use of org.alfresco.repo.security.permissions.AccessDeniedException in project acs-community-packaging by Alfresco.
the class UISpaceSelector method getParentNodeId.
public String getParentNodeId(FacesContext context) {
String id = null;
if (this.navigationId != null && this.navigationId.equals(Application.getCompanyRootId(context)) == false) {
try {
ChildAssociationRef parentRef = getFastNodeService(context).getPrimaryParent(new NodeRef(Repository.getStoreRef(), this.navigationId));
id = parentRef.getParentRef().getId();
} catch (AccessDeniedException accessErr) {
// cannot navigate to parent id will be null
}
}
return id;
}
use of org.alfresco.repo.security.permissions.AccessDeniedException in project acs-community-packaging by Alfresco.
the class AdvancedSearchDialog method getGlobalSearchesRef.
/**
* @return the cached reference to the global Saved Searches folder
*/
protected NodeRef getGlobalSearchesRef() {
if (properties.getGlobalSearchesRef() == null) {
FacesContext fc = FacesContext.getCurrentInstance();
String xpath = Application.getRootPath(fc) + "/" + Application.getGlossaryFolderName(fc) + "/" + Application.getSavedSearchesFolderName(fc);
List<NodeRef> results = null;
try {
results = getSearchService().selectNodes(getNodeService().getRootNode(Repository.getStoreRef()), xpath, null, getNamespaceService(), false);
} catch (AccessDeniedException err) {
// ignore and return null
}
if (results != null && results.size() == 1) {
properties.setGlobalSearchesRef(results.get(0));
}
}
return properties.getGlobalSearchesRef();
}
use of org.alfresco.repo.security.permissions.AccessDeniedException in project acs-community-packaging by Alfresco.
the class UserShortcutsBean method getShortcuts.
/**
* @return the List of shortcut Nodes
*/
public List<Node> getShortcuts() {
if (this.shortcuts == null) {
List<String> shortcuts = null;
NodeRef prefRef = null;
UserTransaction tx = null;
boolean rollback = false;
try {
FacesContext context = FacesContext.getCurrentInstance();
tx = Repository.getUserTransaction(context);
tx.begin();
// get the shortcuts from the preferences for this user
shortcuts = getShortcutList(context);
if (shortcuts.size() != 0) {
// each shortcut node ID is persisted as a list item in a well known property
this.shortcuts = new ArrayList<Node>(shortcuts.size());
for (int i = 0; i < shortcuts.size(); i++) {
NodeRef ref = new NodeRef(Repository.getStoreRef(), shortcuts.get(i));
try {
if (this.getNodeService().exists(ref) == true) {
Node node = new Node(ref);
// quick init properties while in the usertransaction
node.getProperties();
// save ref to the Node for rendering
this.shortcuts.add(node);
} else {
// we write the node list back again afterwards to correct this
if (logger.isDebugEnabled())
logger.debug("Found invalid shortcut node Id: " + ref.getId());
}
} catch (AccessDeniedException accessErr) {
// we write the node list back again afterwards to correct this
if (logger.isDebugEnabled())
logger.debug("Found invalid shortcut node Id: " + ref.getId());
rollback = true;
}
}
} else {
this.shortcuts = new ArrayList<Node>(5);
}
if (rollback == false) {
tx.commit();
} else {
tx.rollback();
}
} catch (Throwable err) {
Utils.addErrorMessage(MessageFormat.format(Application.getMessage(FacesContext.getCurrentInstance(), Repository.ERROR_GENERIC), err.getMessage()), err);
try {
if (tx != null) {
tx.rollback();
}
} catch (Exception tex) {
}
}
// write the valid shortcut IDs back to correct invalid node refs
if (shortcuts != null && shortcuts.size() != this.shortcuts.size()) {
try {
shortcuts = new ArrayList<String>(this.shortcuts.size());
for (int i = 0; i < this.shortcuts.size(); i++) {
shortcuts.add(this.shortcuts.get(i).getId());
}
PreferencesService.getPreferences().setValue(PREF_SHORTCUTS, (Serializable) shortcuts);
} catch (Exception err) {
Utils.addErrorMessage(MessageFormat.format(Application.getMessage(FacesContext.getCurrentInstance(), Repository.ERROR_GENERIC), err.getMessage()), err);
}
}
}
return this.shortcuts;
}
use of org.alfresco.repo.security.permissions.AccessDeniedException in project acs-community-packaging by Alfresco.
the class DisplayPathConverter method getAsString.
