Mercurial > lada > lada-server
annotate src/main/java/de/intevation/lada/util/auth/HeaderAuthorization.java @ 833:fa922101a462
Refactored Authorization.
* Introduced "authorizer"
* Attribute and datatype depended authorization
author | Raimund Renkert <raimund.renkert@intevation.de> |
---|---|
date | Fri, 08 Jan 2016 12:05:26 +0100 |
parents | d0510a89e701 |
children | 2fe625c91ab3 |
rev | line source |
---|---|
721
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
1 /* Copyright (C) 2013 by Bundesamt fuer Strahlenschutz |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
2 * Software engineering by Intevation GmbH |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
3 * |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
4 * This file is Free Software under the GNU GPL (v>=3) |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
5 * and comes with ABSOLUTELY NO WARRANTY! Check out |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
6 * the documentation coming with IMIS-Labordaten-Application for details. |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
7 */ |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
8 package de.intevation.lada.util.auth; |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
9 |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
10 import java.util.ArrayList; |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
11 import java.util.Arrays; |
833
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
12 import java.util.HashMap; |
721
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
13 import java.util.List; |
833
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
14 import java.util.Map; |
721
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
15 |
833
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
16 import javax.annotation.PostConstruct; |
721
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
17 import javax.inject.Inject; |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
18 import javax.persistence.EntityManager; |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
19 import javax.servlet.http.HttpServletRequest; |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
20 |
833
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
21 import de.intevation.lada.model.land.LKommentarM; |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
22 import de.intevation.lada.model.land.LKommentarP; |
721
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
23 import de.intevation.lada.model.land.LMessung; |
833
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
24 import de.intevation.lada.model.land.LMesswert; |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
25 import de.intevation.lada.model.land.LOrtszuordnung; |
721
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
26 import de.intevation.lada.model.land.LProbe; |
772
46e0523bbd80
Authorize messungen with status and not the "fertig"-flag.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
760
diff
changeset
|
27 import de.intevation.lada.model.land.LStatusProtokoll; |
833
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
28 import de.intevation.lada.model.land.LZusatzWert; |
721
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
29 import de.intevation.lada.model.stamm.Auth; |
833
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
30 import de.intevation.lada.model.stamm.DatensatzErzeuger; |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
31 import de.intevation.lada.model.stamm.MessprogrammKategorie; |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
32 import de.intevation.lada.model.stamm.Ort; |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
33 import de.intevation.lada.model.stamm.Probenehmer; |
721
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
34 import de.intevation.lada.util.annotation.AuthorizationConfig; |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
35 import de.intevation.lada.util.annotation.RepositoryConfig; |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
36 import de.intevation.lada.util.data.QueryBuilder; |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
37 import de.intevation.lada.util.data.Repository; |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
38 import de.intevation.lada.util.data.RepositoryType; |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
39 import de.intevation.lada.util.rest.RequestMethod; |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
40 import de.intevation.lada.util.rest.Response; |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
41 |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
42 /** |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
43 * Authorize a user via HttpServletRequest attributes. |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
44 * |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
45 * @author <a href="mailto:rrenkert@intevation.de">Raimund Renkert</a> |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
46 */ |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
47 @AuthorizationConfig(type=AuthorizationType.HEADER) |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
48 public class HeaderAuthorization implements Authorization { |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
49 |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
50 /** |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
51 * The Repository used to read from Database. |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
52 */ |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
53 @Inject |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
54 @RepositoryConfig(type=RepositoryType.RO) |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
55 private Repository repository; |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
56 |
833
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
57 @SuppressWarnings("rawtypes") |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
58 private Map<Class, Authorizer> authorizers; |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
59 @Inject ProbeAuthorizer probeAuthorizer; |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
60 @Inject MessungAuthorizer messungAuthorizer; |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
61 @Inject ProbeIdAuthorizer pIdAuthorizer; |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
62 @Inject MessungIdAuthorizer mIdAuthorizer; |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
63 @Inject NetzbetreiberAuthorizer netzAuthorizer; |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
64 |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
65 @SuppressWarnings("rawtypes") |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
66 @PostConstruct |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
67 public void init() { |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
68 authorizers = new HashMap<Class, Authorizer>(); |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
69 authorizers.put(LProbe.class, probeAuthorizer); |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
70 authorizers.put(LMessung.class, messungAuthorizer); |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
71 authorizers.put(LOrtszuordnung.class, pIdAuthorizer); |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
72 authorizers.put(LKommentarP.class, pIdAuthorizer); |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
73 authorizers.put(LZusatzWert.class, pIdAuthorizer); |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
74 authorizers.put(LKommentarM.class, mIdAuthorizer); |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
75 authorizers.put(LMesswert.class, mIdAuthorizer); |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
76 authorizers.put(LStatusProtokoll.class, mIdAuthorizer); |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
