Example 1 with AuthorizationPersistence
use of cn.edu.zju.acm.onlinejudge.persistence.AuthorizationPersistence in project zoj by licheng.
the class DeleteRoleAction method execute.
/**
* Register.
*
* @param mapping
* action mapping
* @param form
* action form
* @param request
* http servlet request
* @param response
* http servlet response
*
* @return action forward instance
*
* @throws Exception
* any errors happened
*/
@Override
public ActionForward execute(ActionMapping mapping, ActionForm form, ContextAdapter context) throws Exception {
// check admin
ActionForward forward = this.checkAdmin(mapping, context);
if (forward != null) {
return forward;
}
long roleId = Utility.parseLong(context.getRequest().getParameter("roleId"));
AuthorizationPersistence ap = PersistenceManager.getInstance().getAuthorizationPersistence();
ap.deleteRole(roleId, context.getUserProfile().getId());
return this.handleSuccess(mapping, context, "success");
}
Also used :
AuthorizationPersistence(cn.edu.zju.acm.onlinejudge.persistence.AuthorizationPersistence)
ActionForward(org.apache.struts.action.ActionForward)
Example 2 with AuthorizationPersistence
use of cn.edu.zju.acm.onlinejudge.persistence.AuthorizationPersistence in project zoj by licheng.
the class CookieFilter method doFilter.
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
HttpServletRequest r = (HttpServletRequest) request;
if (r.getAttribute(ContextAdapter.SECURITY_SESSION_KEY) == null) {
Cookie[] cookies = r.getCookies();
String handle = null;
String password = null;
if (cookies != null) {
for (Cookie cookie : cookies) {
if (cookie.getName().equals("oj_handle")) {
handle = cookie.getValue();
}
if (cookie.getName().equals("oj_password")) {
password = cookie.getValue();
}
}
}
if (handle != null && password != null) {
try {
UserPersistence userPersistence = PersistenceManager.getInstance().getUserPersistence();
UserProfile profile = userPersistence.login(handle, password);
if (profile != null && profile.isActive()) {
AuthorizationPersistence authorizationPersistence = PersistenceManager.getInstance().getAuthorizationPersistence();
// get UserSecurity
UserSecurity security = authorizationPersistence.getUserSecurity(profile.getId());
// get UserPreference
UserPreference perference = userPersistence.getUserPreference(profile.getId());
r.getSession().setAttribute(ContextAdapter.USER_PROFILE_SESSION_KEY, profile);
r.getSession().setAttribute(ContextAdapter.SECURITY_SESSION_KEY, security);
r.getSession().setAttribute(ContextAdapter.PREFERENCE_SESSION_KEY, perference);
} else {
Cookie ch = new Cookie("oj_handle", "");
ch.setMaxAge(0);
ch.setPath("/");
((HttpServletResponse) response).addCookie(ch);
Cookie cp = new Cookie("oj_password", "");
cp.setMaxAge(0);
cp.setPath("/");
((HttpServletResponse) response).addCookie(cp);
}
} catch (Exception e) {
throw new ServletException("failed to auth with cookie.", e);
}
}
}
chain.doFilter(request, response);
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
Cookie(javax.servlet.http.Cookie)
ServletException(javax.servlet.ServletException)
UserSecurity(cn.edu.zju.acm.onlinejudge.security.UserSecurity)
UserProfile(cn.edu.zju.acm.onlinejudge.bean.UserProfile)
AuthorizationPersistence(cn.edu.zju.acm.onlinejudge.persistence.AuthorizationPersistence)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
UserPreference(cn.edu.zju.acm.onlinejudge.bean.UserPreference)
UserPersistence(cn.edu.zju.acm.onlinejudge.persistence.UserPersistence)
ServletException(javax.servlet.ServletException)
IOException(java.io.IOException)
Example 3 with AuthorizationPersistence
use of cn.edu.zju.acm.onlinejudge.persistence.AuthorizationPersistence in project zoj by licheng.
the class EditRoleAction method execute.
/**
* Edit Role.
