Mercurial > lada > lada-server
annotate src/main/java/de/intevation/lada/util/auth/HeaderAuthorization.java @ 1041:f92c96efa976 schema-update
Organized imports and removed unused logger.
| author | Raimund Renkert <raimund.renkert@intevation.de> |
|---|---|
| date | Mon, 05 Sep 2016 10:17:32 +0200 |
| parents | 1c41c7b8f7c2 |
| children |
| rev | line source |
|---|---|
|
721
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
1 /* Copyright (C) 2013 by Bundesamt fuer Strahlenschutz |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
2 * Software engineering by Intevation GmbH |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
3 * |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
4 * This file is Free Software under the GNU GPL (v>=3) |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
5 * and comes with ABSOLUTELY NO WARRANTY! Check out |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
6 * the documentation coming with IMIS-Labordaten-Application for details. |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
7 */ |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
8 package de.intevation.lada.util.auth; |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
9 |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
10 import java.util.Arrays; |
|
833
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
11 import java.util.HashMap; |
|
721
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
12 import java.util.List; |
|
833
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
13 import java.util.Map; |
|
721
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
14 |
|
833
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
15 import javax.annotation.PostConstruct; |
|
721
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
16 import javax.inject.Inject; |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
17 import javax.persistence.EntityManager; |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
18 import javax.servlet.http.HttpServletRequest; |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
19 |
|
1028
1c41c7b8f7c2
Updated server application to new database model. THIS IS STILL WIP!!!
Raimund Renkert <raimund.renkert@intevation.de>
parents:
857
diff
changeset
|
20 import de.intevation.lada.model.land.KommentarM; |
|
1c41c7b8f7c2
Updated server application to new database model. THIS IS STILL WIP!!!
Raimund Renkert <raimund.renkert@intevation.de>
parents:
857
diff
changeset
|
21 import de.intevation.lada.model.land.KommentarP; |
|
1c41c7b8f7c2
Updated server application to new database model. THIS IS STILL WIP!!!
Raimund Renkert <raimund.renkert@intevation.de>
parents:
857
diff
changeset
|
22 import de.intevation.lada.model.land.Messung; |
|
1c41c7b8f7c2
Updated server application to new database model. THIS IS STILL WIP!!!
Raimund Renkert <raimund.renkert@intevation.de>
parents:
857
diff
changeset
|
23 import de.intevation.lada.model.land.Messwert; |
|
1c41c7b8f7c2
Updated server application to new database model. THIS IS STILL WIP!!!
Raimund Renkert <raimund.renkert@intevation.de>
parents:
857
diff
changeset
|
24 import de.intevation.lada.model.land.Ortszuordnung; |
|
1c41c7b8f7c2
Updated server application to new database model. THIS IS STILL WIP!!!
Raimund Renkert <raimund.renkert@intevation.de>
parents:
857
diff
changeset
|
25 import de.intevation.lada.model.land.Probe; |
|
1c41c7b8f7c2
Updated server application to new database model. THIS IS STILL WIP!!!
Raimund Renkert <raimund.renkert@intevation.de>
parents:
857
diff
changeset
|
26 import de.intevation.lada.model.land.StatusProtokoll; |
|
1c41c7b8f7c2
Updated server application to new database model. THIS IS STILL WIP!!!
Raimund Renkert <raimund.renkert@intevation.de>
parents:
857
diff
changeset
|
27 import de.intevation.lada.model.land.ZusatzWert; |
|
1c41c7b8f7c2
Updated server application to new database model. THIS IS STILL WIP!!!
Raimund Renkert <raimund.renkert@intevation.de>
parents:
857
diff
changeset
|
28 import de.intevation.lada.model.stammdaten.Auth; |
|
1c41c7b8f7c2
Updated server application to new database model. THIS IS STILL WIP!!!
Raimund Renkert <raimund.renkert@intevation.de>
parents:
857
diff
changeset
|
29 import de.intevation.lada.model.stammdaten.DatensatzErzeuger; |
|
1c41c7b8f7c2
Updated server application to new database model. THIS IS STILL WIP!!!
Raimund Renkert <raimund.renkert@intevation.de>
parents:
857
diff
changeset
|
30 import de.intevation.lada.model.stammdaten.LadaUser; |
|
1c41c7b8f7c2
Updated server application to new database model. THIS IS STILL WIP!!!
