Example 11 with SecurityServiceException
use of org.broadleafcommerce.common.exception.SecurityServiceException in project BroadleafCommerce by BroadleafCommerce.
the class AdminSecurityServiceRemote method securityCheck.
protected void securityCheck(String[] ceilingNames, EntityOperationType operationType) throws ServiceException {
if (ArrayUtils.isEmpty(ceilingNames)) {
throw new SecurityServiceException("Security Check Failed: ceilingNames not specified");
}
AdminUser persistentAdminUser = getPersistentAdminUser();
PermissionType permissionType;
switch(operationType) {
case ADD:
permissionType = PermissionType.CREATE;
break;
case FETCH:
permissionType = PermissionType.READ;
break;
case REMOVE:
permissionType = PermissionType.DELETE;
break;
case UPDATE:
permissionType = PermissionType.UPDATE;
break;
case INSPECT:
permissionType = PermissionType.READ;
break;
default:
permissionType = PermissionType.OTHER;
break;
}
SecurityServiceException primaryException = null;
boolean isQualified = false;
for (String ceilingEntityFullyQualifiedName : ceilingNames) {
isQualified = securityService.isUserQualifiedForOperationOnCeilingEntity(persistentAdminUser, permissionType, ceilingEntityFullyQualifiedName);
if (!isQualified) {
if (primaryException == null) {
primaryException = new SecurityServiceException("Security Check Failed for entity operation: " + operationType.toString() + " (" + ceilingEntityFullyQualifiedName + ")");
}
} else {
break;
}
}
if (!isQualified) {
// check if the requested entity is not configured and warn
if (!securityService.doesOperationExistForCeilingEntity(permissionType, ceilingNames[0])) {
if (LOG.isWarnEnabled()) {
LOG.warn("Detected security request for an unregistered ceiling entity (" + StringUtil.sanitize(ceilingNames[0]) + "). " + "As a result, the request failed. Please make sure to configure security for any ceiling entities " + "referenced via the admin. This is usually accomplished by adding records in the " + "BLC_ADMIN_PERMISSION_ENTITY table. Note, depending on how the entity in question is used, you " + "may need to add to BLC_ADMIN_PERMISSION, BLC_ADMIN_ROLE_PERMISSION_XREF and BLC_ADMIN_SEC_PERM_XREF.", primaryException);
}
}
throw primaryException;
}
}
Also used :
SecurityServiceException(org.broadleafcommerce.common.exception.SecurityServiceException)
PermissionType(org.broadleafcommerce.openadmin.server.security.service.type.PermissionType)
AdminUser(org.broadleafcommerce.openadmin.server.security.domain.AdminUser)
Aggregations
SecurityServiceException (org.broadleafcommerce.common.exception.SecurityServiceException)11
ServiceException (org.broadleafcommerce.common.exception.ServiceException)10
BasicFieldMetadata (org.broadleafcommerce.openadmin.dto.BasicFieldMetadata)10
FieldMetadata (org.broadleafcommerce.openadmin.dto.FieldMetadata)10
Serializable (java.io.Serializable)9
InvocationTargetException (java.lang.reflect.InvocationTargetException)9
Entity (org.broadleafcommerce.openadmin.dto.Entity)9
PersistencePerspective (org.broadleafcommerce.openadmin.dto.PersistencePerspective)9
CriteriaTransferObject (org.broadleafcommerce.openadmin.dto.CriteriaTransferObject)6
ForeignKey (org.broadleafcommerce.openadmin.dto.ForeignKey)5
Map (java.util.Map)4
ParseException (java.text.ParseException)3
ArrayList (java.util.ArrayList)3
AdminMainEntity (org.broadleafcommerce.common.admin.domain.AdminMainEntity)3
AdornedTargetList (org.broadleafcommerce.openadmin.dto.AdornedTargetList)3
MapStructure (org.broadleafcommerce.openadmin.dto.MapStructure)3
Property (org.broadleafcommerce.openadmin.dto.Property)3
SimpleValueMapStructure (org.broadleafcommerce.openadmin.dto.SimpleValueMapStructure)3
ValidationException (org.broadleafcommerce.openadmin.server.service.ValidationException)3
ParentEntityPersistenceException (org.broadleafcommerce.openadmin.server.service.persistence.ParentEntityPersistenceException)3
