use of com.agiletec.aps.system.services.authorization.IAuthorizationManager in project entando-core by entando.
the class ProtectedResourceProvider method provideProtectedResource.
@Override
public boolean provideProtectedResource(HttpServletRequest request, HttpServletResponse response) throws ApsSystemException {
try {
String[] uriSegments = request.getRequestURI().split("/");
int segments = uriSegments.length;
// CONTROLLO ASSOCIAZIONE RISORSA A CONTENUTO
int indexGuardian = 0;
String checkContentAssociation = uriSegments[segments - 2];
if (checkContentAssociation.equals(AbstractResourceAttribute.REFERENCED_RESOURCE_INDICATOR)) {
// LA Sintassi /<RES_ID>/<SIZE>/<LANG_CODE>/<REFERENCED_RESOURCE_INDICATOR>/<CONTENT_ID>
indexGuardian = 2;
}
String resId = uriSegments[segments - 3 - indexGuardian];
UserDetails currentUser = (UserDetails) request.getSession().getAttribute(SystemConstants.SESSIONPARAM_CURRENT_USER);
if (currentUser == null) {
currentUser = this.getUserManager().getGuestUser();
}
boolean isAuthForProtectedRes = false;
if (indexGuardian != 0) {
if (this.isAuthOnProtectedRes(currentUser, resId, uriSegments[segments - 1])) {
isAuthForProtectedRes = true;
} else {
this.executeLoginRedirect(request, response);
return true;
}
}
ResourceInterface resource = this.getResourceManager().loadResource(resId);
if (resource == null) {
return false;
}
IAuthorizationManager authManager = this.getAuthorizationManager();
if (isAuthForProtectedRes || authManager.isAuthOnGroup(currentUser, resource.getMainGroup()) || authManager.isAuthOnGroup(currentUser, Group.ADMINS_GROUP_NAME)) {
ResourceInstance instance = null;
if (resource.isMultiInstance()) {
String sizeStr = uriSegments[segments - 2 - indexGuardian];
if (!this.isValidNumericString(sizeStr)) {
return false;
}
int size = Integer.parseInt(sizeStr);
String langCode = uriSegments[segments - 1 - indexGuardian];
instance = ((AbstractMultiInstanceResource) resource).getInstance(size, langCode);
} else {
instance = ((AbstractMonoInstanceResource) resource).getInstance();
}
this.createResponse(response, resource, instance);
return true;
}
} catch (Throwable t) {
_logger.error("Error extracting protected resource", t);
throw new ApsSystemException("Error extracting protected resource", t);
}
return false;
}
use of com.agiletec.aps.system.services.authorization.IAuthorizationManager in project entando-core by entando.
the class SearcherTagHelper method executeSearch.
/**
* Carica una lista di identificativi di contenuto in base ad una ricerca
* effettuata in funzione ad una parila chiave specificata.
* @param word La parola con cui effettuare la ricerca.
* @param reqCtx Il contesto della richiesta.
* @return La lista di identificativi di contenuto.
* @throws ApsSystemException
*/
public List<String> executeSearch(String word, RequestContext reqCtx) throws ApsSystemException {
List<String> result = new ArrayList<String>();
if (null != word && word.trim().length() > 0) {
UserDetails currentUser = (UserDetails) reqCtx.getRequest().getSession().getAttribute(SystemConstants.SESSIONPARAM_CURRENT_USER);
ICmsSearchEngineManager searchEngine = (ICmsSearchEngineManager) ApsWebApplicationUtils.getBean(JacmsSystemConstants.SEARCH_ENGINE_MANAGER, reqCtx.getRequest());
IAuthorizationManager authManager = (IAuthorizationManager) ApsWebApplicationUtils.getBean(SystemConstants.AUTHORIZATION_SERVICE, reqCtx.getRequest());
List<Group> groups = authManager.getUserGroups(currentUser);
Set<String> userGroups = new HashSet<String>();
Iterator<Group> iter = groups.iterator();
while (iter.hasNext()) {
Group group = iter.next();
userGroups.add(group.getName());
}
Lang currentLang = (Lang) reqCtx.getExtraParam(SystemConstants.EXTRAPAR_CURRENT_LANG);
result = searchEngine.searchEntityId(currentLang.getCode(), word, userGroups);
}
return result;
}
use of com.agiletec.aps.system.services.authorization.IAuthorizationManager in project entando-core by entando.
