Search in sources :

Example 71 with Secured

use of org.springframework.security.access.annotation.Secured in project cia by Hack23.

the class DocumentActivityPageModContentFactoryImpl method createContent.

@Secured({ "ROLE_ANONYMOUS", "ROLE_USER", "ROLE_ADMIN" })
@Override
public Layout createContent(final String parameters, final MenuBar menuBar, final Panel panel) {
    final VerticalLayout panelContent = createPanelContent();
    final String pageId = getPageId(parameters);
    final DataContainer<DocumentElement, String> documentElementDataContainer = getApplicationManager().getDataContainer(DocumentElement.class);
    final DataContainer<DocumentStatusContainer, String> documentStatusContainerDataContainer = getApplicationManager().getDataContainer(DocumentStatusContainer.class);
    getApplicationManager().getDataContainer(CommitteeProposalComponentData.class);
    final DocumentElement documentElement = documentElementDataContainer.load(pageId);
    if (documentElement != null) {
        getDocumentMenuItemFactory().createDocumentMenuBar(menuBar, pageId);
        final DocumentStatusContainer documentStatusContainer = documentStatusContainerDataContainer.findByQueryProperty(DocumentStatusContainer.class, DocumentStatusContainer_.document, DocumentData.class, DocumentData_.id, pageId);
        LabelFactory.createHeader2Label(panelContent, DOCUMENT_ACTIVITY);
        if (documentStatusContainer != null && documentStatusContainer.getDocumentActivityContainer() != null && documentStatusContainer.getDocumentActivityContainer().getDocumentActivities() != null) {
            getGridFactory().createBasicBeanItemGrid(panelContent, DocumentActivityData.class, documentStatusContainer.getDocumentActivityContainer().getDocumentActivities(), DOCUMENT_ACTIVITIES, COLUMN_ORDER, HIDE_COLUMNS, null, null, null);
        }
        panel.setContent(panelContent);
        getPageActionEventHelper().createPageEvent(ViewAction.VISIT_DOCUMENT_VIEW, ApplicationEventGroup.USER, NAME, parameters, pageId);
    }
    return panelContent;
}
Also used : DocumentStatusContainer(com.hack23.cia.model.external.riksdagen.dokumentstatus.impl.DocumentStatusContainer) DocumentElement(com.hack23.cia.model.external.riksdagen.dokumentlista.impl.DocumentElement) VerticalLayout(com.vaadin.ui.VerticalLayout) Secured(org.springframework.security.access.annotation.Secured)

Example 72 with Secured

use of org.springframework.security.access.annotation.Secured in project cia by Hack23.

the class LogoutService method processService.

@Override
@Secured({ "ROLE_USER", "ROLE_ADMIN" })
public LogoutResponse processService(final LogoutRequest serviceRequest) {
    final LogoutResponse inputValidation = inputValidation(serviceRequest);
    if (inputValidation != null) {
        return inputValidation;
    }
    final CreateApplicationEventRequest eventRequest = createApplicationEventForService(serviceRequest);
    final UserAccount userAccount = getUserAccountFromSecurityContext();
    LogoutResponse response;
    if (userAccount != null) {
        eventRequest.setElementId(userAccount.getEmail());
        eventRequest.setUserId(userAccount.getUserId());
        final Collection<SimpleGrantedAuthority> authorities = new ArrayList<>();
        authorities.add(new SimpleGrantedAuthority("ROLE_ANONYMOUS"));
        final AnonymousAuthenticationToken anonymousAuthenticationToken = new AnonymousAuthenticationToken(serviceRequest.getSessionId(), "ROLE_ANONYMOUS", authorities);
        SecurityContextHolder.getContext().setAuthentication(anonymousAuthenticationToken);
        response = new LogoutResponse(ServiceResult.SUCCESS);
    } else {
        response = new LogoutResponse(ServiceResult.FAILURE);
    }
    eventRequest.setApplicationMessage(response.getResult().toString());
    createApplicationEventService.processService(eventRequest);
    LOGGER.info("Event: {}", eventRequest);
    return response;
}
Also used : SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority) LogoutResponse(com.hack23.cia.service.api.action.application.LogoutResponse) ArrayList(java.util.ArrayList) CreateApplicationEventRequest(com.hack23.cia.service.api.action.application.CreateApplicationEventRequest) AnonymousAuthenticationToken(org.springframework.security.authentication.AnonymousAuthenticationToken) UserAccount(com.hack23.cia.model.internal.application.user.impl.UserAccount) Secured(org.springframework.security.access.annotation.Secured)

