Examples with IPerson org.apereo.portal.security.IPerson used on opensource projects

Example 16 with IPerson

use of org.apereo.portal.security.IPerson in project uPortal by Jasig.

the class ImportExportPortletController method getAllowedTypes.

/**
     * Return a list of all permitted import/export types for the given permission and the current
     * user.
     *
     * @param request
     * @param activityName
     * @return
     */
protected List<IPortalDataType> getAllowedTypes(PortletRequest request, String activityName, Iterable<IPortalDataType> dataTypes) {
    // get the authorization principal representing the current user
    final HttpServletRequest httpServletRequest = this.portalRequestUtils.getPortletHttpRequest(request);
    final IPerson person = personManager.getPerson(httpServletRequest);
    final EntityIdentifier ei = person.getEntityIdentifier();
    final IAuthorizationPrincipal ap = AuthorizationService.instance().newPrincipal(ei.getKey(), ei.getType());
    // filter the list of configured import/export types by user permission
    final List<IPortalDataType> results = new ArrayList<IPortalDataType>();
    for (IPortalDataType type : dataTypes) {
        final String typeId = type.getTypeId();
        if (ap.hasPermission(IPermission.PORTAL_SYSTEM, activityName, typeId)) {
            results.add(type);
        }
    }
    return results;
}

Example 17 with IPerson

use of org.apereo.portal.security.IPerson in project uPortal by Jasig.

the class JspInvokerPortletController method render.

@RenderMapping
protected ModelAndView render(RenderRequest req, RenderResponse res) {
    final Map<String, Object> model = new HashMap<String, Object>();
    @SuppressWarnings("unchecked") final Map<String, String> userInfo = (Map<String, String>) req.getAttribute(PortletRequest.USER_INFO);
    model.put("userInfo", userInfo);
    logger.debug("Invoking with userInfo={}", userInfo);
    // Can access property values in JSP using ${properties.getProperty('propertyName')}
    model.put("properties", properties.getPropertyResolver());
    // Determine if guest user.
    IPerson person = personManager.getPerson(portalRequestUtils.getPortletHttpRequest(req));
    model.put("authenticated", !person.isGuest());
    model.putAll(getBeans(req));
    model.putAll(getPreferences(req));
    addSecurityRoleChecksToModel(req, model);
    final String viewLocation = getViewLocation(req);
    return new ModelAndView(viewLocation, model);
}

Example 18 with IPerson

use of org.apereo.portal.security.IPerson in project uPortal by Jasig.

the class UrlCanonicalizingFilter method doFilterInternal.

@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
    if ("GET".equals(request.getMethod())) {
        final String canonicalUrl = this.urlSyntaxProvider.getCanonicalUrl(request);
        final String canonicalUri;
        final int queryStringIndex = canonicalUrl.indexOf("?");
        if (queryStringIndex < 0) {
            canonicalUri = canonicalUrl;
        } else {
            canonicalUri = canonicalUrl.substring(0, queryStringIndex);
        }
        String requestURI = request.getRequestURI();
        // page which typically renders OK (not guaranteed depending upon content).  See UP-4414.
        if (requestURI.contains(";jsessionid")) {
            requestURI = requestURI.substring(0, requestURI.indexOf(";"));
        }
        final int redirectCount = this.getRedirectCount(request);
        if (!canonicalUri.equals(requestURI)) {
            if (redirectCount < this.maximumRedirects) {
                this.setRedirectCount(request, response, redirectCount + 1);
                /*
                     * This is the place where we should decide if...
                     *   - (1) the user is a guest
                     *   - (2) the canonicalUrl is not the requested content
                     *   - (3) there is a strategy for external login
                     *
                     * If all of these are true, we should attempt to send the
                     * user to external login with a properly-encoded deep-linking
                     * service URL attached.
                     */
                String encodedTargetUrl = null;
                IPerson person = personManager.getPerson(request);
                if (/* #1 */
                person.isGuest() && /* #2 */
                urlSyntaxProvider.doesRequestPathReferToSpecificAndDifferentContentVsCanonicalPath(requestURI, canonicalUri) && /* #3 */
                loginRefUrlEncoder != null) {
                    encodedTargetUrl = loginRefUrlEncoder.encodeLoginAndRefUrl(request);
                }
                if (encodedTargetUrl == null) {
                    // For whatever reason, we haven't chosen to send the
                    // user through external login, so we use the canonicalUrl
                    encodedTargetUrl = response.encodeRedirectURL(canonicalUrl);
                }
                response.sendRedirect(encodedTargetUrl);
                logger.debug("Redirecting from {} to canonicalized URL {}, redirect {}", requestURI, canonicalUri, redirectCount);
                return;
            }
            this.clearRedirectCount(request, response);
            logger.debug("Not redirecting from {} to canonicalized URL {} due to limit of {} redirects", requestURI, canonicalUri, redirectCount);
        } else {
            logger.trace("Requested URI {} is the canonical URL {}, " + "so no (further?) redirect is necessary (after {} redirects).", requestURI, canonicalUri, redirectCount);
            if (redirectCount > 0) {
                this.clearRedirectCount(request, response);
            }
        }
    }
    final IPortalRequestInfo portalRequestInfo = this.urlSyntaxProvider.getPortalRequestInfo(request);
    final UrlType urlType = portalRequestInfo.getUrlType();
    final UrlState urlState = portalRequestInfo.getUrlState();
    final PortalHttpServletResponseWrapper httpServletResponseWrapper = new PortalHttpServletResponseWrapper(response);
    final PortalHttpServletRequestWrapper httpServletRequestWrapper = new PortalHttpServletRequestWrapper(request, httpServletResponseWrapper, this.userInstanceManager);
    httpServletRequestWrapper.setHeader(IPortalRequestInfo.URL_TYPE_HEADER, urlType.toString());
    httpServletRequestWrapper.setHeader(IPortalRequestInfo.URL_STATE_HEADER, urlState.toString());
    //Hack to make PortalController work in light of https://jira.springsource.org/secure/attachment/18283/SPR7346.patch
    httpServletRequestWrapper.setHeader(IPortalRequestInfo.URL_TYPE_HEADER + "." + urlType, Boolean.TRUE.toString());
    httpServletRequestWrapper.setHeader(IPortalRequestInfo.URL_STATE_HEADER + "." + urlState, Boolean.TRUE.toString());
    filterChain.doFilter(httpServletRequestWrapper, httpServletResponseWrapper);
}

