Examples with SecurityContext org.structr.common.SecurityContext used on opensource projects

Example 21 with SecurityContext

use of org.structr.common.SecurityContext in project structr by structr.

the class Template method renderContent.

/*
	public static final org.structr.common.View uiView                                   = new org.structr.common.View(Content.class, PropertyView.Ui,
		children, childrenIds, content, contentType, parent, pageId, hideOnDetail, hideOnIndex, sharedComponent, syncedNodes, dataKey, restQuery, cypherQuery, xpathQuery, functionQuery,
		showForLocales, hideForLocales, showConditions, hideConditions, isContent
	);

	public static final org.structr.common.View publicView                               = new org.structr.common.View(Content.class, PropertyView.Public,
		children, childrenIds, content, contentType, parent, pageId, hideOnDetail, hideOnIndex, sharedComponent, syncedNodes, dataKey, restQuery, cypherQuery, xpathQuery, functionQuery,
		showForLocales, hideForLocales, showConditions, hideConditions, isContent
	);
	*/
public static void renderContent(final Template thisTemplate, final RenderContext renderContext, final int depth) throws FrameworkException {
    final SecurityContext securityContext = thisTemplate.getSecurityContext();
    final EditMode editMode = renderContext.getEditMode(securityContext.getUser(false));
    if (EditMode.DEPLOYMENT.equals(editMode)) {
        final DOMNode _syncedNode = thisTemplate.getSharedComponent();
        final AsyncBuffer out = renderContext.getBuffer();
        if (depth > 0) {
            out.append(DOMNode.indent(depth, renderContext));
        }
        DOMNode.renderDeploymentExportComments(thisTemplate, out, true);
        out.append("<structr:template src=\"");
        if (_syncedNode != null) {
            // use name of synced node
            final String _name = _syncedNode.getProperty(AbstractNode.name);
            out.append(_name != null ? _name.concat("-").concat(_syncedNode.getUuid()) : _syncedNode.getUuid());
        } else {
            // use name of local template
            final String _name = thisTemplate.getProperty(AbstractNode.name);
            out.append(_name != null ? _name.concat("-").concat(thisTemplate.getUuid()) : thisTemplate.getUuid());
        }
        out.append("\"");
        DOMNode.renderSharedComponentConfiguration(thisTemplate, out, editMode);
        // include custom attributes in templates as well!
        DOMNode.renderCustomAttributes(thisTemplate, out, securityContext, renderContext);
        out.append(">");
        // fetch children
        final List<RelationshipInterface> rels = thisTemplate.getChildRelationships();
        if (rels.isEmpty()) {
            // No child relationships, maybe this node is in sync with another node
            if (_syncedNode != null) {
                rels.addAll(_syncedNode.getChildRelationships());
            }
        }
        for (final RelationshipInterface rel : rels) {
            final DOMNode subNode = (DOMNode) rel.getTargetNode();
            subNode.render(renderContext, depth + 1);
        }
        out.append(DOMNode.indent(depth, renderContext));
        out.append("</structr:template>");
        out.append(DOMNode.indent(depth - 1, renderContext));
    } else {
        // "super" call using static method..
        Content.renderContent(thisTemplate, renderContext, depth);
    }
}

Example 22 with SecurityContext

use of org.structr.common.SecurityContext in project structr by structr.

the class AnalyzeSourceTreeFunction method apply.

@Override
public Object apply(final ActionContext ctx, final Object caller, final Object[] sources) throws FrameworkException {
    try {
        if (!(arrayHasLengthAndAllElementsNotNull(sources, 1) && sources[0] instanceof String)) {
            return null;
        }
        final SecurityContext securityContext = ctx.getSecurityContext();
        final App app = StructrApp.getInstance(securityContext);
        new JavaParserModule().analyzeSourceTree(app.nodeQuery(Folder.class).and(StructrApp.key(Folder.class, "path"), (String) sources[0]).getFirst());
    } catch (final IllegalArgumentException e) {
        logParameterError(caller, sources, ctx.isJavaScriptContext());
        return usage(ctx.isJavaScriptContext());
    }
    return "";
}

Example 23 with SecurityContext

use of org.structr.common.SecurityContext in project structr by structr.

the class StructrCMISServicesFactory method checkAuthentication.

