Example 36 with SecurityContext
use of org.structr.common.SecurityContext in project structr by structr.
the class CallPrivilegedFunction method getSecurityContext.
@Override
public SecurityContext getSecurityContext(final ActionContext ctx) {
final SecurityContext superuserSecurityContext = SecurityContext.getSuperUserInstance();
superuserSecurityContext.setContextStore(ctx.getContextStore());
return superuserSecurityContext;
}
Also used :
SecurityContext(org.structr.common.SecurityContext)
Example 37 with SecurityContext
use of org.structr.common.SecurityContext in project structr by structr.
the class OWLParserv2 method parse.
public void parse(final String fileName, final String blobsDirectory) {
boolean success = true;
try (final App app = StructrApp.getInstance()) {
final Document doc = DocumentBuilderFactory.newInstance().newDocumentBuilder().parse(new java.io.File(fileName));
System.out.println("Parsing XML document..");
logger.println("Parsing XML document..");
// parse XML document
parseDocument(doc.getDocumentElement(), 0);
System.out.println("Filtering unwanted classes..");
logger.println("Filtering unwanted classes..");
// filter unwanted objects by their IDs
filter(owlClassesByURI.values());
filter(owlPropertiesByURI.values());
if (importSchema) {
// initialize class hierarchies
System.out.println("Resolving " + owlClassesByURI.size() + " OWL superclasses..");
logger.println("Resolving " + owlClassesByURI.size() + " OWL superclasses..");
for (final OWLClass owlClass : owlClassesByURI.values()) {
owlClass.resolveSuperclasses(owlClassesByURI);
}
for (final OWLClass owlClass : owlClassesByURI.values()) {
owlClass.resolveRelatedTypes(owlClassesByURI);
}
for (final OWLClass owlClass : owlClassesByURI.values()) {
owlClass.resolveRelationshipTypes(owlClassesByURI);
}
// initialize classes with datatype properties
System.out.println("Resolving " + owlPropertiesByURI.size() + " datatype properties..");
logger.println("Resolving " + owlPropertiesByURI.size() + " datatype properties..");
for (final OWLProperty owlProperty : owlPropertiesByURI.values()) {
owlProperty.resolveSuperclasses(owlPropertiesByURI);
owlProperty.resolveClassProperties(owlClassesByURI);
}
final JsonSchema schema = StructrSchema.newInstance(URI.create("http://localhost/test/#"));
// create common base class
final JsonType baseType = schema.addType("BaseNode");
final JsonType nameType = schema.addType("LocalizedName");
nameType.addStringProperty("locale").setIndexed(true);
nameType.addStringProperty("name").setIndexed(true);
baseType.addStringProperty("originId").setIndexed(true);
baseType.addDateProperty("createdAt").setIndexed(true);
baseType.addDateProperty("modifiedAt").setIndexed(true);
baseType.addFunctionProperty("isFallbackLang", "ui").setContentType("application/x-structr-script").setReadFunction("(empty(get_or_null(first(filter(this.names, equal(data.locale, substring(locale, 0, 2)))), 'name')))").setIndexed(true);
baseType.addFunctionProperty("localizedName", "ui").setContentType("application/x-structr-script").setReadFunction("(if (equal('zh', substring(locale, 0, 2)),(if (empty(first(filter(this.names, equal(data.locale, 'zh')))),if (empty(first(filter(this.names, equal(data.locale, 'en')))),get_or_null(first(filter(this.names, equal(data.locale, 'de'))), 'name'),get(first(filter(this.names, equal(data.locale, 'en'))), 'name')),get(first(filter(this.names, equal(data.locale, 'zh'))), 'name'))),if (equal('de', substring(locale, 0, 2)),(if (empty(first(filter(this.names, equal(data.locale, 'de')))),if (empty(first(filter(this.names, equal(data.locale, 'en')))),get_or_null(first(filter(this.names, equal(data.locale, 'zh'))), 'name'),get(first(filter(this.names, equal(data.locale, 'en'))), 'name')),get(first(filter(this.names, equal(data.locale, 'de'))), 'name'))),(if (empty(first(filter(this.names, equal(data.locale, 'en')))),if (empty(first(filter(this.names, equal(data.locale, 'de')))),get_or_null(first(filter(this.names, equal(data.locale, 'zh'))), 'name'),get(first(filter(this.names, equal(data.locale, 'de'))), 'name')),get(first(filter(this.names, equal(data.locale, 'en'))), 'name'))))))").setIndexed(true);
baseType.addFunctionProperty("nameDE", "ui").setContentType("application/x-structr-script").setReadFunction("get_or_null(first(filter(this.names, equal(data.locale, 'de'))), 'name')").setWriteFunction("(store('node', first(filter(this.names, equal(data.locale, 'de')))),if (empty(retrieve('node')),set(this, 'names', merge(this.names, create('LocalizedName', 'locale', 'de', 'name', value))),(if (empty(value),delete(retrieve('node')),set(retrieve('node'), 'name', value)))))").setIndexed(true);