77 authorizers.put(Probenehmer.class, netzAuthorizer); |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
78 authorizers.put(DatensatzErzeuger.class, netzAuthorizer); |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
79 authorizers.put(MessprogrammKategorie.class, netzAuthorizer); |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
80 authorizers.put(Ort.class, netzAuthorizer); |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
81 } |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
82 |
721
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
83 /** |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
84 * Request user informations using the HttpServletRequest. |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
85 * |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
86 * @param source The HttpServletRequest |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
87 * @return The UserInfo object containing username and groups. |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
88 */ |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
89 @Override |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
90 public UserInfo getInfo(Object source) { |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
91 if (source instanceof HttpServletRequest) { |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
92 HttpServletRequest request = (HttpServletRequest)source; |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
93 String roleString = |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
94 request.getAttribute("lada.user.roles").toString(); |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
95 String[] roles = roleString.split(","); |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
96 UserInfo info = getGroupsFromDB(roleString); |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
97 info.setRoles(new ArrayList<String>(Arrays.asList(roles))); |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
98 info.setName(request.getAttribute("lada.user.name").toString()); |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
99 return info; |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
100 } |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
101 return null; |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
102 } |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
103 |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
104 /** |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
105 * Filter a list of data objects using the user informations contained in |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
106 * the HttpServletRequest. |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
107 * |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
108 * @param source The HttpServletRequest |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
109 * @param data The Response object containing the data. |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
110 * @param clazz The data object class. |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
111 * @return The Response object containing the filtered data. |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
112 */ |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
113 @Override |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
114 public <T> Response filter(Object source, Response data, Class<T> clazz) { |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
115 UserInfo userInfo = this.getInfo(source); |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
116 if (userInfo == null) { |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
117 return data; |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
118 } |
833
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
119 Authorizer authorizer = authorizers.get(clazz); |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
120 //This is a hack... Allows wildcard for unknown classes. |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
121 if (authorizer == null) { |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
122 return data; |
721
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
123 } |
833
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
124 return authorizer.filter(data, userInfo, clazz); |
800
8c336f08e76f
Addedd method to authorize a messung using the id and the status.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
779
diff
changeset
|
125 } |
8c336f08e76f
Addedd method to authorize a messung using the id and the status.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
779
diff
changeset
|
126 |
721
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
127 /** |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
128 * Check whether a user is authorized to operate on the given data. |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
129 * |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
130 * @param source The HttpServletRequest containing user information. |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
131 * @param data The data to test. |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
132 * @param method The Http request type. |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
133 * @param clazz The data object class. |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
134 * @return True if the user is authorized else returns false. |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
135 */ |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
136 @Override |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
137 public <T> boolean isAuthorized( |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
138 Object source, |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
139 Object data, |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
140 RequestMethod method, |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
141 Class<T> clazz |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
142 ) { |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
143 UserInfo userInfo = this.getInfo(source); |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
144 if (userInfo == null) { |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
145 return false; |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
146 } |
833
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
147 Authorizer authorizer = authorizers.get(clazz); |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
148 //This is a hack... Allows wildcard for unknown classes. |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
149 if (authorizer == null) { |
721
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
150 return true; |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
151 } |
833
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
152 return authorizer.isAuthorized(data, method, userInfo, clazz); |
721
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
153 } |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
154 |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
155 /** |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
156 * Request the lada specific groups. |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
157 * |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
158 * @param roles The roles defined in the OpenId server. |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
159 * @return The UserInfo contianing roles and user name. |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
160 */ |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
161 private UserInfo getGroupsFromDB(String roles) { |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
162 QueryBuilder<Auth> builder = new QueryBuilder<Auth>( |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
163 repository.entityManager("stamm"), |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
164 Auth.class); |
726
a5c755b0cfda
Filter the group string. This should be tidied...