*
* <pre>
* </pre>
*
* @param mapping
* action mapping
* @param form
* action form
* @param request
* http servlet request
* @param response
* http servlet response
*
* @return action forward instance
*
* @throws Exception
* any errors happened
*/
@Override
public ActionForward execute(ActionMapping mapping, ActionForm form, ContextAdapter context) throws Exception {
// check admin
ActionForward forward = this.checkAdmin(mapping, context);
if (forward != null) {
return forward;
}
RoleForm roleForm = (RoleForm) form;
AuthorizationPersistence authorizationPersistence = PersistenceManager.getInstance().getAuthorizationPersistence();
if (roleForm.getId() == null || roleForm.getId().trim().length() == 0) {
long roleId = Utility.parseLong(context.getRequest().getParameter("roleId"));
RoleSecurity role = authorizationPersistence.getRole(roleId);
if (role == null) {
return this.handleSuccess(mapping, context, "success");
}
// add contest names
Map<Long, String> contestNames = new TreeMap<Long, String>();
for (AbstractContest contest : ContestManager.getInstance().getAllContests()) {
contestNames.put(contest.getId(), contest.getTitle());
}
for (AbstractContest contest : ContestManager.getInstance().getAllProblemsets()) {
contestNames.put(contest.getId(), contest.getTitle());
}
for (AbstractContest contest : ContestManager.getInstance().getAllCourses()) {
contestNames.put(contest.getId(), contest.getTitle());
}
context.setAttribute("ContestNames", contestNames);
// TODO add forums
Map<Long, String> forumNames = new TreeMap<Long, String>();
forumNames.put(1L, "ZOJ Forum");
context.setAttribute("ForumNames", forumNames);
roleForm.populate(role);
return this.handleSuccess(mapping, context, "failure");
}
RoleSecurity role = roleForm.toRole();
authorizationPersistence.updateRole(role, context.getUserProfile().getId());
if (role.getId() == 1) {
ContextAdapter.resetDefaultUserSecurity();
}
return this.handleSuccess(mapping, context, "success");
}
Also used :
AbstractContest(cn.edu.zju.acm.onlinejudge.bean.AbstractContest)
AuthorizationPersistence(cn.edu.zju.acm.onlinejudge.persistence.AuthorizationPersistence)
RoleForm(cn.edu.zju.acm.onlinejudge.form.RoleForm)
TreeMap(java.util.TreeMap)
ActionForward(org.apache.struts.action.ActionForward)
RoleSecurity(cn.edu.zju.acm.onlinejudge.security.RoleSecurity)
Example 4 with AuthorizationPersistence
use of cn.edu.zju.acm.onlinejudge.persistence.AuthorizationPersistence in project zoj by licheng.
the class LoginAction method authenticate.
/**
* Authenticate.
*
* @param form
* @return
* @throws Exception
*/
private ActionMessages authenticate(LoginForm form, ContextAdapter context) throws PersistenceException {
context.getRequest().getSession().invalidate();
ActionMessages errors = new ActionMessages();
UserPersistence userPersistence = PersistenceManager.getInstance().getUserPersistence();
UserProfile profile = userPersistence.login(form.getHandle(), form.getPassword());
// no such user
if (profile == null) {
errors.add("password", new ActionMessage("LoginForm.password.invalid"));
return errors;
}
// deactivated
if (!profile.isActive()) {
errors.add("password", new ActionMessage("LoginForm.password.deactivated"));
return errors;
}
AuthorizationPersistence authorizationPersistence = PersistenceManager.getInstance().getAuthorizationPersistence();
// get UserSecurity
UserSecurity security = authorizationPersistence.getUserSecurity(profile.getId());
// get UserPreference
UserPreference perference = userPersistence.getUserPreference(profile.getId());
context.setUserProfile(profile);
context.setUserSecurity(security);
if (context.getAllCourses().size() != 0) {
security.setHasCourses(true);
} else {
security.setHasCourses(false);
}
context.setUserPreference(perference);
return errors;
}
Also used :
UserSecurity(cn.edu.zju.acm.onlinejudge.security.UserSecurity)
UserProfile(cn.edu.zju.acm.onlinejudge.bean.UserProfile)
ActionMessages(org.apache.struts.action.ActionMessages)
ActionMessage(org.apache.struts.action.ActionMessage)
AuthorizationPersistence(cn.edu.zju.acm.onlinejudge.persistence.AuthorizationPersistence)
UserPreference(cn.edu.zju.acm.onlinejudge.bean.UserPreference)
UserPersistence(cn.edu.zju.acm.onlinejudge.persistence.UserPersistence)
Example 5 with AuthorizationPersistence
use of cn.edu.zju.acm.onlinejudge.persistence.AuthorizationPersistence in project zoj by licheng.
the class ManageRoleUsersAction method execute.
