use of com.haulmont.cuba.security.global.UserSession in project cuba by cuba-platform.
the class AnonymousSessionHolder method loginAsAnonymous.
protected UserSession loginAsAnonymous() {
String login = portalConfig.getAnonymousUserLogin();
String password = portalConfig.getTrustedClientPassword();
UserSession userSession;
try {
String portalLocationString = getPortalNetworkLocation();
String portalClientInfo = "Portal Anonymous Session";
if (StringUtils.isNotBlank(portalLocationString)) {
portalClientInfo += " (" + portalLocationString + ")";
}
TrustedClientCredentials credentials = new TrustedClientCredentials(login, password, messagesTools.getDefaultLocale());
credentials.setClientType(ClientType.PORTAL);
credentials.setClientInfo(portalClientInfo);
credentials.setParams(ParamsMap.of(ClientType.class.getName(), AppContext.getProperty("cuba.clientType"), SessionParams.CLIENT_INFO.getId(), portalClientInfo));
userSession = authenticationService.login(credentials).getSession();
} catch (LoginException e) {
throw new NoMiddlewareConnectionException("Unable to login as anonymous portal user", e);
} catch (Exception e) {
throw new NoMiddlewareConnectionException("Unable to connect to middleware services", e);
}
return userSession;
}
use of com.haulmont.cuba.security.global.UserSession in project cuba by cuba-platform.
the class Authentication method begin.
/**
* Begin authenticated block of code.
*
* @param sessionId {@link UserSession} id
* @return true if the given session id is valid and authentication is successful
*/
public boolean begin(String sessionId) {
UUID uuid;
try {
uuid = UuidProvider.fromString(sessionId);
} catch (Exception e) {
log.warn("Invalid user session ID: " + e.toString());
return false;
}
UserSession session;
try {
session = trustedClientService.findSession(restApiConfig.getTrustedClientPassword(), uuid);
} catch (LoginException e) {
throw new RuntimeException("Unable to login with trusted client password");
}
if (session == null) {
log.warn("User session " + uuid + " does not exist");
return false;
}
if (!session.isSpecificPermitted(PERMISSION_NAME)) {
log.warn(PERMISSION_NAME + " is not permitted for user " + session.getUser().getLogin());
return false;
}
AppContext.setSecurityContext(new SecurityContext(session));
return true;
}
use of com.haulmont.cuba.security.global.UserSession in project cuba by cuba-platform.
the class FileUploadController method upload.
@RequestMapping(value = "/api/upload", method = RequestMethod.POST)
public void upload(HttpServletRequest request, HttpServletResponse response) throws IOException {
UserSession userSession = getSession(request, response);
if (userSession == null)
return;
AppContext.setSecurityContext(new SecurityContext(userSession));
try {
InputStream is = request.getInputStream();
if (is == null) {
response.sendError(HttpServletResponse.SC_BAD_REQUEST);
return;
}
FileDescriptor fd = getFileDescriptor(request, response);
if (fd == null)
return;
try {
uploadToMiddleware(userSession, is, fd);
saveFileDescriptor(fd);
response.setStatus(HttpServletResponse.SC_OK);
PrintWriter writer = new PrintWriter(new OutputStreamWriter(response.getOutputStream(), StandardCharsets.UTF_8));
writer.write(fd.getId().toString());
writer.close();
} catch (FileStorageException e) {
log.error("Unable to upload file", e);
response.sendError(e.getType().getHttpStatus());
} finally {
IOUtils.closeQuietly(is);
}
} finally {
AppContext.setSecurityContext(null);
}
}
use of com.haulmont.cuba.security.global.UserSession in project cuba by cuba-platform.
the class RestFileDownloadController method download.
@RequestMapping(value = "/api/download", method = RequestMethod.GET)
public ModelAndView download(HttpServletRequest request, HttpServletResponse response) throws IOException {
UserSession userSession = getSession(request, response);
if (userSession == null) {
error(response);
return null;
}
AppContext.setSecurityContext(new SecurityContext(userSession));
try {
UUID fileId;
try {
fileId = UUID.fromString(request.getParameter("f"));
} catch (Exception e) {
log.error(e.toString());
error(response);
return null;
}
FileDescriptor fd = dataService.load(new LoadContext<>(FileDescriptor.class).setId(fileId));
if (fd == null) {
log.warn("Unable to find file with id " + fileId);
error(response);
return null;
}
String fileName = URLEncodeUtils.encodeUtf8(fd.getName());
response.setHeader("Cache-Control", "no-cache");
response.setHeader("Pragma", "no-cache");
response.setDateHeader("Expires", 0);
response.setHeader("Content-Type", getContentType(fd));
response.setHeader("Pragma", "no-cache");
boolean attach = Boolean.valueOf(request.getParameter("a"));
response.setHeader("Content-Disposition", (attach ? "attachment" : "inline") + "; filename=" + fileName);
writeResponse(response, userSession, fd);
} finally {
AppContext.setSecurityContext(null);
}
return null;
}
use of com.haulmont.cuba.security.global.UserSession in project cuba by cuba-platform.
the class RestFileDownloadController method getSession.
protected UserSession getSession(HttpServletRequest request, HttpServletResponse response) {
UUID sessionId;
try {
sessionId = UUID.fromString(request.getParameter("s"));
} catch (Exception e) {
return null;
}
AppContext.setSecurityContext(new SecurityContext(sessionId));
try {
UserSession userSession = userSessionService.getUserSession(sessionId);
return userSession;
} catch (NoUserSessionException e) {
return null;
} finally {
AppContext.setSecurityContext(null);
}
}
Aggregations