Example 1 with UserSecurity
use of cn.edu.zju.acm.onlinejudge.security.UserSecurity in project zoj by licheng.
the class BaseAction method checkProblemPermission.
protected ActionForward checkProblemPermission(ActionMapping mapping, ContextAdapter context, Boolean isProblemset, PermissionLevel level) throws Exception {
Problem problem = context.getProblem();
AbstractContest contest = null;
if (problem != null) {
contest = ContestManager.getInstance().getContest(problem.getContestId());
}
if (problem == null || contest == null || isProblemset != null && (contest instanceof Contest || contest instanceof Course) == isProblemset.booleanValue()) {
ActionMessages messages = new ActionMessages();
messages.add("message", new ActionMessage("onlinejudge.showproblem.noproblemid"));
this.saveErrors(context.getRequest(), messages);
if (isProblemset != null) {
context.setAttribute("back", isProblemset ? "showProblemsets.do" : "showContests.do");
}
return this.handleFailure(mapping, context, messages, "nopermission");
}
context.setAttribute("contest", contest);
context.setAttribute("problem", problem);
// check contest permission
UserSecurity userSecurity = context.getUserSecurity();
boolean hasPermisstion = false;
if (level == PermissionLevel.ADMIN) {
hasPermisstion = userSecurity.canAdminContest(contest.getId());
} else if (level == PermissionLevel.PARTICIPATE) {
hasPermisstion = userSecurity.canParticipateContest(contest.getId());
} else if (level == PermissionLevel.PARTICIPATECANVIEWSOURCE) {
hasPermisstion = userSecurity.canViewSource(contest.getId());
} else if (level == PermissionLevel.VIEW) {
hasPermisstion = userSecurity.canViewContest(contest.getId());
}
if (!hasPermisstion) {
ActionMessages messages = new ActionMessages();
messages.add("message", new ActionMessage("onlinejudge.showcontest.nopermission"));
this.saveErrors(context.getRequest(), messages);
if (isProblemset != null) {
context.setAttribute("back", isProblemset ? "showProblemsets.do" : "showContests.do");
}
return this.handleFailure(mapping, context, messages, "nopermission");
}
// check start time
if (userSecurity.canAdminContest(contest.getId())) {
return null;
} else {
return this.checkContestStart(mapping, context, contest);
}
}
Also used :
AbstractContest(cn.edu.zju.acm.onlinejudge.bean.AbstractContest)
UserSecurity(cn.edu.zju.acm.onlinejudge.security.UserSecurity)
ActionMessages(org.apache.struts.action.ActionMessages)
ActionMessage(org.apache.struts.action.ActionMessage)
Problem(cn.edu.zju.acm.onlinejudge.bean.Problem)
AbstractContest(cn.edu.zju.acm.onlinejudge.bean.AbstractContest)
Contest(cn.edu.zju.acm.onlinejudge.bean.Contest)
Course(cn.edu.zju.acm.onlinejudge.bean.Course)
Example 2 with UserSecurity
use of cn.edu.zju.acm.onlinejudge.security.UserSecurity in project zoj by licheng.
the class AuthorizationPersistenceImpl method getUserSecurity.
/**
* <p>
* Gets a UserSecurity instance with the given user id from persistence layer.
