Search in sources :

Example 1 with SecurityContext

use of com.haulmont.cuba.core.sys.SecurityContext in project cuba by cuba-platform.

the class PortalLogoutHandler method onLogoutSuccess.

@Override
public void onLogoutSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException {
    Connection connection = (Connection) request.getSession().getAttribute(Connection.NAME);
    try {
        if (connection != null) {
            SecurityContext portalSecurityContext = new PortalSecurityContext(connection.getSession());
            AppContext.setSecurityContext(portalSecurityContext);
            PortalSession session = connection.getSession();
            if (session != null && session.isAuthenticated())
                connection.logout();
        }
    } catch (Exception e) {
        log.warn("Exception while logout", e);
    } finally {
        AppContext.setSecurityContext(null);
    }
    request.getSession().invalidate();
    super.onLogoutSuccess(request, response, authentication);
}
Also used : PortalSession(com.haulmont.cuba.portal.security.PortalSession) Connection(com.haulmont.cuba.portal.Connection) SecurityContext(com.haulmont.cuba.core.sys.SecurityContext) ServletException(javax.servlet.ServletException) IOException(java.io.IOException)

Example 2 with SecurityContext

use of com.haulmont.cuba.core.sys.SecurityContext in project cuba by cuba-platform.

the class Authentication method begin.

/**
 * Begin authenticated block of code.
 *
 * @param sessionId {@link UserSession} id
 * @return true if the given session id is valid and authentication is successful
 */
public boolean begin(String sessionId) {
    UUID uuid;
    try {
        uuid = UuidProvider.fromString(sessionId);
    } catch (Exception e) {
        log.warn("Invalid user session ID: " + e.toString());
        return false;
    }
    UserSession session;
    try {
        session = trustedClientService.findSession(restApiConfig.getTrustedClientPassword(), uuid);
    } catch (LoginException e) {
        throw new RuntimeException("Unable to login with trusted client password");
    }
    if (session == null) {
        log.warn("User session " + uuid + " does not exist");
        return false;
    }
    if (!session.isSpecificPermitted(PERMISSION_NAME)) {
        log.warn(PERMISSION_NAME + " is not permitted for user " + session.getUser().getLogin());
        return false;
    }
    AppContext.setSecurityContext(new SecurityContext(session));
    return true;
}
Also used : UserSession(com.haulmont.cuba.security.global.UserSession) SecurityContext(com.haulmont.cuba.core.sys.SecurityContext) LoginException(com.haulmont.cuba.security.global.LoginException) UUID(java.util.UUID) LoginException(com.haulmont.cuba.security.global.LoginException)

Example 3 with SecurityContext

use of com.haulmont.cuba.core.sys.SecurityContext in project cuba by cuba-platform.

the class FileUploadController method upload.

@RequestMapping(value = "/api/upload", method = RequestMethod.POST)
public void upload(HttpServletRequest request, HttpServletResponse response) throws IOException {
    UserSession userSession = getSession(request, response);
    if (userSession == null)
        return;
    AppContext.setSecurityContext(new SecurityContext(userSession));
    try {
        InputStream is = request.getInputStream();
        if (is == null) {
            response.sendError(HttpServletResponse.SC_BAD_REQUEST);
            return;
        }
        FileDescriptor fd = getFileDescriptor(request, response);
        if (fd == null)
            return;
        try {
            uploadToMiddleware(userSession, is, fd);
            saveFileDescriptor(fd);
            response.setStatus(HttpServletResponse.SC_OK);
            PrintWriter writer = new PrintWriter(new OutputStreamWriter(response.getOutputStream(), StandardCharsets.UTF_8));
            writer.write(fd.getId().toString());
            writer.close();
        } catch (FileStorageException e) {
            log.error("Unable to upload file", e);
            response.sendError(e.getType().getHttpStatus());
        } finally {
            IOUtils.closeQuietly(is);
        }
    } finally {
        AppContext.setSecurityContext(null);
    }
}
Also used : UserSession(com.haulmont.cuba.security.global.UserSession) SecurityContext(com.haulmont.cuba.core.sys.SecurityContext) FileStorageException(com.haulmont.cuba.core.global.FileStorageException) FileDescriptor(com.haulmont.cuba.core.entity.FileDescriptor) RequestMapping(org.springframework.web.bind.annotation.RequestMapping)

Example 4 with SecurityContext

use of com.haulmont.cuba.core.sys.SecurityContext in project cuba by cuba-platform.

the class RestFileDownloadController method download.