Raimund Renkert <raimund.renkert@intevation.de>
parents:
857
diff
changeset
|
31 import de.intevation.lada.model.stammdaten.MessprogrammKategorie; |
|
1c41c7b8f7c2
Updated server application to new database model. THIS IS STILL WIP!!!
Raimund Renkert <raimund.renkert@intevation.de>
parents:
857
diff
changeset
|
32 import de.intevation.lada.model.stammdaten.Ort; |
|
1c41c7b8f7c2
Updated server application to new database model. THIS IS STILL WIP!!!
Raimund Renkert <raimund.renkert@intevation.de>
parents:
857
diff
changeset
|
33 import de.intevation.lada.model.stammdaten.Probenehmer; |
|
1c41c7b8f7c2
Updated server application to new database model. THIS IS STILL WIP!!!
Raimund Renkert <raimund.renkert@intevation.de>
parents:
857
diff
changeset
|
34 import de.intevation.lada.model.stammdaten.StatusKombi; |
|
721
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
35 import de.intevation.lada.util.annotation.AuthorizationConfig; |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
36 import de.intevation.lada.util.annotation.RepositoryConfig; |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
37 import de.intevation.lada.util.data.QueryBuilder; |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
38 import de.intevation.lada.util.data.Repository; |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
39 import de.intevation.lada.util.data.RepositoryType; |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
40 import de.intevation.lada.util.rest.RequestMethod; |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
41 import de.intevation.lada.util.rest.Response; |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
42 |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
43 /** |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
44 * Authorize a user via HttpServletRequest attributes. |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
45 * |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
46 * @author <a href="mailto:rrenkert@intevation.de">Raimund Renkert</a> |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
47 */ |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
48 @AuthorizationConfig(type=AuthorizationType.HEADER) |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
49 public class HeaderAuthorization implements Authorization { |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
50 |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
51 /** |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
52 * The Repository used to read from Database. |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
53 */ |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
54 @Inject |
|
857
c481688150e8
Create a new user object if not exists and use user authorization for queries.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
840
diff
changeset
|
55 @RepositoryConfig(type=RepositoryType.RW) |
|
721
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
56 private Repository repository; |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
57 |
|
833
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
58 @SuppressWarnings("rawtypes") |
|
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
59 private Map<Class, Authorizer> authorizers; |
|
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
60 @Inject ProbeAuthorizer probeAuthorizer; |
|
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
61 @Inject MessungAuthorizer messungAuthorizer; |
|
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
62 @Inject ProbeIdAuthorizer pIdAuthorizer; |
|
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
63 @Inject MessungIdAuthorizer mIdAuthorizer; |
|
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
64 @Inject NetzbetreiberAuthorizer netzAuthorizer; |
|
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
65 |
|
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
66 @SuppressWarnings("rawtypes") |
|
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
67 @PostConstruct |
|
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
68 public void init() { |
|
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
69 authorizers = new HashMap<Class, Authorizer>(); |
|
1028
1c41c7b8f7c2
Updated server application to new database model. THIS IS STILL WIP!!!
Raimund Renkert <raimund.renkert@intevation.de>
parents:
857
diff
changeset
|
70 authorizers.put(Probe.class, probeAuthorizer); |
|
1c41c7b8f7c2
Updated server application to new database model. THIS IS STILL WIP!!!
Raimund Renkert <raimund.renkert@intevation.de>
parents:
857
diff
changeset
|
71 authorizers.put(Messung.class, messungAuthorizer); |
|
1c41c7b8f7c2
Updated server application to new database model. THIS IS STILL WIP!!!
Raimund Renkert <raimund.renkert@intevation.de>
parents:
857
diff
changeset
|
72 authorizers.put(Ortszuordnung.class, pIdAuthorizer); |
|
1c41c7b8f7c2
Updated server application to new database model. THIS IS STILL WIP!!!
Raimund Renkert <raimund.renkert@intevation.de>
parents:
857
diff
changeset
|
73 authorizers.put(KommentarP.class, pIdAuthorizer); |
|
1c41c7b8f7c2
Updated server application to new database model. THIS IS STILL WIP!!!
Raimund Renkert <raimund.renkert@intevation.de>
parents:
857
diff
changeset
|
74 authorizers.put(ZusatzWert.class, pIdAuthorizer); |
|
1c41c7b8f7c2
Updated server application to new database model. THIS IS STILL WIP!!!
