Example 6 with IAuthorizationManager
use of com.agiletec.aps.system.services.authorization.IAuthorizationManager in project entando-core by entando.
the class ApiRestServer method extractOAuthParameters.
protected void extractOAuthParameters(HttpServletRequest request, String permission) throws ApiException {
try {
_logger.info("Permission required: {}", permission);
OAuthAccessResourceRequest requestMessage = new OAuthAccessResourceRequest(request, ParameterStyle.HEADER);
// Get the access token
String accessToken = requestMessage.getAccessToken();
IApiOAuth2TokenManager tokenManager = (IApiOAuth2TokenManager) ApsWebApplicationUtils.getBean(IApiOAuth2TokenManager.BEAN_NAME, request);
final OAuth2Token token = tokenManager.getApiOAuth2Token(accessToken);
if (token != null) {
// Validate the access token
if (!token.getAccessToken().equals(accessToken)) {
throw new ApiException(IApiErrorCodes.API_AUTHENTICATION_REQUIRED, "Token does not match", Response.Status.UNAUTHORIZED);
} else // check if access token is expired
if (token.getExpiresIn().getTime() < System.currentTimeMillis()) {
throw new ApiException(IApiErrorCodes.API_AUTHENTICATION_REQUIRED, "Token expired", Response.Status.UNAUTHORIZED);
}
String username = token.getClientId();
IUserManager userManager = (IUserManager) ApsWebApplicationUtils.getBean(SystemConstants.USER_MANAGER, request);
UserDetails user = userManager.getUser(username);
if (user != null) {
_logger.info("User {} requesting resource that requires {} permission ", username, permission);
request.getSession().setAttribute(SystemConstants.SESSIONPARAM_CURRENT_USER, user);
if (permission != null) {
IAuthorizationManager authManager = (IAuthorizationManager) ApsWebApplicationUtils.getBean(SystemConstants.AUTHORIZATION_SERVICE, request);
user.addAuthorizations(authManager.getUserAuthorizations(username));
if (!authManager.isAuthOnPermission(user, permission)) {
List<Role> roles = authManager.getUserRoles(user);
for (Role role : roles) {
_logger.info("User {} requesting resource has {} permission ", username, role.getPermissions().toArray()[0]);
}
_logger.info("User {} requesting resource has {} permission ", username, "none");
throw new ApiException(IApiErrorCodes.API_AUTHENTICATION_REQUIRED, "Authentication Required", Response.Status.UNAUTHORIZED);
}
}
}
} else {
if (accessToken != null) {
throw new ApiException(IApiErrorCodes.API_AUTHENTICATION_REQUIRED, "Token not found, request new one", Response.Status.UNAUTHORIZED);
}
throw new ApiException(IApiErrorCodes.API_AUTHENTICATION_REQUIRED, "Authentication Required", Response.Status.UNAUTHORIZED);
}
} catch (OAuthSystemException | ApsSystemException | OAuthProblemException ex) {
_logger.error("System exception {}", ex);
throw new ApiException(IApiErrorCodes.SERVER_ERROR, ex.getMessage(), Response.Status.INTERNAL_SERVER_ERROR);
}
}
Also used :
OAuthAccessResourceRequest(org.apache.oltu.oauth2.rs.request.OAuthAccessResourceRequest)
IUserManager(com.agiletec.aps.system.services.user.IUserManager)
OAuthSystemException(org.apache.oltu.oauth2.common.exception.OAuthSystemException)
OAuth2Token(org.entando.entando.aps.system.services.oauth2.model.OAuth2Token)
ApsSystemException(com.agiletec.aps.system.exception.ApsSystemException)
IAuthorizationManager(com.agiletec.aps.system.services.authorization.IAuthorizationManager)
Role(com.agiletec.aps.system.services.role.Role)
OAuthProblemException(org.apache.oltu.oauth2.common.exception.OAuthProblemException)
UserDetails(com.agiletec.aps.system.services.user.UserDetails)
IApiOAuth2TokenManager(org.entando.entando.aps.system.services.oauth2.IApiOAuth2TokenManager)
Example 7 with IAuthorizationManager
use of com.agiletec.aps.system.services.authorization.IAuthorizationManager in project entando-core by entando.
the class ProtectedResourceProvider method isAuthOnProtectedRes.
protected boolean isAuthOnProtectedRes(UserDetails currentUser, String resourceId, String contentId) {
PublicContentAuthorizationInfo authInfo = this.getContentAuthorizationHelper().getAuthorizationInfo(contentId);
IAuthorizationManager authManager = this.getAuthorizationManager();
return (authInfo.isProtectedResourceReference(resourceId) && authInfo.isUserAllowed(authManager.getUserGroups(currentUser)));
}
Also used :
IAuthorizationManager(com.agiletec.aps.system.services.authorization.IAuthorizationManager)
PublicContentAuthorizationInfo(com.agiletec.plugins.jacms.aps.system.services.content.helper.PublicContentAuthorizationInfo)
Example 8 with IAuthorizationManager
use of com.agiletec.aps.system.services.authorization.IAuthorizationManager in project entando-core by entando.
the class DataObjectWrapper method isUserAllowed.
