# HG changeset patch # User Raimund Renkert # Date 1439538209 -7200 # Node ID 5815920ccabc9423306e6d97ee58620db58ca188 # Parent a4932159a469ce530bdb48ae900358221c1e7ce3 Removed the OpenId authentorization files and dependencies. diff -r a4932159a469 -r 5815920ccabc pom.xml --- a/pom.xml Thu Aug 06 09:59:22 2015 +0200 +++ b/pom.xml Fri Aug 14 09:43:29 2015 +0200 @@ -6,7 +6,7 @@ Lada Server de.intevation - lada-server + lada-server-dev war org.jboss @@ -69,6 +69,11 @@ jackson-annotations 2.5.1 + + org.opensaml + opensaml + 2.6.4 + @@ -159,100 +164,39 @@ - maven-compiler-plugin - 3.1 - - - default-testCompile - test-compile - - testCompile - - - - **/auth/TestAuthorization.java - - - - - default-compile - compile - - compile - - - - **/auth/TestAuthorization.java - - - - - - true - true - - 1.7 - 1.7 - - - + maven-compiler-plugin + 3.1 + + true + true + + 1.7 + 1.7 + + + - - - org.openid4java - openid4java - 1.0.0 - - remote-test - - - maven-compiler-plugin - 3.1 - - - default-testCompile - test-compile - - testCompile - - - - **/auth/OpenIdAuthorization.java - **/auth/OpenIDFilter.java - - - - - default-compile - compile - - compile - - - - **/auth/OpenIdAuthorization.java - **/auth/OpenIDFilter.java - - - - - - true - true - - 1.7 - 1.7 - - - - - + + + maven-compiler-plugin + 3.1 + + true + true + + 1.7 + 1.7 + + + + + org.wildfly @@ -280,15 +224,33 @@ + maven-surefire-plugin + + true + + + + maven-compiler-plugin + 3.1 + + true + true + + 1.7 + 1.7 + + + + org.wildfly.plugins wildfly-maven-plugin - eulimene - 9990 + localhost + 19990 admin secret - + - - - org.openid4java - openid4java - 1.0.0 - - diff -r a4932159a469 -r 5815920ccabc src/main/java/de/intevation/lada/util/auth/OpenIDFilter.java --- a/src/main/java/de/intevation/lada/util/auth/OpenIDFilter.java Thu Aug 06 09:59:22 2015 +0200 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,377 +0,0 @@ -/* Copyright (C) 2015 by Bundesamt fuer Strahlenschutz - * Software engineering by Intevation GmbH - * - * This file is Free Software under the GNU GPL (v>=3) - * and comes with ABSOLUTELY NO WARRANTY! Check out - * the documentation coming with IMIS-Labordaten-Application for details. - */ - -package de.intevation.lada.util.auth; - -import java.io.IOException; -import java.io.InputStream; -import java.net.URLDecoder; -import java.util.Date; -import java.util.LinkedHashMap; -import java.util.List; -import java.util.Map; -import java.util.Properties; - -import javax.servlet.Filter; -import javax.servlet.FilterChain; -import javax.servlet.FilterConfig; -import javax.servlet.ServletException; -import javax.servlet.ServletRequest; -import javax.servlet.ServletResponse; -import javax.servlet.annotation.WebFilter; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import org.apache.log4j.Logger; -import org.openid4java.association.AssociationException; -import org.openid4java.association.AssociationSessionType; -import org.openid4java.consumer.AbstractNonceVerifier; -import org.openid4java.consumer.ConsumerException; -import org.openid4java.consumer.ConsumerManager; -import org.openid4java.consumer.InMemoryConsumerAssociationStore; -import org.openid4java.consumer.VerificationResult; -import org.openid4java.discovery.DiscoveryException; -import org.openid4java.discovery.DiscoveryInformation; -import org.openid4java.discovery.Identifier; -import org.openid4java.message.AuthRequest; -import org.openid4java.message.AuthSuccess; -import org.openid4java.message.MessageException; -import org.openid4java.message.ParameterList; -import org.openid4java.message.ax.AxMessage; -import org.openid4java.message.ax.FetchRequest; -import org.openid4java.message.ax.FetchResponse; - -/** ServletFilter used for OpenID authentification. */ -@WebFilter("/*") -public class OpenIDFilter implements Filter { - - private static final String CONFIG_FILE = "/openid.properties"; - - /** The name of the header field used to transport OpenID parameters.