Raimund Renkert <raimund.renkert@intevation.de>
parents:
857
diff
changeset
|
75 authorizers.put(KommentarM.class, mIdAuthorizer); |
|
1c41c7b8f7c2
Updated server application to new database model. THIS IS STILL WIP!!!
Raimund Renkert <raimund.renkert@intevation.de>
parents:
857
diff
changeset
|
76 authorizers.put(Messwert.class, mIdAuthorizer); |
|
1c41c7b8f7c2
Updated server application to new database model. THIS IS STILL WIP!!!
Raimund Renkert <raimund.renkert@intevation.de>
parents:
857
diff
changeset
|
77 authorizers.put(StatusProtokoll.class, mIdAuthorizer); |
|
833
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
78 authorizers.put(Probenehmer.class, netzAuthorizer); |
|
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
79 authorizers.put(DatensatzErzeuger.class, netzAuthorizer); |
|
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
80 authorizers.put(MessprogrammKategorie.class, netzAuthorizer); |
|
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
81 authorizers.put(Ort.class, netzAuthorizer); |
|
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
82 } |
|
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
83 |
|
721
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
84 /** |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
85 * Request user informations using the HttpServletRequest. |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
86 * |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
87 * @param source The HttpServletRequest |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
88 * @return The UserInfo object containing username and groups. |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
89 */ |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
90 @Override |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
91 public UserInfo getInfo(Object source) { |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
92 if (source instanceof HttpServletRequest) { |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
93 HttpServletRequest request = (HttpServletRequest)source; |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
94 String roleString = |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
95 request.getAttribute("lada.user.roles").toString(); |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
96 UserInfo info = getGroupsFromDB(roleString); |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
97 info.setName(request.getAttribute("lada.user.name").toString()); |
|
857
c481688150e8
Create a new user object if not exists and use user authorization for queries.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
840
diff
changeset
|
98 QueryBuilder<LadaUser> builder = new QueryBuilder<LadaUser>( |
|
c481688150e8
Create a new user object if not exists and use user authorization for queries.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
840
diff
changeset
|
99 repository.entityManager("stamm"), |
|
c481688150e8
Create a new user object if not exists and use user authorization for queries.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
840
diff
changeset
|
100 LadaUser.class |
|
c481688150e8
Create a new user object if not exists and use user authorization for queries.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
840
diff
changeset
|
101 ); |
|
c481688150e8
Create a new user object if not exists and use user authorization for queries.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
840
diff
changeset
|
102 builder.and("name", info.getName()); |
|
c481688150e8
Create a new user object if not exists and use user authorization for queries.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
840
diff
changeset
|
103 List<LadaUser> user = repository.filterPlain(builder.getQuery(), "stamm"); |
|
c481688150e8
Create a new user object if not exists and use user authorization for queries.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
840
diff
changeset
|
104 if (user == null || user.isEmpty()) { |
|
c481688150e8
Create a new user object if not exists and use user authorization for queries.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
840
diff
changeset
|
105 LadaUser newUser = new LadaUser(); |
|
c481688150e8
Create a new user object if not exists and use user authorization for queries.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
840
diff
changeset
|
106 newUser.setName(info.getName()); |
|
c481688150e8
Create a new user object if not exists and use user authorization for queries.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
840
diff
changeset
|
107 Response r = repository.create(newUser, "stamm"); |
|
c481688150e8
Create a new user object if not exists and use user authorization for queries.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
840
diff
changeset
|
108 user = repository.filterPlain(builder.getQuery(), "stamm"); |
|
c481688150e8
Create a new user object if not exists and use user authorization for queries.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
840
diff
changeset
|
109 } |
|
c481688150e8
Create a new user object if not exists and use user authorization for queries.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
840
diff
changeset
|
110 info.setUserId(user.get(0).getId()); |
|
721
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
111 return info; |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
112 } |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
113 return null; |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
114 } |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
115 |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
116 /** |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
117 * Filter a list of data objects using the user informations contained in |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
118 * the HttpServletRequest. |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
119 * |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
120 * @param source The HttpServletRequest |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
121 * @param data The Response object containing the data. |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
122 * @param clazz The data object class. |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
123 * @return The Response object containing the filtered data. |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
124 */ |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
125 @Override |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
126 public <T> Response filter(Object source, Response data, Class<T> clazz) { |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
127 UserInfo userInfo = this.getInfo(source); |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
128 if (userInfo == null) { |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
129 return data; |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
130 } |
|
833