baseType.addFunctionProperty("nameEN", "ui").setContentType("application/x-structr-script").setReadFunction("get_or_null(first(filter(this.names, equal(data.locale, 'en'))), 'name')").setWriteFunction("(store('node', first(filter(this.names, equal(data.locale, 'en')))),if (empty(retrieve('node')),set(this, 'names', merge(this.names, create('LocalizedName', 'locale', 'en', 'name', value))),(if (empty(value),delete(retrieve('node')),set(retrieve('node'), 'name', value)))))").setIndexed(true);
baseType.addFunctionProperty("nameZH", "ui").setContentType("application/x-structr-script").setReadFunction("get_or_null(first(filter(this.names, equal(data.locale, 'zh'))), 'name')").setWriteFunction("(store('node', first(filter(this.names, equal(data.locale, 'zh')))),if (empty(retrieve('node')),set(this, 'names', merge(this.names, create('LocalizedName', 'locale', 'zh', 'name', value))),(if (empty(value),delete(retrieve('node')),set(retrieve('node'), 'name', value)))))").setIndexed(true);
final JsonReferenceType names = ((JsonObjectType) baseType).relate((JsonObjectType) nameType, "HasName", Cardinality.OneToMany);
names.setSourcePropertyName("isNameOf");
names.setTargetPropertyName("names");
final JsonReferenceType extensions = ((JsonObjectType) baseType).relate((JsonObjectType) baseType, "ExtendedBy", Cardinality.ManyToMany);
extensions.setSourcePropertyName("extends");
extensions.setTargetPropertyName("extendedBy");
baseType.addStringProperty("name").setIndexed(true);
System.out.println("Creating schema..");
logger.println("Creating schema..");
try (final Tx tx = StructrApp.getInstance().tx()) {
for (final OWLClass owlClass : owlClassesByURI.values()) {
final String name = owlClass.getStructrName(true);
if (name != null && schema.getType(name) == null && owlClass.isPrimary()) {
logger.println("Creating type " + name + "..");
schema.addType(name);
}
}
StructrSchema.replaceDatabaseSchema(app, schema);
tx.success();
} catch (FrameworkException fex) {
System.out.println(fex.getErrorBuffer().getErrorTokens());
}
// resolve inheritance
System.out.println("Resolving class inheritance..");
logger.println("Resolving class inheritance..");
try (final Tx tx = StructrApp.getInstance().tx()) {
for (final OWLClass owlClass : owlClassesByURI.values()) {
final String name = owlClass.getStructrName(true);
final JsonType type = schema.getType(name);
final OWLClass superclass = owlClass.getSuperclass();
// type can be null if it is inverseOf another type
if (type != null) {
if (superclass != null) {
final JsonType superType = schema.getType(superclass.getStructrName(true));
if (superType != null) {
type.setExtends(superType);
} else {
type.setExtends(baseType);
}
} else {
type.setExtends(baseType);
}
for (final Name localizedName : owlClass.getNames()) {
app.create(Localization.class, new NodeAttribute(StructrApp.key(Localization.class, "name"), name), new NodeAttribute(StructrApp.key(Localization.class, "localizedName"), localizedName.name), new NodeAttribute(StructrApp.key(Localization.class, "locale"), localizedName.lang));
}
}
}
StructrSchema.replaceDatabaseSchema(app, schema);
tx.success();
} catch (FrameworkException fex) {
System.out.println(fex.getErrorBuffer().getErrorTokens());
}
// resolve relationship types
System.out.println("Resolving relationship types..");
logger.println("Resolving relationship types..");
try (final Tx tx = StructrApp.getInstance().tx()) {
for (final OWLClass possibleOutgoingRelationshipType : owlClassesByURI.values()) {
final OWLClass possibleIncomingRelationshipType = possibleOutgoingRelationshipType.getInverse();
if (possibleOutgoingRelationshipType.isPrimary() && possibleIncomingRelationshipType != null) {
// this is a relationship
final List<OWLClass> sourceTypes = possibleOutgoingRelationshipType.getActualSourceTypes();
final List<OWLClass> targetTypes = possibleOutgoingRelationshipType.getActualTargetTypes();
for (final OWLClass sourceType : sourceTypes) {
for (final OWLClass targetType : targetTypes) {
final String sourceName = possibleOutgoingRelationshipType.getStructrName(false);
final String targetName = possibleIncomingRelationshipType.getStructrName(false);
final String sourceTypeName = sourceType.getStructrName(true);
final String targetTypeName = targetType.getStructrName(true);
final JsonType sourceJsonType = schema.getType(sourceTypeName);
final JsonType targetJsonType = schema.getType(targetTypeName);
if (sourceJsonType != null && targetJsonType != null) {
final String relationshipTypeName = possibleOutgoingRelationshipType.getStructrName(true);
final JsonObjectType relType = schema.addType(relationshipTypeName);
final JsonObjectType srcType = (JsonObjectType) sourceJsonType;
final JsonObjectType tgtType = (JsonObjectType) targetJsonType;
srcType.relate(relType, sourceName, Cardinality.OneToMany, sourceType.getStructrName(false), sourceName);
relType.relate(tgtType, targetName, Cardinality.ManyToOne, targetName, targetType.getStructrName(false));
possibleOutgoingRelationshipType.setIsRelationship(true);
}
}
}
}
}
StructrSchema.replaceDatabaseSchema(app, schema);
tx.success();
} catch (FrameworkException fex) {