@RequestMapping(value = "/api/download", method = RequestMethod.GET)
public ModelAndView download(HttpServletRequest request, HttpServletResponse response) throws IOException {
    UserSession userSession = getSession(request, response);
    if (userSession == null) {
        error(response);
        return null;
    }
    AppContext.setSecurityContext(new SecurityContext(userSession));
    try {
        UUID fileId;
        try {
            fileId = UUID.fromString(request.getParameter("f"));
        } catch (Exception e) {
            log.error(e.toString());
            error(response);
            return null;
        }
        FileDescriptor fd = dataService.load(new LoadContext<>(FileDescriptor.class).setId(fileId));
        if (fd == null) {
            log.warn("Unable to find file with id " + fileId);
            error(response);
            return null;
        }
        String fileName = URLEncodeUtils.encodeUtf8(fd.getName());
        response.setHeader("Cache-Control", "no-cache");
        response.setHeader("Pragma", "no-cache");
        response.setDateHeader("Expires", 0);
        response.setHeader("Content-Type", getContentType(fd));
        response.setHeader("Pragma", "no-cache");
        boolean attach = Boolean.valueOf(request.getParameter("a"));
        response.setHeader("Content-Disposition", (attach ? "attachment" : "inline") + "; filename=" + fileName);
        writeResponse(response, userSession, fd);
    } finally {
        AppContext.setSecurityContext(null);
    }
    return null;
}
Also used : UserSession(com.haulmont.cuba.security.global.UserSession) SecurityContext(com.haulmont.cuba.core.sys.SecurityContext) LoadContext(com.haulmont.cuba.core.global.LoadContext) UUID(java.util.UUID) IOException(java.io.IOException) NoUserSessionException(com.haulmont.cuba.security.global.NoUserSessionException) FileDescriptor(com.haulmont.cuba.core.entity.FileDescriptor) RequestMapping(org.springframework.web.bind.annotation.RequestMapping)

Example 5 with SecurityContext

use of com.haulmont.cuba.core.sys.SecurityContext in project cuba by cuba-platform.

the class RestFileDownloadController method getSession.

protected UserSession getSession(HttpServletRequest request, HttpServletResponse response) {
    UUID sessionId;
    try {
        sessionId = UUID.fromString(request.getParameter("s"));
    } catch (Exception e) {
        return null;
    }
    AppContext.setSecurityContext(new SecurityContext(sessionId));
    try {
        UserSession userSession = userSessionService.getUserSession(sessionId);
        return userSession;
    } catch (NoUserSessionException e) {
        return null;
    } finally {
        AppContext.setSecurityContext(null);
    }
}
Also used : UserSession(com.haulmont.cuba.security.global.UserSession) SecurityContext(com.haulmont.cuba.core.sys.SecurityContext) UUID(java.util.UUID) IOException(java.io.IOException) NoUserSessionException(com.haulmont.cuba.security.global.NoUserSessionException) NoUserSessionException(com.haulmont.cuba.security.global.NoUserSessionException)

Aggregations

SecurityContext (com.haulmont.cuba.core.sys.SecurityContext)43 UserSession (com.haulmont.cuba.security.global.UserSession)29 LoginException (com.haulmont.cuba.security.global.LoginException)13 UUID (java.util.UUID)10 NoUserSessionException (com.haulmont.cuba.security.global.NoUserSessionException)8 IOException (java.io.IOException)8 FileStorageException (com.haulmont.cuba.core.global.FileStorageException)6 AppContext.withSecurityContext (com.haulmont.cuba.core.sys.AppContext.withSecurityContext)6 RequestMapping (org.springframework.web.bind.annotation.RequestMapping)6 FileDescriptor (com.haulmont.cuba.core.entity.FileDescriptor)5 Locale (java.util.Locale)5 Transaction (com.haulmont.cuba.core.Transaction)3 AppContext.getSecurityContext (com.haulmont.cuba.core.sys.AppContext.getSecurityContext)3 AppContext.setSecurityContext (com.haulmont.cuba.core.sys.AppContext.setSecurityContext)3 TrustedClientCredentials (com.haulmont.cuba.security.auth.TrustedClientCredentials)3 InvocationTargetException (java.lang.reflect.InvocationTargetException)3 Nonnull (javax.annotation.Nonnull)3 LogFileNotFoundException (com.haulmont.cuba.core.sys.logging.LogFileNotFoundException)2 LoginPasswordCredentials (com.haulmont.cuba.security.auth.LoginPasswordCredentials)2 SystemUserCredentials (com.haulmont.cuba.security.auth.SystemUserCredentials)2