Mercurial > lada > lada-server
view src/main/java/de/intevation/lada/util/auth/HeaderAuthorization.java @ 1041:f92c96efa976 schema-update
Organized imports and removed unused logger.
| author | Raimund Renkert <raimund.renkert@intevation.de> |
|---|---|
| date | Mon, 05 Sep 2016 10:17:32 +0200 |
| parents | 1c41c7b8f7c2 |
| children |
line wrap: on
line source
/* Copyright (C) 2013 by Bundesamt fuer Strahlenschutz * Software engineering by Intevation GmbH * * This file is Free Software under the GNU GPL (v>=3) * and comes with ABSOLUTELY NO WARRANTY! Check out * the documentation coming with IMIS-Labordaten-Application for details. */ package de.intevation.lada.util.auth; import java.util.Arrays; import java.util.HashMap; import java.util.List; import java.util.Map; import javax.annotation.PostConstruct; import javax.inject.Inject; import javax.persistence.EntityManager; import javax.servlet.http.HttpServletRequest; import de.intevation.lada.model.land.KommentarM; import de.intevation.lada.model.land.KommentarP; import de.intevation.lada.model.land.Messung; import de.intevation.lada.model.land.Messwert; import de.intevation.lada.model.land.Ortszuordnung; import de.intevation.lada.model.land.Probe; import de.intevation.lada.model.land.StatusProtokoll; import de.intevation.lada.model.land.ZusatzWert; import de.intevation.lada.model.stammdaten.Auth; import de.intevation.lada.model.stammdaten.DatensatzErzeuger; import de.intevation.lada.model.stammdaten.LadaUser; import de.intevation.lada.model.stammdaten.MessprogrammKategorie; import de.intevation.lada.model.stammdaten.Ort; import de.intevation.lada.model.stammdaten.Probenehmer; import de.intevation.lada.model.stammdaten.StatusKombi; import de.intevation.lada.util.annotation.AuthorizationConfig; import de.intevation.lada.util.annotation.RepositoryConfig; import de.intevation.lada.util.data.QueryBuilder; import de.intevation.lada.util.data.Repository; import de.intevation.lada.util.data.RepositoryType; import de.intevation.lada.util.rest.RequestMethod; import de.intevation.lada.util.rest.Response; /** * Authorize a user via HttpServletRequest attributes. * * @author <a href="mailto:rrenkert@intevation.de">Raimund Renkert</a> */ @AuthorizationConfig(type=AuthorizationType.HEADER) public class HeaderAuthorization implements Authorization { /** * The Repository used to read from Database. */ @Inject @RepositoryConfig(type=RepositoryType.RW) private Repository repository; @SuppressWarnings("rawtypes") private Map<Class, Authorizer> authorizers; @Inject ProbeAuthorizer probeAuthorizer; @Inject MessungAuthorizer messungAuthorizer; @Inject ProbeIdAuthorizer pIdAuthorizer; @Inject MessungIdAuthorizer mIdAuthorizer; @Inject NetzbetreiberAuthorizer netzAuthorizer; @SuppressWarnings("rawtypes") @PostConstruct public void init() { authorizers = new HashMap<Class, Authorizer>(); authorizers.put(Probe.class, probeAuthorizer); authorizers.put(Messung.class, messungAuthorizer); authorizers.put(Ortszuordnung.class, pIdAuthorizer); authorizers.put(KommentarP.class, pIdAuthorizer); authorizers.put(ZusatzWert.class, pIdAuthorizer); authorizers.put(KommentarM.class, mIdAuthorizer); authorizers.put(Messwert.class, mIdAuthorizer); authorizers.put(StatusProtokoll.class, mIdAuthorizer); authorizers.put(Probenehmer.class, netzAuthorizer); authorizers.put(DatensatzErzeuger.class, netzAuthorizer); authorizers.put(MessprogrammKategorie.class, netzAuthorizer); authorizers.put(Ort.class, netzAuthorizer); } /** * Request user informations using the HttpServletRequest. * * @param source The HttpServletRequest * @return The UserInfo object containing username and groups. */ @Override public UserInfo getInfo(Object source) { if (source instanceof HttpServletRequest) { HttpServletRequest request = (HttpServletRequest)source; String roleString = request.getAttribute("lada.user.roles").toString(); UserInfo info = getGroupsFromDB(roleString); info.setName(request.getAttribute("lada.user.name").toString()); QueryBuilder<LadaUser> builder = new