Search in sources :

Example 31 with UserSession

use of com.haulmont.cuba.security.global.UserSession in project cuba by cuba-platform.

the class UserSessionManager method createSession.

/**
 * Create a new session from existing for another user and fill it with security data for that new user.
 * Must be called inside a transaction.
 * @param src   existing session
 * @param user  another user instance
 * @return      new session with the same ID as existing
 */
public UserSession createSession(UserSession src, User user) {
    List<Role> roles = new ArrayList<>();
    for (UserRole userRole : user.getUserRoles()) {
        if (userRole.getRole() != null) {
            roles.add(userRole.getRole());
        }
    }
    UserSession session = new UserSession(src, user, roles, src.getLocale());
    compilePermissions(session, roles);
    if (user.getGroup() == null)
        throw new IllegalStateException("User is not in a Group");
    compileConstraints(session, user.getGroup());
    compileSessionAttributes(session, user.getGroup());
    return session;
}
Also used : UserSession(com.haulmont.cuba.security.global.UserSession) ArrayList(java.util.ArrayList)

Example 32 with UserSession

use of com.haulmont.cuba.security.global.UserSession in project cuba by cuba-platform.

the class UserSessionManager method getPermissionValue.

public Integer getPermissionValue(User user, PermissionType permissionType, String target) {
    Integer result;
    List<Role> roles = new ArrayList<>();
    Transaction tx = persistence.createTransaction();
    try {
        EntityManager em = persistence.getEntityManager();
        user = em.find(User.class, user.getId());
        for (UserRole userRole : user.getUserRoles()) {
            if (userRole.getRole() != null) {
                roles.add(userRole.getRole());
            }
        }
        UserSession session = new UserSession(uuidSource.createUuid(), user, roles, userSessionSource.getLocale(), false);
        compilePermissions(session, roles);
        result = session.getPermissionValue(permissionType, target);
        tx.commit();
    } finally {
        tx.end();
    }
    return result;
}
Also used : EntityManager(com.haulmont.cuba.core.EntityManager) Transaction(com.haulmont.cuba.core.Transaction) UserSession(com.haulmont.cuba.security.global.UserSession) ArrayList(java.util.ArrayList)

Example 33 with UserSession

use of com.haulmont.cuba.security.global.UserSession in project cuba by cuba-platform.

the class UserSessionManager method createSession.

/**
 * Create a new session and fill it with security data. Must be called inside a transaction.
 * @param sessionId target session id
 * @param user      user instance
 * @param locale    user locale
 * @param system    create system session
 * @return          new session instance
 */
public UserSession createSession(UUID sessionId, User user, Locale locale, boolean system) {
    List<Role> roles = new ArrayList<>();
    for (UserRole userRole : user.getUserRoles()) {
        if (userRole.getRole() != null) {
            roles.add(userRole.getRole());
        }
    }
    UserSession session = new UserSession(sessionId, user, roles, locale, system);
    compilePermissions(session, roles);
    if (user.getGroup() == null)
        throw new IllegalStateException("User is not in a Group");
    compileConstraints(session, user.getGroup());
    compileSessionAttributes(session, user.getGroup());
    return session;
}
Also used : UserSession(com.haulmont.cuba.security.global.UserSession) ArrayList(java.util.ArrayList)

Example 34 with UserSession

use of com.haulmont.cuba.security.global.UserSession in project cuba by cuba-platform.

the class FileDownloadController method download.

@RequestMapping(value = "/download", method = RequestMethod.GET)
public void download(HttpServletRequest request, HttpServletResponse response) throws IOException {
    UserSession userSession = getSession(request, response);
    if (userSession == null)
        return;
    AppContext.setSecurityContext(new SecurityContext(userSession));
    try {
        File file = null;
        FileDescriptor fd = null;
        if (request.getParameter("p") != null)
            file = getFile(request, response);
        else
            fd = getFileDescriptor(request, response);
        if (fd == null && file == null)
            return;
        response.setHeader("Cache-Control", "no-cache");
        response.setHeader("Pragma", "no-cache");
        response.setIntHeader("Expires", -1);
        response.setHeader("Content-Type", FileTypesHelper.DEFAULT_MIME_TYPE);
        InputStream is = null;
        ServletOutputStream os = null;
        try {
            is = fd != null ? fileStorage.openStream(fd) : FileUtils.openInputStream(file);
            os = response.getOutputStream();
            IOUtils.copy(is, os);
            os.flush();
        } catch (FileStorageException e) {
            log.error("Unable to download file", e);
            response.sendError(e.getType().getHttpStatus());
        } catch (Exception ex) {
            log.error("Unable to download file", ex);
            response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
        } finally {
            IOUtils.closeQuietly(is);
            IOUtils.closeQuietly(os);
        }
    } finally {
        AppContext.setSecurityContext(null);
    }
}
Also used : ServletOutputStream(javax.servlet.ServletOutputStream) InputStream(java.io.InputStream) UserSession(com.haulmont.cuba.security.global.UserSession) SecurityContext(com.haulmont.cuba.core.sys.SecurityContext) FileStorageException(com.haulmont.cuba.core.global.FileStorageException) File(java.io.File) FileDescriptor(com.haulmont.cuba.core.entity.FileDescriptor) FileStorageException(com.haulmont.cuba.core.global.FileStorageException) IOException(java.io.IOException) RequestMapping(org.springframework.web.bind.annotation.RequestMapping)

Example 35 with UserSession

use of com.haulmont.cuba.security.global.UserSession in project cuba by cuba-platform.

the class FileDownloadController method getSession.

protected UserSession getSession(HttpServletRequest request, HttpServletResponse response) throws IOException {
    UUID sessionId;
    try {
        sessionId = UUID.fromString(request.getParameter("s"));
    } catch (Exception e) {
        log.error("Error parsing sessionId from URL param", e);
        response.sendError(HttpServletResponse.SC_BAD_REQUEST);
        return null;
    }
    UserSession session = userSessions.getAndRefresh(sessionId);
    if (session == null)
        response.sendError(HttpServletResponse.SC_FORBIDDEN);
    return session;
}
Also used : UserSession(com.haulmont.cuba.security.global.UserSession) UUID(java.util.UUID) FileStorageException(com.haulmont.cuba.core.global.FileStorageException) IOException(java.io.IOException)

Aggregations

UserSession (com.haulmont.cuba.security.global.UserSession)127 SecurityContext (com.haulmont.cuba.core.sys.SecurityContext)29 LoginWorker (com.haulmont.cuba.security.app.LoginWorker)25 TestUserSessionSource (com.haulmont.cuba.testsupport.TestUserSessionSource)24 LoginException (com.haulmont.cuba.security.global.LoginException)23 Test (org.junit.Test)19 User (com.haulmont.cuba.security.entity.User)17 UUID (java.util.UUID)16 IOException (java.io.IOException)14 NoUserSessionException (com.haulmont.cuba.security.global.NoUserSessionException)12 ArrayList (java.util.ArrayList)11 Locale (java.util.Locale)11 List (java.util.List)10 RequestMapping (org.springframework.web.bind.annotation.RequestMapping)9 FileStorageException (com.haulmont.cuba.core.global.FileStorageException)7 LogFileNotFoundException (com.haulmont.cuba.core.sys.logging.LogFileNotFoundException)6 UserSessionSource (com.haulmont.cuba.core.global.UserSessionSource)5 HttpServletRequest (javax.servlet.http.HttpServletRequest)5 ServletRequestAttributes (org.springframework.web.context.request.ServletRequestAttributes)5 FileDescriptor (com.haulmont.cuba.core.entity.FileDescriptor)4