System.out.println(fex.getErrorBuffer().getErrorTokens());
}
System.out.println("Adding properties to types");
logger.println("Adding properties to types");
try (final Tx tx = StructrApp.getInstance().tx()) {
for (final OWLClass owlClass : owlClassesByURI.values()) {
final String typeName = owlClass.getStructrName(true);
JsonType type = schema.getType(typeName);
// type not found, try to set property on inverse type
if (type == null) {
final OWLClass inverse = owlClass.getInverse();
if (inverse != null) {
type = schema.getType(inverse.getStructrName(true));
}
}
if (type != null) {
for (final OWLProperty prop : owlClass.getAllProperties()) {
addProperty(type, prop, prop.getStructrName(false));
}
} else {
System.out.println("Class: no type found for " + owlClass.getId());
}
}
StructrSchema.replaceDatabaseSchema(app, schema);
tx.success();
}
System.out.println("Adding metdata to node types");
logger.println("Adding metdata to node types");
try (final Tx tx = StructrApp.getInstance().tx()) {
for (final OWLClass owlClass : owlClassesByURI.values()) {
final String name = owlClass.getStructrName(true);
final SchemaNode schemaNode = app.nodeQuery(SchemaNode.class).andName(name).getFirst();
String icon = owlClass.getIcon();
if (schemaNode != null) {
// part after the second dash
if (icon != null && icon.contains("-")) {
// start with
final int pos = icon.indexOf("-", 7);
if (pos > -1) {
icon = icon.substring(pos + 1);
}
}
schemaNode.setProperty(SchemaNode.icon, icon);
}
}
tx.success();
} catch (FrameworkException fex) {
System.out.println(fex.getErrorBuffer().getErrorTokens());
}
// create instances
System.out.println("Resolving instances..");
logger.println("Resolving instances..");
final Iterator<OWLInstance> instancesIterator = owlInstances.values().iterator();
final List<OWLInstance> newInstances = new LinkedList<>();
int count = 0;
while (instancesIterator.hasNext()) {
try (final Tx tx = StructrApp.getInstance().tx()) {
while (instancesIterator.hasNext()) {
final OWLInstance instance = instancesIterator.next();
final OWLClass owlType = instance.getType();
if (owlType != null) {
instance.createDatabaseNode(app);
instance.resolveProperties();
instance.resolveExtensions(app, owlClassesByFragment, owlInstances, newInstances);
}
if (++count == 100) {
count = 0;
break;
}
}
tx.success();
}
}
// add newly created extension instances to global map
for (final OWLInstance newInstance : newInstances) {
owlInstances.put(newInstance.getId(), newInstance);
}
System.out.println("Resolving instance relationships..");
logger.println("Resolving instance relationships..");
final Iterator<OWLInstance> relationshipsIterator = owlInstances.values().iterator();
count = 0;
while (relationshipsIterator.hasNext()) {
try (final Tx tx = StructrApp.getInstance().tx()) {
while (relationshipsIterator.hasNext()) {
final OWLInstance instance = relationshipsIterator.next();
final OWLClass owlType = instance.getType();
if (owlType != null) {
instance.resolveRelationships(schema, owlClassesByFragment, owlInstances, rdfDescriptions, owlPropertiesByName);
}
if (++count == 100) {
count = 0;
break;
}
}
tx.success();
}
}
}
final java.io.File blobs = new java.io.File(blobsDirectory);
if (blobs.exists()) {
final ConfigurationProvider config = StructrApp.getConfiguration();
final List<Tuple<Class, PropertyKey>> mapping = createPropertyKeyMapping(config);
final Set<Path> files = new LinkedHashSet<>();
int count = 0;
// collect all files
Files.walkFileTree(blobs.toPath(), new Visitor(files));
if (createFileRelationships) {
System.out.println("Resolving file relationships..");
logger.println("Resolving file relationships..");
// iterate over files to identify relationships and extend schema
final Iterator<Path> pathIteratorForSchemaExtension = files.iterator();
try (final Tx tx = StructrApp.getInstance().tx()) {
while (pathIteratorForSchemaExtension.hasNext()) {
final Path file = pathIteratorForSchemaExtension.next();
final String name = file.getFileName().toString();
final int pos = name.indexOf(".", 7);
final String idPart = name.substring(6, pos == -1 ? name.length() : pos);
if (name.startsWith("KBlob-") && name.length() > 23) {
for (final Tuple<Class, PropertyKey> entry : mapping) {
final Class type = entry.getKey();
final PropertyKey key = entry.getValue();
Object value = idPart;
if (key instanceof ArrayProperty) {
value = new String[] { idPart };
}
final Query<NodeInterface> query = app.nodeQuery().andType(type).and(key, value, false);
final List<NodeInterface> nodes = query.getAsList();
if (nodes.size() == 1) {
System.out.println(" ##########: " + nodes.size() + " results..");
// create schema relationship from schema type to file (once)
// import file
// link file
final SchemaNode schemaNode = app.nodeQuery(SchemaNode.class).andName(type.getSimpleName()).getFirst();
if (schemaNode != null) {
System.out.println(" ##########: found SchemaNode " + schemaNode.getUuid() + " (" + schemaNode.getName() + ")");