*/ - private static final String OID_HEADER_DEFAULT = "X-OPENID-PARAMS"; - private String oidHeader; - - /** The identity provider we accept here. */ - private static final String IDENTITY_PROVIDER_DEFAULT = - "https://localhost/openid/"; - private String providerUrl; - - private static final int SESSION_TIMEOUT_DEFAULT_MINUTES = 60; - private int sessionTimeout; - - private boolean enabled; - - private static Logger logger = Logger.getLogger(OpenIDFilter.class); - - /** Nonce verifier to allow a session based on openid information. - * - * Usually one would create a session for the user but this would not - * be an advantage here as we want to transport the session in a header - * anyway. - * - * A nonce will be valid as long as as the maxAge is not reached. - * This is implemented by the basis verifier. - * We only implement seed no mark that we accept nonce's multiple - * times. - */ - private class SessionNonceVerifier extends AbstractNonceVerifier { - public SessionNonceVerifier(int maxAge) { - super(maxAge); - } - - @Override - protected int seen(Date now, String opUrl, String nonce) { - return OK; - } - }; - - private ConsumerManager manager; - - /* This should be moved into a map discovered> - * as we currently only supporting one server this is static. */ - boolean discoveryDone = false; - private DiscoveryInformation discovered; - - private boolean discoverServer() { - /* Perform discovery on the configured providerUrl */ - List discoveries = null; - try { - discoveries = manager.discover(providerUrl); - } catch (DiscoveryException e) { - logger.debug("Discovery failed: " + e.getMessage()); - return false; - } - - if (discoveries == null || discoveries.isEmpty()) { - logger.error( - "Failed discovery step. OpenID provider unavailable?"); - return false; - } - - /* Add association for the discovered information */ - discovered = manager.associate(discoveries); - - return true; - } - - /** Split up the OpenID response query provided in the header. - * - * @param responseQuery The query provided in the header field. - * @return The query as ParameterList or null on error. - */ - private ParameterList splitParams(String responseQuery) { - if (responseQuery == null) { - return null; - } - Map queryMap = - new LinkedHashMap(); - final String[] pairs = responseQuery.split("&"); - for (String pair : pairs) { - final int idx = pair.indexOf("="); - if (idx <= 0) { - logger.debug("Invalid query."); - return null; - } - try { - final String key = URLDecoder.decode( - pair.substring(0, idx), "UTF-8"); - - if (queryMap.containsKey(key)) { - logger.debug("Duplicate key: " + key + " ignored."); - continue; - } - final String value = URLDecoder.decode( - pair.substring(idx + 1), "UTF-8"); - queryMap.put(key, value); - } catch (java.io.UnsupportedEncodingException e) { - logger.error("UTF-8 unkown?!"); - return null; - } - } - if (queryMap.isEmpty()) { - logger.debug("Empty query."); - return null; - } - return new ParameterList(queryMap); - } - - private boolean checkOpenIDQuery(ServletRequest req) { - HttpServletRequest hReq = (HttpServletRequest) req; - - String oidParamString = hReq.getQueryString(); - - if (oidParamString == null) { - logger.debug("No query string."); - } - return checkOpenIDString(hReq, oidParamString); - } - - private boolean checkOpenIDHeader(ServletRequest req) { - - HttpServletRequest hReq = (HttpServletRequest) req; - /* Debug code to dump headers - Enumeration headerNames = hReq.getHeaderNames(); - while (headerNames.hasMoreElements()) { - String headerName = headerNames.nextElement(); - logger.debug("Header: " + headerName); - Enumeration headers = hReq.getHeaders(headerName); - while (headers.hasMoreElements()) { - String headerValue = headers.nextElement(); - logger.debug("Value: " + headerValue); - } - } - */ - /* First check if the header is provided at all */ - String oidParamString = hReq.getHeader(oidHeader); - - if (oidParamString == null) { - logger.debug("Header " + oidHeader + " not provided."); - } - return checkOpenIDString(hReq, oidParamString); - } - - private boolean checkOpenIDString(HttpServletRequest hReq, - String oidParamString) { - - /* Parse the parameters to a map for openid4j */ - ParameterList oidParams = splitParams(oidParamString); - if (oidParams == null) { - return false; - } - - /* Verify against the discovered server. */ - VerificationResult verification = null; - String receivingURL = oidParams.getParameterValue("openid.return_to"); - - try { - verification = manager.verify(receivingURL, oidParams, - discovered); - } catch (MessageException