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
131 Authorizer authorizer = authorizers.get(clazz); |
|
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
132 //This is a hack... Allows wildcard for unknown classes. |
|
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
133 if (authorizer == null) { |
|
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
134 return data; |
|
721
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
135 } |
|
833
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
136 return authorizer.filter(data, userInfo, clazz); |
|
800
8c336f08e76f
Addedd method to authorize a messung using the id and the status.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
779
diff
changeset
|
137 } |
|
8c336f08e76f
Addedd method to authorize a messung using the id and the status.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
779
diff
changeset
|
138 |
|
721
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
139 /** |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
140 * Check whether a user is authorized to operate on the given data. |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
141 * |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
142 * @param source The HttpServletRequest containing user information. |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
143 * @param data The data to test. |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
144 * @param method The Http request type. |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
145 * @param clazz The data object class. |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
146 * @return True if the user is authorized else returns false. |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
147 */ |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
148 @Override |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
149 public <T> boolean isAuthorized( |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
150 Object source, |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
151 Object data, |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
152 RequestMethod method, |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
153 Class<T> clazz |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
154 ) { |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
155 UserInfo userInfo = this.getInfo(source); |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
156 if (userInfo == null) { |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
157 return false; |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
158 } |
|
833
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
159 Authorizer authorizer = authorizers.get(clazz); |
|
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
160 //This is a hack... Allows wildcard for unknown classes. |
|
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
161 if (authorizer == null) { |
|
721
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
162 return true; |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
163 } |
|
833
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
164 return authorizer.isAuthorized(data, method, userInfo, clazz); |
|
721
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
165 } |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
166 |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
167 /** |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
168 * Request the lada specific groups. |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
169 * |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
170 * @param roles The roles defined in the OpenId server. |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
171 * @return The UserInfo contianing roles and user name. |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
172 */ |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
173 private UserInfo getGroupsFromDB(String roles) { |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
174 QueryBuilder<Auth> builder = new QueryBuilder<Auth>( |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
175 repository.entityManager("stamm"), |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
176 Auth.class); |
|
726
a5c755b0cfda
Filter the group string. This should be tidied...
Dustin Demuth <dustin@intevation.de>
parents:
721
diff
changeset
|
177 roles = roles.replace("[",""); |
|
a5c755b0cfda
Filter the group string. This should be tidied...
Dustin Demuth <dustin@intevation.de>
parents:
721
diff
changeset
|
178 roles = roles.replace("]",""); |
|
a5c755b0cfda
Filter the group string. This should be tidied...
Dustin Demuth <dustin@intevation.de>
parents:
721
diff
changeset
|
179 roles = roles.replace(" ",""); |
|
a5c755b0cfda
Filter the group string. This should be tidied...
Dustin Demuth <dustin@intevation.de>
parents:
721
diff
changeset
|
180 String[] mst = roles.split(","); |
|
a5c755b0cfda
Filter the group string. This should be tidied...
Dustin Demuth <dustin@intevation.de>
parents:
721
diff
changeset
|
181 builder.andIn("ldapGroup", Arrays.asList(mst)); |
|
721
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
182 Response response = repository.filter(builder.getQuery(), "stamm"); |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
183 @SuppressWarnings("unchecked") |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
184 List<Auth> auth = (List<Auth>)response.getData(); |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
185 UserInfo userInfo = new UserInfo(); |
|
838
1ed347eb856b
Use auth objects in user info to keep mst <-> function association.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
186 userInfo.setAuth(auth); |
|
721
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
187 return userInfo; |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
188 } |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
189 |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
190 /** |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
191 * Test whether a probe is readonly. |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
192 * |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
193 * @param probeId The probe Id. |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
194 * @return True if the probe is readonly. |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
195 */ |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
196 @Override |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
197 public boolean isReadOnly(Integer probeId) { |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
198 EntityManager manager = repository.entityManager("land"); |
|
1028
1c41c7b8f7c2
Updated server application to new database model. THIS IS STILL WIP!!!
Raimund Renkert <raimund.renkert@intevation.de>
parents:
857
diff
changeset
|
199 QueryBuilder<Messung> builder = |
|
1c41c7b8f7c2
Updated server application to new database model. THIS IS STILL WIP!!!
