Example 6 with SuperUser
use of org.structr.core.entity.SuperUser in project structr by structr.
the class AbstractPrimitiveProperty method updateAccessInformation.
// ----- private methods -----
private void updateAccessInformation(final SecurityContext securityContext, final PropertyContainer propertyContainer) throws FrameworkException {
try {
if (securityContext.modifyAccessTime()) {
final Principal user = securityContext.getUser(false);
String modifiedById = null;
if (user != null) {
if (user instanceof SuperUser) {
// "virtual" UUID of superuser
modifiedById = Principal.SUPERUSER_ID;
} else {
modifiedById = user.getUuid();
}
propertyContainer.setProperty(AbstractNode.lastModifiedBy.dbName(), modifiedById);
}
propertyContainer.setProperty(AbstractNode.lastModifiedDate.dbName(), System.currentTimeMillis());
}
} catch (Throwable t) {
// fail without throwing an exception here
logger.warn("", t);
}
}Example 7 with SuperUser
use of org.structr.core.entity.SuperUser in project structr by structr.
the class RestAuthenticator method checkResourceAccess.
@Override
public void checkResourceAccess(final SecurityContext securityContext, final HttpServletRequest request, final String rawResourceSignature, final String propertyView) throws FrameworkException {
final ResourceAccess resourceAccess = ResourceAccess.findGrant(securityContext, rawResourceSignature);
final Method method = methods.get(request.getMethod());
final Principal user = getUser(request, true);
final boolean validUser = (user != null);
// super user is always authenticated
if (validUser && (user instanceof SuperUser || user.isAdmin())) {
return;
}
// no grants => no access rights
if (resourceAccess == null) {
logger.info("No resource access grant found for signature {}.", rawResourceSignature);
throw new UnauthorizedException("Forbidden");
} else {
switch(method) {
case GET:
if (!validUser && resourceAccess.hasFlag(NON_AUTH_USER_GET)) {
return;
}
if (validUser && resourceAccess.hasFlag(AUTH_USER_GET)) {
return;
}
break;
case PUT:
if (!validUser && resourceAccess.hasFlag(NON_AUTH_USER_PUT)) {
return;
}
if (validUser && resourceAccess.hasFlag(AUTH_USER_PUT)) {
return;
}
break;
case POST:
if (!validUser && resourceAccess.hasFlag(NON_AUTH_USER_POST)) {
return;
}
if (validUser && resourceAccess.hasFlag(AUTH_USER_POST)) {
return;
}
break;
case DELETE:
if (!validUser && resourceAccess.hasFlag(NON_AUTH_USER_DELETE)) {
return;
}
if (validUser && resourceAccess.hasFlag(AUTH_USER_DELETE)) {
return;
}
break;
case OPTIONS:
if (!validUser && resourceAccess.hasFlag(NON_AUTH_USER_OPTIONS)) {
return;
}
if (validUser && resourceAccess.hasFlag(AUTH_USER_OPTIONS)) {
return;
}
break;
case HEAD:
if (!validUser && resourceAccess.hasFlag(NON_AUTH_USER_HEAD)) {
return;
}
if (validUser && resourceAccess.hasFlag(AUTH_USER_HEAD)) {
return;
}
break;
}
}
logger.info("Resource access grant found for signature {}, but method {} not allowed for {}.", new Object[] { rawResourceSignature, method, validUser ? "authenticated users" : "public users" });
throw new UnauthorizedException("Forbidden");
}
Also used :
ResourceAccess(org.structr.core.entity.ResourceAccess)
UnauthorizedException(org.structr.core.auth.exception.UnauthorizedException)
SuperUser(org.structr.core.entity.SuperUser)
Principal(org.structr.core.entity.Principal)
Example 8 with SuperUser
use of org.structr.core.entity.SuperUser in project structr by structr.
the class RestAuthenticator method initializeAndExamineRequest.
