Search in sources :

Example 36 with UserSession

use of com.haulmont.cuba.security.global.UserSession in project cuba by cuba-platform.

the class LogDownloadController method getLogFile.

@RequestMapping(value = "/log/{file:[a-zA-Z0-9\\.\\-_]+}", method = RequestMethod.GET)
public void getLogFile(HttpServletResponse response, @RequestParam(value = "s") String sessionId, @RequestParam(value = "full", required = false) Boolean downloadFull, @PathVariable(value = "file") String logFileName) throws IOException {
    UserSession userSession = getSession(sessionId, response);
    if (userSession == null)
        return;
    if (!userSession.isSpecificPermitted("cuba.gui.administration.downloadlogs")) {
        response.sendError(HttpServletResponse.SC_FORBIDDEN);
        return;
    }
    // security check, handle only valid file name
    String filename = FilenameUtils.getName(logFileName);
    try {
        File logFile = logControl.getLogFile(filename);
        response.setHeader("Cache-Control", "no-cache");
        response.setHeader("Pragma", "no-cache");
        response.setDateHeader("Expires", 0);
        response.setHeader("Content-Type", "application/zip");
        response.setHeader("Pragma", "no-cache");
        response.setHeader("Content-Disposition", "attachment; filename=" + filename);
        OutputStream outputStream = null;
        try {
            outputStream = response.getOutputStream();
            if (BooleanUtils.isTrue(downloadFull)) {
                LogArchiver.writeArchivedLogToStream(logFile, outputStream);
            } else {
                LogArchiver.writeArchivedLogTailToStream(logFile, outputStream);
            }
        } catch (RuntimeException | IOException ex) {
            log.error("Unable to download file", ex);
            response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
        } finally {
            IOUtils.closeQuietly(outputStream);
        }
    } catch (LogFileNotFoundException e) {
        response.setStatus(HttpServletResponse.SC_NOT_FOUND);
    }
}
Also used : LogFileNotFoundException(com.haulmont.cuba.core.sys.logging.LogFileNotFoundException) UserSession(com.haulmont.cuba.security.global.UserSession) OutputStream(java.io.OutputStream) IOException(java.io.IOException) File(java.io.File) RequestMapping(org.springframework.web.bind.annotation.RequestMapping)

Example 37 with UserSession

use of com.haulmont.cuba.security.global.UserSession in project cuba by cuba-platform.

the class ServiceInterceptor method aroundInvoke.

private Object aroundInvoke(ProceedingJoinPoint ctx) throws Throwable {
    SecurityContext securityContext = AppContext.getSecurityContextNN();
    boolean internalInvocation = securityContext.incServiceInvocation() > 0;
    try {
        if (internalInvocation) {
            if (logInternalServiceInvocation) {
                log.warn("Invoking '{}' from another service", ctx.getSignature());
            }
            ValidateServiceMethodContext validatedContext = getValidateServiceMethodContext(ctx);
            validateMethodParameters(ctx, validatedContext);
            Object res = ctx.proceed();
            validateMethodResult(ctx, validatedContext, res);
            return res;
        } else {
            statisticsAccumulator.incMiddlewareRequestsCount();
            try {
                // Using UserSessionsAPI directly to make sure the session's "last used" timestamp is propagated to the cluster
                UserSession userSession = userSessions.getAndRefresh(securityContext.getSessionId(), true);
                if (userSession == null) {
                    throw new NoUserSessionException(securityContext.getSessionId());
                }
                ValidateServiceMethodContext validatedContext = getValidateServiceMethodContext(ctx);
                validateMethodParameters(ctx, validatedContext);
                boolean checkTransactionOnExit = Stores.getAdditional().isEmpty() && !persistence.isInTransaction();
                log.trace("Invoking: {}, session={}", ctx.getSignature(), userSession);
                Object res = ctx.proceed();
                validateMethodResult(ctx, validatedContext, res);
                if (checkTransactionOnExit && persistence.isInTransaction()) {
                    log.warn("Open transaction left in {}", ctx.getSignature().toShortString());
                }
                return res;
            } catch (Throwable e) {
                logException(e, ctx);
                // Propagate the special exception to avoid serialization errors on remote clients
                throw new RemoteException(e);
            }
        }
    } finally {
        securityContext.decServiceInvocation();
    }
}
Also used : UserSession(com.haulmont.cuba.security.global.UserSession) NoUserSessionException(com.haulmont.cuba.security.global.NoUserSessionException)

Example 38 with UserSession

use of com.haulmont.cuba.security.global.UserSession in project cuba by cuba-platform.

the class UserSessionSourceImpl method getUserSession.