public boolean isUserAllowed(String permissionName) {
try {
IAuthorizationManager authManager = (IAuthorizationManager) this.getBeanFactory().getBean(SystemConstants.AUTHORIZATION_SERVICE);
UserDetails currentUser = (UserDetails) this.getReqCtx().getRequest().getSession().getAttribute(SystemConstants.SESSIONPARAM_CURRENT_USER);
if (null == currentUser) {
return false;
}
if (!authManager.isAuthOnGroup(currentUser, this.getEntity().getMainGroup())) {
return false;
}
if (null != permissionName && permissionName.trim().length() > 0 && !authManager.isAuthOnPermission(currentUser, permissionName)) {
return false;
}
} catch (Throwable t) {
_logger.error("Error checking authority - permission {}", permissionName, t);
return false;
}
return true;
}
Also used :
IAuthorizationManager(com.agiletec.aps.system.services.authorization.IAuthorizationManager)
UserDetails(com.agiletec.aps.system.services.user.UserDetails)
Example 9 with IAuthorizationManager
use of com.agiletec.aps.system.services.authorization.IAuthorizationManager in project entando-core by entando.
the class BaseAction method isCurrentUserMemberOf.
/**
* Check if the current user belongs to the given group. It always returns true if the user
* belongs to the Administrators group.
* @param groupName The name of the group to check against the current user.
* @return true if the user belongs to the given group, false otherwise.
*/
protected boolean isCurrentUserMemberOf(String groupName) {
UserDetails currentUser = this.getCurrentUser();
IAuthorizationManager authManager = this.getAuthorizationManager();
return authManager.isAuthOnGroup(currentUser, groupName) || authManager.isAuthOnGroup(currentUser, Group.ADMINS_GROUP_NAME);
}
Also used :
IAuthorizationManager(com.agiletec.aps.system.services.authorization.IAuthorizationManager)
UserDetails(com.agiletec.aps.system.services.user.UserDetails)
Example 10 with IAuthorizationManager
use of com.agiletec.aps.system.services.authorization.IAuthorizationManager in project entando-core by entando.
the class BaseInterceptorMadMax method intercept.
@Override
public String intercept(ActionInvocation invocation) throws Exception {
boolean isAuthorized = false;
try {
HttpSession session = ServletActionContext.getRequest().getSession();
UserDetails currentUser = (UserDetails) session.getAttribute(SystemConstants.SESSIONPARAM_CURRENT_USER);
IAuthorizationManager authManager = (IAuthorizationManager) ApsWebApplicationUtils.getBean(SystemConstants.AUTHORIZATION_SERVICE, ServletActionContext.getRequest());
if (currentUser != null) {
Set<String> authorizations = this.extractAllRequiredPermissions();
if (null == authorizations || authorizations.isEmpty() || authManager.isAuthOnPermission(currentUser, Permission.SUPERUSER)) {
isAuthorized = true;
} else {
isAuthorized = this.checkAuthorizations(currentUser, authorizations, authManager);
}
if (!isAuthorized) {
return this.getErrorResultName();
}
}
if (isAuthorized) {
return this.invoke(invocation);
}
} catch (Throwable t) {
_logger.error("Error occurred verifying authority of current user", t);
return BaseAction.FAILURE;
}
return this.getErrorResultName();
}
Also used :
IAuthorizationManager(com.agiletec.aps.system.services.authorization.IAuthorizationManager)
UserDetails(com.agiletec.aps.system.services.user.UserDetails)
HttpSession(javax.servlet.http.HttpSession)
Aggregations
IAuthorizationManager (com.agiletec.aps.system.services.authorization.IAuthorizationManager)13
UserDetails (com.agiletec.aps.system.services.user.UserDetails)11
ApsSystemException (com.agiletec.aps.system.exception.ApsSystemException)2
Group (com.agiletec.aps.system.services.group.Group)2
HashSet (java.util.HashSet)2
HttpSession (javax.servlet.http.HttpSession)2
Lang (com.agiletec.aps.system.services.lang.Lang)1
Role (com.agiletec.aps.system.services.role.Role)1
IUserManager (com.agiletec.aps.system.services.user.IUserManager)1
PublicContentAuthorizationInfo (com.agiletec.plugins.jacms.aps.system.services.content.helper.PublicContentAuthorizationInfo)1
ResourceInstance (com.agiletec.plugins.jacms.aps.system.services.resource.model.ResourceInstance)1
ResourceInterface (com.agiletec.plugins.jacms.aps.system.services.resource.model.ResourceInterface)1
ICmsSearchEngineManager (com.agiletec.plugins.jacms.aps.system.services.searchengine.ICmsSearchEngineManager)1
ArrayList (java.util.ArrayList)1
JspException (javax.servlet.jsp.JspException)1
OAuthProblemException (org.apache.oltu.oauth2.common.exception.OAuthProblemException)1
OAuthSystemException (org.apache.oltu.oauth2.common.exception.OAuthSystemException)1
OAuthAccessResourceRequest (org.apache.oltu.oauth2.rs.request.OAuthAccessResourceRequest)1
IApiOAuth2TokenManager (org.entando.entando.aps.system.services.oauth2.IApiOAuth2TokenManager)1
OAuth2Token (org.entando.entando.aps.system.services.oauth2.model.OAuth2Token)1
