fertig"-flag.
Raimund Renkert <raimund.renkert@intevation.de>
parents: 760
diff changeset
196 }
46e0523bbd80 Authorize messungen with status and not the "fertig"-flag.
Raimund Renkert <raimund.renkert@intevation.de>
parents: 760
diff changeset
197 LStatusProtokoll status = repository.getByIdPlain(
46e0523bbd80 Authorize messungen with status and not the "fertig"-flag.
Raimund Renkert <raimund.renkert@intevation.de>
parents: 760
diff changeset
198 LStatusProtokoll.class, messungen.get(i).getStatus(), "land");
46e0523bbd80 Authorize messungen with status and not the "fertig"-flag.
Raimund Renkert <raimund.renkert@intevation.de>
parents: 760
diff changeset
199 if (status.getStatusWert() != 0 && status.getStatusWert() != 4) {
46e0523bbd80 Authorize messungen with status and not the "fertig"-flag.
Raimund Renkert <raimund.renkert@intevation.de>
parents: 760
diff changeset
200 return true;
46e0523bbd80 Authorize messungen with status and not the "fertig"-flag.
Raimund Renkert <raimund.renkert@intevation.de>
parents: 760
diff changeset
201 }
721
6eed8b5decb1 Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff changeset
202 }
772
46e0523bbd80 Authorize messungen with status and not the "fertig"-flag.
Raimund Renkert <raimund.renkert@intevation.de>
parents: 760
diff changeset
203 return false;
721
6eed8b5decb1 Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff changeset
204 }
6eed8b5decb1 Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff changeset
205
6eed8b5decb1 Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff changeset
206 /**
6eed8b5decb1 Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff changeset
207 * Check whether a user is authorized to operate on the given probe.
6eed8b5decb1 Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff changeset
208 *
6eed8b5decb1 Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff changeset
209 * @param userInfo The user information.
6eed8b5decb1 Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff changeset
210 * @param data The probe data to test.
6eed8b5decb1 Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff changeset
211 * @return True if the user is authorized else returns false.
6eed8b5decb1 Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff changeset
212 */
6eed8b5decb1 Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff changeset
213 @Override
833
fa922101a462 Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents: 801
diff changeset
214 public <T> boolean isAuthorized(
fa922101a462 Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents: 801
diff changeset
215 UserInfo userInfo,
fa922101a462 Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents: 801
diff changeset
216 Object data,
fa922101a462 Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents: 801
diff changeset
217 Class<T> clazz
fa922101a462 Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents: 801
diff changeset
218 ) {
fa922101a462 Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents: 801
diff changeset
219 Authorizer authorizer = authorizers.get(clazz);
fa922101a462 Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents: 801
diff changeset
220 //This is a hack... Allows wildcard for unknown classes.
fa922101a462 Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents: 801
diff changeset
221 if (authorizer == null) {
fa922101a462 Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents: 801
diff changeset
222 return true;
801
d0510a89e701 Updated the authorization to fit the needs of the new status workflow.
Raimund Renkert <raimund.renkert@intevation.de>
parents: 800
diff changeset
223 }
833
fa922101a462 Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents: 801
diff changeset
224 return authorizer.isAuthorized(data, RequestMethod.GET, userInfo, clazz);
779
64adf06df02f Use status to get readonly flag for messungen.
Raimund Renkert <raimund.renkert@intevation.de>
parents: 772
diff changeset
225 }
721
6eed8b5decb1 Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff changeset
226 }
This site is hosted by Intevation GmbH (Datenschutzerklärung und Impressum | Privacy Policy and Imprint)