/**
* Edit Role.
*
* <pre>
* </pre>
*
* @param mapping
* action mapping
* @param form
* action form
* @param request
* http servlet request
* @param response
* http servlet response
*
* @return action forward instance
*
* @throws Exception
* any errors happened
*/
@Override
public ActionForward execute(ActionMapping mapping, ActionForm form, ContextAdapter context) throws Exception {
// check admin
ActionForward forward = this.checkAdmin(mapping, context);
if (forward != null) {
return forward;
}
long roleId = Utility.parseLong(context.getRequest().getParameter("roleId"));
RoleSecurity role = null;
AuthorizationPersistence authorizationPersistence = PersistenceManager.getInstance().getAuthorizationPersistence();
if (roleId >= 0) {
role = authorizationPersistence.getRole(roleId);
}
if (role == null) {
return this.handleSuccess(mapping, context, "failure");
}
context.setAttribute("importMessage", "");
context.setAttribute("role", role);
String users = context.getRequest().getParameter("users");
if (users == null || users.trim().length() == 0) {
return this.handleSuccess(mapping, context, "success");
}
List<String> userList = new ArrayList<String>();
BufferedReader reader = new BufferedReader(new StringReader(users));
for (; ; ) {
String line = reader.readLine();
if (line == null) {
break;
}
if (line.trim().length() > 0) {
userList.add(line.trim());
}
}
String operation = context.getRequest().getParameter("operation");
if ("remove".equalsIgnoreCase(operation)) {
// TODO NOT SAFE HERE, Sql injection is possible.
Map<String, Boolean> result = authorizationPersistence.removeRoleUsers(userList, roleId);
String message = this.generateResult(userList, result, true);
context.setAttribute("importMessage", message);
} else if ("add".equalsIgnoreCase(operation)) {
// TODO NOT SAFE HERE, Sql injection is possible.
Map<String, Boolean> result = authorizationPersistence.addRoleUsers(userList, roleId);
String message = this.generateResult(userList, result, false);
context.setAttribute("importMessage", message);
}
return this.handleSuccess(mapping, context, "success");
}
Also used :
ArrayList(java.util.ArrayList)
BufferedReader(java.io.BufferedReader)
StringReader(java.io.StringReader)
AuthorizationPersistence(cn.edu.zju.acm.onlinejudge.persistence.AuthorizationPersistence)
Map(java.util.Map)
ActionForward(org.apache.struts.action.ActionForward)
RoleSecurity(cn.edu.zju.acm.onlinejudge.security.RoleSecurity)
Aggregations
AuthorizationPersistence (cn.edu.zju.acm.onlinejudge.persistence.AuthorizationPersistence)8
ActionForward (org.apache.struts.action.ActionForward)5
RoleSecurity (cn.edu.zju.acm.onlinejudge.security.RoleSecurity)4
UserPreference (cn.edu.zju.acm.onlinejudge.bean.UserPreference)3
UserProfile (cn.edu.zju.acm.onlinejudge.bean.UserProfile)3
UserPersistence (cn.edu.zju.acm.onlinejudge.persistence.UserPersistence)3
UserSecurity (cn.edu.zju.acm.onlinejudge.security.UserSecurity)3
ActionMessage (org.apache.struts.action.ActionMessage)2
ActionMessages (org.apache.struts.action.ActionMessages)2
AbstractContest (cn.edu.zju.acm.onlinejudge.bean.AbstractContest)1
ProfileForm (cn.edu.zju.acm.onlinejudge.form.ProfileForm)1
RoleForm (cn.edu.zju.acm.onlinejudge.form.RoleForm)1
BufferedReader (java.io.BufferedReader)1
IOException (java.io.IOException)1
StringReader (java.io.StringReader)1
ArrayList (java.util.ArrayList)1
Map (java.util.Map)1
TreeMap (java.util.TreeMap)1
ServletException (javax.servlet.ServletException)1
Cookie (javax.servlet.http.Cookie)1