e) { - logger.debug("Verification failed: " + e.getMessage()); - return false; - } catch (DiscoveryException e) { - logger.debug("Verification discovery exception: " + e.getMessage()); - return false; - } catch (AssociationException e) { - logger.debug("Verification assoc exception: " + e.getMessage()); - return false; - } - - /* See what could be verified */ - Identifier verified = verification.getVerifiedId(); - if (verified == null) { - logger.debug("Failed to verify Identity information: " + - verification.getStatusMsg()); - return false; - } - - AuthSuccess authSuccess = - (AuthSuccess) verification.getAuthResponse(); - String rolesValue = ""; - if (authSuccess.hasExtension(AxMessage.OPENID_NS_AX)) { - FetchResponse fetchResp = null; - try { - fetchResp = (FetchResponse) authSuccess.getExtension( - AxMessage.OPENID_NS_AX); - } catch (MessageException e) { - logger.debug("Failed to fetch extended result: " + - e.getMessage()); - return false; - } - rolesValue = fetchResp.getAttributeValue("attr1"); - } else { - logger.debug("No such extension."); - } - - String[] identifier = verified.getIdentifier().split("/"); - String userName = identifier[identifier.length -1]; - hReq.setAttribute("lada.user.roles", rolesValue); - hReq.setAttribute("lada.user.name", userName); - return true; - } - - @Override - public void init(FilterConfig config) - throws ServletException - { - /* Read config and initialize configuration variables */ - Properties properties = new Properties(); - InputStream stream = null; - try { - stream = getClass().getResourceAsStream(CONFIG_FILE); - properties.load(stream); - stream.close(); - } catch (java.io.FileNotFoundException e) { - logger.error ("Failed to find config file: " + CONFIG_FILE); - } catch (java.io.IOException e) { - logger.error ("Failed to read config file: " + CONFIG_FILE); - } - try { - sessionTimeout = Integer.parseInt( - properties.getProperty("session_timeout_minutes")); - } catch (NumberFormatException e) { - sessionTimeout = SESSION_TIMEOUT_DEFAULT_MINUTES; - } - oidHeader = properties.getProperty("oidHeader", OID_HEADER_DEFAULT); - providerUrl = properties.getProperty("identity_provider", - IDENTITY_PROVIDER_DEFAULT); - enabled = !properties.getProperty("enabled", - "true").toLowerCase().equals("false"); - - manager = new ConsumerManager(); - /* We probably want to implement our own association store to keep - * associations persistent. */ - manager.setAssociations(new InMemoryConsumerAssociationStore()); - manager.setNonceVerifier(new SessionNonceVerifier(sessionTimeout * 60)); - manager.setMinAssocSessEnc(AssociationSessionType.DH_SHA256); - discoveryDone = discoverServer(); - } - - @Override - public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) - throws IOException, ServletException - { - if (!enabled) { - /* If we are not enabled we pass everything through */ - logger.debug("OpenID filter disabled. Passing through."); - chain.doFilter(req, resp); - return; - } - - HttpServletRequest hReq = (HttpServletRequest) req; - HttpServletResponse hResp = (HttpServletResponse) resp; - if (!discoveryDone) { - discoveryDone = discoverServer(); - } - if (discoveryDone) { - if (checkOpenIDHeader(req)) - { - /* Successfully authenticated. Through Header */ - chain.doFilter(req, resp); - return; - } else if (checkOpenIDQuery(req)) { - /* Successfully authenticated. Through Query parameters.*/ - hResp.addHeader(oidHeader, hReq.getQueryString().replace( - "is_return=true","")); - chain.doFilter(req, resp); - return; - } - } - /* Authentication failure */ - String authRequestURL = "Error communicating with openid server"; - int errorCode = 698; - if (discoveryDone) { - /* Parse the parameters to a map for openid4j */ - ParameterList params = splitParams(hReq.getQueryString()); - String returnToUrl; - if (params == null) { - logger.debug("Failed to get any parameters from url."); - hResp.reset(); - hResp.setStatus(401); - hResp.getOutputStream().print("{\"success\":false,\"message\":\"" + errorCode + "\",\"data\":" + - "\"No return url provided!