private void processBasicAuth( HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException, ServletException { Context ctx = new SessionContext(new ServletRequestSessionMap(request)); Identity identity = (Identity) ctx.get(Identity.class); if (identity == null) { throw new ServletException( "Identity not found - please ensure that the Identity component is created on startup."); } Credentials credentials = (Credentials) ctx.get(Credentials.class); boolean requireAuth = false; String header = request.getHeader("Authorization"); if (header != null && header.startsWith("Basic ")) { String base64Token = header.substring(6); String token = new String(Base64.decode(base64Token)); String username = ""; String password = ""; int delim = token.indexOf(":"); if (delim != -1) { username = token.substring(0, delim); password = token.substring(delim + 1); } // Only reauthenticate if username doesn't match Identity.username and user isn't // authenticated if (!username.equals(credentials.getUsername()) || !identity.isLoggedIn()) { try { credentials.setPassword(password); authenticate(request, username); } catch (Exception ex) { log.warn("Error authenticating: " + ex.getMessage()); requireAuth = true; } } } if (!identity.isLoggedIn() && !credentials.isSet()) { requireAuth = true; } try { if (!requireAuth) { chain.doFilter(request, response); return; } } catch (NotLoggedInException ex) { requireAuth = true; } if ((requireAuth && !identity.isLoggedIn())) { response.addHeader("WWW-Authenticate", "Basic realm=\"" + realm + "\""); response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Not authorized"); } }
@TransactionAttribute public String guardar() { String salida = ""; System.out.println("Guardar__________"); Date now = Calendar.getInstance().getTime(); getInstance().setLastUpdate(now); getInstance().setTiempoConsulta(FechasUtil.sumarRestaMinutosFecha(now, 5)); try { if (getInstance().isPersistent()) { // System.out.println("Guardar__________1" + getInstance().getId()); getInstance().setCode("REALIZADA"); getInstance().setResponsable(profileS.getProfileByIdentityKey(identity.getUser().getKey())); getInstance().getSignosVitales().setFechaActual(now); // System.out.println("Guardar__________ 2"); save(getInstance()); if (turno.isPersistent()) { turno.setEstado("Realizada"); save(turno); } FacesMessage msg = new FacesMessage( "Se actualizo Consulta Odontológica: " + getInstance().getId() + " con éxito"); FacesContext.getCurrentInstance().addMessage("", msg); System.out.println("Guardar__________3"); } else { getInstance().setCode("REALIZADA"); getInstance().setFichaOdontologica(fichaOdontolog); getInstance().setResponsable(profileS.getProfileByIdentityKey(identity.getUser().getKey())); getInstance().getSignosVitales().setFechaActual(now); create(getInstance().getSignosVitales()); create(getInstance()); save(getInstance()); if (turno.isPersistent()) { turno.setEstado("Realizada"); save(turno); } FacesMessage msg = new FacesMessage( "Se creo nueva Consulta Odontológica: " + getInstance().getId() + " con éxito"); FacesContext.getCurrentInstance().addMessage("", msg); salida = "/pages/depSalud/odontologia/consultaOdontologica.xhtml?faces-redirect=true" + "&fichaMedicaId=" + getFichaMedicaId() + "&consultaOdontId=" + getInstance().getId() + "&backView=" + getBackView(); } } catch (Exception e) { e.printStackTrace(); FacesMessage msg = new FacesMessage("Error al guardar: " + getInstance().getId()); FacesContext.getCurrentInstance().addMessage("", msg); } return salida; }
public void initialize() { log.debug("testing=" + isTesting()); if (identity.isLoggedIn()) { log.debug("authenticated"); // raiseLoginSuccessfulEvent(); // return "authenticated"; } if (isTesting()) { identity.logout(); log.debug("not-authenticated"); // return "testing"; } /* if (username == null) { ExternalContext externalContext = FacesContext.getCurrentInstance().getExternalContext(); HttpServletRequest request = (HttpServletRequest) externalContext.getRequest(); username = request.getHeader("ARIES_USER"); } */ if (username == null) { log.debug("not-authenticated"); // return "not-authenticated"; } // try { // credentials.setUsername(username); // credentials.setInitialized(true); // SimplePrincipal principal = new SimplePrincipal(username); // identity.acceptExternallyAuthenticatedPrincipal(principal); // rememberMe.setEnabled(true); // } catch (Exception e) { // log.error("Error", e); // return ""; // } log.info("logged in user: "******"logged in user: "******"Super-user: "******"authenticated"); // raiseLoginSuccessfulEvent(); // return "authenticated"; }
