Search in sources :

Example 41 with Security

use of org.apache.ofbiz.security.Security in project ofbiz-framework by apache.

the class EntityDataServices method rebuildAllIndexesAndKeys.

public static Map<String, Object> rebuildAllIndexesAndKeys(DispatchContext dctx, Map<String, Object> context) {
    Delegator delegator = dctx.getDelegator();
    Security security = dctx.getSecurity();
    Locale locale = (Locale) context.get("locale");
    // check permission
    GenericValue userLogin = (GenericValue) context.get("userLogin");
    if (!security.hasPermission("ENTITY_MAINT", userLogin)) {
        return ServiceUtil.returnError(UtilProperties.getMessage(resource, "EntityExtServicePermissionNotGranted", locale));
    }
    String groupName = (String) context.get("groupName");
    Boolean fixSizes = (Boolean) context.get("fixColSizes");
    if (fixSizes == null)
        fixSizes = Boolean.FALSE;
    List<String> messages = new LinkedList<String>();
    GenericHelperInfo helperInfo = delegator.getGroupHelperInfo(groupName);
    DatabaseUtil dbUtil = new DatabaseUtil(helperInfo);
    Map<String, ModelEntity> modelEntities;
    try {
        modelEntities = delegator.getModelEntityMapByGroup(groupName);
    } catch (GenericEntityException e) {
        Debug.logError(e, "Error getting list of entities in group: " + e.toString(), module);
        return ServiceUtil.returnError(UtilProperties.getMessage(resource, "EntityExtErrorGettingListOfEntityInGroup", UtilMisc.toMap("errorString", e.toString()), locale));
    }
    // step 1 - remove FK indices
    Debug.logImportant("Removing all foreign key indices", module);
    for (ModelEntity modelEntity : modelEntities.values()) {
        dbUtil.deleteForeignKeyIndices(modelEntity, messages);
    }
    // step 2 - remove FKs
    Debug.logImportant("Removing all foreign keys", module);
    for (ModelEntity modelEntity : modelEntities.values()) {
        dbUtil.deleteForeignKeys(modelEntity, modelEntities, messages);
    }
    // step 3 - remove PKs
    Debug.logImportant("Removing all primary keys", module);
    for (ModelEntity modelEntity : modelEntities.values()) {
        dbUtil.deletePrimaryKey(modelEntity, messages);
    }
    // step 4 - remove declared indices
    Debug.logImportant("Removing all declared indices", module);
    for (ModelEntity modelEntity : modelEntities.values()) {
        dbUtil.deleteDeclaredIndices(modelEntity, messages);
    }
    // step 5 - repair field sizes
    if (fixSizes.booleanValue()) {
        Debug.logImportant("Updating column field size changes", module);
        List<String> fieldsWrongSize = new LinkedList<String>();
        dbUtil.checkDb(modelEntities, fieldsWrongSize, messages, true, true, true, true);
        if (fieldsWrongSize.size() > 0) {
            dbUtil.repairColumnSizeChanges(modelEntities, fieldsWrongSize, messages);
        } else {
            String thisMsg = "No field sizes to update";
            messages.add(thisMsg);
            Debug.logImportant(thisMsg, module);
        }
    }
    // step 6 - create PKs
    Debug.logImportant("Creating all primary keys", module);
    for (ModelEntity modelEntity : modelEntities.values()) {
        dbUtil.createPrimaryKey(modelEntity, messages);
    }
    // step 7 - create FK indices
    Debug.logImportant("Creating all foreign key indices", module);
    for (ModelEntity modelEntity : modelEntities.values()) {
        dbUtil.createForeignKeyIndices(modelEntity, messages);
    }
    // step 8 - create FKs
    Debug.logImportant("Creating all foreign keys", module);
    for (ModelEntity modelEntity : modelEntities.values()) {
        dbUtil.createForeignKeys(modelEntity, modelEntities, messages);
    }
    // step 8 - create FKs
    Debug.logImportant("Creating all declared indices", module);
    for (ModelEntity modelEntity : modelEntities.values()) {
        dbUtil.createDeclaredIndices(modelEntity, messages);
    }
    // step 8 - checkdb
    Debug.logImportant("Running DB check with add missing enabled", module);
    dbUtil.checkDb(modelEntities, messages, true);
    Map<String, Object> result = ServiceUtil.returnSuccess();
    result.put("messages", messages);
    return result;
}
Also used : Locale(java.util.Locale) GenericValue(org.apache.ofbiz.entity.GenericValue) GenericHelperInfo(org.apache.ofbiz.entity.datasource.GenericHelperInfo) Security(org.apache.ofbiz.security.Security) DatabaseUtil(org.apache.ofbiz.entity.jdbc.DatabaseUtil) LinkedList(java.util.LinkedList) Delegator(org.apache.ofbiz.entity.Delegator) GenericEntityException(org.apache.ofbiz.entity.GenericEntityException) ModelEntity(org.apache.ofbiz.entity.model.ModelEntity)