\",\"errors\":{},\"warnings\":{}," + - "\"readonly\":false,\"totalCount\":0}"); - hResp.getOutputStream().flush(); - return; - } else { - returnToUrl = params.getParameterValue("return_to"); - } - try { - AuthRequest authReq = manager.authenticate(discovered, - returnToUrl); - // Fetch the role attribute - FetchRequest fetch = FetchRequest.createFetchRequest(); - - fetch.addAttribute("attr1", - "http://axschema.org/person/role", - true, 0); - // attach the extension to the authentication request - authReq.addExtension(fetch); - - authRequestURL = authReq.getDestinationUrl(true); - errorCode = 699; - } catch (MessageException e) { - logger.debug("Failed to create the Authentication request: " + - e.getMessage()); - } catch (ConsumerException e) { - logger.debug("Error in consumer manager: " + - e.getMessage()); - } - } - hResp.reset(); - hResp.setStatus(401); - hResp.getOutputStream().print("{\"success\":false,\"message\":\"" + errorCode + "\",\"data\":" + - "\"" + authRequestURL + "\",\"errors\":{},\"warnings\":{}," + - "\"readonly\":false,\"totalCount\":0}"); - hResp.getOutputStream().flush(); - } - @Override - public void destroy() - { - } -}; diff -r a4932159a469 -r 5815920ccabc src/main/java/de/intevation/lada/util/auth/OpenIdAuthorization.java --- a/src/main/java/de/intevation/lada/util/auth/OpenIdAuthorization.java Thu Aug 06 09:59:22 2015 +0200 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,551 +0,0 @@ -/* Copyright (C) 2013 by Bundesamt fuer Strahlenschutz - * Software engineering by Intevation GmbH - * - * This file is Free Software under the GNU GPL (v>=3) - * and comes with ABSOLUTELY NO WARRANTY! Check out - * the documentation coming with IMIS-Labordaten-Application for details. - */ -package de.intevation.lada.util.auth; - -import java.lang.reflect.InvocationTargetException; -import java.lang.reflect.Method; -import java.util.ArrayList; -import java.util.Arrays; -import java.util.List; - -import javax.inject.Inject; -import javax.persistence.EntityManager; -import javax.servlet.http.HttpServletRequest; - -import org.apache.log4j.Logger; - -import de.intevation.lada.model.land.LMessung; -import de.intevation.lada.model.land.LProbe; -import de.intevation.lada.model.stamm.Auth; -import de.intevation.lada.util.annotation.AuthorizationConfig; -import de.intevation.lada.util.annotation.RepositoryConfig; -import de.intevation.lada.util.data.QueryBuilder; -import de.intevation.lada.util.data.Repository; -import de.intevation.lada.util.data.RepositoryType; -import de.intevation.lada.util.rest.RequestMethod; -import de.intevation.lada.util.rest.Response; - -/** - * Authorize a user via HttpServletRequest attributes added by OpenIdFilter. - * - * @author Raimund Renkert - */ -@AuthorizationConfig(type=AuthorizationType.OPEN_ID) -public class OpenIdAuthorization implements Authorization { - - /** - * The logger used in this class. - */ - @Inject - private Logger logger; - - /** - * The Repository used to read from Database. - */ - @Inject - @RepositoryConfig(type=RepositoryType.RO) - private Repository repository; - - /** - * Request user informations using the HttpServletRequest. - * - * @param source The HttpServletRequest - * @return The UserInfo object containing username and groups. - */ - @Override - public UserInfo getInfo(Object source) { - if (source instanceof HttpServletRequest) { - HttpServletRequest request = (HttpServletRequest)source; - String roleString = - request.getAttribute("lada.user.roles").toString(); - String[] roles = roleString.split(","); - UserInfo info = getGroupsFromDB(roleString); - info.setRoles(new ArrayList(Arrays.asList(roles))); - info.setName(request.getAttribute("lada.user.name").toString()); - return info; - } - return null; - } - - /** - * Filter a list of data objects using the user informations contained in - * the HttpServletRequest. - * - * @param source The HttpServletRequest - * @param data The Response object containing the data. - * @param clazz The data object class. - * @return The Response object containing the filtered data. - */ - @Override - public Response filter(Object source, Response data, Class clazz) { - UserInfo userInfo = this.getInfo(source); - if (userInfo == null) { - return data; - } - if (clazz == LProbe.class) { - return this.authorizeProbe(userInfo, data); - } - if (clazz == LMessung.class) { - return this.authorizeMessung(userInfo, data); - } - Method[] methods = clazz.getMethods(); - for (Method method: methods) { - if (method.getName().equals("getProbeId")) { - return this.authorizeWithProbeId(userInfo, data, clazz); - } - if (method.getName().equals("getMessungsId")) { - return this.authorizeWithMessungsId(userInfo, data, clazz); - } - } - return data; - } - - /** - * Check whether a user is authorized to operate on the given data. - * - * @param source The HttpServletRequest containing user information. - * @param data The data to test. - * @param method The Http request type. - * @param clazz The data object class. - * @return True if the user is authorized else returns false. - */ - @Override - public boolean isAuthorized( - Object source, - Object data, - RequestMethod method, - Class clazz - ) { - UserInfo userInfo = this.getInfo(source); - if (userInfo == null) { - return false; - } - if (clazz == LProbe.class) { - LProbe probe = (LProbe)data; - if (method == RequestMethod.POST) { - return getAuthorization(userInfo, probe); - } - else if (method == RequestMethod.PUT || - method == RequestMethod.DELETE) { - return !isReadOnly(probe.getId()); - } - else { - return false; - } - } - else if (clazz == LMessung.class) { - LMessung messung = (LMessung)data; - Response response = - repository.getById(LProbe.class, messung.getProbeId(), "land"); - LProbe probe = (LProbe)response.getData(); - if (method == RequestMethod.POST) { - return getAuthorization(userInfo, probe); - } - else if (method == RequestMethod.PUT || - method == RequestMethod.DELETE) { - Response messResponse = - repository.getById(LMessung.class, messung.getId(), "land"); - LMessung messungDb = (LMessung)messResponse.getData(); - boolean fertigChanged = - !messung.getFertig().equals(messungDb.getFertig()); - logger.warn("changed " + fertigChanged); - return (!messung.getFertig() || fertigChanged) && - getAuthorization(userInfo, probe); - } - } - else { - Method[] methods = clazz.getMethods(); - for (Method m: methods) { - if (m.getName().equals("getProbeId")) { - Integer id; - try { - id = (Integer) m.invoke(data); - } catch (IllegalAccessException | IllegalArgumentException - | InvocationTargetException e) { - logger.warn(e.getCause() + ": " + e.getMessage()); - return false; - } - Response response = - repository.getById(LProbe.class, id, "land"); - LProbe probe = (LProbe)response.getData(); - return !isReadOnly(id) && getAuthorization(userInfo, probe); - - } - if (m.getName().equals("getMessungsId")) { - Integer id; - try { - id = (Integer) m.invoke(data); - } catch (IllegalAccessException | IllegalArgumentException - | InvocationTargetException e) { - logger.warn(e.getCause() + ": " + e.getMessage()); - return false; - } - Response mResponse = - repository.getById(LMessung.class, id, "land"); - LMessung messung = (LMessung)mResponse.getData(); - Response pResponse = - repository.getById( - LProbe.class, - messung.getProbeId(), - "land"); - LProbe probe = (LProbe)pResponse.getData(); - return !messung.getFertig() && - getAuthorization(userInfo, probe); - } - } - } - return true; - } - - /** - * Get the authorization of a single probe. - * - * @param userInfo The user information. - * @param probe The probe to authorize. - */ - private boolean getAuthorization(UserInfo userInfo, LProbe probe) { - if (userInfo.getMessstellen().contains(probe.getMstId())) { - return true; - } - else { - return false; - } - } - - /** - * Request the lada specific groups. - * - * @param roles The roles defined in the OpenId server. - * @return The UserInfo contianing roles and user name. - */ - private UserInfo getGroupsFromDB(String roles) { - QueryBuilder builder = new QueryBuilder( - repository.entityManager("stamm"), - Auth.class); - builder.andIn("ldapGroup", Arrays.asList(roles.split(","))); - Response response = repository.filter(builder.getQuery(), "stamm"); - @SuppressWarnings("unchecked") - List auth = (List)response.getData(); - List netzbetreiber = new ArrayList(); - List messstellen = new ArrayList(); - for (Auth a : auth) { - if (a.getNetzBetreiber() != null) { - netzbetreiber.add(a.getNetzBetreiber()); - } - if (a.getMessStelle() != null) { - messstellen.add(a.getMessStelle()); - } - } - UserInfo userInfo = new UserInfo(); - userInfo.setNetzbetreiber(netzbetreiber); - userInfo.setMessstellen(messstellen); - return userInfo; - } - - /** - * Authorize data that