Search in sources :

Example 96 with SecurityContext

use of org.structr.common.SecurityContext in project structr by structr.

the class JsonRestServlet method doDelete.

// <editor-fold defaultstate="collapsed" desc="DELETE">
@Override
protected void doDelete(final HttpServletRequest request, final HttpServletResponse response) throws ServletException, IOException {
    SecurityContext securityContext = null;
    Authenticator authenticator = null;
    RestMethodResult result = null;
    Resource resource = null;
    try {
        assertInitialized();
        // first thing to do!
        request.setCharacterEncoding("UTF-8");
        response.setCharacterEncoding("UTF-8");
        response.setContentType("application/json; charset=utf-8");
        // isolate request authentication in a transaction
        try (final Tx tx = StructrApp.getInstance().tx()) {
            authenticator = config.getAuthenticator();
            securityContext = authenticator.initializeAndExamineRequest(request, response);
            tx.success();
        }
        final App app = StructrApp.getInstance(securityContext);
        // isolate resource authentication
        try (final Tx tx = app.tx()) {
            resource = ResourceHelper.optimizeNestedResourceChain(securityContext, request, resourceMap, propertyView);
            authenticator.checkResourceAccess(securityContext, request, resource.getResourceSignature(), propertyView.get(securityContext));
            tx.success();
        }
        // isolate doDelete
        boolean retry = true;
        while (retry) {
            try {
                result = resource.doDelete();
                retry = false;
            } catch (RetryException ddex) {
                retry = true;
            }
        }
        // isolate write output
        try (final Tx tx = app.tx()) {
            result.commitResponse(gson.get(), response);
            tx.success();
        }
    } catch (FrameworkException frameworkException) {
        // set status & write JSON output
        response.setStatus(frameworkException.getStatus());
        gson.get().toJson(frameworkException, response.getWriter());
        response.getWriter().println();
    } catch (JsonSyntaxException jsex) {
        logger.warn("JsonSyntaxException in DELETE", jsex);
        int code = HttpServletResponse.SC_BAD_REQUEST;
        response.setStatus(code);
        response.getWriter().append(RestMethodResult.jsonError(code, "JsonSyntaxException in DELETE: " + jsex.getMessage()));
    } catch (JsonParseException jpex) {
        logger.warn("JsonParseException in DELETE", jpex);
        int code = HttpServletResponse.SC_BAD_REQUEST;
        response.setStatus(code);
        response.getWriter().append(RestMethodResult.jsonError(code, "JsonSyntaxException in DELETE: " + jpex.getMessage()));
    } catch (Throwable t) {
        logger.warn("Exception in DELETE", t);
        int code = HttpServletResponse.SC_INTERNAL_SERVER_ERROR;
        response.setStatus(code);
        response.getWriter().append(RestMethodResult.jsonError(code, "JsonSyntaxException in DELETE: " + t.getMessage()));
    } finally {
        try {
            // response.getWriter().flush();
            response.getWriter().close();
        } catch (IOException t) {
            logger.warn("Unable to flush and close response: {}", t.getMessage());
        }
    }
}
Also used : App(org.structr.core.app.App) StructrApp(org.structr.core.app.StructrApp) Tx(org.structr.core.graph.Tx) FrameworkException(org.structr.common.error.FrameworkException) Resource(org.structr.rest.resource.Resource) StaticRelationshipResource(org.structr.rest.resource.StaticRelationshipResource) IOException(java.io.IOException) RetryException(org.structr.api.RetryException) JsonParseException(com.google.gson.JsonParseException) JsonSyntaxException(com.google.gson.JsonSyntaxException) SecurityContext(org.structr.common.SecurityContext) Authenticator(org.structr.core.auth.Authenticator) RestMethodResult(org.structr.rest.RestMethodResult)

Example 97 with SecurityContext

use of org.structr.common.SecurityContext in project structr by structr.

the class JsonRestServlet method doPut.