QueryBuilder<LadaUser>( repository.entityManager("stamm"), LadaUser.class ); builder.and("name", info.getName()); List<LadaUser> user = repository.filterPlain(builder.getQuery(), "stamm"); if (user == null || user.isEmpty()) { LadaUser newUser = new LadaUser(); newUser.setName(info.getName()); Response r = repository.create(newUser, "stamm"); user = repository.filterPlain(builder.getQuery(), "stamm"); } info.setUserId(user.get(0).getId()); return info; } return null; } /** * Filter a list of data objects using the user informations contained in * the HttpServletRequest. * * @param source The HttpServletRequest * @param data The Response object containing the data. * @param clazz The data object class. * @return The Response object containing the filtered data. */ @Override public <T> Response filter(Object source, Response data, Class<T> clazz) { UserInfo userInfo = this.getInfo(source); if (userInfo == null) { return data; } Authorizer authorizer = authorizers.get(clazz); //This is a hack... Allows wildcard for unknown classes. if (authorizer == null) { return data; } return authorizer.filter(data, userInfo, clazz); } /** * Check whether a user is authorized to operate on the given data. * * @param source The HttpServletRequest containing user information. * @param data The data to test. * @param method The Http request type. * @param clazz The data object class. * @return True if the user is authorized else returns false. */ @Override public <T> boolean isAuthorized( Object source, Object data, RequestMethod method, Class<T> clazz ) { UserInfo userInfo = this.getInfo(source); if (userInfo == null) { return false; } Authorizer authorizer = authorizers.get(clazz); //This is a hack... Allows wildcard for unknown classes. if (authorizer == null) { return true; } return authorizer.isAuthorized(data, method, userInfo, clazz); } /** * Request the lada specific groups. * * @param roles The roles defined in the OpenId server. * @return The UserInfo contianing roles and user name. */ private UserInfo getGroupsFromDB(String roles) { QueryBuilder<Auth> builder = new QueryBuilder<Auth>( repository.entityManager("stamm"), Auth.class); roles = roles.replace("[",""); roles = roles.replace("]",""); roles = roles.replace(" ",""); String[] mst = roles.split(","); builder.andIn("ldapGroup", Arrays.asList(mst)); Response response = repository.filter(builder.getQuery(), "stamm"); @SuppressWarnings("unchecked") List<Auth> auth = (List<Auth>)response.getData(); UserInfo userInfo = new UserInfo(); userInfo.setAuth(auth); return userInfo; } /** * Test whether a probe is readonly. * * @param probeId The probe Id. * @return True if the probe is readonly. */ @Override public boolean isReadOnly(Integer probeId) { EntityManager manager = repository.entityManager("land"); QueryBuilder<Messung> builder = new QueryBuilder<Messung>( manager, Messung.class); builder.and("probeId", probeId); Response response = repository.filter(builder.getQuery(), "land"); @SuppressWarnings("unchecked") List<Messung> messungen = (List<Messung>) response.getData(); for (int i = 0; i < messungen.size(); i++) { if (messungen.get(i).getStatus() == null) { continue; } StatusProtokoll status = repository.getByIdPlain( StatusProtokoll.class, messungen.get(i).getStatus(), "land"); StatusKombi kombi = repository.getByIdPlain( StatusKombi.class, status.getStatusKombi(), "stamm"); if (kombi.getStatusWert().getId() != 0 && kombi.getStatusWert().getId() != 4) { return true; } } return false; } /** * Check whether a user is authorized to operate on the given probe. * * @param userInfo The user information. * @param data The probe data to test. * @return True if the user is authorized else returns false. */ @Override public <T> boolean isAuthorized( UserInfo userInfo, Object data, Class<T> clazz ) { Authorizer authorizer = authorizers.get(clazz); //This is a hack... Allows wildcard for unknown classes. if (authorizer == null) { return true; } return authorizer.isAuthorized(data, RequestMethod.GET, userInfo, clazz); } }