Search in sources :

Example 1 with IAuthorizationManager

use of com.agiletec.aps.system.services.authorization.IAuthorizationManager in project entando-core by entando.

the class ProtectedResourceProvider method provideProtectedResource.

@Override
public boolean provideProtectedResource(HttpServletRequest request, HttpServletResponse response) throws ApsSystemException {
    try {
        String[] uriSegments = request.getRequestURI().split("/");
        int segments = uriSegments.length;
        // CONTROLLO ASSOCIAZIONE RISORSA A CONTENUTO
        int indexGuardian = 0;
        String checkContentAssociation = uriSegments[segments - 2];
        if (checkContentAssociation.equals(AbstractResourceAttribute.REFERENCED_RESOURCE_INDICATOR)) {
            // LA Sintassi /<RES_ID>/<SIZE>/<LANG_CODE>/<REFERENCED_RESOURCE_INDICATOR>/<CONTENT_ID>
            indexGuardian = 2;
        }
        String resId = uriSegments[segments - 3 - indexGuardian];
        UserDetails currentUser = (UserDetails) request.getSession().getAttribute(SystemConstants.SESSIONPARAM_CURRENT_USER);
        if (currentUser == null) {
            currentUser = this.getUserManager().getGuestUser();
        }
        boolean isAuthForProtectedRes = false;
        if (indexGuardian != 0) {
            if (this.isAuthOnProtectedRes(currentUser, resId, uriSegments[segments - 1])) {
                isAuthForProtectedRes = true;
            } else {
                this.executeLoginRedirect(request, response);
                return true;
            }
        }
        ResourceInterface resource = this.getResourceManager().loadResource(resId);
        if (resource == null) {
            return false;
        }
        IAuthorizationManager authManager = this.getAuthorizationManager();
        if (isAuthForProtectedRes || authManager.isAuthOnGroup(currentUser, resource.getMainGroup()) || authManager.isAuthOnGroup(currentUser, Group.ADMINS_GROUP_NAME)) {
            ResourceInstance instance = null;
            if (resource.isMultiInstance()) {
                String sizeStr = uriSegments[segments - 2 - indexGuardian];
                if (!this.isValidNumericString(sizeStr)) {
                    return false;
                }
                int size = Integer.parseInt(sizeStr);
                String langCode = uriSegments[segments - 1 - indexGuardian];
                instance = ((AbstractMultiInstanceResource) resource).getInstance(size, langCode);
            } else {
                instance = ((AbstractMonoInstanceResource) resource).getInstance();
            }
            this.createResponse(response, resource, instance);
            return true;
        }
    } catch (Throwable t) {
        _logger.error("Error extracting protected resource", t);
        throw new ApsSystemException("Error extracting protected resource", t);
    }
    return false;
}
Also used : IAuthorizationManager(com.agiletec.aps.system.services.authorization.IAuthorizationManager) UserDetails(com.agiletec.aps.system.services.user.UserDetails) ResourceInstance(com.agiletec.plugins.jacms.aps.system.services.resource.model.ResourceInstance) ApsSystemException(com.agiletec.aps.system.exception.ApsSystemException) ResourceInterface(com.agiletec.plugins.jacms.aps.system.services.resource.model.ResourceInterface)

Example 2 with IAuthorizationManager

use of com.agiletec.aps.system.services.authorization.IAuthorizationManager in project entando-core by entando.

the class SearcherTagHelper method executeSearch.

