@POST
 @Path("/session-variable")
 public Response setSessionVariable(
     @QueryParam("key") String key, @QueryParam("value") String value) {
   IPentahoSession session = getPentahoSession();
   session.setAttribute(key, value);
   return Response.ok(session.getAttribute(key)).build();
 }
  @Test
  public void testGetUserSettingOnlyGlobalExist() throws Exception {
    final String settingName = GLOBAL_SETTING_NAME_3;
    final String defaultValue = "defaultValue";

    when(session.getAttribute(eq("SPRING_SECURITY_CONTEXT"))).thenReturn(1);

    final IUserSetting userSetting = userSettingService.getUserSetting(settingName, defaultValue);
    assertEquals(settingName, userSetting.getSettingName());
    assertEquals(GLOBAL_SETTING_VALUE_3, userSetting.getSettingValue());
  }
  @Test
  public void testGetUserSettingUnset() throws Exception {
    final String settingName = "settingName";
    final String defaultValue = "defaultValue";

    when(session.getAttribute(eq("SPRING_SECURITY_CONTEXT"))).thenReturn(1);

    final IUserSetting userSetting = userSettingService.getUserSetting(settingName, defaultValue);
    assertEquals(settingName, userSetting.getSettingName());
    assertEquals(defaultValue, userSetting.getSettingValue());
  }
 /**
  * Creates and/or returns an internal folder called {@code .trash} located just below the user's
  * home folder.
  */
 private Node getOrCreateTrashInternalFolderNode(
     final Session session, final PentahoJcrConstants pentahoJcrConstants)
     throws RepositoryException {
   IPentahoSession pentahoSession = PentahoSessionHolder.getSession();
   String tenantId = (String) pentahoSession.getAttribute(IPentahoSession.TENANT_ID_KEY);
   Node userHomeFolderNode =
       (Node)
           session.getItem(
               ServerRepositoryPaths.getUserHomeFolderPath(
                   new Tenant(tenantId, true),
                   JcrStringHelper.fileNameEncode(PentahoSessionHolder.getSession().getName())));
   if (userHomeFolderNode.hasNode(FOLDER_NAME_TRASH)) {
     return userHomeFolderNode.getNode(FOLDER_NAME_TRASH);
   } else {
     return userHomeFolderNode.addNode(
         FOLDER_NAME_TRASH, pentahoJcrConstants.getPHO_NT_INTERNALFOLDER());
   }
 }
Beispiel #5
0
  private JSONObject processSessionAttributes(Document config) {

    JSONObject result = new JSONObject();

    @SuppressWarnings("unchecked")
    List<Node> attributes = config.selectNodes("//sessionattributes/attribute");
    for (Node attribute : attributes) {

      String name = attribute.getText();
      String key = XmlDom4JHelper.getNodeText("@name", attribute);
      if (key == null) key = name;

      try {
        result.put(key, userSession.getAttribute(name));
      } catch (JSONException e) {
        logger.error(e);
      }
    }

    return result;
  }
  /** {@inheritDoc} */
  public void permanentlyDeleteFile(
      final Session session,
      final PentahoJcrConstants pentahoJcrConstants,
      final Serializable fileId)
      throws RepositoryException {
    Assert.notNull(fileId);
    Node fileNode = session.getNodeByIdentifier(fileId.toString());
    // guard against using a file retrieved from a more lenient session inside a more strict session
    Assert.notNull(fileNode);

    // see if anything is referencing this node; if yes, then we cannot delete it as a
    // ReferentialIntegrityException
    // will result
    Set<RepositoryFile> referrers = new HashSet<RepositoryFile>();
    PropertyIterator refIter = fileNode.getReferences();
    if (refIter.hasNext()) {
      while (refIter.hasNext()) {
        // for each referrer property, march up the tree until we find the file node to which the
        // property belongs
        RepositoryFile referrer =
            getReferrerFile(session, pentahoJcrConstants, refIter.nextProperty());
        if (referrer != null) {
          referrers.add(referrer);
        }
      }
      if (!referrers.isEmpty()) {
        RepositoryFile referee =
            JcrRepositoryFileUtils.nodeToFile(
                session, pentahoJcrConstants, pathConversionHelper, lockHelper, fileNode);
        throw new RepositoryFileDaoReferentialIntegrityException(referee, referrers);
      }
    }

    // technically, the node can be deleted while it is locked; however, we want to avoid an
    // orphaned lock token;
    // delete
    // it first
    if (fileNode.isLocked()) {
      Lock lock = session.getWorkspace().getLockManager().getLock(fileNode.getPath());
      // don't need lock token anymore
      lockHelper.removeLockToken(session, pentahoJcrConstants, lock);
    }

