Search in sources :

Example 1 with UserSession

use of com.haulmont.cuba.security.global.UserSession in project cuba by cuba-platform.

the class AnonymousSessionHolder method loginAsAnonymous.

protected UserSession loginAsAnonymous() {
    String login = portalConfig.getAnonymousUserLogin();
    String password = portalConfig.getTrustedClientPassword();
    UserSession userSession;
    try {
        String portalLocationString = getPortalNetworkLocation();
        String portalClientInfo = "Portal Anonymous Session";
        if (StringUtils.isNotBlank(portalLocationString)) {
            portalClientInfo += " (" + portalLocationString + ")";
        }
        TrustedClientCredentials credentials = new TrustedClientCredentials(login, password, messagesTools.getDefaultLocale());
        credentials.setClientType(ClientType.PORTAL);
        credentials.setClientInfo(portalClientInfo);
        credentials.setParams(ParamsMap.of(ClientType.class.getName(), AppContext.getProperty("cuba.clientType"), SessionParams.CLIENT_INFO.getId(), portalClientInfo));
        userSession = authenticationService.login(credentials).getSession();
    } catch (LoginException e) {
        throw new NoMiddlewareConnectionException("Unable to login as anonymous portal user", e);
    } catch (Exception e) {
        throw new NoMiddlewareConnectionException("Unable to connect to middleware services", e);
    }
    return userSession;
}
Also used : NoMiddlewareConnectionException(com.haulmont.cuba.portal.sys.exceptions.NoMiddlewareConnectionException) UserSession(com.haulmont.cuba.security.global.UserSession) LoginException(com.haulmont.cuba.security.global.LoginException) TrustedClientCredentials(com.haulmont.cuba.security.auth.TrustedClientCredentials) NoMiddlewareConnectionException(com.haulmont.cuba.portal.sys.exceptions.NoMiddlewareConnectionException) LoginException(com.haulmont.cuba.security.global.LoginException) NoUserSessionException(com.haulmont.cuba.security.global.NoUserSessionException)

Example 2 with UserSession

use of com.haulmont.cuba.security.global.UserSession in project cuba by cuba-platform.

the class Authentication method begin.

/**
 * Begin authenticated block of code.
 *
 * @param sessionId {@link UserSession} id
 * @return true if the given session id is valid and authentication is successful
 */
public boolean begin(String sessionId) {
    UUID uuid;
    try {
        uuid = UuidProvider.fromString(sessionId);
    } catch (Exception e) {
        log.warn("Invalid user session ID: " + e.toString());
        return false;
    }
    UserSession session;
    try {
        session = trustedClientService.findSession(restApiConfig.getTrustedClientPassword(), uuid);
    } catch (LoginException e) {
        throw new RuntimeException("Unable to login with trusted client password");
    }
    if (session == null) {
        log.warn("User session " + uuid + " does not exist");
        return false;
    }
    if (!session.isSpecificPermitted(PERMISSION_NAME)) {
        log.warn(PERMISSION_NAME + " is not permitted for user " + session.getUser().getLogin());
        return false;
    }
    AppContext.setSecurityContext(new SecurityContext(session));
    return true;
}
Also used : UserSession(com.haulmont.cuba.security.global.UserSession) SecurityContext(com.haulmont.cuba.core.sys.SecurityContext) LoginException(com.haulmont.cuba.security.global.LoginException) UUID(java.util.UUID) LoginException(com.haulmont.cuba.security.global.LoginException)

Example 3 with UserSession

use of com.haulmont.cuba.security.global.UserSession in project cuba by cuba-platform.

the class FileUploadController method upload.

@RequestMapping(value = "/api/upload", method = RequestMethod.POST)
public void upload(HttpServletRequest request, HttpServletResponse response) throws IOException {
    UserSession userSession = getSession(request, response);
    if (userSession == null)
        return;
    AppContext.setSecurityContext(new SecurityContext(userSession));
    try {
        InputStream is = request.getInputStream();
        if (is == null) {
            response.sendError(HttpServletResponse.SC_BAD_REQUEST);
            return;
        }
        FileDescriptor fd = getFileDescriptor(request, response);
        if (fd == null)
            return;
        try {
            uploadToMiddleware(userSession, is, fd);
            saveFileDescriptor(fd);
            response.setStatus(HttpServletResponse.SC_OK);
            PrintWriter writer = new PrintWriter(new OutputStreamWriter(response.getOutputStream(), StandardCharsets.UTF_8));
            writer.write(fd.getId().toString());
            writer.close();
        } catch (FileStorageException e) {
            log.error("Unable to upload file", e);
            response.sendError(e.getType().getHttpStatus());
        } finally {
            IOUtils.closeQuietly(is);
        }
    } finally {
        AppContext.setSecurityContext(null);
    }
}
Also used : UserSession(com.haulmont.cuba.security.global.UserSession) SecurityContext(com.haulmont.cuba.core.sys.SecurityContext) FileStorageException(com.haulmont.cuba.core.global.FileStorageException) FileDescriptor(com.haulmont.cuba.core.entity.FileDescriptor) RequestMapping(org.springframework.web.bind.annotation.RequestMapping)

Example 4 with UserSession

use of com.haulmont.cuba.security.global.UserSession in project cuba by cuba-platform.

the class RestFileDownloadController method download.