@Observer(value = KiWiEvents.CONTENT_UPDATED) public void onContentUpdated(ContentItem item) { User currentUser = (User) Component.getInstance("currentUser"); Events.instance() .raiseAsynchronousEvent( KiWiEvents.CONTENT_UPDATED + "AsyncIE", item, currentUser, Identity.instance()); }
public boolean authenticate() { log.debug("testing: " + isTesting()); try { username = credentials.getUsername(); String password = credentials.getPassword(); if (StringUtils.isEmpty(username)) { messages.error("login", "User name must be specified."); return false; } if (username.equals("admin")) { identity.addRole("admin"); } principal = userService.getUserByName(username); if (principal != null && principal.getPassword().equals(password)) { log.debug("authenticated: " + username); raiseUserAuthenticatedEvent(); return true; } messages.error("login", "Invalid user name or password."); log.debug("not-authenticated"); return false; } catch (Throwable e) { messages.error("login", e.getMessage()); log.error("not-authenticated: " + e); return false; } }
public void init() { if (!isInitialized) { if (getFileId() == null) throw new InvalidWikiRequestException("Missing filedId request parameter"); log.debug("initializing document history with file id: " + getFileId()); if (currentFile == null) { log.debug("loading current file: " + getFileId()); currentFile = wikiNodeDAO.findWikiDocument(getFileId()); if (currentFile == null) { throw new org.jboss.seam.framework.EntityNotFoundException( getFileId(), WikiDocument.class); } if (!Identity.instance().hasPermission("Node", "read", currentFile)) { throw new AuthorizationException("You don't have permission for this operation"); } } initializeHistoricalFileList(); } isInitialized = true; }
private void handleLoadRuleAssetException(RuleAsset asset) { if (asset.metaData.categories.length == 0) { Identity.instance().checkPermission(new CategoryPathType(null), RoleTypes.ANALYST_READ); } else { RuntimeException exception = null; boolean passed = false; for (String cat : asset.metaData.categories) { try { Identity.instance().checkPermission(new CategoryPathType(cat), RoleTypes.ANALYST_READ); passed = true; } catch (RuntimeException re) { exception = re; } } if (!passed) { throw exception; } } }
@Create public void create() { String userName = READ_ONLY_USER; if (Contexts.isApplicationContextActive()) { userName = Identity.instance().getCredentials().getUsername(); } if (userName == null) { userName = READ_ONLY_USER; } repository = new RulesRepository(repositoryConfiguration.newSession(userName)); }
@Observer(value = KiWiEvents.ACTIVITY_REMOVETAG) public void onRemoveTag(User taggingUser, Tag tag) { User currentUser = (User) Component.getInstance("currentUser"); Events.instance() .raiseAsynchronousEvent( KiWiEvents.ACTIVITY_REMOVETAG + "AsyncIE", taggingUser, tag, currentUser, Identity.instance()); }
public boolean authenticate() { log.info("authenticating {0}", credentials.getUsername()); // write your authentication logic here, // return true if the authentication was // successful, false otherwise if ("admin".equals(credentials.getUsername())) { identity.addRole("admin"); return true; } return false; }
@SuppressWarnings("unchecked") public void loadMemberPictures() { memberImages = (List<MemberImage>) entityManager .createQuery( "select i from MemberImage i where i.member.memberName = :name and not i = i.member.picture") .setParameter("name", memberName) .getResultList(); Identity.instance().filterByPermission(memberImages, "view"); }