final SchemaNode fileSchemaNode = app.nodeQuery(SchemaNode.class).andName(File.class.getSimpleName()).getFirst();
if (fileSchemaNode != null) {
final String capitalJsonName = StringUtils.capitalize(key.jsonName());
final String targetJsonName = "has" + capitalJsonName;
final String sourceJsonName = "is" + capitalJsonName + "Of" + type.getSimpleName();
final SchemaRelationshipNode link = app.nodeQuery(SchemaRelationshipNode.class).and(SchemaRelationshipNode.sourceNode, schemaNode).and(SchemaRelationshipNode.targetNode, fileSchemaNode).and(SchemaRelationshipNode.relationshipType, key.jsonName()).getFirst();
if (link == null) {
System.out.println("Creating link from " + schemaNode + " to " + fileSchemaNode + ", " + sourceJsonName + ", " + targetJsonName);
app.create(SchemaRelationshipNode.class, new NodeAttribute(SchemaRelationshipNode.sourceNode, schemaNode), new NodeAttribute(SchemaRelationshipNode.targetNode, fileSchemaNode), new NodeAttribute(SchemaRelationshipNode.relationshipType, key.jsonName()), new NodeAttribute(SchemaRelationshipNode.sourceMultiplicity, "1"), new NodeAttribute(SchemaRelationshipNode.targetMultiplicity, key instanceof ArrayProperty ? "*" : "1"), new NodeAttribute(SchemaRelationshipNode.sourceJsonName, sourceJsonName), new NodeAttribute(SchemaRelationshipNode.targetJsonName, targetJsonName));
} else {
System.out.println("Link relationship already exists: " + link);
}
} else {
System.out.println("NO SchemaNode found for type File!");
}
} else {
System.out.println("NO SchemaNode found for type " + type.getSimpleName() + "!");
}
// no need to search further
// break;
}
}
}
}
tx.success();
}
}
if (importFiles) {
System.out.println("Importing files..");
logger.println("Importing files..");
final SecurityContext superUserSecurityContext = SecurityContext.getSuperUserInstance();
final Iterator<Path> pathIteratorForRelationshipCreation = files.iterator();
while (pathIteratorForRelationshipCreation.hasNext()) {
try (final Tx tx = StructrApp.getInstance().tx()) {
while (pathIteratorForRelationshipCreation.hasNext()) {
final Path file = pathIteratorForRelationshipCreation.next();
final String name = file.getFileName().toString();
final int pos = name.indexOf(".", 7);
final String idPart = name.substring(6, pos == -1 ? name.length() : pos);
boolean found = false;
if (name.startsWith("KBlob-") && name.length() > 23) {
for (final Tuple<Class, PropertyKey> entry : mapping) {
final Class type = entry.getKey();
final PropertyKey key = entry.getValue();
final boolean isMultiple = (key instanceof ArrayProperty);
Object value = idPart;
if (isMultiple) {
value = new String[] { idPart };
}
final Query<NodeInterface> query = app.nodeQuery().andType(type).and(key, value, false);
final List<NodeInterface> nodes = query.getAsList();
if (nodes.size() == 1) {
final String capitalJsonName = StringUtils.capitalize(key.jsonName());
final String targetJsonName = "has" + capitalJsonName;
final NodeInterface node = nodes.get(0);
final PropertyKey fileRelationshipKey = StructrApp.key(type, targetJsonName);
if (fileRelationshipKey != null) {
try (final InputStream is = new FileInputStream(file.toFile())) {
// import file..
final Class fileType = ImageHelper.isImageType(name) ? Image.class : File.class;
if (isMultiple) {
final String[] possibleNames = (String[]) node.getProperty(key);
String actualName = name;
for (final String possibleName : possibleNames) {
if (possibleName.startsWith(name)) {
actualName = possibleName.substring(name.length() + 1);
break;
}
}
logger.println(" Importing " + name + " => " + actualName);
final File importedFile = FileHelper.createFile(superUserSecurityContext, is, null, fileType, actualName);
final List<File> fileList = (List<File>) node.getProperty(fileRelationshipKey);
fileList.add(importedFile);
node.setProperty(fileRelationshipKey, fileList);
} else {
final String possibleName = (String) node.getProperty(key);
String actualName = name;
if (possibleName != null) {
actualName = possibleName.substring(name.length() + 1);
}
logger.println(" Importing " + name + " => " + actualName);
final File importedFile = FileHelper.createFile(superUserSecurityContext, is, null, fileType, actualName);
node.setProperty(fileRelationshipKey, importedFile);
}
} catch (Throwable t) {
t.printStackTrace();
}
} else {
System.out.println("############################# INVALID KEY " + type.getSimpleName() + "." + targetJsonName + ", not found??!");
logger.println("############################# INVALID KEY " + type.getSimpleName() + "." + targetJsonName + ", not found??!");
}
found = true;
// no need to search further
break;
}
}
}
if (!found) {
System.out.println("Found NO document for file " + name + ", importing without association");
logger.println("Found NO document for file " + name + ", importing without association");
try (final InputStream is = new FileInputStream(file.toFile())) {
// import file..
