use of org.structr.common.SecurityContext in project structr by structr.
the class JsonRestServlet method doDelete.
// <editor-fold defaultstate="collapsed" desc="DELETE">
@Override
protected void doDelete(final HttpServletRequest request, final HttpServletResponse response) throws ServletException, IOException {
SecurityContext securityContext = null;
Authenticator authenticator = null;
RestMethodResult result = null;
Resource resource = null;
try {
assertInitialized();
// first thing to do!
request.setCharacterEncoding("UTF-8");
response.setCharacterEncoding("UTF-8");
response.setContentType("application/json; charset=utf-8");
// isolate request authentication in a transaction
try (final Tx tx = StructrApp.getInstance().tx()) {
authenticator = config.getAuthenticator();
securityContext = authenticator.initializeAndExamineRequest(request, response);
tx.success();
}
final App app = StructrApp.getInstance(securityContext);
// isolate resource authentication
try (final Tx tx = app.tx()) {
resource = ResourceHelper.optimizeNestedResourceChain(securityContext, request, resourceMap, propertyView);
authenticator.checkResourceAccess(securityContext, request, resource.getResourceSignature(), propertyView.get(securityContext));
tx.success();
}
// isolate doDelete
boolean retry = true;
while (retry) {
try {
result = resource.doDelete();
retry = false;
} catch (RetryException ddex) {
retry = true;
}
}
// isolate write output
try (final Tx tx = app.tx()) {
result.commitResponse(gson.get(), response);
tx.success();
}
} catch (FrameworkException frameworkException) {
// set status & write JSON output
response.setStatus(frameworkException.getStatus());
gson.get().toJson(frameworkException, response.getWriter());
response.getWriter().println();
} catch (JsonSyntaxException jsex) {
logger.warn("JsonSyntaxException in DELETE", jsex);
int code = HttpServletResponse.SC_BAD_REQUEST;
response.setStatus(code);
response.getWriter().append(RestMethodResult.jsonError(code, "JsonSyntaxException in DELETE: " + jsex.getMessage()));
} catch (JsonParseException jpex) {
logger.warn("JsonParseException in DELETE", jpex);
int code = HttpServletResponse.SC_BAD_REQUEST;
response.setStatus(code);
response.getWriter().append(RestMethodResult.jsonError(code, "JsonSyntaxException in DELETE: " + jpex.getMessage()));
} catch (Throwable t) {
logger.warn("Exception in DELETE", t);
int code = HttpServletResponse.SC_INTERNAL_SERVER_ERROR;
response.setStatus(code);
response.getWriter().append(RestMethodResult.jsonError(code, "JsonSyntaxException in DELETE: " + t.getMessage()));
} finally {
try {
// response.getWriter().flush();
response.getWriter().close();
} catch (IOException t) {
logger.warn("Unable to flush and close response: {}", t.getMessage());
}
}
}
use of org.structr.common.SecurityContext in project structr by structr.
the class JsonRestServlet method doPut.
// </editor-fold>
// <editor-fold defaultstate="collapsed" desc="PUT">
@Override
protected void doPut(final HttpServletRequest request, final HttpServletResponse response) throws ServletException, IOException {
final SecurityContext securityContext;
final Authenticator authenticator;
final Resource resource;
RestMethodResult result = new RestMethodResult(HttpServletResponse.SC_BAD_REQUEST);
try {
assertInitialized();
// first thing to do!