Example 73 with Secured

use of org.springframework.security.access.annotation.Secured in project cia by Hack23.

the class ComplianceCheckServiceImpl method processService.

@Override
@Secured({ "ROLE_USER", "ROLE_ADMIN", "ROLE_ANONYMOUS" })
public ComplianceCheckResponse processService(final ComplianceCheckRequest serviceRequest) {
    final ComplianceCheckResponse inputValidation = inputValidation(serviceRequest);
    if (inputValidation != null) {
        return inputValidation;
    }
    LOGGER.info("{}", serviceRequest.getClass().getSimpleName());
    final CreateApplicationEventRequest eventRequest = createApplicationEventForService(serviceRequest);
    final UserAccount userAccount = getUserAccountFromSecurityContext();
    if (userAccount != null) {
        eventRequest.setUserId(userAccount.getUserId());
    }
    final ComplianceCheckResponse response;
    final Set<ConstraintViolation<ComplianceCheckRequest>> requestConstraintViolations = validateRequest(serviceRequest);
    if (!requestConstraintViolations.isEmpty()) {
        response = handleInputViolations(eventRequest, requestConstraintViolations, new ComplianceCheckResponse(ServiceResult.FAILURE));
    } else {
        final List<ComplianceCheck> complianceList = rulesEngine.checkRulesCompliance();
        final List<RuleViolation> ruleViolations = new ArrayList<>();
        for (final ComplianceCheck check : complianceList) {
            ruleViolations.addAll(check.getRuleViolations());
        }
        Collections.sort(complianceList, new Comparator<ComplianceCheck>() {

            @Override
            public int compare(final ComplianceCheck o1, final ComplianceCheck o2) {
                return Integer.compare(o2.getRuleViolations().size(), o1.getRuleViolations().size());
            }
        });
        response = new ComplianceCheckResponse(ServiceResult.SUCCESS);
        response.setList(complianceList);
        response.setStatusMap(ruleViolations.stream().collect(Collectors.groupingBy(RuleViolation::getStatus)));
        response.setResourceTypeMap(ruleViolations.stream().collect(Collectors.groupingBy(RuleViolation::getResourceType)));
        eventRequest.setApplicationMessage(response.getResult().toString());
    }
    getCreateApplicationEventService().processService(eventRequest);
    return response;
}
Also used : ConstraintViolation(javax.validation.ConstraintViolation) ArrayList(java.util.ArrayList) ComplianceCheckResponse(com.hack23.cia.service.api.action.kpi.ComplianceCheckResponse) CreateApplicationEventRequest(com.hack23.cia.service.api.action.application.CreateApplicationEventRequest) ComplianceCheck(com.hack23.cia.service.api.action.kpi.ComplianceCheck) RuleViolation(com.hack23.cia.service.api.action.kpi.RuleViolation) UserAccount(com.hack23.cia.model.internal.application.user.impl.UserAccount) Secured(org.springframework.security.access.annotation.Secured)

Example 74 with Secured

use of org.springframework.security.access.annotation.Secured in project cia by Hack23.

the class RemoveDataService method processService.