final Class fileType = ImageHelper.isImageType(name) ? Image.class : File.class;
FileHelper.createFile(superUserSecurityContext, is, null, fileType, name);
} catch (Throwable t) {
t.printStackTrace();
}
}
if (++count == 100) {
count = 0;
break;
}
}
tx.success();
}
}
}
}
} catch (Throwable t) {
t.printStackTrace();
success = false;
}
if (success) {
System.out.println("Import successful");
logger.println("Import successful");
}
logger.flush();
logger.close();
}
Also used :
App(org.structr.core.app.App)
StructrApp(org.structr.core.app.StructrApp)
LinkedHashSet(java.util.LinkedHashSet)
JsonSchema(org.structr.schema.json.JsonSchema)
Document(org.w3c.dom.Document)
SchemaRelationshipNode(org.structr.core.entity.SchemaRelationshipNode)
List(java.util.List)
LinkedList(java.util.LinkedList)
NodeInterface(org.structr.core.graph.NodeInterface)
ArrayProperty(org.structr.core.property.ArrayProperty)
Tx(org.structr.core.graph.Tx)
LinkedList(java.util.LinkedList)
FileInputStream(java.io.FileInputStream)
File(org.structr.web.entity.File)
JsonType(org.structr.schema.json.JsonType)
FileVisitor(java.nio.file.FileVisitor)
ConfigurationProvider(org.structr.schema.ConfigurationProvider)
Path(java.nio.file.Path)
JsonReferenceType(org.structr.schema.json.JsonReferenceType)
NodeAttribute(org.structr.core.graph.NodeAttribute)
FrameworkException(org.structr.common.error.FrameworkException)
FileInputStream(java.io.FileInputStream)
InputStream(java.io.InputStream)
JsonObjectType(org.structr.schema.json.JsonObjectType)
SchemaNode(org.structr.core.entity.SchemaNode)
SecurityContext(org.structr.common.SecurityContext)
PropertyKey(org.structr.core.property.PropertyKey)
Example 38 with SecurityContext
use of org.structr.common.SecurityContext in project structr by structr.
the class DeploymentServlet method doPost.
@Override
protected void doPost(final HttpServletRequest request, final HttpServletResponse response) throws ServletException {
try (final Tx tx = StructrApp.getInstance().tx()) {
if (!ServletFileUpload.isMultipartContent(request)) {
response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
response.getOutputStream().write("ERROR (400): Request does not contain multipart content.\n".getBytes("UTF-8"));
return;
}
final SecurityContext securityContext;
try {
securityContext = getConfig().getAuthenticator().initializeAndExamineRequest(request, response);
} catch (AuthenticationException ae) {
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
response.getOutputStream().write("ERROR (401): Invalid user or password.\n".getBytes("UTF-8"));
return;
}
if (securityContext.getUser(false) == null && !Settings.DeploymentAllowAnonymousUploads.getValue()) {
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
response.getOutputStream().write("ERROR (401): Anonymous uploads forbidden.\n".getBytes("UTF-8"));
return;
}
// Ensure access mode is frontend
securityContext.setAccessMode(AccessMode.Frontend);
request.setCharacterEncoding("UTF-8");
// Important: Set character encoding before calling response.getWriter() !!, see Servlet Spec 5.4
response.setCharacterEncoding("UTF-8");
// don't continue on redirects
if (response.getStatus() == 302) {
return;
}
final String pathInfo = request.getPathInfo();
String type = null;
if (StringUtils.isNotBlank(pathInfo)) {
type = SchemaHelper.normalizeEntityName(StringUtils.stripStart(pathInfo.trim(), "/"));
}
uploader.setFileSizeMax(MEGABYTE * Settings.DeploymentMaxFileSize.getValue());
uploader.setSizeMax(MEGABYTE * Settings.DeploymentMaxRequestSize.getValue());
response.setContentType("text/html");
final List<FileItem> fileItemsList = uploader.parseRequest(request);
final Iterator<FileItem> fileItemsIterator = fileItemsList.iterator();
final Map<String, Object> params = new HashMap<>();
while (fileItemsIterator.hasNext()) {
final FileItem item = fileItemsIterator.next();
try {
final String directoryPath = "/tmp/" + UUID.randomUUID();
final String filePath = directoryPath + ".zip";
File file = new File(filePath);
Files.write(IOUtils.toByteArray(item.getInputStream()), file);
unzip(file, directoryPath);
DeployCommand deployCommand = StructrApp.getInstance(securityContext).command(DeployCommand.class);
final Map<String, Object> attributes = new HashMap<>();
attributes.put("source", directoryPath + "/" + StringUtils.substringBeforeLast(item.getName(), "."));
deployCommand.execute(attributes);
file.deleteOnExit();
File dir = new File(directoryPath);
dir.deleteOnExit();
} catch (IOException ex) {
logger.warn("Could not upload file", ex);
}
}
tx.success();
} catch (FrameworkException | IOException | FileUploadException t) {
logger.error("Exception while processing request", t);
UiAuthenticator.writeInternalServerError(response);
}
}
Also used :
DeployCommand(org.structr.web.maintenance.DeployCommand)
Tx(org.structr.core.graph.Tx)
FrameworkException(org.structr.common.error.FrameworkException)
AuthenticationException(org.structr.core.auth.exception.AuthenticationException)
HashMap(java.util.HashMap)
IOException(java.io.IOException)
FileItem(org.apache.commons.fileupload.FileItem)
SecurityContext(org.structr.common.SecurityContext)
ZipFile(java.util.zip.ZipFile)
File(java.io.File)
FileUploadException(org.apache.commons.fileupload.FileUploadException)
Example 39 with SecurityContext
use of org.structr.common.SecurityContext in project structr by structr.