Example 19 with IPerson

use of org.apereo.portal.security.IPerson in project uPortal by Jasig.

the class PortalHttpServletRequestWrapper method isUserInRole.

/**
     * Determines whether or not the user is in the given role. The wrapped request is consulted
     * first then the {@link GroupService} is used to determine if a group exists for the specified
     * role and if the user is a member of it.
     *
     * @see
     *     org.apereo.portal.utils.web.AbstractHttpServletRequestWrapper#isUserInRole(java.lang.String)
     */
@Override
public boolean isUserInRole(String role) {
    if (super.getSession(false) == null) {
        return super.isUserInRole(role);
    }
    //Check the wrapped request first
    final boolean isUserInRole = super.isUserInRole(role);
    if (isUserInRole) {
        return true;
    }
    //Find the group for the role, if not found return false
    IEntityGroup groupForRole = GroupService.findGroup(role);
    if (groupForRole == null) {
        final EntityIdentifier[] results = GroupService.searchForGroups(role, GroupService.IS, IPerson.class);
        if (results == null || results.length == 0) {
            return false;
        }
        if (results.length > 1) {
            this.logger.warn(results.length + " groups were found for role '" + role + "'. The first result will be used.");
        }
        IGroupMember member = GroupService.getGroupMember(results[0]);
        if (member == null || !member.isGroup()) {
            return false;
        }
        groupForRole = member.asGroup();
    }
    //Load the group information about the current user
    final IUserInstance userInstance = this.userInstanceManager.getUserInstance(this.getWrappedRequest());
    final IPerson person = userInstance.getPerson();
    final EntityIdentifier personEntityId = person.getEntityIdentifier();
    final IGroupMember personGroupMember = GroupService.getGroupMember(personEntityId);
    return personGroupMember.isDeepMemberOf(groupForRole);
}

Example 20 with IPerson

use of org.apereo.portal.security.IPerson in project uPortal by Jasig.

the class PortletEntityRegistryImpl method getOrCreateDelegatePortletEntity.

@Override
public IPortletEntity getOrCreateDelegatePortletEntity(HttpServletRequest request, IPortletWindowId parentPortletWindowId, IPortletDefinitionId delegatePortletDefinitionId) {
    //Create a special synthetic layout node ID for the delegate entity
    final String layoutNodeId = PortletWindowIdStringUtils.convertToDelegateLayoutNodeId(parentPortletWindowId.toString());
    //Grab the current user
    final IUserInstance userInstance = this.userInstanceManager.getUserInstance(request);
    final IPerson person = userInstance.getPerson();
    final int userId = person.getID();
    //Use the general API, the only thing special is the layout node id
    return getOrCreatePortletEntity(request, delegatePortletDefinitionId, layoutNodeId, userId);
}