Search in sources :

Example 61 with UserSession

use of com.haulmont.cuba.security.global.UserSession in project cuba by cuba-platform.

the class FileDownloadController method download.

@RequestMapping(value = "/download", method = RequestMethod.GET)
public ModelAndView download(HttpServletRequest request, HttpServletResponse response) throws IOException {
    UserSession userSession = getSession(request, response);
    if (userSession == null) {
        error(response);
        return null;
    }
    AppContext.setSecurityContext(new SecurityContext(userSession));
    try {
        UUID fileId;
        try {
            fileId = UUID.fromString(request.getParameter("f"));
        } catch (Exception e) {
            log.error(e.toString());
            error(response);
            return null;
        }
        FileDescriptor fd = dataService.load(LoadContext.create(FileDescriptor.class).setId(fileId));
        if (fd == null) {
            log.warn("Unable to find file with id {}", fileId);
            error(response);
            return null;
        }
        String fileName = URLEncodeUtils.encodeUtf8(fd.getName());
        response.setHeader(HttpHeaders.CACHE_CONTROL, "no-cache");
        response.setDateHeader(HttpHeaders.EXPIRES, 0);
        response.setHeader(HttpHeaders.CONTENT_TYPE, getContentType(fd));
        response.setHeader(HttpHeaders.PRAGMA, "no-cache");
        boolean attach = Boolean.valueOf(request.getParameter("a"));
        response.setHeader("Content-Disposition", (attach ? "attachment" : "inline") + "; filename=" + fileName);
        downloadFromMiddlewareAndWriteResponse(fd, response);
    } finally {
        AppContext.setSecurityContext(null);
    }
    return null;
}
Also used : UserSession(com.haulmont.cuba.security.global.UserSession) SecurityContext(com.haulmont.cuba.core.sys.SecurityContext) UUID(java.util.UUID) FileStorageException(com.haulmont.cuba.core.global.FileStorageException) IOException(java.io.IOException) NoUserSessionException(com.haulmont.cuba.security.global.NoUserSessionException) FileDescriptor(com.haulmont.cuba.core.entity.FileDescriptor) RequestMapping(org.springframework.web.bind.annotation.RequestMapping)

Example 62 with UserSession

use of com.haulmont.cuba.security.global.UserSession in project cuba by cuba-platform.

the class LogDownloadController method getSession.

protected UserSession getSession(String sessionId, HttpServletResponse response) throws IOException {
    UUID sessionUUID;
    try {
        sessionUUID = UUID.fromString(sessionId);
    } catch (Exception e) {
        log.error("Error parsing sessionId from URL param", e);
        response.sendError(HttpServletResponse.SC_BAD_REQUEST);
        return null;
    }
    AppContext.setSecurityContext(new SecurityContext(sessionUUID));
    try {
        UserSession session = userSessionService.getUserSession(sessionUUID);
        if (session == null)
            response.sendError(HttpServletResponse.SC_FORBIDDEN);
        return session;
    } finally {
        AppContext.setSecurityContext(null);
    }
}
Also used : UserSession(com.haulmont.cuba.security.global.UserSession) SecurityContext(com.haulmont.cuba.core.sys.SecurityContext) UUID(java.util.UUID) LogFileNotFoundException(com.haulmont.cuba.core.sys.logging.LogFileNotFoundException) IOException(java.io.IOException)

Example 63 with UserSession

use of com.haulmont.cuba.security.global.UserSession in project cuba by cuba-platform.

the class LogDownloadController method getLogFile.

@RequestMapping(value = "/log/{file:[a-zA-Z0-9\\.\\-_]+}", method = RequestMethod.GET)
public void getLogFile(HttpServletResponse response, @RequestParam(value = "s") String sessionId, @RequestParam(value = "full", required = false) Boolean downloadFull, @PathVariable(value = "file") String logFileName) throws IOException {
    UserSession userSession = getSession(sessionId, response);
    if (userSession == null)
        return;
    if (!userSession.isSpecificPermitted("cuba.gui.administration.downloadlogs")) {
        response.sendError(HttpServletResponse.SC_FORBIDDEN);
        return;
    }
    // security check, handle only valid file name
    String filename = FilenameUtils.getName(logFileName);
    try {
        File logFile = logControl.getLogFile(filename);
        response.setHeader("Cache-Control", "no-cache");
        response.setHeader("Pragma", "no-cache");
        response.setDateHeader("Expires", 0);
        response.setHeader("Content-Type", "application/zip");
        response.setHeader("Pragma", "no-cache");
        response.setHeader("Content-Disposition", "attachment; filename=" + filename + ".zip");
        OutputStream outputStream = null;
        try {
            outputStream = response.getOutputStream();
            if (BooleanUtils.isTrue(downloadFull)) {
                LogArchiver.writeArchivedLogToStream(logFile, outputStream);
            } else {
                LogArchiver.writeArchivedLogTailToStream(logFile, outputStream);
            }
        } catch (RuntimeException | IOException ex) {
            log.error("Unable to download file", ex);
            response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
        } finally {
            IOUtils.closeQuietly(outputStream);
        }
    } catch (LogFileNotFoundException e) {
        response.setStatus(HttpServletResponse.SC_NOT_FOUND);
    }
}
Also used : LogFileNotFoundException(com.haulmont.cuba.core.sys.logging.LogFileNotFoundException) UserSession(com.haulmont.cuba.security.global.UserSession) OutputStream(java.io.OutputStream) IOException(java.io.IOException) File(java.io.File) RequestMapping(org.springframework.web.bind.annotation.RequestMapping)