has a messungsId Attribute. - * - * @param userInfo The user information. - * @param data The Response object containing the data. - * @param clazz The data object class. - * @return A Response object containing the data. - */ - @SuppressWarnings("unchecked") - private Response authorizeWithMessungsId( - UserInfo userInfo, - Response data, - Class clazz - ) { - if (data.getData() instanceof List) { - List objects = new ArrayList(); - for (Object object :(List)data.getData()) { - objects.add(authorizeSingleWithMessungsId(userInfo, object, clazz)); - } - data.setData(objects); - } - else { - Object object = data.getData(); - data.setData(authorizeSingleWithMessungsId(userInfo, object, clazz)); - } - return data; - } - - /** - * Authorize data that has a probeId Attribute. - * - * @param userInfo The user information. - * @param data The Response object containing the data. - * @param clazz The data object class. - * @return A Response object containing the data. - */ - @SuppressWarnings("unchecked") - private Response authorizeWithProbeId( - UserInfo userInfo, - Response data, - Class clazz - ) { - if (data.getData() instanceof List) { - List objects = new ArrayList(); - for (Object object :(List)data.getData()) { - objects.add(authorizeSingleWithProbeId( - userInfo, - object, - clazz)); - } - data.setData(objects); - } - else { - Object object = data.getData(); - data.setData(authorizeSingleWithProbeId(userInfo, object, clazz)); - } - return data; - } - - /** - * Authorize a single data object that has a messungsId Attribute. - * - * @param userInfo The user information. - * @param data The Response object containing the data. - * @param clazz The data object class. - * @return A Response object containing the data. - */ - private Object authorizeSingleWithMessungsId( - UserInfo userInfo, - Object data, - Class clazz - ) { - try { - Method getMessungsId = clazz.getMethod("getMessungsId"); - Integer id = (Integer)getMessungsId.invoke(data); - LMessung messung = - (LMessung)repository.getById( - LMessung.class, id, "land").getData(); - LProbe probe = - (LProbe)repository.getById( - LProbe.class, messung.getProbeId(), "land").getData(); - - boolean readOnly = true; - boolean owner = false; - if (!userInfo.getNetzbetreiber().contains( - probe.getNetzbetreiberId())) { - owner = false; - readOnly = true; - } - else { - if (userInfo.getMessstellen().contains(probe.getMstId())) { - owner = true; - } - else { - owner = false; - } - readOnly = messung.getFertig(); - } - - Method setOwner = clazz.getMethod("setOwner", boolean.class); - Method setReadonly = clazz.getMethod("setReadonly", boolean.class); - setOwner.invoke(data, owner); - setReadonly.invoke(data, readOnly); - } catch (NoSuchMethodException | SecurityException - | IllegalAccessException | IllegalArgumentException - | InvocationTargetException e) { - return null; - } - return data; - } - - /** - * Authorize a single data object that has a probeId Attribute. - * - * @param userInfo The user information. - * @param data The Response object containing the data. - * @param clazz The data object class. - * @return A Response object containing the data. - */ - private Object authorizeSingleWithProbeId( - UserInfo userInfo, - Object data, - Class clazz - ) { - try { - Method getProbeId = clazz.getMethod("getProbeId"); - Integer id = null; - if (getProbeId != null) { - id = (Integer) getProbeId.invoke(data); - } - else { - return null; - } - LProbe probe = - (LProbe)repository.getById(LProbe.class, id, "land").getData(); - - boolean readOnly = true; - boolean owner = false; - if (!userInfo.getNetzbetreiber().contains( - probe.getNetzbetreiberId())) { - owner = false; - readOnly = true; - } - else { - if (userInfo.getMessstellen().contains(probe.getMstId())) { - owner = true; - } - else { - owner = false; - } - readOnly = this.isReadOnly(id); - } - - Method setOwner = clazz.getMethod("setOwner", boolean.class); - Method setReadonly = clazz.getMethod("setReadonly", boolean.class); - setOwner.invoke(data, owner); - setReadonly.invoke(data, readOnly); - } catch (NoSuchMethodException | SecurityException - | IllegalAccessException | IllegalArgumentException - | InvocationTargetException e) { - return null; - } - return data; - } - - /** - * Authorize