Search in sources :

Example 11 with SecurityContext

use of com.haulmont.cuba.core.sys.SecurityContext in project cuba by cuba-platform.

the class FreeMarkerView method buildTemplateModel.

@Override
protected SimpleHash buildTemplateModel(Map<String, Object> model, HttpServletRequest request, HttpServletResponse response) {
    PortalConfig config = AppBeans.get(Configuration.class).getConfig(PortalConfig.class);
    SimpleHash context = super.buildTemplateModel(model, request, response);
    SecurityContext securityContext = AppContext.getSecurityContext();
    if (securityContext != null)
        context.put("userSession", securityContext.getSession());
    context.put("messages", messages);
    context.put("message", new MessageMethod());
    context.put("theme", config.getTheme());
    return context;
}
Also used : Configuration(com.haulmont.cuba.core.global.Configuration) PortalConfig(com.haulmont.cuba.portal.config.PortalConfig) SecurityContext(com.haulmont.cuba.core.sys.SecurityContext)

Example 12 with SecurityContext

use of com.haulmont.cuba.core.sys.SecurityContext in project cuba by cuba-platform.

the class DynamicAttributesCacheStrategy method init.

@Override
public void init() {
    clientCacheManager.getExecutorService().scheduleWithFixedDelay(() -> {
        if (needToValidateCache) {
            UserSession userSession = cacheUserSessionProvider.getUserSession();
            if (userSession == null) {
                // cache user session unavailable
                return;
            }
            try {
                AppContext.setSecurityContext(new SecurityContext(userSession));
                loadObject();
            } catch (NoUserSessionException e) {
                log.warn("Cache user session expired", e);
            } catch (Exception e) {
                log.error("Unable to update dynamic attributes cache", e);
            }
        }
    }, 0, 10, TimeUnit.SECONDS);
}
Also used : UserSession(com.haulmont.cuba.security.global.UserSession) SecurityContext(com.haulmont.cuba.core.sys.SecurityContext) NoUserSessionException(com.haulmont.cuba.security.global.NoUserSessionException) NoUserSessionException(com.haulmont.cuba.security.global.NoUserSessionException)

Example 13 with SecurityContext

use of com.haulmont.cuba.core.sys.SecurityContext in project cuba by cuba-platform.

the class ConfigStorageCommon method getConfigValue.

/**
 * Method returns a result of config method invocation
 * @param classFQN fully qualified configuration interface name
 * @param methodName config getter method name
 * @param userLogin parameter is used for authentication if there is no security context bound to the current thread
 *                  and configuration method source is DATABASE
 * @param userPassword see userLogin parameter description
 * @return configuration method invocation result
 */
public String getConfigValue(String classFQN, String methodName, String userLogin, String userPassword) {
    Class<?> aClass;
    try {
        aClass = Class.forName(classFQN);
    } catch (ClassNotFoundException e) {
        return String.format("Class %s not found.\nPlease ensure that you entered a fully qualified class name and " + "that you class is in a proper application module (core, web or portal).", classFQN);
    }
    if (Config.class.isAssignableFrom(aClass)) {
        Config config = configuration.getConfig((Class<? extends Config>) aClass);
        Method method;
        boolean logoutRequired = false;
        try {
            method = aClass.getMethod(methodName);
            // DATABASE, then login attempt with 'userLogin' and 'userPassword' will be made
            if (AppContext.getSecurityContext() == null) {
                SourceType sourceType;
                Source methodSourceAnnotation = method.getAnnotation(Source.class);
                if (methodSourceAnnotation != null) {
                    sourceType = methodSourceAnnotation.type();
                } else {
                    Source classSourceAnnotation = aClass.getAnnotation(Source.class);
                    sourceType = classSourceAnnotation.type();
                }
                if (sourceType != null && sourceType == SourceType.DATABASE) {
                    if (Strings.isNullOrEmpty(userLogin)) {
                        return "No security context bound to the current thread. Please specify the user name.";
                    } else {
                        try {
                            Map<String, Locale> availableLocales = configuration.getConfig(GlobalConfig.class).getAvailableLocales();
                            Locale defaultLocale = availableLocales.values().iterator().next();
                            TrustedClientCredentials credentials = new TrustedClientCredentials(userLogin, userPassword, defaultLocale);
                            UserSession session = authenticationService.login(credentials).getSession();
                            AppContext.setSecurityContext(new SecurityContext(session));
                            logoutRequired = true;
                        } catch (LoginException e) {
                            log.error(ExceptionUtils.getStackTrace(e));
                            return "Login error: " + e.getMessage();
                        }
                    }
                }
            }
            Object result = method.invoke(config);
            return result == null ? null : result.toString();
        } catch (NoSuchMethodException e) {
            return String.format("Method %s() not found in class %s", methodName, classFQN);
        } catch (InvocationTargetException | IllegalAccessException e) {
            return ExceptionUtils.getStackTrace(e);
        } finally {
            if (logoutRequired) {
                try {
                    authenticationService.logout();
                } finally {
                    AppContext.setSecurityContext(null);
                }
            }
        }
    } else {
        return String.format("Class %s is not an implementation of Config interface", classFQN);
    }
}
Also used : GlobalConfig(com.haulmont.cuba.core.global.GlobalConfig) GlobalConfig(com.haulmont.cuba.core.global.GlobalConfig) Method(java.lang.reflect.Method) InvocationTargetException(java.lang.reflect.InvocationTargetException) UserSession(com.haulmont.cuba.security.global.UserSession) SecurityContext(com.haulmont.cuba.core.sys.SecurityContext) LoginException(com.haulmont.cuba.security.global.LoginException) TrustedClientCredentials(com.haulmont.cuba.security.auth.TrustedClientCredentials)

