use of org.apache.ofbiz.security.Security in project ofbiz-framework by apache.
the class EntityDataServices method rebuildAllIndexesAndKeys.
public static Map<String, Object> rebuildAllIndexesAndKeys(DispatchContext dctx, Map<String, Object> context) {
Delegator delegator = dctx.getDelegator();
Security security = dctx.getSecurity();
Locale locale = (Locale) context.get("locale");
// check permission
GenericValue userLogin = (GenericValue) context.get("userLogin");
if (!security.hasPermission("ENTITY_MAINT", userLogin)) {
return ServiceUtil.returnError(UtilProperties.getMessage(resource, "EntityExtServicePermissionNotGranted", locale));
}
String groupName = (String) context.get("groupName");
Boolean fixSizes = (Boolean) context.get("fixColSizes");
if (fixSizes == null)
fixSizes = Boolean.FALSE;
List<String> messages = new LinkedList<String>();
GenericHelperInfo helperInfo = delegator.getGroupHelperInfo(groupName);
DatabaseUtil dbUtil = new DatabaseUtil(helperInfo);
Map<String, ModelEntity> modelEntities;
try {
modelEntities = delegator.getModelEntityMapByGroup(groupName);
} catch (GenericEntityException e) {
Debug.logError(e, "Error getting list of entities in group: " + e.toString(), module);
return ServiceUtil.returnError(UtilProperties.getMessage(resource, "EntityExtErrorGettingListOfEntityInGroup", UtilMisc.toMap("errorString", e.toString()), locale));
}
// step 1 - remove FK indices
Debug.logImportant("Removing all foreign key indices", module);
for (ModelEntity modelEntity : modelEntities.values()) {
dbUtil.deleteForeignKeyIndices(modelEntity, messages);
}
// step 2 - remove FKs
Debug.logImportant("Removing all foreign keys", module);
for (ModelEntity modelEntity : modelEntities.values()) {
dbUtil.deleteForeignKeys(modelEntity, modelEntities, messages);
}
// step 3 - remove PKs
Debug.logImportant("Removing all primary keys", module);
for (ModelEntity modelEntity : modelEntities.values()) {
dbUtil.deletePrimaryKey(modelEntity, messages);
}
// step 4 - remove declared indices
Debug.logImportant("Removing all declared indices", module);
for (ModelEntity modelEntity : modelEntities.values()) {
dbUtil.deleteDeclaredIndices(modelEntity, messages);
}
// step 5 - repair field sizes
if (fixSizes.booleanValue()) {
Debug.logImportant("Updating column field size changes", module);
List<String> fieldsWrongSize = new LinkedList<String>();
dbUtil.checkDb(modelEntities, fieldsWrongSize, messages, true, true, true, true);
if (fieldsWrongSize.size() > 0) {
dbUtil.repairColumnSizeChanges(modelEntities, fieldsWrongSize, messages);
} else {
String thisMsg = "No field sizes to update";
messages.add(thisMsg);
Debug.logImportant(thisMsg, module);
}
}
// step 6 - create PKs
Debug.logImportant("Creating all primary keys", module);
for (ModelEntity modelEntity : modelEntities.values()) {
dbUtil.createPrimaryKey(modelEntity, messages);
}
// step 7 - create FK indices
Debug.logImportant("Creating all foreign key indices", module);
for (ModelEntity modelEntity : modelEntities.values()) {
dbUtil.createForeignKeyIndices(modelEntity, messages);
}
// step 8 - create FKs
Debug.logImportant("Creating all foreign keys", module);
for (ModelEntity modelEntity : modelEntities.values()) {
dbUtil.createForeignKeys(modelEntity, modelEntities, messages);
}
// step 8 - create FKs
Debug.logImportant("Creating all declared indices", module);
for (ModelEntity modelEntity : modelEntities.values()) {
dbUtil.createDeclaredIndices(modelEntity, messages);
}
// step 8 - checkdb
Debug.logImportant("Running DB check with add missing enabled", module);
dbUtil.checkDb(modelEntities, messages, true);
Map<String, Object> result = ServiceUtil.returnSuccess();
result.put("messages", messages);
return result;
}
use of org.apache.ofbiz.security.Security in project ofbiz-framework by apache.
the class EntityDataServices method reencryptFields.