the class HtmlServlet method doGet.
@Override
protected void doGet(final HttpServletRequest request, final HttpServletResponse response) {
final Authenticator auth = getConfig().getAuthenticator();
List<Page> pages = null;
boolean requestUriContainsUuids = false;
SecurityContext securityContext;
final App app;
try {
assertInitialized();
final String path = request.getPathInfo() != null ? request.getPathInfo() : "/";
// check for registration (has its own tx because of write access
if (checkRegistration(auth, request, response, path)) {
return;
}
// check for registration (has its own tx because of write access
if (checkResetPassword(auth, request, response, path)) {
return;
}
// isolate request authentication in a transaction
try (final Tx tx = StructrApp.getInstance().tx()) {
securityContext = auth.initializeAndExamineRequest(request, response);
tx.success();
} catch (AuthenticationException aex) {
response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
return;
}
app = StructrApp.getInstance(securityContext);
try (final Tx tx = app.tx()) {
// Ensure access mode is frontend
securityContext.setAccessMode(AccessMode.Frontend);
request.setCharacterEncoding("UTF-8");
// Important: Set character encoding before calling response.getWriter() !!, see Servlet Spec 5.4
response.setCharacterEncoding("UTF-8");
boolean dontCache = false;
logger.debug("Path info {}", path);
// don't continue on redirects
if (response.getStatus() == 302) {
tx.success();
return;
}
final Principal user = securityContext.getUser(false);
if (user != null) {
// Don't cache if a user is logged in
dontCache = true;
}
final RenderContext renderContext = RenderContext.getInstance(securityContext, request, response);
renderContext.setResourceProvider(config.getResourceProvider());
final EditMode edit = renderContext.getEditMode(user);
DOMNode rootElement = null;
AbstractNode dataNode = null;
final String[] uriParts = PathHelper.getParts(path);
if ((uriParts == null) || (uriParts.length == 0)) {
// find a visible page
rootElement = findIndexPage(securityContext, pages, edit);
logger.debug("No path supplied, trying to find index page");
} else {
if (rootElement == null) {
rootElement = findPage(securityContext, pages, path, edit);
} else {
dontCache = true;
}
}
if (rootElement == null) {
// No page found
// In case of a file, try to find a file with the query string in the filename
final String queryString = request.getQueryString();
// Look for a file, first include the query string
File file = findFile(securityContext, request, path + (queryString != null ? "?" + queryString : ""));
// If no file with query string in the file name found, try without query string
if (file == null) {
file = findFile(securityContext, request, path);
}
if (file != null) {
streamFile(securityContext, file, request, response, edit);
tx.success();
return;
}
if (uriParts != null) {
// store remaining path parts in request
final Matcher matcher = threadLocalUUIDMatcher.get();
for (int i = 0; i < uriParts.length; i++) {
request.setAttribute(uriParts[i], i);
matcher.reset(uriParts[i]);
// set to "true" if part matches UUID pattern
requestUriContainsUuids |= matcher.matches();
}
}
if (!requestUriContainsUuids) {
// Try to find a data node by name
dataNode = findFirstNodeByName(securityContext, request, path);
} else {
dataNode = findNodeByUuid(securityContext, PathHelper.getName(path));
}
// if (dataNode != null && !(dataNode instanceof Linkable)) {
if (dataNode != null) {
// Last path part matches a data node
// Remove last path part and try again searching for a page
// clear possible entry points
request.removeAttribute(POSSIBLE_ENTRY_POINTS_KEY);
rootElement = findPage(securityContext, pages, StringUtils.substringBeforeLast(path, PathHelper.PATH_SEP), edit);
renderContext.setDetailsDataObject(dataNode);
// Start rendering on data node
if (rootElement == null && dataNode instanceof DOMNode) {
// check visibleForSite here as well
if (!(dataNode instanceof Page) || isVisibleForSite(request, (Page) dataNode)) {
rootElement = ((DOMNode) dataNode);
}
}
}
}
// look for pages with HTTP Basic Authentication (must be done as superuser)
if (rootElement == null) {
final HttpBasicAuthResult authResult = checkHttpBasicAuth(request, response, path);
switch(authResult.authState()) {
// Element with Basic Auth found and authentication succeeded
case Authenticated:
final Linkable result = authResult.getRootElement();
if (result instanceof Page) {
rootElement = (DOMNode) result;
securityContext = authResult.getSecurityContext();
renderContext.pushSecurityContext(securityContext);
} else if (result instanceof File) {
streamFile(authResult.getSecurityContext(), (File) result, request, response, EditMode.NONE);
tx.success();
return;
}
break;
// Page with Basic Auth found but not yet authenticated
case MustAuthenticate:
final Page errorPage = StructrApp.getInstance().nodeQuery(Page.class).and(StructrApp.key(Page.class, "showOnErrorCodes"), "401", false).getFirst();
if (errorPage != null && isVisibleForSite(request, errorPage)) {