Example 42 with Security

use of org.apache.ofbiz.security.Security in project ofbiz-framework by apache.

the class EntityDataServices method reencryptFields.

public static Map<String, Object> reencryptFields(DispatchContext dctx, Map<String, Object> context) {
    Delegator delegator = dctx.getDelegator();
    Security security = dctx.getSecurity();
    Locale locale = (Locale) context.get("locale");
    // check permission
    GenericValue userLogin = (GenericValue) context.get("userLogin");
    if (!security.hasPermission("ENTITY_MAINT", userLogin)) {
        return ServiceUtil.returnError(UtilProperties.getMessage(resource, "EntityExtServicePermissionNotGranted", locale));
    }
    String groupName = (String) context.get("groupName");
    Map<String, ModelEntity> modelEntities;
    try {
        modelEntities = delegator.getModelEntityMapByGroup(groupName);
    } catch (GenericEntityException e) {
        Debug.logError(e, "Error getting list of entities in group: " + e.toString(), module);
        return ServiceUtil.returnError(UtilProperties.getMessage(resource, "EntityExtErrorGettingListOfEntityInGroup", UtilMisc.toMap("errorString", e.toString()), locale));
    }
    for (ModelEntity modelEntity : modelEntities.values()) {
        List<ModelField> fields = modelEntity.getFieldsUnmodifiable();
        for (ModelField field : fields) {
            if (field.getEncryptMethod().isEncrypted()) {
                try {
                    List<GenericValue> rows = EntityQuery.use(delegator).from(modelEntity.getEntityName()).select(field.getName()).queryList();
                    for (GenericValue row : rows) {
                        row.setString(field.getName(), row.getString(field.getName()));
                        row.store();
                    }
                } catch (GenericEntityException gee) {
                    return ServiceUtil.returnError(gee.getMessage());
                }
            }
        }
    }
    return ServiceUtil.returnSuccess();
}
Also used : Locale(java.util.Locale) GenericValue(org.apache.ofbiz.entity.GenericValue) Delegator(org.apache.ofbiz.entity.Delegator) ModelField(org.apache.ofbiz.entity.model.ModelField) GenericEntityException(org.apache.ofbiz.entity.GenericEntityException) ModelEntity(org.apache.ofbiz.entity.model.ModelEntity) Security(org.apache.ofbiz.security.Security)

Example 43 with Security

use of org.apache.ofbiz.security.Security in project ofbiz-framework by apache.

the class EntityDataServices method importDelimitedFile.

public static Map<String, Object> importDelimitedFile(DispatchContext dctx, Map<String, Object> context) {
    Delegator delegator = dctx.getDelegator();
    Security security = dctx.getSecurity();
    Locale locale = (Locale) context.get("locale");
    // check permission
    GenericValue userLogin = (GenericValue) context.get("userLogin");
    if (!security.hasPermission("ENTITY_MAINT", userLogin)) {
        return ServiceUtil.returnError(UtilProperties.getMessage(resource, "EntityExtServicePermissionNotGranted", locale));
    }
    String delimiter = (String) context.get("delimiter");
    if (delimiter == null) {
        // default delimiter is tab
        delimiter = "\t";
    }
    long startTime = System.currentTimeMillis();
    File file = (File) context.get("file");
    int records = 0;
    try {
        records = readEntityFile(file, delimiter, delegator);
    } catch (GeneralException e) {
        return ServiceUtil.returnError(e.getMessage());
    } catch (FileNotFoundException e) {
        return ServiceUtil.returnError(UtilProperties.getMessage(resource, "EntityExtFileNotFound", UtilMisc.toMap("fileName", file.getName()), locale));
    } catch (IOException e) {
        Debug.logError(e, module);
        return ServiceUtil.returnError(UtilProperties.getMessage(resource, "EntityExtProblemReadingFile", UtilMisc.toMap("fileName", file.getName()), locale));
    }
    long endTime = System.currentTimeMillis();
    long runTime = endTime - startTime;
    Debug.logInfo("Imported/Updated [" + records + "] from : " + file.getAbsolutePath() + " [" + runTime + "ms]", module);
    Map<String, Object> result = ServiceUtil.returnSuccess();
    result.put("records", Integer.valueOf(records));
    return result;
}
Also used : Locale(java.util.Locale) GenericValue(org.apache.ofbiz.entity.GenericValue) GeneralException(org.apache.ofbiz.base.util.GeneralException) FileNotFoundException(java.io.FileNotFoundException) IOException(java.io.IOException) Security(org.apache.ofbiz.security.Security) Delegator(org.apache.ofbiz.entity.Delegator) File(java.io.File)

Example 44 with Security

use of org.apache.ofbiz.security.Security in project ofbiz-framework by apache.

the class HasPermissionCondition method checkCondition.