request.setCharacterEncoding("UTF-8");
response.setCharacterEncoding("UTF-8");
response.setContentType("application/json; charset=utf-8");
// get reader before initalizing security context
final String input = IOUtils.toString(request.getReader());
// isolate request authentication in a transaction
try (final Tx tx = StructrApp.getInstance().tx()) {
authenticator = config.getAuthenticator();
securityContext = authenticator.initializeAndExamineRequest(request, response);
tx.success();
}
final App app = StructrApp.getInstance(securityContext);
final IJsonInput jsonInput = cleanAndParseJsonString(app, input);
if (securityContext != null) {
// isolate resource authentication
try (final Tx tx = app.tx()) {
// evaluate constraint chain
resource = ResourceHelper.applyViewTransformation(request, securityContext, ResourceHelper.optimizeNestedResourceChain(securityContext, request, resourceMap, propertyView), propertyView);
authenticator.checkResourceAccess(securityContext, request, resource.getResourceSignature(), propertyView.get(securityContext));
tx.success();
}
// isolate doPut
boolean retry = true;
while (retry) {
try (final Tx tx = app.tx()) {
result = resource.doPut(convertPropertySetToMap(jsonInput.getJsonInputs().get(0)));
tx.success();
retry = false;
} catch (RetryException ddex) {
retry = true;
}
}
// isolate write output
try (final Tx tx = app.tx()) {
result.commitResponse(gson.get(), response);
tx.success();
}
} else {
// isolate write output
try (final Tx tx = app.tx()) {
result = new RestMethodResult(HttpServletResponse.SC_FORBIDDEN);
result.commitResponse(gson.get(), response);
tx.success();
}
}
} catch (FrameworkException frameworkException) {
// set status & write JSON output
response.setStatus(frameworkException.getStatus());
gson.get().toJson(frameworkException, response.getWriter());
response.getWriter().println();
} catch (JsonSyntaxException jsex) {
logger.warn("PUT: Invalid JSON syntax", jsex.getMessage());
int code = HttpServletResponse.SC_BAD_REQUEST;
response.setStatus(code);
response.getWriter().append(RestMethodResult.jsonError(code, "JsonSyntaxException in PUT: " + jsex.getMessage()));
} catch (JsonParseException jpex) {
logger.warn("PUT: Unable to parse JSON string", jpex.getMessage());
int code = HttpServletResponse.SC_BAD_REQUEST;
response.setStatus(code);
response.getWriter().append(RestMethodResult.jsonError(code, "JsonSyntaxException in PUT: " + jpex.getMessage()));
} catch (Throwable t) {
logger.warn("Exception in PUT", t);
logger.warn("", t);
int code = HttpServletResponse.SC_INTERNAL_SERVER_ERROR;
response.setStatus(code);
response.getWriter().append(RestMethodResult.jsonError(code, "JsonSyntaxException in PUT: " + t.getMessage()));
} finally {
try {
// response.getWriter().flush();
response.getWriter().close();
} catch (Throwable t) {
logger.warn("Unable to flush and close response: {}", t.getMessage());
}
}
}
use of org.structr.common.SecurityContext in project structr by structr.
the class JsonRestServlet method doOptions.
// <editor-fold defaultstate="collapsed" desc="OPTIONS">
@Override
protected void doOptions(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
final SecurityContext securityContext;
final Authenticator authenticator;
final Resource resource;
RestMethodResult result = new RestMethodResult(HttpServletResponse.SC_BAD_REQUEST);
try {
assertInitialized();
// first thing to do!
request.setCharacterEncoding("UTF-8");
response.setCharacterEncoding("UTF-8");
response.setContentType("application/json; charset=utf-8");
// isolate request authentication in a transaction
try (final Tx tx = StructrApp.getInstance().tx()) {
authenticator = config.getAuthenticator();
securityContext = authenticator.initializeAndExamineRequest(request, response);
tx.success();
}
final App app = StructrApp.getInstance(securityContext);
// isolate resource authentication
try (final Tx tx = app.tx()) {
resource = ResourceHelper.applyViewTransformation(request, securityContext, ResourceHelper.optimizeNestedResourceChain(securityContext, request, resourceMap, propertyView), propertyView);
authenticator.checkResourceAccess(securityContext, request, resource.getResourceSignature(), propertyView.get(securityContext));
tx.success();
}
// isolate doOptions
boolean retry = true;
while (retry) {
try (final Tx tx = app.tx()) {
result = resource.doOptions();
tx.success();
retry = false;
} catch (RetryException ddex) {
retry = true;
}
}
// isolate write output
try (final Tx tx = app.tx()) {
result.commitResponse(gson.get(), response);
tx.success();
}
} catch (FrameworkException frameworkException) {
// set status & write JSON output
response.setStatus(frameworkException.getStatus());
gson.get().toJson(frameworkException, response.getWriter());
response.getWriter().println();
} catch (JsonSyntaxException jsex) {
logger.warn("JsonSyntaxException in OPTIONS", jsex);
int code = HttpServletResponse.SC_BAD_REQUEST;
response.setStatus(code);
response.getWriter().append(RestMethodResult.jsonError(code, "JsonSyntaxException in OPTIONS: " + jsex.getMessage()));
} catch (JsonParseException jpex) {
logger.warn("JsonParseException in OPTIONS", jpex);
int code = HttpServletResponse.SC_BAD_REQUEST;
response.setStatus(code);
response.getWriter().append(RestMethodResult.jsonError(code, "JsonSyntaxException in OPTIONS: " + jpex.getMessage()));
} catch (Throwable t) {
logger.warn("Exception in OPTIONS", t);
int code = HttpServletResponse.SC_INTERNAL_SERVER_ERROR;
response.setStatus(code);
response.getWriter().append(RestMethodResult.jsonError(code, "JsonSyntaxException in OPTIONS: " + t.getMessage()));
} finally {
try {
// response.getWriter().flush();
response.getWriter().close();
} catch (Throwable t) {
logger.warn("Unable to flush and close response: {}", t.getMessage());
}
}
}
use of org.structr.common.SecurityContext in project structr by structr.
the class FindRelationshipFunction method apply.