Dustin Demuth <dustin@intevation.de>
parents:
721
diff
changeset
|
165 roles = roles.replace("[",""); |
a5c755b0cfda
Filter the group string. This should be tidied...
Dustin Demuth <dustin@intevation.de>
parents:
721
diff
changeset
|
166 roles = roles.replace("]",""); |
a5c755b0cfda
Filter the group string. This should be tidied...
Dustin Demuth <dustin@intevation.de>
parents:
721
diff
changeset
|
167 roles = roles.replace(" ",""); |
a5c755b0cfda
Filter the group string. This should be tidied...
Dustin Demuth <dustin@intevation.de>
parents:
721
diff
changeset
|
168 String[] mst = roles.split(","); |
a5c755b0cfda
Filter the group string. This should be tidied...
Dustin Demuth <dustin@intevation.de>
parents:
721
diff
changeset
|
169 builder.andIn("ldapGroup", Arrays.asList(mst)); |
721
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
170 Response response = repository.filter(builder.getQuery(), "stamm"); |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
171 @SuppressWarnings("unchecked") |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
172 List<Auth> auth = (List<Auth>)response.getData(); |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
173 List<String> netzbetreiber = new ArrayList<String>(); |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
174 List<String> messstellen = new ArrayList<String>(); |
772
46e0523bbd80
Authorize messungen with status and not the "fertig"-flag.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
760
diff
changeset
|
175 List<Integer> funktionen = new ArrayList<Integer>(); |
721
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
176 for (Auth a : auth) { |
772
46e0523bbd80
Authorize messungen with status and not the "fertig"-flag.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
760
diff
changeset
|
177 if (a.getNetzbetreiberId() != null) { |
46e0523bbd80
Authorize messungen with status and not the "fertig"-flag.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
760
diff
changeset
|
178 netzbetreiber.add(a.getNetzbetreiberId()); |
721
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
179 } |
772
46e0523bbd80
Authorize messungen with status and not the "fertig"-flag.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
760
diff
changeset
|
180 if (a.getMstId() != null) { |
46e0523bbd80
Authorize messungen with status and not the "fertig"-flag.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
760
diff
changeset
|
181 messstellen.add(a.getMstId()); |
46e0523bbd80
Authorize messungen with status and not the "fertig"-flag.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
760
diff
changeset
|
182 } |
46e0523bbd80
Authorize messungen with status and not the "fertig"-flag.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
760
diff
changeset
|
183 if (a.getLaborMstId() != null) { |
46e0523bbd80
Authorize messungen with status and not the "fertig"-flag.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
760
diff
changeset
|
184 messstellen.add(a.getLaborMstId()); |
46e0523bbd80
Authorize messungen with status and not the "fertig"-flag.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
760
diff
changeset
|
185 } |
46e0523bbd80
Authorize messungen with status and not the "fertig"-flag.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
760
diff
changeset
|
186 if (a.getFunktionId() != null) { |
46e0523bbd80
Authorize messungen with status and not the "fertig"-flag.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
760
diff
changeset
|
187 funktionen.add(a.getFunktionId()); |
721
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
188 } |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
189 } |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
190 UserInfo userInfo = new UserInfo(); |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
191 userInfo.setNetzbetreiber(netzbetreiber); |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
192 userInfo.setMessstellen(messstellen); |
772
46e0523bbd80
Authorize messungen with status and not the "fertig"-flag.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
760
diff
changeset
|
193 userInfo.setFunktionen(funktionen); |
721
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
194 return userInfo; |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
195 } |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
196 |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
197 /** |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
198 * Test whether a probe is readonly. |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
199 * |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
200 * @param probeId The probe Id. |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
201 * @return True if the probe is readonly. |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
202 */ |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
203 @Override |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
