Example 31 with UserSession
use of com.haulmont.cuba.security.global.UserSession in project cuba by cuba-platform.
the class UserSessionManager method createSession.
/**
* Create a new session from existing for another user and fill it with security data for that new user.
* Must be called inside a transaction.
* @param src existing session
* @param user another user instance
* @return new session with the same ID as existing
*/
public UserSession createSession(UserSession src, User user) {
List<Role> roles = new ArrayList<>();
for (UserRole userRole : user.getUserRoles()) {
if (userRole.getRole() != null) {
roles.add(userRole.getRole());
}
}
UserSession session = new UserSession(src, user, roles, src.getLocale());
compilePermissions(session, roles);
if (user.getGroup() == null)
throw new IllegalStateException("User is not in a Group");
compileConstraints(session, user.getGroup());
compileSessionAttributes(session, user.getGroup());
return session;
}
Also used :
UserSession(com.haulmont.cuba.security.global.UserSession)
ArrayList(java.util.ArrayList)
Example 32 with UserSession
use of com.haulmont.cuba.security.global.UserSession in project cuba by cuba-platform.
the class UserSessionManager method getPermissionValue.
public Integer getPermissionValue(User user, PermissionType permissionType, String target) {
Integer result;
List<Role> roles = new ArrayList<>();
Transaction tx = persistence.createTransaction();
try {
EntityManager em = persistence.getEntityManager();
user = em.find(User.class, user.getId());
for (UserRole userRole : user.getUserRoles()) {
if (userRole.getRole() != null) {
roles.add(userRole.getRole());
}
}
UserSession session = new UserSession(uuidSource.createUuid(), user, roles, userSessionSource.getLocale(), false);
compilePermissions(session, roles);
result = session.getPermissionValue(permissionType, target);
tx.commit();
} finally {
tx.end();
}
return result;
}
Also used :
EntityManager(com.haulmont.cuba.core.EntityManager)
Transaction(com.haulmont.cuba.core.Transaction)
UserSession(com.haulmont.cuba.security.global.UserSession)
ArrayList(java.util.ArrayList)
Example 33 with UserSession
use of com.haulmont.cuba.security.global.UserSession in project cuba by cuba-platform.
the class UserSessionManager method createSession.
/**
* Create a new session and fill it with security data. Must be called inside a transaction.
* @param sessionId target session id
* @param user user instance
* @param locale user locale
* @param system create system session
* @return new session instance
*/
public UserSession createSession(UUID sessionId, User user, Locale locale, boolean system) {
List<Role> roles = new ArrayList<>();
for (UserRole userRole : user.getUserRoles()) {
if (userRole.getRole() != null) {
roles.add(userRole.getRole());
}
}
UserSession session = new UserSession(sessionId, user, roles, locale, system);
compilePermissions(session, roles);
if (user.getGroup() == null)
throw new IllegalStateException("User is not in a Group");
compileConstraints(session, user.getGroup());
compileSessionAttributes(session, user.getGroup());
return session;
}
Also used :
UserSession(com.haulmont.cuba.security.global.UserSession)
ArrayList(java.util.ArrayList)
Example 34 with UserSession
use of com.haulmont.cuba.security.global.UserSession in project cuba by cuba-platform.
the class FileDownloadController method download.
@RequestMapping(value = "/download", method = RequestMethod.GET)
public void download(HttpServletRequest request, HttpServletResponse response) throws IOException {
UserSession userSession = getSession(request, response);
if (userSession == null)
return;
AppContext.setSecurityContext(new SecurityContext(userSession));
try {
File file = null;
FileDescriptor fd = null;
if (request.getParameter("p") != null)
file = getFile(request, response);
else
fd = getFileDescriptor(request, response);
if (fd == null && file == null)
return;
response.setHeader("Cache-Control", "no-cache");
response.setHeader("Pragma", "no-cache");
response.setIntHeader("Expires", -1);
response.setHeader("Content-Type", FileTypesHelper.DEFAULT_MIME_TYPE);
InputStream is = null;
ServletOutputStream os = null;
try {
is = fd != null ? fileStorage.openStream(fd) : FileUtils.openInputStream(file);
os = response.getOutputStream();
IOUtils.copy(is, os);
os.flush();
} catch (FileStorageException e) {
log.error("Unable to download file", e);
response.sendError(e.getType().getHttpStatus());
} catch (Exception ex) {
log.error("Unable to download file", ex);
response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
} finally {
IOUtils.closeQuietly(is);
IOUtils.closeQuietly(os);
}
} finally {
AppContext.setSecurityContext(null);
}
}
Also used :
ServletOutputStream(javax.servlet.ServletOutputStream)
InputStream(java.io.InputStream)
UserSession(com.haulmont.cuba.security.global.UserSession)
SecurityContext(com.haulmont.cuba.core.sys.SecurityContext)
FileStorageException(com.haulmont.cuba.core.global.FileStorageException)
File(java.io.File)
FileDescriptor(com.haulmont.cuba.core.entity.FileDescriptor)
FileStorageException(com.haulmont.cuba.core.global.FileStorageException)
IOException(java.io.IOException)
RequestMapping(org.springframework.web.bind.annotation.RequestMapping)
Example 35 with UserSession
use of com.haulmont.cuba.security.global.UserSession in project cuba by cuba-platform.
the class FileDownloadController method getSession.
protected UserSession getSession(HttpServletRequest request, HttpServletResponse response) throws IOException {
UUID sessionId;
try {
sessionId = UUID.fromString(request.getParameter("s"));
} catch (Exception e) {
log.error("Error parsing sessionId from URL param", e);
response.sendError(HttpServletResponse.SC_BAD_REQUEST);
return null;
}
UserSession session = userSessions.getAndRefresh(sessionId);
if (session == null)
response.sendError(HttpServletResponse.SC_FORBIDDEN);
return session;
}
Also used :
UserSession(com.haulmont.cuba.security.global.UserSession)
UUID(java.util.UUID)
FileStorageException(com.haulmont.cuba.core.global.FileStorageException)
IOException(java.io.IOException)
Aggregations
UserSession (com.haulmont.cuba.security.global.UserSession)127
SecurityContext (com.haulmont.cuba.core.sys.SecurityContext)29
LoginWorker (com.haulmont.cuba.security.app.LoginWorker)25
TestUserSessionSource (com.haulmont.cuba.testsupport.TestUserSessionSource)24
LoginException (com.haulmont.cuba.security.global.LoginException)23
Test (org.junit.Test)19
User (com.haulmont.cuba.security.entity.User)17
UUID (java.util.UUID)16
IOException (java.io.IOException)14
NoUserSessionException (com.haulmont.cuba.security.global.NoUserSessionException)12
ArrayList (java.util.ArrayList)11
Locale (java.util.Locale)11
List (java.util.List)10
RequestMapping (org.springframework.web.bind.annotation.RequestMapping)9
FileStorageException (com.haulmont.cuba.core.global.FileStorageException)7
LogFileNotFoundException (com.haulmont.cuba.core.sys.logging.LogFileNotFoundException)6
UserSessionSource (com.haulmont.cuba.core.global.UserSessionSource)5
HttpServletRequest (javax.servlet.http.HttpServletRequest)5
ServletRequestAttributes (org.springframework.web.context.request.ServletRequestAttributes)5
FileDescriptor (com.haulmont.cuba.core.entity.FileDescriptor)4
