Search in sources :

Example 21 with SecurityContext

use of com.haulmont.cuba.core.sys.SecurityContext in project cuba by cuba-platform.

the class Connection method login.

public void login(String login, String password, Locale locale) throws LoginException {
    UserSession userSession = doLogin(login, password, locale, getLoginParams());
    ClientUserSession clientUserSession = new ClientUserSession(userSession);
    clientUserSession.setAuthenticated(true);
    session = clientUserSession;
    AppContext.setSecurityContext(new SecurityContext(session));
    log.info("Logged in: {}", session);
    updateSessionClientInfo();
    connected = true;
    fireConnectionListeners();
}
Also used : ClientUserSession(com.haulmont.cuba.client.ClientUserSession) ClientUserSession(com.haulmont.cuba.client.ClientUserSession) UserSession(com.haulmont.cuba.security.global.UserSession) SecurityContext(com.haulmont.cuba.core.sys.SecurityContext)

Example 22 with SecurityContext

use of com.haulmont.cuba.core.sys.SecurityContext in project cuba by cuba-platform.

the class FileStorage method saveStream.

@Override
public long saveStream(final FileDescriptor fileDescr, final InputStream inputStream) throws FileStorageException {
    checkFileDescriptor(fileDescr);
    File[] roots = getStorageRoots();
    // Store to primary storage
    checkStorageDefined(roots, fileDescr);
    checkPrimaryStorageAccessible(roots, fileDescr);
    File dir = getStorageDir(roots[0], fileDescr);
    dir.mkdirs();
    checkDirectoryExists(dir);
    final File file = new File(dir, getFileName(fileDescr));
    checkFileExists(file);
    long size = 0;
    OutputStream os = null;
    try {
        os = FileUtils.openOutputStream(file);
        size = IOUtils.copyLarge(inputStream, os);
        os.flush();
        writeLog(file, false);
    } catch (IOException e) {
        IOUtils.closeQuietly(os);
        FileUtils.deleteQuietly(file);
        throw new FileStorageException(FileStorageException.Type.IO_EXCEPTION, file.getAbsolutePath(), e);
    } finally {
        IOUtils.closeQuietly(os);
    }
    // Copy file to secondary storages asynchronously
    final SecurityContext securityContext = AppContext.getSecurityContext();
    for (int i = 1; i < roots.length; i++) {
        if (!roots[i].exists()) {
            log.error("Error saving {} into {} : directory doesn't exist", fileDescr, roots[i]);
            continue;
        }
        File copyDir = getStorageDir(roots[i], fileDescr);
        final File fileCopy = new File(copyDir, getFileName(fileDescr));
        writeExecutor.submit(new Runnable() {

            @Override
            public void run() {
                try {
                    AppContext.setSecurityContext(securityContext);
                    FileUtils.copyFile(file, fileCopy, true);
                    writeLog(fileCopy, false);
                } catch (Exception e) {
                    log.error("Error saving {} into {} : {}", fileDescr, fileCopy.getAbsolutePath(), e.getMessage());
                } finally {
                    AppContext.setSecurityContext(null);
                }
            }
        });
    }
    return size;
}
Also used : SecurityContext(com.haulmont.cuba.core.sys.SecurityContext)

Example 23 with SecurityContext

use of com.haulmont.cuba.core.sys.SecurityContext in project cuba by cuba-platform.

the class FileDownloadController method download.

@RequestMapping(value = "/download", method = RequestMethod.GET)
public ModelAndView download(HttpServletRequest request, HttpServletResponse response) throws IOException {
    UserSession userSession = getSession(request, response);
    if (userSession == null) {
        error(response);
        return null;
    }
    AppContext.setSecurityContext(new SecurityContext(userSession));
    try {
        UUID fileId;
        try {
            fileId = UUID.fromString(request.getParameter("f"));
        } catch (Exception e) {
            log.error(e.toString());
            error(response);
            return null;
        }
        FileDescriptor fd = dataService.load(LoadContext.create(FileDescriptor.class).setId(fileId));
        if (fd == null) {
            log.warn("Unable to find file with id {}", fileId);
            error(response);
            return null;
        }
        String fileName = URLEncodeUtils.encodeUtf8(fd.getName());
        response.setHeader(HttpHeaders.CACHE_CONTROL, "no-cache");
        response.setDateHeader(HttpHeaders.EXPIRES, 0);
        response.setHeader(HttpHeaders.CONTENT_TYPE, getContentType(fd));
        response.setHeader(HttpHeaders.PRAGMA, "no-cache");
        boolean attach = Boolean.valueOf(request.getParameter("a"));
        response.setHeader("Content-Disposition", (attach ? "attachment" : "inline") + "; filename=" + fileName);
        downloadFromMiddlewareAndWriteResponse(fd, response);
    } finally {
        AppContext.setSecurityContext(null);
    }
    return null;
}
Also used : UserSession(com.haulmont.cuba.security.global.UserSession) SecurityContext(com.haulmont.cuba.core.sys.SecurityContext) UUID(java.util.UUID) FileStorageException(com.haulmont.cuba.core.global.FileStorageException) IOException(java.io.IOException) NoUserSessionException(com.haulmont.cuba.security.global.NoUserSessionException) FileDescriptor(com.haulmont.cuba.core.entity.FileDescriptor) RequestMapping(org.springframework.web.bind.annotation.RequestMapping)