public String exportAllData() { Identity.setSecurityEnabled(false); Collection<ContentItem> items = getContentItemService().getContentItems(); File f = new File(pathToExportFile); OutputStream out = null; try { out = FileUtils.openOutputStream(f); exporter.exportItems(items, "application/x-kiwi", out); } catch (IOException ex) { log.error("Error by creating zip file #0", ex.getMessage()); } finally { try { out.close(); } catch (IOException ex) { log.error("Error by close outputstream #0", ex.getMessage()); } } log.info("Create export file #0", f.getAbsolutePath()); try { InputStream newIs = new FileInputStream(f); byte[] baBinary = new byte[newIs.available()]; newIs.read(baBinary); HttpServletResponse response = (HttpServletResponse) extCtx.getResponse(); String contentType = "application/zip"; String fileName = "export.kiwi"; response.setContentType(contentType); response.addHeader("Content-disposition", "attachment; filename=\"" + fileName + "\""); ServletOutputStream os = response.getOutputStream(); os.write(baBinary); os.flush(); os.close(); facesContext.responseComplete(); } catch (Exception ex) { log.error("Error by downloading file #0", ex.getMessage()); } finally { try { out.close(); } catch (IOException ex) { log.error("Error by close outputstream #0", ex.getMessage()); } } return null; }
@TransactionAttribute public ConsultaOdontologica load() { if (isIdDefined()) { wire(); } // log.info("sgssalud --> cargar instance " + getInstance()); if (getInstance().isPersistent()) { if (getInstance().getResponsable() == null) { getInstance().setResponsable(profileS.getProfileByIdentityKey(identity.getUser().getKey())); } } return getInstance(); }
/** * This actually does the hard work of loading up an asset based on its format. * * <p>Role-based Authorization check: This method can be accessed if user has following * permissions: 1. The user has a ANALYST_READ role or higher (i.e., ANALYST) and this role has * permission to access the category which the asset belongs to. Or. 2. The user has a * package.readonly role or higher (i.e., package.admin, package.developer) and this role has * permission to access the package which the asset belongs to. */ @WebRemote @Restrict("#{identity.loggedIn}") public RuleAsset loadRuleAsset(String uuid) throws SerializationException { long time = System.currentTimeMillis(); AssetItem item = getRulesRepository().loadAssetByUUID(uuid); RuleAsset asset = new RuleAsset(); asset.uuid = item.getUUID(); asset.name = item.getName(); asset.description = item.getDescription(); asset.lastModified = item.getLastModified().getTime(); asset.lastContributor = item.getLastContributor(); asset.state = (item.getState() != null) ? item.getState().getName() : ""; asset.dateCreated = item.getCreatedDate().getTime(); asset.checkinComment = item.getCheckinComment(); asset.versionNumber = item.getVersionNumber(); // load standard meta data asset.metaData = repositoryAssetOperations.populateMetaData(item); // Verify if the user has permission to access the asset through package // based permission. // If failed, then verify if the user has permission to access the asset // through category // based permission if (Contexts.isSessionContextActive()) { try { Identity.instance() .checkPermission( new PackageNameType(asset.metaData.packageName), RoleTypes.PACKAGE_READONLY); } catch (RuntimeException e) { handleLoadRuleAssetException(asset); } } PackageItem pkgItem = handlePackageItem(item, asset); log.debug( "Package: " + pkgItem.getName() + ", asset: " + item.getName() + ". Load time taken for asset: " + (System.currentTimeMillis() - time)); UserInbox.recordOpeningEvent(item); return asset; }
@Override public void validerAuthorisation() { // On valide pour l'édition que l'utilisateur connecté est bien // propriétaire du bateau. if (getInstance().getUtilisateur() != null && utilisateurCourant != null && !getInstance() .getUtilisateur() .getPseudonyme() .equals(utilisateurCourant.getPseudonyme()) && !Identity.instance().hasRole(Role.ADMIN)) { ResourceBundle messages = SeamResourceBundle.getBundle(); throw new AuthorizationException(messages.getString("annonce.propriorequis")); } }