@Override
public Object apply(final ActionContext ctx, final Object caller, final Object[] sources) throws FrameworkException {
try {
if (sources == null) {
throw new IllegalArgumentException();
}
final SecurityContext securityContext = ctx.getSecurityContext();
final ConfigurationProvider config = StructrApp.getConfiguration();
final Query query = StructrApp.getInstance(securityContext).relationshipQuery().sort(GraphObject.createdDate).order(false);
// the type to query for
Class type = null;
if (sources.length >= 1 && sources[0] != null) {
final String typeString = sources[0].toString();
type = config.getRelationshipEntityClass(typeString);
if (type != null) {
query.andTypes(type);
} else {
logger.warn("Error in find_relationship(): type \"{}\" not found.", typeString);
return ERROR_MESSAGE_FIND_RELATIONSHIP_TYPE_NOT_FOUND + typeString;
}
}
// exit gracefully instead of crashing..
if (type == null) {
logger.warn("Error in find_relationship(): no type specified. Parameters: {}", getParametersAsString(sources));
return ERROR_MESSAGE_FIND_RELATIONSHIP_NO_TYPE_SPECIFIED;
}
// experimental: disable result count, prevents instantiation
// of large collections just for counting all the objects..
securityContext.ignoreResultCount(true);
// extension for native javascript objects
if (sources.length == 2 && sources[1] instanceof Map) {
query.and(PropertyMap.inputTypeToJavaType(securityContext, type, (Map) sources[1]));
} else if (sources.length == 2) {
if (sources[1] == null) {
throw new IllegalArgumentException();
}
// special case: second parameter is a UUID
final PropertyKey key = StructrApp.key(type, "id");
query.and(key, sources[1].toString());
return query.getFirst();
} else {
final int parameter_count = sources.length;
if (parameter_count % 2 == 0) {
throw new FrameworkException(400, "Invalid number of parameters: " + parameter_count + ". Should be uneven: " + ERROR_MESSAGE_FIND_RELATIONSHIP);
}
for (int c = 1; c < parameter_count; c += 2) {
if (sources[c] == null) {
throw new IllegalArgumentException();
}
final PropertyKey key = StructrApp.key(type, sources[c].toString());
if (key != null) {
final PropertyConverter inputConverter = key.inputConverter(securityContext);
Object value = sources[c + 1];
if (inputConverter != null) {
value = inputConverter.convert(value);
}
query.and(key, value);
}
}
}
return query.getAsList();
} catch (final IllegalArgumentException e) {
logParameterError(caller, sources, ctx.isJavaScriptContext());
return usage(ctx.isJavaScriptContext());
}
}
use of org.structr.common.SecurityContext in project structr by structr.
the class GetOrNullFunction method apply.
@Override
public Object apply(final ActionContext ctx, final Object caller, final Object[] sources) throws FrameworkException {
final SecurityContext securityContext = ctx.getSecurityContext();
try {
if (!arrayHasLengthAndAllElementsNotNull(sources, 2)) {
return null;
}
GraphObject dataObject = null;
if (sources[0] instanceof GraphObject) {
dataObject = (GraphObject) sources[0];
}
if (sources[0] instanceof List) {
final List list = (List) sources[0];
if (list.size() == 1 && list.get(0) instanceof GraphObject) {
dataObject = (GraphObject) list.get(0);
}
}
if (dataObject != null) {
final String keyName = sources[1].toString();
final PropertyKey key = StructrApp.key(dataObject.getClass(), keyName);
if (key != null) {
final PropertyConverter inputConverter = key.inputConverter(securityContext);
Object value = dataObject.getProperty(key);
if (inputConverter != null) {
return inputConverter.revert(value);
}
return dataObject.getProperty(key);
}
return "";
}
} catch (final IllegalArgumentException e) {
logParameterError(caller, sources, ctx.isJavaScriptContext());
return usage(ctx.isJavaScriptContext());
}
return null;
}
Aggregations