public static Map<String, Object> reencryptFields(DispatchContext dctx, Map<String, Object> context) {
Delegator delegator = dctx.getDelegator();
Security security = dctx.getSecurity();
Locale locale = (Locale) context.get("locale");
// check permission
GenericValue userLogin = (GenericValue) context.get("userLogin");
if (!security.hasPermission("ENTITY_MAINT", userLogin)) {
return ServiceUtil.returnError(UtilProperties.getMessage(resource, "EntityExtServicePermissionNotGranted", locale));
}
String groupName = (String) context.get("groupName");
Map<String, ModelEntity> modelEntities;
try {
modelEntities = delegator.getModelEntityMapByGroup(groupName);
} catch (GenericEntityException e) {
Debug.logError(e, "Error getting list of entities in group: " + e.toString(), module);
return ServiceUtil.returnError(UtilProperties.getMessage(resource, "EntityExtErrorGettingListOfEntityInGroup", UtilMisc.toMap("errorString", e.toString()), locale));
}
for (ModelEntity modelEntity : modelEntities.values()) {
List<ModelField> fields = modelEntity.getFieldsUnmodifiable();
for (ModelField field : fields) {
if (field.getEncryptMethod().isEncrypted()) {
try {
List<GenericValue> rows = EntityQuery.use(delegator).from(modelEntity.getEntityName()).select(field.getName()).queryList();
for (GenericValue row : rows) {
row.setString(field.getName(), row.getString(field.getName()));
row.store();
}
} catch (GenericEntityException gee) {
return ServiceUtil.returnError(gee.getMessage());
}
}
}
}
return ServiceUtil.returnSuccess();
}
use of org.apache.ofbiz.security.Security in project ofbiz-framework by apache.
the class EntityDataServices method importDelimitedFile.
public static Map<String, Object> importDelimitedFile(DispatchContext dctx, Map<String, Object> context) {
Delegator delegator = dctx.getDelegator();
Security security = dctx.getSecurity();
Locale locale = (Locale) context.get("locale");
// check permission
GenericValue userLogin = (GenericValue) context.get("userLogin");
if (!security.hasPermission("ENTITY_MAINT", userLogin)) {
return ServiceUtil.returnError(UtilProperties.getMessage(resource, "EntityExtServicePermissionNotGranted", locale));
}
String delimiter = (String) context.get("delimiter");
if (delimiter == null) {
// default delimiter is tab
delimiter = "\t";
}
long startTime = System.currentTimeMillis();
File file = (File) context.get("file");
int records = 0;
try {
records = readEntityFile(file, delimiter, delegator);
} catch (GeneralException e) {
return ServiceUtil.returnError(e.getMessage());
} catch (FileNotFoundException e) {
return ServiceUtil.returnError(UtilProperties.getMessage(resource, "EntityExtFileNotFound", UtilMisc.toMap("fileName", file.getName()), locale));
} catch (IOException e) {
Debug.logError(e, module);
return ServiceUtil.returnError(UtilProperties.getMessage(resource, "EntityExtProblemReadingFile", UtilMisc.toMap("fileName", file.getName()), locale));
}
long endTime = System.currentTimeMillis();
long runTime = endTime - startTime;
Debug.logInfo("Imported/Updated [" + records + "] from : " + file.getAbsolutePath() + " [" + runTime + "ms]", module);
Map<String, Object> result = ServiceUtil.returnSuccess();
result.put("records", Integer.valueOf(records));
return result;
}
use of org.apache.ofbiz.security.Security in project ofbiz-framework by apache.
the class HasPermissionCondition method checkCondition.
@Override
public boolean checkCondition(MethodContext methodContext) throws MiniLangException {
GenericValue userLogin = methodContext.getUserLogin();
if (userLogin != null) {
Security security = methodContext.getSecurity();
String permission = permissionFse.expandString(methodContext.getEnvMap());
String action = actionFse.expandString(methodContext.getEnvMap());
if (!action.isEmpty()) {
if (security.hasEntityPermission(permission, action, userLogin)) {
return true;
}
} else {
if (security.hasPermission(permission, userLogin)) {
return true;
}
}
}
return false;
}
use of org.apache.ofbiz.security.Security in project ofbiz-framework by apache.
the class ControlServlet method doGet.