/**
* @see javax.faces.convert.Converter#getAsString(javax.faces.context.FacesContext, javax.faces.component.UIComponent, java.lang.Object)
*/
public String getAsString(FacesContext context, UIComponent component, Object value) throws ConverterException {
String result = "";
if (value != null) {
try {
NodeService nodeService = Repository.getServiceRegistry(context).getNodeService();
Path path = null;
if (value instanceof NodeRef) {
path = nodeService.getPath((NodeRef) value);
} else if (value instanceof Path) {
path = (Path) value;
}
if (path != null) {
result = Repository.getNamePath(nodeService, path, null, "/", null);
}
} catch (AccessDeniedException accessErr) {
// use default if this occurs
} catch (InvalidNodeRefException nodeErr) {
// use default if this occurs
}
}
return result;
}
use of org.alfresco.repo.security.permissions.AccessDeniedException in project acs-community-packaging by Alfresco.
the class AuthenticationHelper method authenticate.
/**
* Helper to authenticate the current user using session based Ticket information.
* <p>
* User information is looked up in the Session. If found the ticket is retrieved and validated.
* If no User info is found or the ticket is invalid then a redirect is performed to the login page.
*
* @param forceGuest True to force a Guest login attempt
* @param allowGuest True to allow the Guest user if no user object represent
*
* @return AuthenticationStatus result.
*/
public static AuthenticationStatus authenticate(ServletContext sc, HttpServletRequest req, HttpServletResponse res, boolean forceGuest, boolean allowGuest) throws IOException {
if (logger.isDebugEnabled())
logger.debug("Authenticating the current user using session based Ticket information.");
// retrieve the User object
User user = getUser(sc, req, res);
HttpSession session = req.getSession();
// get the login bean if we're not in the portal
LoginBean loginBean = null;
if (Application.inPortalServer() == false) {
if (logger.isDebugEnabled())
logger.debug("We're not in the portal, getting the login bean.");
loginBean = (LoginBean) session.getAttribute(LOGIN_BEAN);
}
// setup the authentication context
WebApplicationContext wc = WebApplicationContextUtils.getRequiredWebApplicationContext(sc);
AuthenticationService auth = (AuthenticationService) wc.getBean(AUTHENTICATION_SERVICE);
if (logger.isDebugEnabled())
logger.debug("Force guest is: " + forceGuest);
if (user == null || forceGuest) {
if (logger.isDebugEnabled())
logger.debug("The user is null.");
// the last stored username string is cleared.
if (session.getAttribute(AuthenticationHelper.SESSION_INVALIDATED) == null) {
if (logger.isDebugEnabled())
logger.debug("The session is not invalidated.");
Cookie authCookie = getAuthCookie(req);
if (allowGuest == true && (authCookie == null || forceGuest)) {
if (logger.isDebugEnabled())
logger.debug("No previous authentication or forced Guest - attempt Guest access.");
try {
auth.authenticateAsGuest();
// if we get here then Guest access was allowed and successful
setUser(sc, req, AuthenticationUtil.getGuestUserName(), auth.getCurrentTicket(), false);
// Set up the thread context
setupThread(sc, req, res, true);
// remove the session invalidated flag
session.removeAttribute(AuthenticationHelper.SESSION_INVALIDATED);
if (logger.isDebugEnabled())
logger.debug("Successfully authenticated as guest.");
// it is the responsibilty of the caller to handle the Guest return status
return AuthenticationStatus.Guest;
} catch (AuthenticationException guestError) {
if (logger.isDebugEnabled())
logger.debug("An AuthenticationException occurred, expected if Guest access not allowed - continue to login page as usual", guestError);
} catch (AccessDeniedException accessError) {
// Guest is unable to access either properties on Person
AuthenticationService unprotAuthService = (AuthenticationService) wc.getBean(UNPROTECTED_AUTH_SERVICE);
unprotAuthService.invalidateTicket(unprotAuthService.getCurrentTicket());
unprotAuthService.clearCurrentSecurityContext();
logger.warn("Unable to login as Guest: ", accessError);
} catch (Throwable e) {
// Some other kind of serious failure to report
AuthenticationService unprotAuthService = (AuthenticationService) wc.getBean(UNPROTECTED_AUTH_SERVICE);
unprotAuthService.invalidateTicket(unprotAuthService.getCurrentTicket());
unprotAuthService.clearCurrentSecurityContext();
throw new AlfrescoRuntimeException("Failed to authenticate as Guest user.", e);
}
}
}
if (logger.isDebugEnabled())
logger.debug("Session invalidated - return to login screen.");
return AuthenticationStatus.Failure;
} else {
if (logger.isDebugEnabled())
logger.debug("The user is: " + user.getUserName());
// set last authentication username cookie value
String loginName;
if (loginBean != null && (loginName = loginBean.getUsernameInternal()) != null) {
if (logger.isDebugEnabled())
logger.debug("Set last authentication username cookie value");
setUsernameCookie(req, res, loginName);
}
// Set up the thread context
setupThread(sc, req, res, true);
return AuthenticationStatus.Success;
}
}
Aggregations