Example 64 with UserSession

use of com.haulmont.cuba.security.global.UserSession in project cuba by cuba-platform.

the class App method setLocale.

public void setLocale(Locale locale) {
    UserSession session = getConnection().getSession();
    if (session != null) {
        session.setLocale(locale);
    }
    AppUI currentUi = AppUI.getCurrent();
    // it can be null if we handle request in a custom RequestHandler
    if (currentUi != null) {
        currentUi.setLocale(locale);
        currentUi.updateClientSystemMessages(locale);
    }
    VaadinSession.getCurrent().setLocale(locale);
    for (AppUI ui : getAppUIs()) {
        if (ui != currentUi) {
            ui.accessSynchronously(() -> {
                ui.setLocale(locale);
                ui.updateClientSystemMessages(locale);
            });
        }
    }
}
Also used : UserSession(com.haulmont.cuba.security.global.UserSession)

Example 65 with UserSession

use of com.haulmont.cuba.security.global.UserSession in project cuba by cuba-platform.

the class AppUI method refresh.

@Override
protected void refresh(VaadinRequest request) {
    super.refresh(request);
    boolean sessionIsAlive = true;
    Connection connection = app.getConnection();
    if (connection.isAuthenticated()) {
        // Ping middleware session if connected
        log.debug("Ping middleware session");
        try {
            UserSession session = connection.getSession();
            if (session instanceof ClientUserSession && ((ClientUserSession) session).isAuthenticated()) {
                userSessionService.getUserSession(session.getId());
            }
        } catch (Exception e) {
            sessionIsAlive = false;
            app.exceptionHandlers.handle(new com.vaadin.server.ErrorEvent(e));
        }
        if (sessionIsAlive) {
            events.publish(new SessionHeartbeatEvent(app));
        }
    }
    if (sessionIsAlive) {
        events.publish(new UIRefreshEvent(this));
    }
}
Also used : ClientUserSession(com.haulmont.cuba.client.ClientUserSession) SessionHeartbeatEvent(com.haulmont.cuba.web.security.events.SessionHeartbeatEvent) ClientUserSession(com.haulmont.cuba.client.ClientUserSession) UserSession(com.haulmont.cuba.security.global.UserSession) LoginException(com.haulmont.cuba.security.global.LoginException) UIRefreshEvent(com.haulmont.cuba.web.events.UIRefreshEvent)

Aggregations

UserSession (com.haulmont.cuba.security.global.UserSession)127 SecurityContext (com.haulmont.cuba.core.sys.SecurityContext)29 LoginWorker (com.haulmont.cuba.security.app.LoginWorker)25 TestUserSessionSource (com.haulmont.cuba.testsupport.TestUserSessionSource)24 LoginException (com.haulmont.cuba.security.global.LoginException)23 Test (org.junit.Test)19 User (com.haulmont.cuba.security.entity.User)17 UUID (java.util.UUID)16 IOException (java.io.IOException)14 NoUserSessionException (com.haulmont.cuba.security.global.NoUserSessionException)12 ArrayList (java.util.ArrayList)11 Locale (java.util.Locale)11 List (java.util.List)10 RequestMapping (org.springframework.web.bind.annotation.RequestMapping)9 FileStorageException (com.haulmont.cuba.core.global.FileStorageException)7 LogFileNotFoundException (com.haulmont.cuba.core.sys.logging.LogFileNotFoundException)6 UserSessionSource (com.haulmont.cuba.core.global.UserSessionSource)5 HttpServletRequest (javax.servlet.http.HttpServletRequest)5 ServletRequestAttributes (org.springframework.web.context.request.ServletRequestAttributes)5 FileDescriptor (com.haulmont.cuba.core.entity.FileDescriptor)4