probe objects. - * - * @param userInfo The user information. - * @param data The Response object containing the probe objects. - * @return A Response object containing the data. - */ - @SuppressWarnings("unchecked") - private Response authorizeProbe(UserInfo userInfo, Response data) { - if (data.getData() instanceof List) { - List proben = new ArrayList(); - for (LProbe probe :(List)data.getData()) { - proben.add(authorizeSingleProbe(userInfo, probe)); - } - data.setData(proben); - } - else if (data.getData() instanceof LProbe) { - LProbe probe = (LProbe)data.getData(); - data.setData(authorizeSingleProbe(userInfo, probe)); - } - return data; - } - - /** - * Authorize a sinle probe object. - * - * @param userInfo The user information. - * @param probe The probe object. - * @return The probe. - */ - private LProbe authorizeSingleProbe(UserInfo userInfo, LProbe probe) { - if (!userInfo.getNetzbetreiber().contains(probe.getNetzbetreiberId())) { - probe.setOwner(false); - probe.setReadonly(true); - return probe; - } - if (userInfo.getMessstellen().contains(probe.getMstId())) { - probe.setOwner(true); - } - else { - probe.setOwner(false); - } - probe.setReadonly(this.isReadOnly(probe.getId())); - return probe; - } - - /** - * Authorize messung objects. - * - * @param userInfo The user information. - * @param data The Response object containing the messung objects. - * @return A Response object containing the data. - */ - @SuppressWarnings("unchecked") - private Response authorizeMessung(UserInfo userInfo, Response data) { - if (data.getData() instanceof List) { - List messungen = new ArrayList(); - for (LMessung messung :(List)data.getData()) { - messungen.add(authorizeSingleMessung(userInfo, messung)); - } - data.setData(messungen); - } - else if (data.getData() instanceof LMessung) { - LMessung messung = (LMessung)data.getData(); - data.setData(authorizeSingleMessung(userInfo, messung)); - } - return data; - } - - /** - * Authorize a sinle messung object. - * - * @param userInfo The user information. - * @param messung The messung object. - * @return The messung. - */ - private LMessung authorizeSingleMessung( - UserInfo userInfo, - LMessung messung - ) { - LProbe probe = - (LProbe)repository.getById( - LProbe.class, messung.getProbeId(), "land").getData(); - if (!userInfo.getNetzbetreiber().contains(probe.getNetzbetreiberId())) { - messung.setOwner(false); - messung.setReadonly(true); - return messung; - } - if (userInfo.getMessstellen().contains(probe.getMstId())) { - messung.setOwner(true); - } - else { - messung.setOwner(false); - } - messung.setReadonly(messung.getFertig()); - return messung; - } - - /** - * Test whether a probe is readonly. - * - * @param probeId The probe Id. - * @return True if the probe is readonly. - */ - @Override - public boolean isReadOnly(Integer probeId) { - EntityManager manager = repository.entityManager("land"); - QueryBuilder builder = - new QueryBuilder( - manager, - LMessung.class); - builder.and("probeId", probeId); - builder.and("fertig", true); - Response response = repository.filter(builder.getQuery(), "land"); - @SuppressWarnings("unchecked") - List messungen = (List) response.getData(); - if (messungen.isEmpty()) { - return false; - } - return true; - } - - /** - * Check whether a user is authorized to operate on the given probe. - * - * @param userInfo The user information. - * @param data The probe data to test. - * @return True if the user is authorized else returns false. - */ - @Override - public boolean isAuthorized(UserInfo userInfo, Object data) { - if (data instanceof LProbe) { - return getAuthorization(userInfo, (LProbe)data); - } - return false; - } -} diff -r a4932159a469 -r 5815920ccabc src/main/java/de/intevation/lada/util/auth/TestAuthorization.java --- a/src/main/java/de/intevation/lada/util/auth/TestAuthorization.java Thu Aug 06 09:59:22 2015 +0200 +++ b/src/main/java/de/intevation/lada/util/auth/TestAuthorization.java Fri Aug 14 09:43:29 2015 +0200 @@ -14,7 +14,7 @@ import de.intevation.lada.util.rest.RequestMethod; import de.intevation.lada.util.rest.Response; -@AuthorizationConfig(type=AuthorizationType.OPEN_ID) +@AuthorizationConfig(type=AuthorizationType.NONE) public class TestAuthorization implements Authorization { @Override