/**
 * Carica una lista di identificativi di contenuto in base ad una ricerca
 * effettuata in funzione ad una parila chiave specificata.
 * @param word La parola con cui effettuare la ricerca.
 * @param reqCtx Il contesto della richiesta.
 * @return La lista di identificativi di contenuto.
 * @throws ApsSystemException
 */
public List<String> executeSearch(String word, RequestContext reqCtx) throws ApsSystemException {
    List<String> result = new ArrayList<String>();
    if (null != word && word.trim().length() > 0) {
        UserDetails currentUser = (UserDetails) reqCtx.getRequest().getSession().getAttribute(SystemConstants.SESSIONPARAM_CURRENT_USER);
        ICmsSearchEngineManager searchEngine = (ICmsSearchEngineManager) ApsWebApplicationUtils.getBean(JacmsSystemConstants.SEARCH_ENGINE_MANAGER, reqCtx.getRequest());
        IAuthorizationManager authManager = (IAuthorizationManager) ApsWebApplicationUtils.getBean(SystemConstants.AUTHORIZATION_SERVICE, reqCtx.getRequest());
        List<Group> groups = authManager.getUserGroups(currentUser);
        Set<String> userGroups = new HashSet<String>();
        Iterator<Group> iter = groups.iterator();
        while (iter.hasNext()) {
            Group group = iter.next();
            userGroups.add(group.getName());
        }
        Lang currentLang = (Lang) reqCtx.getExtraParam(SystemConstants.EXTRAPAR_CURRENT_LANG);
        result = searchEngine.searchEntityId(currentLang.getCode(), word, userGroups);
    }
    return result;
}
Also used : ICmsSearchEngineManager(com.agiletec.plugins.jacms.aps.system.services.searchengine.ICmsSearchEngineManager) IAuthorizationManager(com.agiletec.aps.system.services.authorization.IAuthorizationManager) Group(com.agiletec.aps.system.services.group.Group) UserDetails(com.agiletec.aps.system.services.user.UserDetails) ArrayList(java.util.ArrayList) Lang(com.agiletec.aps.system.services.lang.Lang) HashSet(java.util.HashSet)

Example 3 with IAuthorizationManager

use of com.agiletec.aps.system.services.authorization.IAuthorizationManager in project entando-core by entando.

the class GroupsByPermissionTag method getAllowedGroups.

protected Set<String> getAllowedGroups() {
    Set<String> groupCodes = new HashSet<String>();
    UserDetails currentUser = (UserDetails) this.pageContext.getSession().getAttribute(SystemConstants.SESSIONPARAM_CURRENT_USER);
    String permissionName = this.getPermission();
    if (null != currentUser && null != permissionName) {
        IAuthorizationManager authManager = (IAuthorizationManager) ApsWebApplicationUtils.getBean(SystemConstants.AUTHORIZATION_SERVICE, this.pageContext);
        List<Group> groupsByPermission = authManager.getGroupsByPermission(currentUser, permissionName);
        if (null != groupsByPermission) {
            for (Group group : groupsByPermission) {
                if (null != group) {
                    groupCodes.add(group.getName());
                }
            }
        }
    }
    return groupCodes;
}
Also used : IAuthorizationManager(com.agiletec.aps.system.services.authorization.IAuthorizationManager) Group(com.agiletec.aps.system.services.group.Group) UserDetails(com.agiletec.aps.system.services.user.UserDetails) HashSet(java.util.HashSet)

Example 4 with IAuthorizationManager

use of com.agiletec.aps.system.services.authorization.IAuthorizationManager in project entando-core by entando.

the class CheckPermissionTag method doStartTag.