Example 24 with SecurityContext

use of com.haulmont.cuba.core.sys.SecurityContext in project cuba by cuba-platform.

the class LogDownloadController method getSession.

protected UserSession getSession(String sessionId, HttpServletResponse response) throws IOException {
    UUID sessionUUID;
    try {
        sessionUUID = UUID.fromString(sessionId);
    } catch (Exception e) {
        log.error("Error parsing sessionId from URL param", e);
        response.sendError(HttpServletResponse.SC_BAD_REQUEST);
        return null;
    }
    AppContext.setSecurityContext(new SecurityContext(sessionUUID));
    try {
        UserSession session = userSessionService.getUserSession(sessionUUID);
        if (session == null)
            response.sendError(HttpServletResponse.SC_FORBIDDEN);
        return session;
    } finally {
        AppContext.setSecurityContext(null);
    }
}
Also used : UserSession(com.haulmont.cuba.security.global.UserSession) SecurityContext(com.haulmont.cuba.core.sys.SecurityContext) UUID(java.util.UUID) LogFileNotFoundException(com.haulmont.cuba.core.sys.logging.LogFileNotFoundException) IOException(java.io.IOException)

Example 25 with SecurityContext

use of com.haulmont.cuba.core.sys.SecurityContext in project cuba by cuba-platform.

the class BaseIdpSessionFilter method getWebAppUrl.

protected String getWebAppUrl() {
    if (webAppUrl == null) {
        synchronized (this) {
            if (webAppUrl == null) {
                UserSession systemSession;
                try {
                    systemSession = trustedClientService.getSystemSession(webAuthConfig.getTrustedClientPassword());
                } catch (LoginException e) {
                    throw new RuntimeException("Unable to get systemSession", e);
                }
                // webAppUrl can be overridden in DB, thus we need SecurityContext to obtain it from middleware
                withSecurityContext(new SecurityContext(systemSession), () -> {
                    String webAppUrl = globalConfig.getWebAppUrl();
                    if (!webAppUrl.endsWith("/")) {
                        webAppUrl += "/";
                    }
                    this.webAppUrl = webAppUrl;
                });
            }
        }
    }
    return this.webAppUrl;
}
Also used : UserSession(com.haulmont.cuba.security.global.UserSession) SecurityContext(com.haulmont.cuba.core.sys.SecurityContext) AppContext.withSecurityContext(com.haulmont.cuba.core.sys.AppContext.withSecurityContext) LoginException(com.haulmont.cuba.security.global.LoginException)

Aggregations

SecurityContext (com.haulmont.cuba.core.sys.SecurityContext)43 UserSession (com.haulmont.cuba.security.global.UserSession)29 LoginException (com.haulmont.cuba.security.global.LoginException)13 UUID (java.util.UUID)10 NoUserSessionException (com.haulmont.cuba.security.global.NoUserSessionException)8 IOException (java.io.IOException)8 FileStorageException (com.haulmont.cuba.core.global.FileStorageException)6 AppContext.withSecurityContext (com.haulmont.cuba.core.sys.AppContext.withSecurityContext)6 RequestMapping (org.springframework.web.bind.annotation.RequestMapping)6 FileDescriptor (com.haulmont.cuba.core.entity.FileDescriptor)5 Locale (java.util.Locale)5 Transaction (com.haulmont.cuba.core.Transaction)3 AppContext.getSecurityContext (com.haulmont.cuba.core.sys.AppContext.getSecurityContext)3 AppContext.setSecurityContext (com.haulmont.cuba.core.sys.AppContext.setSecurityContext)3 TrustedClientCredentials (com.haulmont.cuba.security.auth.TrustedClientCredentials)3 InvocationTargetException (java.lang.reflect.InvocationTargetException)3 Nonnull (javax.annotation.Nonnull)3 LogFileNotFoundException (com.haulmont.cuba.core.sys.logging.LogFileNotFoundException)2 LoginPasswordCredentials (com.haulmont.cuba.security.auth.LoginPasswordCredentials)2 SystemUserCredentials (com.haulmont.cuba.security.auth.SystemUserCredentials)2