@RequestMapping(value = "/api/download", method = RequestMethod.GET)
public ModelAndView download(HttpServletRequest request, HttpServletResponse response) throws IOException {
    UserSession userSession = getSession(request, response);
    if (userSession == null) {
        error(response);
        return null;
    }
    AppContext.setSecurityContext(new SecurityContext(userSession));
    try {
        UUID fileId;
        try {
            fileId = UUID.fromString(request.getParameter("f"));
        } catch (Exception e) {
            log.error(e.toString());
            error(response);
            return null;
        }
        FileDescriptor fd = dataService.load(new LoadContext<>(FileDescriptor.class).setId(fileId));
        if (fd == null) {
            log.warn("Unable to find file with id " + fileId);
            error(response);
            return null;
        }
        String fileName = URLEncodeUtils.encodeUtf8(fd.getName());
        response.setHeader("Cache-Control", "no-cache");
        response.setHeader("Pragma", "no-cache");
        response.setDateHeader("Expires", 0);
        response.setHeader("Content-Type", getContentType(fd));
        response.setHeader("Pragma", "no-cache");
        boolean attach = Boolean.valueOf(request.getParameter("a"));
        response.setHeader("Content-Disposition", (attach ? "attachment" : "inline") + "; filename=" + fileName);
        writeResponse(response, userSession, fd);
    } finally {
        AppContext.setSecurityContext(null);
    }
    return null;
}
Also used : UserSession(com.haulmont.cuba.security.global.UserSession) SecurityContext(com.haulmont.cuba.core.sys.SecurityContext) LoadContext(com.haulmont.cuba.core.global.LoadContext) UUID(java.util.UUID) IOException(java.io.IOException) NoUserSessionException(com.haulmont.cuba.security.global.NoUserSessionException) FileDescriptor(com.haulmont.cuba.core.entity.FileDescriptor) RequestMapping(org.springframework.web.bind.annotation.RequestMapping)

Example 5 with UserSession

use of com.haulmont.cuba.security.global.UserSession in project cuba by cuba-platform.

the class RestFileDownloadController method getSession.

protected UserSession getSession(HttpServletRequest request, HttpServletResponse response) {
    UUID sessionId;
    try {
        sessionId = UUID.fromString(request.getParameter("s"));
    } catch (Exception e) {
        return null;
    }
    AppContext.setSecurityContext(new SecurityContext(sessionId));
    try {
        UserSession userSession = userSessionService.getUserSession(sessionId);
        return userSession;
    } catch (NoUserSessionException e) {
        return null;
    } finally {
        AppContext.setSecurityContext(null);
    }
}
Also used : UserSession(com.haulmont.cuba.security.global.UserSession) SecurityContext(com.haulmont.cuba.core.sys.SecurityContext) UUID(java.util.UUID) IOException(java.io.IOException) NoUserSessionException(com.haulmont.cuba.security.global.NoUserSessionException) NoUserSessionException(com.haulmont.cuba.security.global.NoUserSessionException)

Aggregations

UserSession (com.haulmont.cuba.security.global.UserSession)127 SecurityContext (com.haulmont.cuba.core.sys.SecurityContext)29 LoginWorker (com.haulmont.cuba.security.app.LoginWorker)25 TestUserSessionSource (com.haulmont.cuba.testsupport.TestUserSessionSource)24 LoginException (com.haulmont.cuba.security.global.LoginException)23 Test (org.junit.Test)19 User (com.haulmont.cuba.security.entity.User)17 UUID (java.util.UUID)16 IOException (java.io.IOException)14 NoUserSessionException (com.haulmont.cuba.security.global.NoUserSessionException)12 ArrayList (java.util.ArrayList)11 Locale (java.util.Locale)11 List (java.util.List)10 RequestMapping (org.springframework.web.bind.annotation.RequestMapping)9 FileStorageException (com.haulmont.cuba.core.global.FileStorageException)7 LogFileNotFoundException (com.haulmont.cuba.core.sys.logging.LogFileNotFoundException)6 UserSessionSource (com.haulmont.cuba.core.global.UserSessionSource)5 HttpServletRequest (javax.servlet.http.HttpServletRequest)5 ServletRequestAttributes (org.springframework.web.context.request.ServletRequestAttributes)5 FileDescriptor (com.haulmont.cuba.core.entity.FileDescriptor)4