// set error page
rootElement = errorPage;
// don't cache the error page
dontCache = true;
} else {
// send error
response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
tx.success();
return;
}
break;
// no Basic Auth for given path, go on
case NoBasicAuth:
break;
}
}
// Still nothing found, do error handling
if (rootElement == null) {
rootElement = notFound(response, securityContext);
}
if (rootElement == null) {
tx.success();
return;
}
// check dont cache flag on page (if root element is a page)
// but don't modify true to false
dontCache |= rootElement.dontCache();
if (EditMode.WIDGET.equals(edit) || dontCache) {
setNoCacheHeaders(response);
}
if (!securityContext.isVisible(rootElement)) {
rootElement = notFound(response, securityContext);
if (rootElement == null) {
tx.success();
return;
}
} else {
if (!EditMode.WIDGET.equals(edit) && !dontCache && notModifiedSince(request, response, rootElement, dontCache)) {
ServletOutputStream out = response.getOutputStream();
out.flush();
// response.flushBuffer();
out.close();
} else {
// prepare response
response.setCharacterEncoding("UTF-8");
String contentType = rootElement.getProperty(StructrApp.key(Page.class, "contentType"));
if (contentType == null) {
// Default
contentType = "text/html;charset=UTF-8";
}
if (contentType.equals("text/html")) {
contentType = contentType.concat(";charset=UTF-8");
}
response.setContentType(contentType);
setCustomResponseHeaders(response);
final boolean createsRawData = rootElement.getProperty(StructrApp.key(Page.class, "pageCreatesRawData"));
// async or not?
if (isAsync && !createsRawData) {
final AsyncContext async = request.startAsync();
final ServletOutputStream out = async.getResponse().getOutputStream();
final AtomicBoolean finished = new AtomicBoolean(false);
final DOMNode rootNode = rootElement;
threadPool.submit(new Runnable() {
@Override
public void run() {
try (final Tx tx = app.tx()) {
// render
rootNode.render(renderContext, 0);
finished.set(true);
tx.success();
} catch (Throwable t) {
t.printStackTrace();
logger.warn("Error while rendering page {}: {}", rootNode.getName(), t.getMessage());
try {
response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
finished.set(true);
} catch (IOException ex) {
logger.warn("", ex);
}
}
}
});
// start output write listener
out.setWriteListener(new WriteListener() {
@Override
public void onWritePossible() throws IOException {
try {
final Queue<String> queue = renderContext.getBuffer().getQueue();
while (out.isReady()) {
String buffer = null;
synchronized (queue) {
buffer = queue.poll();
}
if (buffer != null) {
out.print(buffer);
} else {
if (finished.get()) {
async.complete();
// prevent this block from being called again
break;
}
Thread.sleep(1);
}
}
} catch (Throwable t) {
logger.warn("", t);
}
}
@Override
public void onError(Throwable t) {
logger.warn("", t);
}
});
} else {
final StringRenderBuffer buffer = new StringRenderBuffer();
renderContext.setBuffer(buffer);
// render
rootElement.render(renderContext, 0);
try {
response.getOutputStream().write(buffer.getBuffer().toString().getBytes("utf-8"));
response.getOutputStream().flush();
response.getOutputStream().close();
} catch (IOException ioex) {
logger.warn("", ioex);
}
}
}
}
tx.success();
} catch (FrameworkException fex) {
logger.error("Exception while processing request: {}", fex.getMessage());
}
} catch (FrameworkException fex) {
logger.error("Exception while processing request: {}", fex.getMessage());
UiAuthenticator.writeFrameworkException(response, fex);
} catch (IOException ioex) {
logger.error("Exception while processing request: {}", ioex.getMessage());
UiAuthenticator.writeInternalServerError(response);
}
}
Also used :
App(org.structr.core.app.App)
StructrApp(org.structr.core.app.StructrApp)
StringRenderBuffer(org.structr.web.common.StringRenderBuffer)
AuthenticationException(org.structr.core.auth.exception.AuthenticationException)
AbstractNode(org.structr.core.entity.AbstractNode)
Matcher(java.util.regex.Matcher)
ThreadLocalMatcher(org.structr.common.ThreadLocalMatcher)
ServletOutputStream(javax.servlet.ServletOutputStream)
Page(org.structr.web.entity.dom.Page)
AsyncContext(javax.servlet.AsyncContext)
DOMNode(org.structr.web.entity.dom.DOMNode)
WriteListener(javax.servlet.WriteListener)
Queue(java.util.Queue)
UiAuthenticator(org.structr.web.auth.UiAuthenticator)
Authenticator(org.structr.core.auth.Authenticator)
RenderContext(org.structr.web.common.RenderContext)
Tx(org.structr.core.graph.Tx)
FrameworkException(org.structr.common.error.FrameworkException)
IOException(java.io.IOException)
AtomicBoolean(java.util.concurrent.atomic.AtomicBoolean)
SecurityContext(org.structr.common.SecurityContext)
EditMode(org.structr.web.common.RenderContext.EditMode)
Linkable(org.structr.web.entity.Linkable)
AbstractFile(org.structr.web.entity.AbstractFile)
File(org.structr.web.entity.File)
Principal(org.structr.core.entity.Principal)
Example 40 with SecurityContext
use of org.structr.common.SecurityContext in project structr by structr.