// </editor-fold>
// <editor-fold defaultstate="collapsed" desc="PUT">
@Override
protected void doPut(final HttpServletRequest request, final HttpServletResponse response) throws ServletException, IOException {
    final SecurityContext securityContext;
    final Authenticator authenticator;
    final Resource resource;
    RestMethodResult result = new RestMethodResult(HttpServletResponse.SC_BAD_REQUEST);
    try {
        assertInitialized();
        // first thing to do!
        request.setCharacterEncoding("UTF-8");
        response.setCharacterEncoding("UTF-8");
        response.setContentType("application/json; charset=utf-8");
        // get reader before initalizing security context
        final String input = IOUtils.toString(request.getReader());
        // isolate request authentication in a transaction
        try (final Tx tx = StructrApp.getInstance().tx()) {
            authenticator = config.getAuthenticator();
            securityContext = authenticator.initializeAndExamineRequest(request, response);
            tx.success();
        }
        final App app = StructrApp.getInstance(securityContext);
        final IJsonInput jsonInput = cleanAndParseJsonString(app, input);
        if (securityContext != null) {
            // isolate resource authentication
            try (final Tx tx = app.tx()) {
                // evaluate constraint chain
                resource = ResourceHelper.applyViewTransformation(request, securityContext, ResourceHelper.optimizeNestedResourceChain(securityContext, request, resourceMap, propertyView), propertyView);
                authenticator.checkResourceAccess(securityContext, request, resource.getResourceSignature(), propertyView.get(securityContext));
                tx.success();
            }
            // isolate doPut
            boolean retry = true;
            while (retry) {
                try (final Tx tx = app.tx()) {
                    result = resource.doPut(convertPropertySetToMap(jsonInput.getJsonInputs().get(0)));
                    tx.success();
                    retry = false;
                } catch (RetryException ddex) {
                    retry = true;
                }
            }
            // isolate write output
            try (final Tx tx = app.tx()) {
                result.commitResponse(gson.get(), response);
                tx.success();
            }
        } else {
            // isolate write output
            try (final Tx tx = app.tx()) {
                result = new RestMethodResult(HttpServletResponse.SC_FORBIDDEN);
                result.commitResponse(gson.get(), response);
                tx.success();
            }
        }
    } catch (FrameworkException frameworkException) {
        // set status & write JSON output
        response.setStatus(frameworkException.getStatus());
        gson.get().toJson(frameworkException, response.getWriter());
        response.getWriter().println();
    } catch (JsonSyntaxException jsex) {
        logger.warn("PUT: Invalid JSON syntax", jsex.getMessage());
        int code = HttpServletResponse.SC_BAD_REQUEST;
        response.setStatus(code);
        response.getWriter().append(RestMethodResult.jsonError(code, "JsonSyntaxException in PUT: " + jsex.getMessage()));
    } catch (JsonParseException jpex) {
        logger.warn("PUT: Unable to parse JSON string", jpex.getMessage());
        int code = HttpServletResponse.SC_BAD_REQUEST;
        response.setStatus(code);
        response.getWriter().append(RestMethodResult.jsonError(code, "JsonSyntaxException in PUT: " + jpex.getMessage()));
    } catch (Throwable t) {
        logger.warn("Exception in PUT", t);
        logger.warn("", t);
        int code = HttpServletResponse.SC_INTERNAL_SERVER_ERROR;
        response.setStatus(code);
        response.getWriter().append(RestMethodResult.jsonError(code, "JsonSyntaxException in PUT: " + t.getMessage()));
    } finally {
        try {
            // response.getWriter().flush();
            response.getWriter().close();
        } catch (Throwable t) {
            logger.warn("Unable to flush and close response: {}", t.getMessage());
        }
    }
}
Also used : App(org.structr.core.app.App) StructrApp(org.structr.core.app.StructrApp) Tx(org.structr.core.graph.Tx) FrameworkException(org.structr.common.error.FrameworkException) Resource(org.structr.rest.resource.Resource) StaticRelationshipResource(org.structr.rest.resource.StaticRelationshipResource) RetryException(org.structr.api.RetryException) JsonParseException(com.google.gson.JsonParseException) JsonSyntaxException(com.google.gson.JsonSyntaxException) SecurityContext(org.structr.common.SecurityContext) IJsonInput(org.structr.core.IJsonInput) Authenticator(org.structr.core.auth.Authenticator) RestMethodResult(org.structr.rest.RestMethodResult)

Example 98 with SecurityContext

use of org.structr.common.SecurityContext in project structr by structr.

the class JsonRestServlet method doOptions.