the class GroupsByPermissionTag method getAllowedGroups.
protected Set<String> getAllowedGroups() {
Set<String> groupCodes = new HashSet<String>();
UserDetails currentUser = (UserDetails) this.pageContext.getSession().getAttribute(SystemConstants.SESSIONPARAM_CURRENT_USER);
String permissionName = this.getPermission();
if (null != currentUser && null != permissionName) {
IAuthorizationManager authManager = (IAuthorizationManager) ApsWebApplicationUtils.getBean(SystemConstants.AUTHORIZATION_SERVICE, this.pageContext);
List<Group> groupsByPermission = authManager.getGroupsByPermission(currentUser, permissionName);
if (null != groupsByPermission) {
for (Group group : groupsByPermission) {
if (null != group) {
groupCodes.add(group.getName());
}
}
}
}
return groupCodes;
}
use of com.agiletec.aps.system.services.authorization.IAuthorizationManager in project entando-core by entando.
the class CheckPermissionTag method doStartTag.
@Override
public int doStartTag() throws JspException {
HttpSession session = this.pageContext.getSession();
try {
boolean isAuthorized = false;
UserDetails currentUser = (UserDetails) session.getAttribute(SystemConstants.SESSIONPARAM_CURRENT_USER);
IAuthorizationManager authManager = (IAuthorizationManager) ApsWebApplicationUtils.getBean(SystemConstants.AUTHORIZATION_SERVICE, this.pageContext);
boolean isGroupSetted = StringUtils.isNotEmpty(this.getGroupName());
boolean isPermissionSetted = StringUtils.isNotEmpty(this.getPermission());
boolean isAuthGr = isGroupSetted && (authManager.isAuthOnGroup(currentUser, this.getGroupName()) || authManager.isAuthOnGroup(currentUser, Group.ADMINS_GROUP_NAME));
boolean isAuthPerm = isPermissionSetted && (authManager.isAuthOnPermission(currentUser, this.getPermission()) || authManager.isAuthOnPermission(currentUser, Permission.SUPERUSER));
if (isGroupSetted && !isPermissionSetted) {
isAuthorized = isAuthGr;
} else if (!isGroupSetted && isPermissionSetted) {
isAuthorized = isAuthPerm;
} else if (isGroupSetted && isPermissionSetted && isAuthGr && isAuthPerm) {
isAuthorized = authManager.isAuthOnGroupAndPermission(currentUser, this.getGroupName(), this.getPermission(), true);
}
if (null != this.getVar()) {
this.pageContext.setAttribute(this.getVar(), isAuthorized);
}
if (isAuthorized) {
return EVAL_BODY_INCLUDE;
} else {
return SKIP_BODY;
}
} catch (Throwable t) {
_logger.error("Error during tag initialization", t);
throw new JspException("Error during tag initialization ", t);
}
}
use of com.agiletec.aps.system.services.authorization.IAuthorizationManager in project entando-core by entando.
the class BaseAction method hasCurrentUserPermission.
/**
* Check if the current user has the given permission granted. It always returns true if the
* user has the the "superuser" permission set in some role.
* @param permissionName The name of the permission to check against the current user.
* @return true if the user has the permission granted, false otherwise.
*/
protected boolean hasCurrentUserPermission(String permissionName) {
UserDetails currentUser = this.getCurrentUser();
IAuthorizationManager authManager = this.getAuthorizationManager();
return authManager.isAuthOnPermission(currentUser, permissionName) || authManager.isAuthOnPermission(currentUser, Permission.SUPERUSER);
}
Aggregations