Examples with Principal org.structr.core.entity.Principal used on opensource projects

Example 11 with Principal

use of org.structr.core.entity.Principal in project structr by structr.

the class CMISAclService method applyAce.

// ----- private methods -----
private void applyAce(final AccessControllable node, final Ace toAdd, final boolean revoke) throws FrameworkException {
    final String principalId = toAdd.getPrincipalId();
    final List<String> permissions = toAdd.getPermissions();
    final Principal principal = CMISObjectWrapper.translateUsernameToPrincipal(principalId);
    if (principal != null) {
        for (final String permissionString : permissions) {
            final Permission permission = Permissions.valueOf(permissionString);
            if (permission != null) {
                if (revoke) {
                    node.revoke(permission, principal);
                } else {
                    node.grant(permission, principal);
                }
            } else {
                throw new CmisInvalidArgumentException("Permission with ID " + permissionString + " does not exist");
            }
        }
    } else {
        throw new CmisObjectNotFoundException("Principal with ID " + principalId + " does not exist");
    }
}

Example 12 with Principal

use of org.structr.core.entity.Principal in project structr by structr.

the class CMISObjectService method deleteObject.

@Override
public void deleteObject(String repositoryId, String objectId, Boolean allVersions, ExtensionsData extension) {
    final App app = StructrApp.getInstance(securityContext);
    try (final Tx tx = app.tx()) {
        final Principal principal = securityContext.getUser(false);
        final AbstractNode obj = app.get(AbstractNode.class, objectId);
        if (obj != null) {
            if (principal.isGranted(Permission.delete, securityContext)) {
                if (obj.isNode()) {
                    // getSyncNode() returns the node or null
                    app.delete(obj.getSyncNode());
                } else {
                    // getSyncRelationship() return the relationship or null
                    app.delete(obj.getSyncRelationship());
                }
            } else {
                throw new CmisPermissionDeniedException("Cannot delete object with ID " + objectId);
            }
        } else {
            throw new CmisObjectNotFoundException("Object with ID " + objectId + " does not exist");
        }
        tx.success();
    } catch (FrameworkException fex) {
        throw new CmisConstraintException(fex.getMessage(), fex);
    }
}

Example 13 with Principal

use of org.structr.core.entity.Principal in project structr by structr.

the class UiAuthenticator method initializeAndExamineRequest.

/**
 * Examine request and try to find a user.
 *
 * First, check session id, then try external (OAuth) authentication,
 * finally, check standard login by credentials.
 *
 * @param request
 * @param response
 * @return security context
 * @throws FrameworkException
 */
@Override
public SecurityContext initializeAndExamineRequest(final HttpServletRequest request, final HttpServletResponse response) throws FrameworkException {
    Principal user = SessionHelper.checkSessionAuthentication(request);
    SecurityContext securityContext;
    if (user == null) {
        user = checkExternalAuthentication(request, response);
    }
    if (user == null) {
        user = getUser(request, true);
    }
    if (user == null) {
        // If no user could be determined, assume frontend access
        securityContext = SecurityContext.getInstance(user, request, AccessMode.Frontend);
    } else {
        if (user instanceof SuperUser) {
            securityContext = SecurityContext.getSuperUserInstance(request);
        } else {
            securityContext = SecurityContext.getInstance(user, request, AccessMode.Backend);
        }
    }
    securityContext.setAuthenticator(this);
    // Check CORS settings (Cross-origin resource sharing, see http://en.wikipedia.org/wiki/Cross-origin_resource_sharing)
    final String origin = request.getHeader("Origin");
    if (!StringUtils.isBlank(origin)) {
        response.setHeader("Access-Control-Allow-Origin", origin);
        // allow cross site resource sharing (read only)
        final String maxAge = Settings.AccessControlMaxAge.getValue();
        if (StringUtils.isNotBlank(maxAge)) {
            response.setHeader("Access-Control-MaxAge", maxAge);
        }
        final String allowMethods = Settings.AccessControlAllowMethods.getValue();
        if (StringUtils.isNotBlank(allowMethods)) {
            response.setHeader("Access-Control-Allow-Methods", allowMethods);
        }
        final String allowHeaders = Settings.AccessControlAllowHeaders.getValue();
        if (StringUtils.isNotBlank(allowHeaders)) {
            response.setHeader("Access-Control-Allow-Headers", allowHeaders);
        }
        final String allowCredentials = Settings.AccessControlAllowCredentials.getValue();
        if (StringUtils.isNotBlank(allowCredentials)) {
            response.setHeader("Access-Control-Allow-Credentials", allowCredentials);
        }
        final String exposeHeaders = Settings.AccessControlExposeHeaders.getValue();
        if (StringUtils.isNotBlank(exposeHeaders)) {
            response.setHeader("Access-Control-Expose-Headers", exposeHeaders);
        }
    }
    examined = true;
    // store a reference of the response object in SecurityContext
    // to be able to stream data directly from builtin functions
    securityContext.setResponse(response);
    // expose Structr edition
    response.setHeader("X-Structr-Edition", Services.getInstance().getEdition());
    return securityContext;
}