204 public boolean isReadOnly(Integer probeId) { |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
205 EntityManager manager = repository.entityManager("land"); |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
206 QueryBuilder<LMessung> builder = |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
207 new QueryBuilder<LMessung>( |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
208 manager, |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
209 LMessung.class); |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
210 builder.and("probeId", probeId); |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
211 Response response = repository.filter(builder.getQuery(), "land"); |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
212 @SuppressWarnings("unchecked") |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
213 List<LMessung> messungen = (List<LMessung>) response.getData(); |
772
46e0523bbd80
Authorize messungen with status and not the "fertig"-flag.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
760
diff
changeset
|
214 for (int i = 0; i < messungen.size(); i++) { |
46e0523bbd80
Authorize messungen with status and not the "fertig"-flag.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
760
diff
changeset
|
215 if (messungen.get(i).getStatus() == null) { |
46e0523bbd80
Authorize messungen with status and not the "fertig"-flag.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
760
diff
changeset
|
216 return false; |
46e0523bbd80
Authorize messungen with status and not the "fertig"-flag.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
760
diff
changeset
|
217 } |
46e0523bbd80
Authorize messungen with status and not the "fertig"-flag.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
760
diff
changeset
|
218 LStatusProtokoll status = repository.getByIdPlain( |
46e0523bbd80
Authorize messungen with status and not the "fertig"-flag.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
760
diff
changeset
|
219 LStatusProtokoll.class, messungen.get(i).getStatus(), "land"); |
46e0523bbd80
Authorize messungen with status and not the "fertig"-flag.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
760
diff
changeset
|
220 if (status.getStatusWert() != 0 && status.getStatusWert() != 4) { |
46e0523bbd80
Authorize messungen with status and not the "fertig"-flag.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
760
diff
changeset
|
221 return true; |
46e0523bbd80
Authorize messungen with status and not the "fertig"-flag.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
760
diff
changeset
|
222 } |
721
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
223 } |
772
46e0523bbd80
Authorize messungen with status and not the "fertig"-flag.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
760
diff
changeset
|
224 return false; |
721
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
225 } |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
226 |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
227 /** |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
228 * Check whether a user is authorized to operate on the given probe. |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
229 * |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
230 * @param userInfo The user information. |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
231 * @param data The probe data to test. |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
232 * @return True if the user is authorized else returns false. |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
233 */ |
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
234 @Override |
833
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
235 public <T> boolean isAuthorized( |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
236 UserInfo userInfo, |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
237 Object data, |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
238 Class<T> clazz |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
239 ) { |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
240 Authorizer authorizer = authorizers.get(clazz); |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
241 //This is a hack... Allows wildcard for unknown classes. |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
242 if (authorizer == null) { |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
243 return true; |
801
d0510a89e701
Updated the authorization to fit the needs of the new status workflow.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
800
diff
changeset
|
244 } |
833
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
801
diff
changeset
|
245 return authorizer.isAuthorized(data, RequestMethod.GET, userInfo, clazz); |
779
64adf06df02f
Use status to get readonly flag for messungen.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
772
diff
changeset
|
246 } |
721
6eed8b5decb1
Added shibboleth authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
247 } |