// ~--- methods --------------------------------------------------------
/**
* Examine request and try to find a user.
*
* First, check session id, then try external (OAuth) authentication,
* finally, check standard login by credentials.
*
* @param request
* @param response
* @return security context
* @throws FrameworkException
*/
@Override
public SecurityContext initializeAndExamineRequest(final HttpServletRequest request, final HttpServletResponse response) throws FrameworkException {
SecurityContext securityContext;
Principal user = SessionHelper.checkSessionAuthentication(request);
if (user == null) {
user = getUser(request, true);
}
if (user == null) {
// If no user could be determined, assume frontend access
securityContext = SecurityContext.getInstance(user, request, AccessMode.Frontend);
} else {
if (user instanceof SuperUser) {
securityContext = SecurityContext.getSuperUserInstance(request);
} else {
securityContext = SecurityContext.getInstance(user, request, AccessMode.Backend);
SessionHelper.clearInvalidSessions(user);
}
}
securityContext.setAuthenticator(this);
// Check CORS settings (Cross-origin resource sharing, see http://en.wikipedia.org/wiki/Cross-origin_resource_sharing)
final String origin = request.getHeader("Origin");
if (!StringUtils.isBlank(origin)) {
final Services services = Services.getInstance();
response.setHeader("Access-Control-Allow-Origin", origin);
// allow cross site resource sharing (read only)
final String maxAge = Settings.AccessControlMaxAge.getValue();
if (StringUtils.isNotBlank(maxAge)) {
response.setHeader("Access-Control-MaxAge", maxAge);
}
final String allowMethods = Settings.AccessControlAllowMethods.getValue();
if (StringUtils.isNotBlank(allowMethods)) {
response.setHeader("Access-Control-Allow-Methods", allowMethods);
}
final String allowHeaders = Settings.AccessControlAllowHeaders.getValue();
if (StringUtils.isNotBlank(allowHeaders)) {
response.setHeader("Access-Control-Allow-Headers", allowHeaders);
}
final String allowCredentials = Settings.AccessControlAllowCredentials.getValue();
if (StringUtils.isNotBlank(allowCredentials)) {
response.setHeader("Access-Control-Allow-Credentials", allowCredentials);
}
final String exposeHeaders = Settings.AccessControlExposeHeaders.getValue();
if (StringUtils.isNotBlank(exposeHeaders)) {
response.setHeader("Access-Control-Expose-Headers", exposeHeaders);
}
}
examined = true;
return securityContext;
}
Also used :
Services(org.structr.core.Services)
SecurityContext(org.structr.common.SecurityContext)
SuperUser(org.structr.core.entity.SuperUser)
Principal(org.structr.core.entity.Principal)
Aggregations
SuperUser (org.structr.core.entity.SuperUser)8
Principal (org.structr.core.entity.Principal)7
SecurityContext (org.structr.common.SecurityContext)3
FrameworkException (org.structr.common.error.FrameworkException)3
AuthenticationException (org.structr.core.auth.exception.AuthenticationException)2
UnauthorizedException (org.structr.core.auth.exception.UnauthorizedException)2
ResourceAccess (org.structr.core.entity.ResourceAccess)2
Tx (org.structr.core.graph.Tx)2
Map (java.util.Map)1
CmisUnauthorizedException (org.apache.chemistry.opencmis.commons.exceptions.CmisUnauthorizedException)1
Test (org.junit.Test)1
StructrTest (org.structr.common.StructrTest)1
UnlicensedException (org.structr.common.error.UnlicensedException)1
GraphObject (org.structr.core.GraphObject)1
Services (org.structr.core.Services)1
App (org.structr.core.app.App)1
StructrApp (org.structr.core.app.StructrApp)1
NodeInterface (org.structr.core.graph.NodeInterface)1
PropertyMap (org.structr.core.property.PropertyMap)1
ActionContext (org.structr.schema.action.ActionContext)1