@Override
public boolean checkCondition(MethodContext methodContext) throws MiniLangException {
    GenericValue userLogin = methodContext.getUserLogin();
    if (userLogin != null) {
        Security security = methodContext.getSecurity();
        String permission = permissionFse.expandString(methodContext.getEnvMap());
        String action = actionFse.expandString(methodContext.getEnvMap());
        if (!action.isEmpty()) {
            if (security.hasEntityPermission(permission, action, userLogin)) {
                return true;
            }
        } else {
            if (security.hasPermission(permission, userLogin)) {
                return true;
            }
        }
    }
    return false;
}
Also used : GenericValue(org.apache.ofbiz.entity.GenericValue) Security(org.apache.ofbiz.security.Security)

Example 45 with Security

use of org.apache.ofbiz.security.Security in project ofbiz-framework by apache.

the class ControlServlet method doGet.

/**
 * @see javax.servlet.http.HttpServlet#doGet(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
 */
@Override
public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
    long requestStartTime = System.currentTimeMillis();
    RequestHandler requestHandler = this.getRequestHandler();
    HttpSession session = request.getSession();
    // setup DEFAULT character encoding and content type, this will be overridden in the RequestHandler for view rendering
    String charset = request.getCharacterEncoding();
    // setup content type
    String contentType = "text/html";
    if (UtilValidate.isNotEmpty(charset) && !"none".equals(charset)) {
        response.setContentType(contentType + "; charset=" + charset);
        response.setCharacterEncoding(charset);
    } else {
        response.setContentType(contentType);
    }
    GenericValue userLogin = (GenericValue) session.getAttribute("userLogin");
    // set the Entity Engine user info if we have a userLogin
    if (userLogin != null) {
        GenericDelegator.pushUserIdentifier(userLogin.getString("userLoginId"));
    }
    // workaraound if we are in the root webapp
    String webappName = UtilHttp.getApplicationName(request);
    String rname = "";
    if (request.getPathInfo() != null) {
        rname = request.getPathInfo().substring(1);
    }
    if (rname.indexOf('/') > 0) {
        rname = rname.substring(0, rname.indexOf('/'));
    }
    UtilTimer timer = null;
    if (Debug.timingOn()) {
        timer = new UtilTimer();
        timer.setLog(true);
        timer.timerString("[" + rname + "(Domain:" + request.getScheme() + "://" + request.getServerName() + ")] Request Begun, encoding=[" + charset + "]", module);
    }
    // Setup the CONTROL_PATH for JSP dispatching.
    String contextPath = request.getContextPath();
    if (contextPath == null || "/".equals(contextPath)) {
        contextPath = "";
    }
    request.setAttribute("_CONTROL_PATH_", contextPath + request.getServletPath());
    if (Debug.verboseOn()) {
        Debug.logVerbose("Control Path: " + request.getAttribute("_CONTROL_PATH_"), module);
    }
    // for convenience, and necessity with event handlers, make security and delegator available in the request:
    // try to get it from the session first so that we can have a delegator/dispatcher/security for a certain user if desired
    Delegator delegator = null;
    String delegatorName = (String) session.getAttribute("delegatorName");
    if (UtilValidate.isNotEmpty(delegatorName)) {
        delegator = DelegatorFactory.getDelegator(delegatorName);
    }
    if (delegator == null) {
        delegator = (Delegator) getServletContext().getAttribute("delegator");
    }
    if (delegator == null) {
        Debug.logError("[ControlServlet] ERROR: delegator not found in ServletContext", module);
    } else {
        request.setAttribute("delegator", delegator);
        // always put this in the session too so that session events can use the delegator
        session.setAttribute("delegatorName", delegator.getDelegatorName());
    }
    LocalDispatcher dispatcher = (LocalDispatcher) session.getAttribute("dispatcher");
    if (dispatcher == null) {
        dispatcher = (LocalDispatcher) getServletContext().getAttribute("dispatcher");
    }
    if (dispatcher == null) {
        Debug.logError("[ControlServlet] ERROR: dispatcher not found in ServletContext", module);
    }
    request.setAttribute("dispatcher", dispatcher);
    Security security = (Security) session.getAttribute("security");
    if (security == null) {
        security = (Security) getServletContext().getAttribute("security");
    }
    if (security == null) {
        Debug.logError("[ControlServlet] ERROR: security not found in ServletContext", module);