@Override
public UserSession getUserSession() {
    SecurityContext securityContext = AppContext.getSecurityContextNN();
    if (securityContext.getSession() != null && securityContext.getSession().isSystem()) {
        return securityContext.getSession();
    }
    UserSession session = userSessions.getAndRefresh(securityContext.getSessionId());
    if (session == null) {
        throw new NoUserSessionException(securityContext.getSessionId());
    }
    return session;
}
Also used : UserSession(com.haulmont.cuba.security.global.UserSession) NoUserSessionException(com.haulmont.cuba.security.global.NoUserSessionException)

Example 39 with UserSession

use of com.haulmont.cuba.security.global.UserSession in project cuba by cuba-platform.

the class TestUserSessionSource method getUserSession.

@Override
public synchronized UserSession getUserSession() {
    if (exceptionOnGetUserSession) {
        throw new NoUserSessionException(UUID.fromString(USER_ID));
    }
    if (session == null) {
        User user = new User();
        user.setId(UUID.fromString(USER_ID));
        user.setLogin("test_admin");
        user.setName("Test Administrator");
        user.setPassword(DigestUtils.md5Hex("test_admin"));
        session = new UserSession(UUID.randomUUID(), user, Collections.<Role>emptyList(), Locale.forLanguageTag("en"), false);
    }
    return session;
}
Also used : Role(com.haulmont.cuba.security.entity.Role) User(com.haulmont.cuba.security.entity.User) UserSession(com.haulmont.cuba.security.global.UserSession) NoUserSessionException(com.haulmont.cuba.security.global.NoUserSessionException)

Example 40 with UserSession

use of com.haulmont.cuba.security.global.UserSession in project cuba by cuba-platform.

the class Connection method login.

public void login(String login, String password, Locale locale) throws LoginException {
    UserSession userSession = doLogin(login, password, locale, getLoginParams());
    ClientUserSession clientUserSession = new ClientUserSession(userSession);
    clientUserSession.setAuthenticated(true);
    session = clientUserSession;
    AppContext.setSecurityContext(new SecurityContext(session));
    log.info("Logged in: {}", session);
    updateSessionClientInfo();
    connected = true;
    fireConnectionListeners();
}
Also used : ClientUserSession(com.haulmont.cuba.client.ClientUserSession) ClientUserSession(com.haulmont.cuba.client.ClientUserSession) UserSession(com.haulmont.cuba.security.global.UserSession) SecurityContext(com.haulmont.cuba.core.sys.SecurityContext)

Aggregations

UserSession (com.haulmont.cuba.security.global.UserSession)127 SecurityContext (com.haulmont.cuba.core.sys.SecurityContext)29 LoginWorker (com.haulmont.cuba.security.app.LoginWorker)25 TestUserSessionSource (com.haulmont.cuba.testsupport.TestUserSessionSource)24 LoginException (com.haulmont.cuba.security.global.LoginException)23 Test (org.junit.Test)19 User (com.haulmont.cuba.security.entity.User)17 UUID (java.util.UUID)16 IOException (java.io.IOException)14 NoUserSessionException (com.haulmont.cuba.security.global.NoUserSessionException)12 ArrayList (java.util.ArrayList)11 Locale (java.util.Locale)11 List (java.util.List)10 RequestMapping (org.springframework.web.bind.annotation.RequestMapping)9 FileStorageException (com.haulmont.cuba.core.global.FileStorageException)7 LogFileNotFoundException (com.haulmont.cuba.core.sys.logging.LogFileNotFoundException)6 UserSessionSource (com.haulmont.cuba.core.global.UserSessionSource)5 HttpServletRequest (javax.servlet.http.HttpServletRequest)5 ServletRequestAttributes (org.springframework.web.context.request.ServletRequestAttributes)5 FileDescriptor (com.haulmont.cuba.core.entity.FileDescriptor)4