the class ProxyServlet method doGet.
@Override
protected void doGet(final HttpServletRequest request, final HttpServletResponse response) {
final PropertyKey<String> proxyUrlKey = StructrApp.key(User.class, "proxyUrl");
final PropertyKey<String> proxyUsernameKey = StructrApp.key(User.class, "proxyUsernameKey");
final PropertyKey<String> proxyPasswordKey = StructrApp.key(User.class, "proxyPasswordKey");
final Authenticator auth = getConfig().getAuthenticator();
SecurityContext securityContext;
String content;
if (auth == null) {
final String errorMessage = "No authenticator class found. Check log for 'Missing authenticator key " + this.getClass().getSimpleName() + ".authenticator'";
logger.error(errorMessage);
try {
final ServletOutputStream out = response.getOutputStream();
content = errorPage(new Throwable(errorMessage));
IOUtils.write(content, out);
} catch (IOException ex) {
logger.error("Could not write to response", ex);
}
return;
}
try {
// isolate request authentication in a transaction
try (final Tx tx = StructrApp.getInstance().tx()) {
securityContext = auth.initializeAndExamineRequest(request, response);
tx.success();
}
// Ensure access mode is frontend
securityContext.setAccessMode(AccessMode.Frontend);
String address = request.getParameter("url");
final URI url = URI.create(address);
String proxyUrl = request.getParameter("proxyUrl");
String proxyUsername = request.getParameter("proxyUsername");
String proxyPassword = request.getParameter("proxyPassword");
String authUsername = request.getParameter("authUsername");
String authPassword = request.getParameter("authPassword");
String cookie = request.getParameter("cookie");
final Principal user = securityContext.getCachedUser();
if (user != null && StringUtils.isBlank(proxyUrl)) {
proxyUrl = user.getProperty(proxyUrlKey);
proxyUsername = user.getProperty(proxyUsernameKey);
proxyPassword = user.getProperty(proxyPasswordKey);
}
content = HttpHelper.get(address, authUsername, authPassword, proxyUrl, proxyUsername, proxyPassword, cookie, Collections.EMPTY_MAP).replace("<head>", "<head>\n <base href=\"" + url + "\">");
} catch (Throwable t) {
logger.error("Exception while processing request", t);
content = errorPage(t);
}
try {
final ServletOutputStream out = response.getOutputStream();
IOUtils.write(content, out, "utf-8");
} catch (IOException ex) {
logger.error("Could not write to response", ex);
}
}
Also used :
Tx(org.structr.core.graph.Tx)
ServletOutputStream(javax.servlet.ServletOutputStream)
SecurityContext(org.structr.common.SecurityContext)
IOException(java.io.IOException)
URI(java.net.URI)
UiAuthenticator(org.structr.web.auth.UiAuthenticator)
Authenticator(org.structr.core.auth.Authenticator)
Principal(org.structr.core.entity.Principal)
Aggregations
SecurityContext (org.structr.common.SecurityContext)131
FrameworkException (org.structr.common.error.FrameworkException)76
App (org.structr.core.app.App)56
StructrApp (org.structr.core.app.StructrApp)56
Tx (org.structr.core.graph.Tx)36
GraphObject (org.structr.core.GraphObject)35
PropertyKey (org.structr.core.property.PropertyKey)26
PropertyMap (org.structr.core.property.PropertyMap)26
AbstractNode (org.structr.core.entity.AbstractNode)19
IOException (java.io.IOException)18
Map (java.util.Map)17
File (org.structr.web.entity.File)14
LinkedList (java.util.LinkedList)13
DatabaseService (org.structr.api.DatabaseService)12
DOMNode (org.structr.web.entity.dom.DOMNode)12
Result (org.structr.core.Result)11
PropertyConverter (org.structr.core.converter.PropertyConverter)11
GraphObjectMap (org.structr.core.GraphObjectMap)10
Query (org.structr.core.app.Query)10
Principal (org.structr.core.entity.Principal)10