    }
    request.setAttribute("security", security);
    VisualTheme visualTheme = UtilHttp.getVisualTheme(request);
    if (visualTheme != null) {
        UtilHttp.setVisualTheme(request, visualTheme);
    }
    request.setAttribute("_REQUEST_HANDLER_", requestHandler);
    ServletContextHashModel ftlServletContext = new ServletContextHashModel(this, FreeMarkerWorker.getDefaultOfbizWrapper());
    request.setAttribute("ftlServletContext", ftlServletContext);
    // setup some things that should always be there
    UtilHttp.setInitialRequestInfo(request);
    VisitHandler.getVisitor(request, response);
    // set the Entity Engine user info if we have a userLogin
    String visitId = VisitHandler.getVisitId(session);
    if (UtilValidate.isNotEmpty(visitId)) {
        GenericDelegator.pushSessionIdentifier(visitId);
    }
    // display details on the servlet objects
    if (Debug.verboseOn()) {
        logRequestInfo(request);
    }
    // some containers call filters on EVERY request, even forwarded ones, so let it know that it came from the control servlet
    request.setAttribute(ControlFilter.FORWARDED_FROM_SERVLET, Boolean.TRUE);
    String errorPage = null;
    try {
        // the ServerHitBin call for the event is done inside the doRequest method
        requestHandler.doRequest(request, response, null, userLogin, delegator);
    } catch (RequestHandlerException e) {
        Throwable throwable = e.getNested() != null ? e.getNested() : e;
        if (throwable instanceof IOException) {
            // the connection with the browser is lost and so there is no need to serve the error page; a message is logged to record the event
            if (Debug.warningOn())
                Debug.logWarning(e, "Communication error with the client while processing the request: " + request.getAttribute("_CONTROL_PATH_") + request.getPathInfo(), module);
            if (Debug.verboseOn())
                Debug.logVerbose(throwable, module);
        } else {
            Debug.logError(throwable, "Error in request handler: ", module);
            request.setAttribute("_ERROR_MESSAGE_", UtilCodec.getEncoder("html").encode(throwable.toString()));
            errorPage = requestHandler.getDefaultErrorPage(request);
        }
    } catch (RequestHandlerExceptionAllowExternalRequests e) {
        errorPage = requestHandler.getDefaultErrorPage(request);
        Debug.logInfo("Going to external page: " + request.getPathInfo(), module);
    } catch (Exception e) {
        Debug.logError(e, "Error in request handler: ", module);
        request.setAttribute("_ERROR_MESSAGE_", UtilCodec.getEncoder("html").encode(e.toString()));
        errorPage = requestHandler.getDefaultErrorPage(request);
    }
    if (errorPage != null) {
        Debug.logError("An error occurred, going to the errorPage: " + errorPage, module);
        RequestDispatcher rd = request.getRequestDispatcher(errorPage);
        // use this request parameter to avoid infinite looping on errors in the error page...
        if (request.getAttribute("_ERROR_OCCURRED_") == null && rd != null) {
            request.setAttribute("_ERROR_OCCURRED_", Boolean.TRUE);
            Debug.logError("Including errorPage: " + errorPage, module);
            // NOTE DEJ20070727 after having trouble with all of these, try to get the page out and as a last resort just send something back
            try {
                rd.include(request, response);
            } catch (Throwable t) {
                Debug.logWarning("Error while trying to send error page using rd.include (will try response.getOutputStream or response.getWriter): " + t.toString(), module);
                String errorMessage = "ERROR rendering error page [" + errorPage + "], but here is the error text: " + request.getAttribute("_ERROR_MESSAGE_");
                try {
                    response.getWriter().print(errorMessage);
                } catch (Throwable t2) {
                    try {
                        int errorToSend = HttpServletResponse.SC_INTERNAL_SERVER_ERROR;
                        Debug.logWarning("Error while trying to write error message using response.getOutputStream or response.getWriter: " + t.toString() + "; sending error code [" + errorToSend + "], and message [" + errorMessage + "]", module);
                        response.sendError(errorToSend, errorMessage);
                    } catch (Throwable t3) {
                        // wow, still bad... just throw an IllegalStateException with the message and let the servlet container handle it
                        throw new IllegalStateException(errorMessage);
                    }