// <editor-fold defaultstate="collapsed" desc="OPTIONS">
@Override
protected void doOptions(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
    final SecurityContext securityContext;
    final Authenticator authenticator;
    final Resource resource;
    RestMethodResult result = new RestMethodResult(HttpServletResponse.SC_BAD_REQUEST);
    try {
        assertInitialized();
        // first thing to do!
        request.setCharacterEncoding("UTF-8");
        response.setCharacterEncoding("UTF-8");
        response.setContentType("application/json; charset=utf-8");
        // isolate request authentication in a transaction
        try (final Tx tx = StructrApp.getInstance().tx()) {
            authenticator = config.getAuthenticator();
            securityContext = authenticator.initializeAndExamineRequest(request, response);
            tx.success();
        }
        final App app = StructrApp.getInstance(securityContext);
        // isolate resource authentication
        try (final Tx tx = app.tx()) {
            resource = ResourceHelper.applyViewTransformation(request, securityContext, ResourceHelper.optimizeNestedResourceChain(securityContext, request, resourceMap, propertyView), propertyView);
            authenticator.checkResourceAccess(securityContext, request, resource.getResourceSignature(), propertyView.get(securityContext));
            tx.success();
        }
        // isolate doOptions
        boolean retry = true;
        while (retry) {
            try (final Tx tx = app.tx()) {
                result = resource.doOptions();
                tx.success();
                retry = false;
            } catch (RetryException ddex) {
                retry = true;
            }
        }
        // isolate write output
        try (final Tx tx = app.tx()) {
            result.commitResponse(gson.get(), response);
            tx.success();
        }
    } catch (FrameworkException frameworkException) {
        // set status & write JSON output
        response.setStatus(frameworkException.getStatus());
        gson.get().toJson(frameworkException, response.getWriter());
        response.getWriter().println();
    } catch (JsonSyntaxException jsex) {
        logger.warn("JsonSyntaxException in OPTIONS", jsex);
        int code = HttpServletResponse.SC_BAD_REQUEST;
        response.setStatus(code);
        response.getWriter().append(RestMethodResult.jsonError(code, "JsonSyntaxException in OPTIONS: " + jsex.getMessage()));
    } catch (JsonParseException jpex) {
        logger.warn("JsonParseException in OPTIONS", jpex);
        int code = HttpServletResponse.SC_BAD_REQUEST;
        response.setStatus(code);
        response.getWriter().append(RestMethodResult.jsonError(code, "JsonSyntaxException in OPTIONS: " + jpex.getMessage()));
    } catch (Throwable t) {
        logger.warn("Exception in OPTIONS", t);
        int code = HttpServletResponse.SC_INTERNAL_SERVER_ERROR;
        response.setStatus(code);
        response.getWriter().append(RestMethodResult.jsonError(code, "JsonSyntaxException in OPTIONS: " + t.getMessage()));
    } finally {
        try {
            // response.getWriter().flush();
            response.getWriter().close();
        } catch (Throwable t) {
            logger.warn("Unable to flush and close response: {}", t.getMessage());
        }
    }
}
Also used : App(org.structr.core.app.App) StructrApp(org.structr.core.app.StructrApp) JsonSyntaxException(com.google.gson.JsonSyntaxException) Tx(org.structr.core.graph.Tx) FrameworkException(org.structr.common.error.FrameworkException) SecurityContext(org.structr.common.SecurityContext) Resource(org.structr.rest.resource.Resource) StaticRelationshipResource(org.structr.rest.resource.StaticRelationshipResource) RetryException(org.structr.api.RetryException) JsonParseException(com.google.gson.JsonParseException) Authenticator(org.structr.core.auth.Authenticator) RestMethodResult(org.structr.rest.RestMethodResult)

Example 99 with SecurityContext

use of org.structr.common.SecurityContext in project structr by structr.

the class FindRelationshipFunction method apply.