Example 14 with Principal

use of org.structr.core.entity.Principal in project structr by structr.

the class UiAuthenticator method checkResourceAccess.

@Override
public void checkResourceAccess(final SecurityContext securityContext, final HttpServletRequest request, final String rawResourceSignature, final String propertyView) throws FrameworkException {
    final ResourceAccess resourceAccess = ResourceAccess.findGrant(securityContext, rawResourceSignature);
    final Method method = methods.get(request.getMethod());
    final Principal user = securityContext.getUser(false);
    final boolean validUser = (user != null);
    // super user is always authenticated
    if (validUser && (user instanceof SuperUser || user.isAdmin())) {
        return;
    }
    // no grants => no access rights
    if (resourceAccess == null) {
        logger.info("No resource access grant found for signature {}. (URI: {})", new Object[] { rawResourceSignature, securityContext.getCompoundRequestURI() });
        throw new UnauthorizedException("Forbidden");
    } else {
        switch(method) {
            case GET:
                if (!validUser && resourceAccess.hasFlag(NON_AUTH_USER_GET)) {
                    return;
                }
                if (validUser && resourceAccess.hasFlag(AUTH_USER_GET)) {
                    return;
                }
                break;
            case PUT:
                if (!validUser && resourceAccess.hasFlag(NON_AUTH_USER_PUT)) {
                    return;
                }
                if (validUser && resourceAccess.hasFlag(AUTH_USER_PUT)) {
                    return;
                }
                break;
            case POST:
                if (!validUser && resourceAccess.hasFlag(NON_AUTH_USER_POST)) {
                    return;
                }
                if (validUser && resourceAccess.hasFlag(AUTH_USER_POST)) {
                    return;
                }
                break;
            case DELETE:
                if (!validUser && resourceAccess.hasFlag(NON_AUTH_USER_DELETE)) {
                    return;
                }
                if (validUser && resourceAccess.hasFlag(AUTH_USER_DELETE)) {
                    return;
                }
                break;
            case OPTIONS:
                if (!validUser && resourceAccess.hasFlag(NON_AUTH_USER_OPTIONS)) {
                    return;
                }
                if (validUser && resourceAccess.hasFlag(AUTH_USER_OPTIONS)) {
                    return;
                }
                break;
            case HEAD:
                if (!validUser && resourceAccess.hasFlag(NON_AUTH_USER_HEAD)) {
                    return;
                }
                if (validUser && resourceAccess.hasFlag(AUTH_USER_HEAD)) {
                    return;
                }
                break;
        }
    }
    logger.info("Resource access grant found for signature {}, but method {} not allowed for {}.", new Object[] { rawResourceSignature, method, validUser ? "authenticated users" : "public users" });
    throw new UnauthorizedException("Forbidden");
}

Example 15 with Principal

use of org.structr.core.entity.Principal in project structr by structr.

the class UiAuthenticator method doLogin.

@Override
public Principal doLogin(final HttpServletRequest request, final String emailOrUsername, final String password) throws AuthenticationException, FrameworkException {
    final PropertyKey<String> confKey = StructrApp.key(User.class, "confirmationKey");
    final PropertyKey<String> eMailKey = StructrApp.key(User.class, "eMail");
    final Principal user = AuthHelper.getPrincipalForPassword(eMailKey, emailOrUsername, password);
    if (user != null) {
        final boolean allowLoginBeforeConfirmation = Settings.RegistrationAllowLoginBeforeConfirmation.getValue();
        if (user.getProperty(confKey) != null && !allowLoginBeforeConfirmation) {
            logger.warn("Login as {} not allowed before confirmation.", user);
            throw new AuthenticationException(AuthHelper.STANDARD_ERROR_MSG);
        }
        AuthHelper.doLogin(request, user);
    }
    return user;
}