Examples with IPerson org.apereo.portal.security.IPerson used on opensource projects

Example 51 with IPerson

use of org.apereo.portal.security.IPerson in project uPortal by Jasig.

the class MarketplaceService method onApplicationEvent.

/**
 * Handle the portal LoginEvent. If marketplace caching is enabled, will preload marketplace
 * entries for the currently logged in user.
 *
 * @param loginEvent the login event.
 */
@Override
public void onApplicationEvent(LoginEvent loginEvent) {
    if (enableMarketplacePreloading) {
        final IPerson person = loginEvent.getPerson();
        /*
             * Passing an empty collection pre-loads an unfiltered collection;
             * instances of PortletMarketplace that specify filtering will
             * trigger a new collection to be loaded.
             */
        final Set<PortletCategory> empty = Collections.emptySet();
        loadMarketplaceEntriesFor(person, empty);
    }
}

Example 52 with IPerson

use of org.apereo.portal.security.IPerson in project uPortal by Jasig.

the class PortletRendererImpl method enforceConfigPermission.

/**
 * Enforces config mode access control. If requesting user does not have CONFIG permission, and
 * the PortletWindow specifies config mode, throws AuthorizationException. Otherwise does
 * nothing.
 *
 * @param httpServletRequest the non-null current HttpServletRequest (for determining requesting
 *     user)
 * @param portletWindow a non-null portlet window that might be in config mode
 * @throws AuthorizationException if the user is not permitted to access config mode yet portlet
 *     window specifies config mode
 * @throws java.lang.IllegalArgumentException if the request or window are null
 * @since 4.0.13.1, 4.0.14, 4.1.
 */
protected void enforceConfigPermission(final HttpServletRequest httpServletRequest, final IPortletWindow portletWindow) {
    Validate.notNull(httpServletRequest, "Servlet request must not be null to determine remote user.");
    Validate.notNull(portletWindow, "Portlet window must not be null to determine its mode.");
    final PortletMode portletMode = portletWindow.getPortletMode();
    if (portletMode != null) {
        if (IPortletRenderer.CONFIG.equals(portletMode)) {
            final IPerson person = this.personManager.getPerson(httpServletRequest);
            final EntityIdentifier ei = person.getEntityIdentifier();
            final AuthorizationServiceFacade authorizationServiceFacade = AuthorizationServiceFacade.instance();
            final IAuthorizationPrincipal ap = authorizationServiceFacade.newPrincipal(ei.getKey(), ei.getType());
            final IPortletEntity portletEntity = portletWindow.getPortletEntity();
            final IPortletDefinition portletDefinition = portletEntity.getPortletDefinition();
            if (!ap.canConfigure(portletDefinition.getPortletDefinitionId().getStringId())) {
                logger.error("User {} attempted to use portlet {} in {} but lacks permission to use that mode.  " + "THIS MAY BE AN ATTEMPT TO EXPLOIT A HISTORICAL SECURITY FLAW.  " + "You should probably figure out who this user is and why they are trying to access " + "unauthorized portlet modes.", person.getUserName(), portletDefinition.getFName(), portletMode);
                throw new AuthorizationException(person.getUserName() + " does not have permission to render '" + portletDefinition.getFName() + "' in " + portletMode + " PortletMode.");
            }
        }
    }
}

Example 53 with IPerson

use of org.apereo.portal.security.IPerson in project uPortal by Jasig.

the class PortletDelegationLocatorImpl method createRequestDispatcher.

/* (non-Javadoc)
     * @see org.apereo.portal.api.portlet.PortletDelegationLocator#createRequestDispatcher(org.apereo.portal.portlet.om.IPortletDefinitionId)
     */
@Override
public PortletDelegationDispatcher createRequestDispatcher(PortletRequest portletRequest, IPortletDefinitionId delegatePortletDefinitionId) {
    final HttpServletRequest request = this.portalRequestUtils.getPortletHttpRequest(portletRequest);
    final String windowID = portletRequest.getWindowID();
    final IPortletWindowId parentPortletWindowId = this.portletWindowRegistry.getPortletWindowId(request, windowID);
    final IPortletEntity delegatePortletEntity = this.portletEntityRegistry.getOrCreateDelegatePortletEntity(request, parentPortletWindowId, delegatePortletDefinitionId);
    final IPortletEntityId delegatePortletEntityId = delegatePortletEntity.getPortletEntityId();
    final IPortletWindow delegatePortletWindow = this.portletWindowRegistry.createDelegatePortletWindow(request, delegatePortletEntityId, parentPortletWindowId);
    final IPerson person = this.personManager.getPerson(request);
    final int userId = person.getID();
    return new PortletDelegationDispatcherImpl(delegatePortletWindow, userId, portalRequestUtils, personManager, portletRenderer, portalUrlProvider, portletDelegationManager);
}