                }
            }
        } else {
            if (rd == null) {
                Debug.logError("Could not get RequestDispatcher for errorPage: " + errorPage, module);
            }
            String errorMessage = "<html><body>ERROR in error page, (infinite loop or error page not found with name [" + errorPage + "]), but here is the text just in case it helps you: " + request.getAttribute("_ERROR_MESSAGE_") + "</body></html>";
            response.getWriter().print(errorMessage);
        }
    }
    // sanity check: make sure we don't have any transactions in place
    try {
        // roll back current TX first
        if (TransactionUtil.isTransactionInPlace()) {
            Debug.logWarning("*** NOTICE: ControlServlet finished w/ a transaction in place! Rolling back.", module);
            TransactionUtil.rollback();
        }
        // now resume/rollback any suspended txs
        if (TransactionUtil.suspendedTransactionsHeld()) {
            int suspended = TransactionUtil.cleanSuspendedTransactions();
            Debug.logWarning("Resumed/Rolled Back [" + suspended + "] transactions.", module);
        }
    } catch (GenericTransactionException e) {
        Debug.logWarning(e, module);
    }
    // run these two again before the ServerHitBin.countRequest call because on a logout this will end up creating a new visit
    if (response.isCommitted() && request.getSession(false) == null) {
        // response committed and no session, and we can't get a new session, what to do!
        // without a session we can't log the hit, etc; so just do nothing; this should NOT happen much!
        Debug.logError("Error in ControlServlet output where response isCommitted and there is no session (probably because of a logout); not saving ServerHit/Bin information because there is no session and as the response isCommitted we can't get a new one. The output was successful, but we just can't save ServerHit/Bin info.", module);
    } else {
        try {
            UtilHttp.setInitialRequestInfo(request);
            VisitHandler.getVisitor(request, response);
            if (requestHandler.trackStats(request)) {
                ServerHitBin.countRequest(webappName + "." + rname, request, requestStartTime, System.currentTimeMillis() - requestStartTime, userLogin);
            }
        } catch (Throwable t) {
            Debug.logError(t, "Error in ControlServlet saving ServerHit/Bin information; the output was successful, but can't save this tracking information. The error was: " + t.toString(), module);
        }
    }
    if (Debug.timingOn())
        timer.timerString("[" + rname + "(Domain:" + request.getScheme() + "://" + request.getServerName() + ")] Request Done", module);
    // sanity check 2: make sure there are no user or session infos in the delegator, ie clear the thread
    GenericDelegator.clearUserIdentifierStack();
    GenericDelegator.clearSessionIdentifierStack();
}
Also used : GenericValue(org.apache.ofbiz.entity.GenericValue) LocalDispatcher(org.apache.ofbiz.service.LocalDispatcher) HttpSession(javax.servlet.http.HttpSession) UtilTimer(org.apache.ofbiz.base.util.UtilTimer) IOException(java.io.IOException) Security(org.apache.ofbiz.security.Security) ServletException(javax.servlet.ServletException) IOException(java.io.IOException) GenericTransactionException(org.apache.ofbiz.entity.transaction.GenericTransactionException) RequestDispatcher(javax.servlet.RequestDispatcher) Delegator(org.apache.ofbiz.entity.Delegator) GenericDelegator(org.apache.ofbiz.entity.GenericDelegator) ServletContextHashModel(freemarker.ext.servlet.ServletContextHashModel) GenericTransactionException(org.apache.ofbiz.entity.transaction.GenericTransactionException) VisualTheme(org.apache.ofbiz.widget.renderer.VisualTheme)

Aggregations

Security (org.apache.ofbiz.security.Security)79 GenericValue (org.apache.ofbiz.entity.GenericValue)69 Delegator (org.apache.ofbiz.entity.Delegator)60 Locale (java.util.Locale)56 GenericEntityException (org.apache.ofbiz.entity.GenericEntityException)54 HashMap (java.util.HashMap)36 Timestamp (java.sql.Timestamp)27 LinkedList (java.util.LinkedList)27 LocalDispatcher (org.apache.ofbiz.service.LocalDispatcher)20 GenericServiceException (org.apache.ofbiz.service.GenericServiceException)18 Map (java.util.Map)12 HttpSession (javax.servlet.http.HttpSession)7 GeneralException (org.apache.ofbiz.base.util.GeneralException)7 BigDecimal (java.math.BigDecimal)6 List (java.util.List)5 IOException (java.io.IOException)4 ArrayList (java.util.ArrayList)4 Date (java.util.Date)4 GenericTransactionException (org.apache.ofbiz.entity.transaction.GenericTransactionException)4 File (java.io.File)3