// ----- private methods -----
private SecurityContext checkAuthentication(final CallContext callContext) {
    final App app = StructrApp.getInstance();
    try (final Tx tx = app.tx()) {
        final String username = callContext.getUsername();
        final String password = callContext.getPassword();
        final Principal principal = AuthHelper.getPrincipalForPassword(Principal.name, username, password);
        SecurityContext securityContext = null;
        if (principal != null) {
            if (principal instanceof SuperUser) {
                securityContext = SecurityContext.getSuperUserInstance();
            } else {
                securityContext = SecurityContext.getInstance(principal, AccessMode.Backend);
            }
        }
        tx.success();
        if (securityContext != null) {
            return securityContext;
        }
    } catch (AuthenticationException aex) {
        throw new CmisUnauthorizedException(aex.getMessage());
    } catch (FrameworkException fex) {
        logger.warn("", fex);
    }
    throw new CmisUnauthorizedException();
}

Example 24 with SecurityContext

use of org.structr.common.SecurityContext in project structr by structr.

the class UiAuthenticator method initializeAndExamineRequest.

/**
 * Examine request and try to find a user.
 *
 * First, check session id, then try external (OAuth) authentication,
 * finally, check standard login by credentials.
 *
 * @param request
 * @param response
 * @return security context
 * @throws FrameworkException
 */
@Override
public SecurityContext initializeAndExamineRequest(final HttpServletRequest request, final HttpServletResponse response) throws FrameworkException {
    Principal user = SessionHelper.checkSessionAuthentication(request);
    SecurityContext securityContext;
    if (user == null) {
        user = checkExternalAuthentication(request, response);
    }
    if (user == null) {
        user = getUser(request, true);
    }
    if (user == null) {
        // If no user could be determined, assume frontend access
        securityContext = SecurityContext.getInstance(user, request, AccessMode.Frontend);
    } else {
        if (user instanceof SuperUser) {
            securityContext = SecurityContext.getSuperUserInstance(request);
        } else {
            securityContext = SecurityContext.getInstance(user, request, AccessMode.Backend);
        }
    }
    securityContext.setAuthenticator(this);
    // Check CORS settings (Cross-origin resource sharing, see http://en.wikipedia.org/wiki/Cross-origin_resource_sharing)
    final String origin = request.getHeader("Origin");
    if (!StringUtils.isBlank(origin)) {
        response.setHeader("Access-Control-Allow-Origin", origin);
        // allow cross site resource sharing (read only)
        final String maxAge = Settings.AccessControlMaxAge.getValue();
        if (StringUtils.isNotBlank(maxAge)) {
            response.setHeader("Access-Control-MaxAge", maxAge);
        }
        final String allowMethods = Settings.AccessControlAllowMethods.getValue();
        if (StringUtils.isNotBlank(allowMethods)) {
            response.setHeader("Access-Control-Allow-Methods", allowMethods);
        }
        final String allowHeaders = Settings.AccessControlAllowHeaders.getValue();
        if (StringUtils.isNotBlank(allowHeaders)) {
            response.setHeader("Access-Control-Allow-Headers", allowHeaders);
        }
        final String allowCredentials = Settings.AccessControlAllowCredentials.getValue();
        if (StringUtils.isNotBlank(allowCredentials)) {
            response.setHeader("Access-Control-Allow-Credentials", allowCredentials);
        }
        final String exposeHeaders = Settings.AccessControlExposeHeaders.getValue();
        if (StringUtils.isNotBlank(exposeHeaders)) {
            response.setHeader("Access-Control-Expose-Headers", exposeHeaders);
        }
    }
    examined = true;
    // store a reference of the response object in SecurityContext
    // to be able to stream data directly from builtin functions
    securityContext.setResponse(response);
    // expose Structr edition
    response.setHeader("X-Structr-Edition", Services.getInstance().getEdition());
    return securityContext;
}

Example 25 with SecurityContext

use of org.structr.common.SecurityContext in project structr by structr.

the class File method onModification.

static void onModification(final File thisFile, final SecurityContext securityContext, final ErrorBuffer errorBuffer, final ModificationQueue modificationQueue) throws FrameworkException {
    synchronized (thisFile) {
        // save current security context
        final SecurityContext previousSecurityContext = securityContext;
        // replace with SU context
        thisFile.setSecurityContext(SecurityContext.getSuperUserInstance());
        // update metadata and parent as superuser
        FileHelper.updateMetadata(thisFile, false);
        // restore previous security context
        thisFile.setSecurityContext(previousSecurityContext);
    }
    thisFile.triggerMinificationIfNeeded(modificationQueue);
}