Search in sources :

Example 1 with SessionException

use of io.vertigo.vega.webservice.exception.SessionException in project vertigo by KleeGroup.

the class SessionWebServiceHandlerPlugin method handle.

/**
 * {@inheritDoc}
 */
@Override
public Object handle(final Request request, final Response response, final WebServiceCallContext routeContext, final HandlerChain chain) throws SessionException {
    // obtain session (create if needed)
    final Session session = request.session(true);
    final UserSession user = obtainUserSession(session);
    try {
        // Bind userSession to SecurityManager
        securityManager.startCurrentUserSession(user);
        return chain.handle(request, response, routeContext);
    } catch (final VSecurityException e) {
        if (session.isNew()) {
            // If a new session is badly use, we invalid it (light protection against DDOS)
            session.invalidate();
            // If session was just created, we translate securityException as a Session expiration.
            throw (SessionException) new SessionException("Session has expired").initCause(e);
        }
        throw e;
    } finally {
        // Unbind userSession to SecurityManager
        securityManager.stopCurrentUserSession();
    }
}
Also used : UserSession(io.vertigo.persona.security.UserSession) SessionException(io.vertigo.vega.webservice.exception.SessionException) VSecurityException(io.vertigo.vega.webservice.exception.VSecurityException) Session(spark.Session) UserSession(io.vertigo.persona.security.UserSession)

Example 2 with SessionException

use of io.vertigo.vega.webservice.exception.SessionException in project vertigo by KleeGroup.

the class RestfulServiceWebServiceHandlerPlugin method handle.

/**
 * {@inheritDoc}
 */
@Override
public Object handle(final Request request, final Response response, final WebServiceCallContext routeContext, final HandlerChain chain) throws SessionException {
    final WebServiceDefinition webServiceDefinition = routeContext.getWebServiceDefinition();
    final Object[] serviceArgs = makeArgs(routeContext);
    final Method method = webServiceDefinition.getMethod();
    final WebServices webServices = (WebServices) Home.getApp().getComponentSpace().resolve(method.getDeclaringClass());
    if (method.getName().startsWith("create")) {
        // by convention, if method starts with 'create', an http 201 status code is returned (if ok)
        response.status(HttpServletResponse.SC_CREATED);
    }
    try {
        return ClassUtil.invoke(webServices, method, serviceArgs);
    } catch (final RuntimeException e) {
        // If throwed exception was ValidationUserException, VUserException, SessionException, VSecurityException, RuntimeException
        // we re throw it
        final Throwable cause = e.getCause();
        if (cause instanceof InvocationTargetException) {
            final Throwable targetException = ((InvocationTargetException) cause).getTargetException();
            if (targetException instanceof ValidationUserException) {
                throw (ValidationUserException) targetException;
            } else if (targetException instanceof VUserException) {
                throw (VUserException) targetException;
            } else if (targetException instanceof SessionException) {
                throw (SessionException) targetException;
            } else if (targetException instanceof VSecurityException) {
                throw (VSecurityException) targetException;
            } else if (targetException instanceof RuntimeException) {
                throw (RuntimeException) targetException;
            }
        }
        throw e;
    }
}
Also used : WebServiceDefinition(io.vertigo.vega.webservice.metamodel.WebServiceDefinition) ValidationUserException(io.vertigo.vega.webservice.validation.ValidationUserException) WebServices(io.vertigo.vega.webservice.WebServices) SessionException(io.vertigo.vega.webservice.exception.SessionException) Method(java.lang.reflect.Method) InvocationTargetException(java.lang.reflect.InvocationTargetException) VSecurityException(io.vertigo.vega.webservice.exception.VSecurityException) VUserException(io.vertigo.lang.VUserException)

Example 3 with SessionException

use of io.vertigo.vega.webservice.exception.SessionException in project vertigo by KleeGroup.

the class AnalyticsWebServiceHandlerPlugin method handle.

/**
 * {@inheritDoc}
 */
@Override
public Object handle(final Request request, final Response response, final WebServiceCallContext webServiceCallContext, final HandlerChain chain) throws SessionException {
    final WebServiceDefinition webServiceDefinition = webServiceCallContext.getWebServiceDefinition();
    // On ne prend pas request.pathInfo qui peut contenir des paramètres : on en veut pas ca dans les stats
    final String name = "/" + webServiceDefinition.getVerb().name() + "/" + webServiceDefinition.getPath();
    return analyticsManager.traceWithReturn("webservices", name, tracer -> {
        try {
            return chain.handle(request, response, webServiceCallContext);
        } catch (final SessionException e) {
            throw WrappedException.wrap(e);
        }
    });
}
Also used : WebServiceDefinition(io.vertigo.vega.webservice.metamodel.WebServiceDefinition) SessionException(io.vertigo.vega.webservice.exception.SessionException)

Example 4 with SessionException

use of io.vertigo.vega.webservice.exception.SessionException in project vertigo by KleeGroup.

the class SecurityFilter method doSecurityFilter.

private void doSecurityFilter(final boolean needsAuthentification, final HttpServletRequest httpRequest, final HttpServletResponse httpResponse, final FilterChain chain) throws IOException, ServletException {
    final boolean hasSession = httpRequest.getSession(false) != null;
    // On récupère la session de l'utilisateur
    final UserSession user = obtainUserSession(httpRequest);
    try {
        // on place la session en ThreadLocal
        securityManager.startCurrentUserSession(user);
        // 1. Persistance de UserSession dans la session HTTP.
        bindUser(httpRequest, user);
        // 2. Vérification que l'utilisateur est authentifié si l'adresse demandée l'exige
        if (needsAuthentification && !user.isAuthenticated()) {
            /*
				 * Lance des exceptions - si la session a expiré - ou si aucune session utilisateur n'existe.
				 */
            httpResponse.sendError(HttpServletResponse.SC_FORBIDDEN);
            // il ne faut pas continuer
            if (!hasSession) {
                // Par défaut on considère que la session a expirer
                throw new ServletException(new SessionException("Session expirée"));
            }
        } else if (checkRequestAccess && needsAuthentification && !securityManager.isAuthorized("HttpServletRequest", httpRequest, "OP_READ")) {
            httpResponse.sendError(HttpServletResponse.SC_FORBIDDEN);
        } else {
            chain.doFilter(httpRequest, httpResponse);
        }
    } finally {
        // On retire le user du ThreadLocal (il est déjà en session)
        securityManager.stopCurrentUserSession();
    }
}
Also used : ServletException(javax.servlet.ServletException) UserSession(io.vertigo.persona.security.UserSession) SessionException(io.vertigo.vega.webservice.exception.SessionException)

Aggregations

SessionException (io.vertigo.vega.webservice.exception.SessionException)4 UserSession (io.vertigo.persona.security.UserSession)2 VSecurityException (io.vertigo.vega.webservice.exception.VSecurityException)2 WebServiceDefinition (io.vertigo.vega.webservice.metamodel.WebServiceDefinition)2 VUserException (io.vertigo.lang.VUserException)1 WebServices (io.vertigo.vega.webservice.WebServices)1 ValidationUserException (io.vertigo.vega.webservice.validation.ValidationUserException)1 InvocationTargetException (java.lang.reflect.InvocationTargetException)1 Method (java.lang.reflect.Method)1 ServletException (javax.servlet.ServletException)1 Session (spark.Session)1