Example 14 with SecurityContext

use of com.haulmont.cuba.core.sys.SecurityContext in project cuba by cuba-platform.

the class CubaRemoteInvocationFactory method createRemoteInvocation.

@Override
public RemoteInvocation createRemoteInvocation(MethodInvocation methodInvocation) {
    SecurityContext securityContext = AppContext.getSecurityContext();
    CubaRemoteInvocation remoteInvocation = new CubaRemoteInvocation(methodInvocation, securityContext == null ? null : securityContext.getSessionId());
    if (securityContext != null) {
        UserSession session = securityContext.getSession();
        if (session instanceof ClientBasedSession && ((ClientBasedSession) session).hasRequestScopedInfo()) {
            remoteInvocation.setLocale(session.getLocale() != null ? session.getLocale().toLanguageTag() : null);
            remoteInvocation.setTimeZone(session.getTimeZone());
            remoteInvocation.setAddress(session.getAddress());
            remoteInvocation.setClientInfo(session.getClientInfo());
        }
    }
    return remoteInvocation;
}
Also used : ClientBasedSession(com.haulmont.cuba.security.global.ClientBasedSession) UserSession(com.haulmont.cuba.security.global.UserSession) SecurityContext(com.haulmont.cuba.core.sys.SecurityContext)

Example 15 with SecurityContext

use of com.haulmont.cuba.core.sys.SecurityContext in project cuba by cuba-platform.

the class StickySessionServerSelector method getSessionUrlsHolder.

@Nullable
protected SessionUrlsHolder getSessionUrlsHolder() {
    SecurityContext securityContext = AppContext.getSecurityContext();
    if (securityContext == null)
        return null;
    UserSession session = securityContext.getSession();
    if (session == null || session instanceof ClientBasedSession && ((ClientBasedSession) session).hasRequestScopedInfo())
        return anonymousSessionUrlsHolder;
    return new UserSessionUrlsHolder(session);
}
Also used : ClientBasedSession(com.haulmont.cuba.security.global.ClientBasedSession) UserSession(com.haulmont.cuba.security.global.UserSession) SecurityContext(com.haulmont.cuba.core.sys.SecurityContext) Nullable(javax.annotation.Nullable)

Aggregations

SecurityContext (com.haulmont.cuba.core.sys.SecurityContext)43 UserSession (com.haulmont.cuba.security.global.UserSession)29 LoginException (com.haulmont.cuba.security.global.LoginException)13 UUID (java.util.UUID)10 NoUserSessionException (com.haulmont.cuba.security.global.NoUserSessionException)8 IOException (java.io.IOException)8 FileStorageException (com.haulmont.cuba.core.global.FileStorageException)6 AppContext.withSecurityContext (com.haulmont.cuba.core.sys.AppContext.withSecurityContext)6 RequestMapping (org.springframework.web.bind.annotation.RequestMapping)6 FileDescriptor (com.haulmont.cuba.core.entity.FileDescriptor)5 Locale (java.util.Locale)5 Transaction (com.haulmont.cuba.core.Transaction)3 AppContext.getSecurityContext (com.haulmont.cuba.core.sys.AppContext.getSecurityContext)3 AppContext.setSecurityContext (com.haulmont.cuba.core.sys.AppContext.setSecurityContext)3 TrustedClientCredentials (com.haulmont.cuba.security.auth.TrustedClientCredentials)3 InvocationTargetException (java.lang.reflect.InvocationTargetException)3 Nonnull (javax.annotation.Nonnull)3 LogFileNotFoundException (com.haulmont.cuba.core.sys.logging.LogFileNotFoundException)2 LoginPasswordCredentials (com.haulmont.cuba.security.auth.LoginPasswordCredentials)2 SystemUserCredentials (com.haulmont.cuba.security.auth.SystemUserCredentials)2