Example 54 with IPerson

use of org.apereo.portal.security.IPerson in project uPortal by Jasig.

the class PortletDelegationDispatcherImpl method doAction.

@Override
public DelegationActionResponse doAction(ActionRequest actionRequest, ActionResponse actionResponse, DelegationRequest delegationRequest) throws IOException {
    final HttpServletRequest request = this.portalRequestUtils.getPortletHttpRequest(actionRequest);
    final HttpServletResponse response = this.portalRequestUtils.getOriginalPortalResponse(actionRequest);
    // Sanity check that the dispatch is being called by the same user it was created for
    final IPerson person = this.personManager.getPerson(request);
    if (this.userId != person.getID()) {
        throw new IllegalStateException("This dispatcher was created for userId " + this.userId + " but is being executed for userId " + person.getID());
    }
    this.setupDelegateRequestInfo(request, delegationRequest);
    final IPortletWindowId portletWindowId = this.portletWindow.getPortletWindowId();
    try {
        // TODO canRender permission checks!
        this.portletRenderer.doAction(portletWindowId, request, response);
    } catch (RuntimeException e) {
        this.logger.error("Failed to execute action on delegate", e);
        throw e;
    }
    // Get the portal URL builders for this request and check if a redirect was sent
    final IPortalActionUrlBuilder portalActionUrlBuilder = this.portalUrlProvider.getPortalActionUrlBuilder(request);
    final String redirectLocation = portalActionUrlBuilder.getRedirectLocation();
    if (redirectLocation != null) {
        final String renderUrlParamName = portalActionUrlBuilder.getRenderUrlParamName();
        // clear out the redirect from the delegate, leave it up to the parent if the redirect
        // should happen
        portalActionUrlBuilder.setRedirectLocation(null, null);
        return new DelegationActionResponse(this.getDelegateState(), redirectLocation, renderUrlParamName);
    }
    // No redirect so get the portlet's url builder and copy the state-changing data into the
    // delegate response
    final IPortletUrlBuilder portletUrlBuilder = portalActionUrlBuilder.getPortletUrlBuilder(portletWindowId);
    final WindowState windowState = portletUrlBuilder.getWindowState();
    final PortletMode portletMode = portletUrlBuilder.getPortletMode();
    final Map<String, String[]> parameters = portletUrlBuilder.getParameters();
    return new DelegationActionResponse(this.getDelegateState(), portletMode, windowState, parameters);
}

Example 55 with IPerson

use of org.apereo.portal.security.IPerson in project uPortal by Jasig.

the class PortletDelegationDispatcherImpl method doRender.

@Override
public DelegationResponse doRender(RenderRequest renderRequest, RenderResponse renderResponse, DelegationRequest delegationRequest, PortletOutputHandler portletOutputHandler) throws IOException {
    final HttpServletRequest request = this.portalRequestUtils.getPortletHttpRequest(renderRequest);
    final HttpServletResponse response = this.portalRequestUtils.getOriginalPortalResponse(renderRequest);
    // Sanity check that the dispatch is being called by the same user it was created for
    final IPerson person = this.personManager.getPerson(request);
    if (this.userId != person.getID()) {
        throw new IllegalStateException("This dispatcher was created for userId " + this.userId + " but is being executed for userId " + person.getID());
    }
    this.setupDelegateRequestInfo(request, delegationRequest);
    try {
        // TODO canRender permission checks!
        this.portletRenderer.doRenderMarkup(this.portletWindow.getPortletWindowId(), request, response, portletOutputHandler);
    } catch (RuntimeException e) {
        this.logger.error("Failed to render delegate", e);
        throw e;
    } finally {
        portletOutputHandler.flushBuffer();
    }
    return new DelegationResponse(this.getDelegateState());
}