@Override
public int doStartTag() throws JspException {
    HttpSession session = this.pageContext.getSession();
    try {
        boolean isAuthorized = false;
        UserDetails currentUser = (UserDetails) session.getAttribute(SystemConstants.SESSIONPARAM_CURRENT_USER);
        IAuthorizationManager authManager = (IAuthorizationManager) ApsWebApplicationUtils.getBean(SystemConstants.AUTHORIZATION_SERVICE, this.pageContext);
        boolean isGroupSetted = StringUtils.isNotEmpty(this.getGroupName());
        boolean isPermissionSetted = StringUtils.isNotEmpty(this.getPermission());
        boolean isAuthGr = isGroupSetted && (authManager.isAuthOnGroup(currentUser, this.getGroupName()) || authManager.isAuthOnGroup(currentUser, Group.ADMINS_GROUP_NAME));
        boolean isAuthPerm = isPermissionSetted && (authManager.isAuthOnPermission(currentUser, this.getPermission()) || authManager.isAuthOnPermission(currentUser, Permission.SUPERUSER));
        if (isGroupSetted && !isPermissionSetted) {
            isAuthorized = isAuthGr;
        } else if (!isGroupSetted && isPermissionSetted) {
            isAuthorized = isAuthPerm;
        } else if (isGroupSetted && isPermissionSetted && isAuthGr && isAuthPerm) {
            isAuthorized = authManager.isAuthOnGroupAndPermission(currentUser, this.getGroupName(), this.getPermission(), true);
        }
        if (null != this.getVar()) {
            this.pageContext.setAttribute(this.getVar(), isAuthorized);
        }
        if (isAuthorized) {
            return EVAL_BODY_INCLUDE;
        } else {
            return SKIP_BODY;
        }
    } catch (Throwable t) {
        _logger.error("Error during tag initialization", t);
        throw new JspException("Error during tag initialization ", t);
    }
}
Also used : IAuthorizationManager(com.agiletec.aps.system.services.authorization.IAuthorizationManager) JspException(javax.servlet.jsp.JspException) UserDetails(com.agiletec.aps.system.services.user.UserDetails) HttpSession(javax.servlet.http.HttpSession)

Example 5 with IAuthorizationManager

use of com.agiletec.aps.system.services.authorization.IAuthorizationManager in project entando-core by entando.

the class BaseAction method hasCurrentUserPermission.

/**
 * Check if the current user has the given permission granted. It always returns true if the
 * user has the the "superuser" permission set in some role.
 * @param permissionName The name of the permission to check against the current user.
 * @return true if the user has the permission granted, false otherwise.
 */
protected boolean hasCurrentUserPermission(String permissionName) {
    UserDetails currentUser = this.getCurrentUser();
    IAuthorizationManager authManager = this.getAuthorizationManager();
    return authManager.isAuthOnPermission(currentUser, permissionName) || authManager.isAuthOnPermission(currentUser, Permission.SUPERUSER);
}
Also used : IAuthorizationManager(com.agiletec.aps.system.services.authorization.IAuthorizationManager) UserDetails(com.agiletec.aps.system.services.user.UserDetails)

Aggregations

IAuthorizationManager (com.agiletec.aps.system.services.authorization.IAuthorizationManager)13 UserDetails (com.agiletec.aps.system.services.user.UserDetails)11 ApsSystemException (com.agiletec.aps.system.exception.ApsSystemException)2 Group (com.agiletec.aps.system.services.group.Group)2 HashSet (java.util.HashSet)2 HttpSession (javax.servlet.http.HttpSession)2 Lang (com.agiletec.aps.system.services.lang.Lang)1 Role (com.agiletec.aps.system.services.role.Role)1 IUserManager (com.agiletec.aps.system.services.user.IUserManager)1 PublicContentAuthorizationInfo (com.agiletec.plugins.jacms.aps.system.services.content.helper.PublicContentAuthorizationInfo)1 ResourceInstance (com.agiletec.plugins.jacms.aps.system.services.resource.model.ResourceInstance)1 ResourceInterface (com.agiletec.plugins.jacms.aps.system.services.resource.model.ResourceInterface)1 ICmsSearchEngineManager (com.agiletec.plugins.jacms.aps.system.services.searchengine.ICmsSearchEngineManager)1 ArrayList (java.util.ArrayList)1 JspException (javax.servlet.jsp.JspException)1 OAuthProblemException (org.apache.oltu.oauth2.common.exception.OAuthProblemException)1 OAuthSystemException (org.apache.oltu.oauth2.common.exception.OAuthSystemException)1 OAuthAccessResourceRequest (org.apache.oltu.oauth2.rs.request.OAuthAccessResourceRequest)1 IApiOAuth2TokenManager (org.entando.entando.aps.system.services.oauth2.IApiOAuth2TokenManager)1 OAuth2Token (org.entando.entando.aps.system.services.oauth2.model.OAuth2Token)1