/**
* @see javax.servlet.http.HttpServlet#doGet(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
*/
@Override
public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
long requestStartTime = System.currentTimeMillis();
RequestHandler requestHandler = this.getRequestHandler();
HttpSession session = request.getSession();
// setup DEFAULT character encoding and content type, this will be overridden in the RequestHandler for view rendering
String charset = request.getCharacterEncoding();
// setup content type
String contentType = "text/html";
if (UtilValidate.isNotEmpty(charset) && !"none".equals(charset)) {
response.setContentType(contentType + "; charset=" + charset);
response.setCharacterEncoding(charset);
} else {
response.setContentType(contentType);
}
GenericValue userLogin = (GenericValue) session.getAttribute("userLogin");
// set the Entity Engine user info if we have a userLogin
if (userLogin != null) {
GenericDelegator.pushUserIdentifier(userLogin.getString("userLoginId"));
}
// workaraound if we are in the root webapp
String webappName = UtilHttp.getApplicationName(request);
String rname = "";
if (request.getPathInfo() != null) {
rname = request.getPathInfo().substring(1);
}
if (rname.indexOf('/') > 0) {
rname = rname.substring(0, rname.indexOf('/'));
}
UtilTimer timer = null;
if (Debug.timingOn()) {
timer = new UtilTimer();
timer.setLog(true);
timer.timerString("[" + rname + "(Domain:" + request.getScheme() + "://" + request.getServerName() + ")] Request Begun, encoding=[" + charset + "]", module);
}
// Setup the CONTROL_PATH for JSP dispatching.
String contextPath = request.getContextPath();
if (contextPath == null || "/".equals(contextPath)) {
contextPath = "";
}
request.setAttribute("_CONTROL_PATH_", contextPath + request.getServletPath());
if (Debug.verboseOn()) {
Debug.logVerbose("Control Path: " + request.getAttribute("_CONTROL_PATH_"), module);
}
// for convenience, and necessity with event handlers, make security and delegator available in the request:
// try to get it from the session first so that we can have a delegator/dispatcher/security for a certain user if desired
Delegator delegator = null;
String delegatorName = (String) session.getAttribute("delegatorName");
if (UtilValidate.isNotEmpty(delegatorName)) {
delegator = DelegatorFactory.getDelegator(delegatorName);
}
if (delegator == null) {
delegator = (Delegator) getServletContext().getAttribute("delegator");
}
if (delegator == null) {
Debug.logError("[ControlServlet] ERROR: delegator not found in ServletContext", module);
} else {
request.setAttribute("delegator", delegator);
// always put this in the session too so that session events can use the delegator
session.setAttribute("delegatorName", delegator.getDelegatorName());
}
LocalDispatcher dispatcher = (LocalDispatcher) session.getAttribute("dispatcher");
if (dispatcher == null) {
dispatcher = (LocalDispatcher) getServletContext().getAttribute("dispatcher");
}
if (dispatcher == null) {
Debug.logError("[ControlServlet] ERROR: dispatcher not found in ServletContext", module);
}
request.setAttribute("dispatcher", dispatcher);
Security security = (Security) session.getAttribute("security");
if (security == null) {
security = (Security) getServletContext().getAttribute("security");
}
if (security == null) {
Debug.logError("[ControlServlet] ERROR: security not found in ServletContext", module);
}
request.setAttribute("security", security);
VisualTheme visualTheme = UtilHttp.getVisualTheme(request);
if (visualTheme != null) {
UtilHttp.setVisualTheme(request, visualTheme);
}
request.setAttribute("_REQUEST_HANDLER_", requestHandler);
ServletContextHashModel ftlServletContext = new ServletContextHashModel(this, FreeMarkerWorker.getDefaultOfbizWrapper());
request.setAttribute("ftlServletContext", ftlServletContext);
// setup some things that should always be there
UtilHttp.setInitialRequestInfo(request);
VisitHandler.getVisitor(request, response);
// set the Entity Engine user info if we have a userLogin
String visitId = VisitHandler.getVisitId(session);
if (UtilValidate.isNotEmpty(visitId)) {
GenericDelegator.pushSessionIdentifier(visitId);
}
// display details on the servlet objects
if (Debug.verboseOn()) {
logRequestInfo(request);
}
// some containers call filters on EVERY request, even forwarded ones, so let it know that it came from the control servlet
request.setAttribute(ControlFilter.FORWARDED_FROM_SERVLET, Boolean.TRUE);
String errorPage = null;
try {
// the ServerHitBin call for the event is done inside the doRequest method
requestHandler.doRequest(request, response, null, userLogin, delegator);
} catch (RequestHandlerException e) {
Throwable throwable = e.getNested() != null ? e.getNested() : e;
if (throwable instanceof IOException) {
// the connection with the browser is lost and so there is no need to serve the error page; a message is logged to record the event
if (Debug.warningOn())
Debug.logWarning(e, "Communication error with the client while processing the request: " + request.getAttribute("_CONTROL_PATH_") + request.getPathInfo(), module);
if (Debug.verboseOn())
Debug.logVerbose(throwable, module);
} else {
Debug.logError(throwable, "Error in request handler: ", module);
request.setAttribute("_ERROR_MESSAGE_", UtilCodec.getEncoder("html").encode(throwable.toString()));
errorPage = requestHandler.getDefaultErrorPage(request);
}
} catch (RequestHandlerExceptionAllowExternalRequests e) {
errorPage = requestHandler.getDefaultErrorPage(request);
Debug.logInfo("Going to external page: " + request.getPathInfo(), module);
} catch (Exception e) {
Debug.logError(e, "Error in request handler: ", module);
request.setAttribute("_ERROR_MESSAGE_", UtilCodec.getEncoder("html").encode(e.toString()));
errorPage = requestHandler.getDefaultErrorPage(request);
}
if (errorPage != null) {
Debug.logError("An error occurred, going to the errorPage: " + errorPage, module);
RequestDispatcher rd = request.getRequestDispatcher(errorPage);
// use this request parameter to avoid infinite looping on errors in the error page...