Raimund Renkert <raimund.renkert@intevation.de>
parents:
857
diff
changeset
|
200 new QueryBuilder<Messung>( |
|
721
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
201 manager, |
|
1028
1c41c7b8f7c2
Updated server application to new database model. THIS IS STILL WIP!!!
Raimund Renkert <raimund.renkert@intevation.de>
parents:
857
diff
changeset
|
202 Messung.class); |
|
721
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
203 builder.and("probeId", probeId); |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
204 Response response = repository.filter(builder.getQuery(), "land"); |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
205 @SuppressWarnings("unchecked") |
|
1028
1c41c7b8f7c2
Updated server application to new database model. THIS IS STILL WIP!!!
Raimund Renkert <raimund.renkert@intevation.de>
parents:
857
diff
changeset
|
206 List<Messung> messungen = (List<Messung>) response.getData(); |
|
772
46e0523bbd80
Authorize messungen with status and not the "fertig"-flag.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
760
diff
changeset
|
207 for (int i = 0; i < messungen.size(); i++) { |
|
46e0523bbd80
Authorize messungen with status and not the "fertig"-flag.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
760
diff
changeset
|
208 if (messungen.get(i).getStatus() == null) { |
| 840 | 209 continue; |
|
772
46e0523bbd80
Authorize messungen with status and not the "fertig"-flag.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
760
diff
changeset
|
210 } |
|
1028
1c41c7b8f7c2
Updated server application to new database model. THIS IS STILL WIP!!!
Raimund Renkert <raimund.renkert@intevation.de>
parents:
857
diff
changeset
|
211 StatusProtokoll status = repository.getByIdPlain( |
|
1c41c7b8f7c2
Updated server application to new database model. THIS IS STILL WIP!!!
Raimund Renkert <raimund.renkert@intevation.de>
parents:
857
diff
changeset
|
212 StatusProtokoll.class, messungen.get(i).getStatus(), "land"); |
|
1c41c7b8f7c2
Updated server application to new database model. THIS IS STILL WIP!!!
Raimund Renkert <raimund.renkert@intevation.de>
parents:
857
diff
changeset
|
213 StatusKombi kombi = repository.getByIdPlain( |
|
1c41c7b8f7c2
Updated server application to new database model. THIS IS STILL WIP!!!
Raimund Renkert <raimund.renkert@intevation.de>
parents:
857
diff
changeset
|
214 StatusKombi.class, status.getStatusKombi(), "stamm"); |
|
1c41c7b8f7c2
Updated server application to new database model. THIS IS STILL WIP!!!
Raimund Renkert <raimund.renkert@intevation.de>
parents:
857
diff
changeset
|
215 if (kombi.getStatusWert().getId() != 0 && |
|
1c41c7b8f7c2
Updated server application to new database model. THIS IS STILL WIP!!!
Raimund Renkert <raimund.renkert@intevation.de>
parents:
857
diff
changeset
|
216 kombi.getStatusWert().getId() != 4) { |
|
772
46e0523bbd80
Authorize messungen with status and not the "fertig"-flag.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
760
diff
changeset
|
217 return true; |
|
46e0523bbd80
Authorize messungen with status and not the "fertig"-flag.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
760
diff
changeset
|
218 } |
|
721
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
219 } |
|
772
46e0523bbd80
Authorize messungen with status and not the "fertig"-flag.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
760
diff
changeset
|
220 return false; |
|
721
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
221 } |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
222 |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
223 /** |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
224 * Check whether a user is authorized to operate on the given probe. |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
225 * |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
226 * @param userInfo The user information. |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
227 * @param data The probe data to test. |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
228 * @return True if the user is authorized else returns false. |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
229 */ |
|
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
230 @Override |
|
833
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
231 public <T> boolean isAuthorized( |
|
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
232 UserInfo userInfo, |
|
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
233 Object data, |
|
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
234 Class<T> clazz |
|
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
235 ) { |
|
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
236 Authorizer authorizer = authorizers.get(clazz); |
|
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
237 //This is a hack... Allows wildcard for unknown classes. |
|
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
238 if (authorizer == null) { |
|
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
239 return true; |
|
801
d0510a89e701
Updated the authorization to fit the needs of the new status workflow.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
800
diff
changeset
|
240 } |
|
833
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
241 return authorizer.isAuthorized(data, RequestMethod.GET, userInfo, clazz); |
|
779
64adf06df02f
Use status to get readonly flag for messungen.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
772
diff
changeset
|
242 } |
|
721
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
243 } |