@Override
@Secured({ "ROLE_ADMIN" })
public RemoveDataResponse processService(final RemoveDataRequest serviceRequest) {
    final RemoveDataResponse inputValidation = inputValidation(serviceRequest);
    if (inputValidation != null) {
        return inputValidation;
    }
    final CreateApplicationEventRequest eventRequest = createApplicationEventForService(serviceRequest);
    final UserAccount userAccount = getUserAccountFromSecurityContext();
    if (userAccount != null) {
        eventRequest.setUserId(userAccount.getUserId());
    }
    final RemoveDataResponse response = new RemoveDataResponse(ServiceResult.SUCCESS);
    switch(serviceRequest.getDataType()) {
        case POLITICIAN:
            removeDataManager.removePersonData();
            break;
        case DOCUMENTS:
            removeDataManager.removeDocuments();
            removeDataManager.removeCommitteeProposals();
            removeDataManager.removeDocumentStatus();
            break;
        case APPLICATION_HISTORY:
            removeDataManager.removeApplicationHistory();
            break;
    }
    eventRequest.setApplicationMessage(response.getResult().toString());
    createApplicationEventService.processService(eventRequest);
    return response;
}
Also used : RemoveDataResponse(com.hack23.cia.service.api.action.admin.RemoveDataResponse) CreateApplicationEventRequest(com.hack23.cia.service.api.action.application.CreateApplicationEventRequest) UserAccount(com.hack23.cia.model.internal.application.user.impl.UserAccount) Secured(org.springframework.security.access.annotation.Secured)

Example 75 with Secured

use of org.springframework.security.access.annotation.Secured in project cia by Hack23.

the class ApplicationManagerImpl method service.

@Secured({ "ROLE_ANONYMOUS", "ROLE_USER", "ROLE_ADMIN" })
@Override
public ServiceResponse service(final ServiceRequest serviceRequest) {
    final BusinessService businessService = serviceRequestBusinessServiceMap.get(serviceRequest.getClass());
    ServiceResponse serviceResponse = null;
    if (businessService != null) {
        serviceResponse = businessService.processService(serviceRequest);
    }
    return serviceResponse;
}
Also used : BusinessService(com.hack23.cia.service.impl.action.common.BusinessService) ServiceResponse(com.hack23.cia.service.api.action.common.ServiceResponse) Secured(org.springframework.security.access.annotation.Secured)

Aggregations

Secured (org.springframework.security.access.annotation.Secured)260 VerticalLayout (com.vaadin.ui.VerticalLayout)117 RequestMapping (org.springframework.web.bind.annotation.RequestMapping)52 ForbiddenUserException (org.asqatasun.webapp.exception.ForbiddenUserException)23 HorizontalLayout (com.vaadin.ui.HorizontalLayout)20 CollectSurvey (org.openforis.collect.model.CollectSurvey)20 UserAccount (com.hack23.cia.model.internal.application.user.impl.UserAccount)18 Contract (org.asqatasun.entity.contract.Contract)17 ForbiddenPageException (org.asqatasun.webapp.exception.ForbiddenPageException)16 Timed (com.codahale.metrics.annotation.Timed)14 ViewRiksdagenParty (com.hack23.cia.model.internal.application.data.party.impl.ViewRiksdagenParty)14 CreateApplicationEventRequest (com.hack23.cia.service.api.action.application.CreateApplicationEventRequest)14 URI (java.net.URI)14 User (org.asqatasun.entity.user.User)14 ViewRiksdagenCommittee (com.hack23.cia.model.internal.application.data.committee.impl.ViewRiksdagenCommittee)13 ViewRiksdagenPolitician (com.hack23.cia.model.internal.application.data.politician.impl.ViewRiksdagenPolitician)13 SessionState (org.openforis.collect.web.session.SessionState)13 CollectRecord (org.openforis.collect.model.CollectRecord)12 DocumentElement (com.hack23.cia.model.external.riksdagen.dokumentlista.impl.DocumentElement)11 ArrayList (java.util.ArrayList)11