if (request.getAttribute("_ERROR_OCCURRED_") == null && rd != null) {
request.setAttribute("_ERROR_OCCURRED_", Boolean.TRUE);
Debug.logError("Including errorPage: " + errorPage, module);
// NOTE DEJ20070727 after having trouble with all of these, try to get the page out and as a last resort just send something back
try {
rd.include(request, response);
} catch (Throwable t) {
Debug.logWarning("Error while trying to send error page using rd.include (will try response.getOutputStream or response.getWriter): " + t.toString(), module);
String errorMessage = "ERROR rendering error page [" + errorPage + "], but here is the error text: " + request.getAttribute("_ERROR_MESSAGE_");
try {
response.getWriter().print(errorMessage);
} catch (Throwable t2) {
try {
int errorToSend = HttpServletResponse.SC_INTERNAL_SERVER_ERROR;
Debug.logWarning("Error while trying to write error message using response.getOutputStream or response.getWriter: " + t.toString() + "; sending error code [" + errorToSend + "], and message [" + errorMessage + "]", module);
response.sendError(errorToSend, errorMessage);
} catch (Throwable t3) {
// wow, still bad... just throw an IllegalStateException with the message and let the servlet container handle it
throw new IllegalStateException(errorMessage);
}
}
}
} else {
if (rd == null) {
Debug.logError("Could not get RequestDispatcher for errorPage: " + errorPage, module);
}
String errorMessage = "<html><body>ERROR in error page, (infinite loop or error page not found with name [" + errorPage + "]), but here is the text just in case it helps you: " + request.getAttribute("_ERROR_MESSAGE_") + "</body></html>";
response.getWriter().print(errorMessage);
}
}
// sanity check: make sure we don't have any transactions in place
try {
// roll back current TX first
if (TransactionUtil.isTransactionInPlace()) {
Debug.logWarning("*** NOTICE: ControlServlet finished w/ a transaction in place! Rolling back.", module);
TransactionUtil.rollback();
}
// now resume/rollback any suspended txs
if (TransactionUtil.suspendedTransactionsHeld()) {
int suspended = TransactionUtil.cleanSuspendedTransactions();
Debug.logWarning("Resumed/Rolled Back [" + suspended + "] transactions.", module);
}
} catch (GenericTransactionException e) {
Debug.logWarning(e, module);
}
// run these two again before the ServerHitBin.countRequest call because on a logout this will end up creating a new visit
if (response.isCommitted() && request.getSession(false) == null) {
// response committed and no session, and we can't get a new session, what to do!
// without a session we can't log the hit, etc; so just do nothing; this should NOT happen much!
Debug.logError("Error in ControlServlet output where response isCommitted and there is no session (probably because of a logout); not saving ServerHit/Bin information because there is no session and as the response isCommitted we can't get a new one. The output was successful, but we just can't save ServerHit/Bin info.", module);
} else {
try {
UtilHttp.setInitialRequestInfo(request);
VisitHandler.getVisitor(request, response);
if (requestHandler.trackStats(request)) {
ServerHitBin.countRequest(webappName + "." + rname, request, requestStartTime, System.currentTimeMillis() - requestStartTime, userLogin);
}
} catch (Throwable t) {
Debug.logError(t, "Error in ControlServlet saving ServerHit/Bin information; the output was successful, but can't save this tracking information. The error was: " + t.toString(), module);
}
}
if (Debug.timingOn())
timer.timerString("[" + rname + "(Domain:" + request.getScheme() + "://" + request.getServerName() + ")] Request Done", module);
// sanity check 2: make sure there are no user or session infos in the delegator, ie clear the thread
GenericDelegator.clearUserIdentifierStack();
GenericDelegator.clearSessionIdentifierStack();
}
Aggregations