@Override
public Object apply(final ActionContext ctx, final Object caller, final Object[] sources) throws FrameworkException {
    try {
        if (sources == null) {
            throw new IllegalArgumentException();
        }
        final SecurityContext securityContext = ctx.getSecurityContext();
        final ConfigurationProvider config = StructrApp.getConfiguration();
        final Query query = StructrApp.getInstance(securityContext).relationshipQuery().sort(GraphObject.createdDate).order(false);
        // the type to query for
        Class type = null;
        if (sources.length >= 1 && sources[0] != null) {
            final String typeString = sources[0].toString();
            type = config.getRelationshipEntityClass(typeString);
            if (type != null) {
                query.andTypes(type);
            } else {
                logger.warn("Error in find_relationship(): type \"{}\" not found.", typeString);
                return ERROR_MESSAGE_FIND_RELATIONSHIP_TYPE_NOT_FOUND + typeString;
            }
        }
        // exit gracefully instead of crashing..
        if (type == null) {
            logger.warn("Error in find_relationship(): no type specified. Parameters: {}", getParametersAsString(sources));
            return ERROR_MESSAGE_FIND_RELATIONSHIP_NO_TYPE_SPECIFIED;
        }
        // experimental: disable result count, prevents instantiation
        // of large collections just for counting all the objects..
        securityContext.ignoreResultCount(true);
        // extension for native javascript objects
        if (sources.length == 2 && sources[1] instanceof Map) {
            query.and(PropertyMap.inputTypeToJavaType(securityContext, type, (Map) sources[1]));
        } else if (sources.length == 2) {
            if (sources[1] == null) {
                throw new IllegalArgumentException();
            }
            // special case: second parameter is a UUID
            final PropertyKey key = StructrApp.key(type, "id");
            query.and(key, sources[1].toString());
            return query.getFirst();
        } else {
            final int parameter_count = sources.length;
            if (parameter_count % 2 == 0) {
                throw new FrameworkException(400, "Invalid number of parameters: " + parameter_count + ". Should be uneven: " + ERROR_MESSAGE_FIND_RELATIONSHIP);
            }
            for (int c = 1; c < parameter_count; c += 2) {
                if (sources[c] == null) {
                    throw new IllegalArgumentException();
                }
                final PropertyKey key = StructrApp.key(type, sources[c].toString());
                if (key != null) {
                    final PropertyConverter inputConverter = key.inputConverter(securityContext);
                    Object value = sources[c + 1];
                    if (inputConverter != null) {
                        value = inputConverter.convert(value);
                    }
                    query.and(key, value);
                }
            }
        }
        return query.getAsList();
    } catch (final IllegalArgumentException e) {
        logParameterError(caller, sources, ctx.isJavaScriptContext());
        return usage(ctx.isJavaScriptContext());
    }
}
Also used : Query(org.structr.core.app.Query) FrameworkException(org.structr.common.error.FrameworkException) ConfigurationProvider(org.structr.schema.ConfigurationProvider) SecurityContext(org.structr.common.SecurityContext) PropertyConverter(org.structr.core.converter.PropertyConverter) GraphObject(org.structr.core.GraphObject) PropertyMap(org.structr.core.property.PropertyMap) Map(java.util.Map) PropertyKey(org.structr.core.property.PropertyKey)

Example 100 with SecurityContext

use of org.structr.common.SecurityContext in project structr by structr.

the class GetOrNullFunction method apply.

@Override
public Object apply(final ActionContext ctx, final Object caller, final Object[] sources) throws FrameworkException {
    final SecurityContext securityContext = ctx.getSecurityContext();
    try {
        if (!arrayHasLengthAndAllElementsNotNull(sources, 2)) {
            return null;
        }
        GraphObject dataObject = null;
        if (sources[0] instanceof GraphObject) {
            dataObject = (GraphObject) sources[0];
        }
        if (sources[0] instanceof List) {
            final List list = (List) sources[0];
            if (list.size() == 1 && list.get(0) instanceof GraphObject) {
                dataObject = (GraphObject) list.get(0);
            }
        }
        if (dataObject != null) {
            final String keyName = sources[1].toString();
            final PropertyKey key = StructrApp.key(dataObject.getClass(), keyName);
            if (key != null) {
                final PropertyConverter inputConverter = key.inputConverter(securityContext);
                Object value = dataObject.getProperty(key);
                if (inputConverter != null) {
                    return inputConverter.revert(value);
                }
                return dataObject.getProperty(key);
            }
            return "";
        }
    } catch (final IllegalArgumentException e) {
        logParameterError(caller, sources, ctx.isJavaScriptContext());
        return usage(ctx.isJavaScriptContext());
    }
    return null;
}
Also used : SecurityContext(org.structr.common.SecurityContext) PropertyConverter(org.structr.core.converter.PropertyConverter) List(java.util.List) GraphObject(org.structr.core.GraphObject) GraphObject(org.structr.core.GraphObject) PropertyKey(org.structr.core.property.PropertyKey)

Aggregations

SecurityContext (org.structr.common.SecurityContext)131 FrameworkException (org.structr.common.error.FrameworkException)76 App (org.structr.core.app.App)56 StructrApp (org.structr.core.app.StructrApp)56 Tx (org.structr.core.graph.Tx)36 GraphObject (org.structr.core.GraphObject)35 PropertyKey (org.structr.core.property.PropertyKey)26 PropertyMap (org.structr.core.property.PropertyMap)26 AbstractNode (org.structr.core.entity.AbstractNode)19 IOException (java.io.IOException)18 Map (java.util.Map)17 File (org.structr.web.entity.File)14 LinkedList (java.util.LinkedList)13 DatabaseService (org.structr.api.DatabaseService)12 DOMNode (org.structr.web.entity.dom.DOMNode)12 Result (org.structr.core.Result)11 PropertyConverter (org.structr.core.converter.PropertyConverter)11 GraphObjectMap (org.structr.core.GraphObjectMap)10 Query (org.structr.core.app.Query)10 Principal (org.structr.core.entity.Principal)10