    // if this file was non-permanently deleted, delete its containing folder too
    IPentahoSession pentahoSession = PentahoSessionHolder.getSession();
    String tenantId = (String) pentahoSession.getAttribute(IPentahoSession.TENANT_ID_KEY);
    String trashFolder =
        ServerRepositoryPaths.getUserHomeFolderPath(
                new Tenant(tenantId, true), PentahoSessionHolder.getSession().getName())
            + RepositoryFile.SEPARATOR
            + FOLDER_NAME_TRASH;
    Node parent = fileNode.getParent();

    purgeHistory(fileNode, session, pentahoJcrConstants);

    if (fileNode.getPath().startsWith(trashFolder)) {
      // Remove the file and then the wrapper foler
      fileNode.remove();
      parent.remove();
    } else {
      fileNode.remove();
    }
  }
 private ITenant getDefaultTenant() {
   IPentahoSession session = PentahoSessionHolder.getSession();
   String tenantId = (String) session.getAttribute(IPentahoSession.TENANT_ID_KEY);
   return new Tenant(tenantId, true);
 }
  /**
   * Looks in the provided session to get the Spring Security Authentication object out. Optionally
   * returns an "anonymous" Authentication if desired.
   *
   * @param session Users' IPentahoSession object
   * @param allowAnonymous If true, will return an anonymous Authentication object.
   * @return the Authentication object from the session
   */
  public static Authentication getAuthentication(
      final IPentahoSession session, final boolean allowAnonymous) {
    Principal principal = (Principal) session.getAttribute(SecurityHelper.SESSION_PRINCIPAL);
    if (SecurityHelper.logger.isDebugEnabled()) {
      SecurityHelper.logger.debug("principal from IPentahoSession: " + principal); // $NON-NLS-1$
      if (null != principal) {
        SecurityHelper.logger.debug(
            "principal class: " + principal.getClass().getName()); // $NON-NLS-1$
      }
    }
    if (principal instanceof Authentication) {
      if (SecurityHelper.logger.isDebugEnabled()) {
        SecurityHelper.logger.debug("principal is an instance of Authentication"); // $NON-NLS-1$
      }
      return (Authentication) principal;
    } else if (principal != null) {
      if (SecurityHelper.logger.isDebugEnabled()) {
        SecurityHelper.logger.debug(
            "principal is not an instance of Authentication"); //$NON-NLS-1$
        SecurityHelper.logger.debug("attempting role fetch with username"); // $NON-NLS-1$
      }

      // OK - Not Spring Security somehow.
      // However, since the principal interface doesn't specify the
      // roles a user is in, we need to dispatch a call to the
      // UserRoleListProvider to get that information from there.

      IUserDetailsRoleListService roleListService = PentahoSystem.getUserDetailsRoleListService();
      List roles = roleListService.getRolesForUser(principal.getName());
      if (SecurityHelper.logger.isDebugEnabled()) {
        SecurityHelper.logger.debug("rolesForUser from roleListService:" + roles); // $NON-NLS-1$
      }
      if (!roles.isEmpty()) {
        GrantedAuthority[] grantedAuthorities = new GrantedAuthority[roles.size()];
        for (int i = 0; i < roles.size(); i++) {
          grantedAuthorities[i] = new GrantedAuthorityImpl((String) roles.get(i));
        }

        Authentication auth =
            new UsernamePasswordAuthenticationToken(principal.getName(), null, grantedAuthorities);

        return auth;
      }
    }
    if (SecurityHelper.logger.isDebugEnabled()) {
      SecurityHelper.logger.debug("either principal is null or user has no roles"); // $NON-NLS-1$
    }

    if (allowAnonymous) {
      if (SecurityHelper.logger.isDebugEnabled()) {
        SecurityHelper.logger.debug("there is no principal in IPentahoSession"); // $NON-NLS-1$
        SecurityHelper.logger.debug(
            "creating token with username anonymous and role Anonymous"); //$NON-NLS-1$
      }
      // Hmmm - at this point, we're being asked for an authentication on
      // an un-authenticated user. For now, we'll default to returning
      // an authentication that has the user as anonymous.
      Authentication auth =
          new UsernamePasswordAuthenticationToken(
              SecurityHelper.DefaultAnonymousUser,
              null,
              new GrantedAuthorityImpl[] {
                new GrantedAuthorityImpl(SecurityHelper.DefaultAnonymousRole)
              });
      return auth;
    } else {
      if (SecurityHelper.logger.isDebugEnabled()) {
        SecurityHelper.logger.debug("there is no principal in IPentahoSession"); // $NON-NLS-1$
        SecurityHelper.logger.debug("and allowAnonymous is false"); // $NON-NLS-1$
      }
      // If we're here - we require a properly authenticated user and
      // there's nothing
      // else we can do aside from returning null.
      return null;
    }
  }
 /**
  * Gets the java.security.principal object from the IPentahoSession object
  *
  * @param session The users' session
  * @return The bound Principal
  */
 public static Principal getPrincipal(final IPentahoSession session) {
   Principal principal = (Principal) session.getAttribute(SecurityHelper.SESSION_PRINCIPAL);
   return principal;
 }