* </p>
*
* @param userProfileId
* the id of user profile used to get the UserSecurity instance
* @return the UserSecurity instance with the given user id
* @throws PersistenceException
* wrapping a persistence implementation specific exception
*/
public UserSecurity getUserSecurity(long userProfileId) throws PersistenceException {
Connection conn = null;
try {
conn = Database.createConnection();
PreparedStatement ps = null;
ResultSet rs = null;
boolean superAdmin = false;
try {
ps = conn.prepareStatement("SELECT super_admin FROM user_profile where user_profile_id=?");
ps.setLong(1, userProfileId);
rs = ps.executeQuery();
if (rs.next()) {
superAdmin = rs.getBoolean("super_admin");
} else {
return null;
}
} finally {
Database.dispose(ps);
}
UserSecurity security = new UserSecurity(userProfileId, superAdmin);
List<RoleSecurity> roles = new ArrayList<RoleSecurity>();
Map<Long, RoleSecurity> roleIds = new HashMap<Long, RoleSecurity>();
try {
// select the roles;
ps = conn.prepareStatement("SELECT role_id, name, description FROM role " + "WHERE role_id IN " + "(SELECT role_id from user_role WHERE user_profile_id = ?)");
ps.setLong(1, userProfileId);
rs = ps.executeQuery();
while (rs.next()) {
RoleSecurity role = new RoleSecurity(rs.getLong(1), rs.getString(2), rs.getString(3));
roles.add(role);
roleIds.put(role.getId(), role);
}
} finally {
Database.dispose(ps);
}
try {
// select the contests permissions
ps = conn.prepareStatement("SELECT role_id, contest_id, permission_level_id FROM contest_permission " + "WHERE role_id IN " + "(SELECT role_id from user_role WHERE user_profile_id = ?)");
ps.setLong(1, userProfileId);
rs = ps.executeQuery();
while (rs.next()) {
RoleSecurity role = roleIds.get(rs.getLong(1));
role.getContestPermission().addPermission(rs.getLong(2), PermissionLevel.findById(rs.getLong(3)));
}
} finally {
Database.dispose(ps);
}
try {
// select the forum permissions
ps = conn.prepareStatement("SELECT role_id, forum_id, permission_level_id FROM forum_permission " + "WHERE role_id IN " + "(SELECT role_id from user_role WHERE user_profile_id = ?)");
ps.setLong(1, userProfileId);
rs = ps.executeQuery();
while (rs.next()) {
RoleSecurity role = roleIds.get(rs.getLong(1));
role.getForumPermission().addPermission(rs.getLong(2), PermissionLevel.findById(rs.getLong(3)));
}
} finally {
Database.dispose(ps);
}
for (RoleSecurity role : roles) {
security.importRole(role);
}
return security;
} catch (SQLException e) {
throw new PersistenceException("Failed to get user security with id " + userProfileId, e);
} finally {
Database.dispose(conn);
}
}
Also used :
HashMap(java.util.HashMap)
SQLException(java.sql.SQLException)
Connection(java.sql.Connection)
ArrayList(java.util.ArrayList)
PreparedStatement(java.sql.PreparedStatement)
RoleSecurity(cn.edu.zju.acm.onlinejudge.security.RoleSecurity)
UserSecurity(cn.edu.zju.acm.onlinejudge.security.UserSecurity)
ResultSet(java.sql.ResultSet)
PersistenceException(cn.edu.zju.acm.onlinejudge.persistence.PersistenceException)
Example 3 with UserSecurity
use of cn.edu.zju.acm.onlinejudge.security.UserSecurity in project zoj by licheng.
the class ContextAdapter method getDefaultUserSecurity.
public UserSecurity getDefaultUserSecurity() throws PersistenceException {
if (ContextAdapter.defaultUserSecurity == null) {
synchronized (this) {
if (ContextAdapter.defaultUserSecurity == null) {
ContextAdapter.defaultUserSecurity = new UserSecurity(0);
ContextAdapter.defaultUserSecurity.importRole(PersistenceManager.getInstance().getAuthorizationPersistence().getRole(1));
}
}
}
return ContextAdapter.defaultUserSecurity;
}
Also used :
UserSecurity(cn.edu.zju.acm.onlinejudge.security.UserSecurity)
Example 4 with UserSecurity
use of cn.edu.zju.acm.onlinejudge.security.UserSecurity in project zoj by licheng.
the class LoginAction method authenticate.
/**
* Authenticate.
*
* @param form
* @return
* @throws Exception
*/
private ActionMessages authenticate(LoginForm form, ContextAdapter context) throws PersistenceException {
context.getRequest().getSession().invalidate();
ActionMessages errors = new ActionMessages();
UserPersistence userPersistence = PersistenceManager.getInstance().getUserPersistence();
UserProfile profile = userPersistence.login(form.getHandle(), form.getPassword());
// no such user
if (profile == null) {
errors.add("password", new ActionMessage("LoginForm.password.invalid"));
return errors;
}
// deactivated
if (!profile.isActive()) {
errors.add("password", new ActionMessage("LoginForm.password.deactivated"));
return errors;
}
AuthorizationPersistence authorizationPersistence = PersistenceManager.getInstance().getAuthorizationPersistence();
// get UserSecurity
UserSecurity security = authorizationPersistence.getUserSecurity(profile.getId());
// get UserPreference
UserPreference perference = userPersistence.getUserPreference(profile.getId());
context.setUserProfile(profile);
context.setUserSecurity(security);
if (context.getAllCourses().size() != 0) {
security.setHasCourses(true);
} else {
security.setHasCourses(false);
}
context.setUserPreference(perference);
return errors;
}
Also used :
UserSecurity(cn.edu.zju.acm.onlinejudge.security.UserSecurity)
UserProfile(cn.edu.zju.acm.onlinejudge.bean.UserProfile)
ActionMessages(org.apache.struts.action.ActionMessages)
ActionMessage(org.apache.struts.action.ActionMessage)
AuthorizationPersistence(cn.edu.zju.acm.onlinejudge.persistence.AuthorizationPersistence)
UserPreference(cn.edu.zju.acm.onlinejudge.bean.UserPreference)
UserPersistence(cn.edu.zju.acm.onlinejudge.persistence.UserPersistence)
Example 5 with UserSecurity
use of cn.edu.zju.acm.onlinejudge.security.UserSecurity in project zoj by licheng.
the class CookieFilter method doFilter.
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
HttpServletRequest r = (HttpServletRequest) request;
if (r.getAttribute(ContextAdapter.SECURITY_SESSION_KEY) == null) {
Cookie[] cookies = r.getCookies();
String handle = null;
String password = null;
if (cookies != null) {
for (Cookie cookie : cookies) {
if (cookie.getName().equals("oj_handle")) {
handle = cookie.getValue();
}
if (cookie.getName().equals("oj_password")) {
password = cookie.getValue();
}
}
}
if (handle != null && password != null) {
try {
UserPersistence userPersistence = PersistenceManager.getInstance().getUserPersistence();
UserProfile profile = userPersistence.login(handle, password);
if (profile != null && profile.isActive()) {
AuthorizationPersistence authorizationPersistence = PersistenceManager.getInstance().getAuthorizationPersistence();
// get UserSecurity
UserSecurity security = authorizationPersistence.getUserSecurity(profile.getId());
// get UserPreference
UserPreference perference = userPersistence.getUserPreference(profile.getId());
r.getSession().setAttribute(ContextAdapter.USER_PROFILE_SESSION_KEY, profile);
r.getSession().setAttribute(ContextAdapter.SECURITY_SESSION_KEY, security);
r.getSession().setAttribute(ContextAdapter.PREFERENCE_SESSION_KEY, perference);
} else {
Cookie ch = new Cookie("oj_handle", "");
ch.setMaxAge(0);
ch.setPath("/");
((HttpServletResponse) response).addCookie(ch);
Cookie cp = new Cookie("oj_password", "");
cp.setMaxAge(0);
cp.setPath("/");
((HttpServletResponse) response).addCookie(cp);
}
} catch (Exception e) {
throw new ServletException("failed to auth with cookie.", e);
}
}
}
chain.doFilter(request, response);
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
Cookie(javax.servlet.http.Cookie)
ServletException(javax.servlet.ServletException)
UserSecurity(cn.edu.zju.acm.onlinejudge.security.UserSecurity)
UserProfile(cn.edu.zju.acm.onlinejudge.bean.UserProfile)
AuthorizationPersistence(cn.edu.zju.acm.onlinejudge.persistence.AuthorizationPersistence)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
UserPreference(cn.edu.zju.acm.onlinejudge.bean.UserPreference)
UserPersistence(cn.edu.zju.acm.onlinejudge.persistence.UserPersistence)
ServletException(javax.servlet.ServletException)
IOException(java.io.IOException)
Aggregations
UserSecurity (cn.edu.zju.acm.onlinejudge.security.UserSecurity)8
ActionMessage (org.apache.struts.action.ActionMessage)4
ActionMessages (org.apache.struts.action.ActionMessages)4
AbstractContest (cn.edu.zju.acm.onlinejudge.bean.AbstractContest)3
UserPreference (cn.edu.zju.acm.onlinejudge.bean.UserPreference)3
UserProfile (cn.edu.zju.acm.onlinejudge.bean.UserProfile)3
AuthorizationPersistence (cn.edu.zju.acm.onlinejudge.persistence.AuthorizationPersistence)3
UserPersistence (cn.edu.zju.acm.onlinejudge.persistence.UserPersistence)3
Contest (cn.edu.zju.acm.onlinejudge.bean.Contest)2
Course (cn.edu.zju.acm.onlinejudge.bean.Course)2
ArrayList (java.util.ArrayList)2
Problem (cn.edu.zju.acm.onlinejudge.bean.Problem)1
ProfileForm (cn.edu.zju.acm.onlinejudge.form.ProfileForm)1
PersistenceException (cn.edu.zju.acm.onlinejudge.persistence.PersistenceException)1
RoleSecurity (cn.edu.zju.acm.onlinejudge.security.RoleSecurity)1
IOException (java.io.IOException)1
Connection (java.sql.Connection)1
PreparedStatement (java.sql.PreparedStatement)1
ResultSet (java.sql.ResultSet)1
SQLException (java.sql.SQLException)1