@Test public void testLogin() throws Exception { Identity identity = Identity.instance(); assertFalse(identity.isLoggedIn()); identity.setUsername("gavin"); identity.setPassword("foobar"); identity.login(); User user = (User) Component.getInstance("user"); assertEquals("Gavin King", user.getName()); assertEquals("gavin", user.getUsername()); assertEquals("foobar", user.getPassword()); assertFalse(Manager.instance().isLongRunningConversation()); assertTrue(identity.isLoggedIn()); identity.logout(); assertTrue(Session.instance().isInvalid()); assertFalse(identity.isLoggedIn()); }
@WebRemote @Restrict("#{identity.loggedIn}") public void promoteAssetToGlobalArea(String uuid) { if (Contexts.isSessionContextActive()) { Identity.instance() .checkPermission( new PackageNameType(RulesRepository.RULE_GLOBAL_AREA), RoleTypes.PACKAGE_DEVELOPER); } log.info( "USER:"******" CHANGING PACKAGE OF asset: [" + uuid + "] to [ globalArea ]"); getRulesRepository() .moveRuleItemPackage(RulesRepository.RULE_GLOBAL_AREA, uuid, "promote asset to globalArea"); }
@WebRemote @Restrict("#{identity.loggedIn}") public AnalysisReport analysePackage(String packageUUID) throws SerializationException { if (Contexts.isSessionContextActive()) { Identity.instance() .checkPermission(new PackageUUIDType(packageUUID), RoleType.PACKAGE_DEVELOPER.getName()); } PackageItem packageItem = getAssetService().getRulesRepository().loadPackageByUUID(packageUUID); VerifierRunner runner = new VerifierRunner(defaultVerifier); AnalysisReport report = runner.verify( packageItem, new ScopesAgendaFilter(true, ScopesAgendaFilter.VERIFYING_SCOPE_KNOWLEDGE_PACKAGE)); defaultVerifier.flushKnowledgeSession(); return report; }
private AnalysisReport performAssetVerification( RuleAsset asset, boolean useVerifierDefaultConfig, Set<String> activeWorkingSets) throws SerializationException { long startTime = System.currentTimeMillis(); if (Contexts.isSessionContextActive()) { Identity.instance() .checkPermission( new PackageNameType(asset.getMetaData().getPackageName()), RoleType.PACKAGE_DEVELOPER.getName()); } PackageItem packageItem = getAssetService().getRulesRepository().loadPackage(asset.getMetaData().getPackageName()); List<String> constraintRules = applyWorkingSets(activeWorkingSets); Verifier verifierToBeUsed = null; if (useVerifierDefaultConfig) { verifierToBeUsed = defaultVerifier; } else { verifierToBeUsed = getWorkingSetVerifier(constraintRules); } log.debug("constraints rules: " + constraintRules); try { VerifierRunner runner = new VerifierRunner(verifierToBeUsed); AnalysisReport report = runner.verify(packageItem, chooseScopesAgendaFilterFor(asset)); verifierToBeUsed.flushKnowledgeSession(); log.debug("Asset verification took: " + (System.currentTimeMillis() - startTime)); return report; } catch (Throwable t) { throw new SerializationException(t.getMessage()); } }
/** * Import data from the reader provided as argument into the KiWi database. * * @param reader the reader from which to read the data * @param types the set of types to associate with each generated content item * @param tags the set of content items to use as tags * @param user the user to use as author of all imported data */ @Override public int importData( Reader reader, String format, final Set<KiWiUriResource> types, final Set<ContentItem> tags, final User user, final Collection<ContentItem> output) { SyndFeedInput input = new SyndFeedInput(); int count = 0; try { final SyndFeed feed = input.build(reader); Identity.setSecurityEnabled(false); count = importData(feed, types, tags, user, output); } catch (FeedException ex) { log.error("RSS/Atom feed could not be parsed", ex); } return count; }
/** * Enforce the list of applicable annotations, by firing an AuthorizationCheckEvent. The event is * then inspected to determine if access is allowed. Faces navigation is then re-routed to * the @LoginView if the user is not logged in, otherwise to the @AccessDenied view. * * @param context * @param viewRoot * @param annotations */ private void enforce( FacesContext context, UIViewRoot viewRoot, List<? extends Annotation> annotations) { if (annotations == null || annotations.isEmpty()) { log.debug("Annotations is null/empty"); return; } AuthorizationCheckEvent event = new AuthorizationCheckEvent(annotations); authorizationCheckEvent.fire(event); if (!event.isPassed()) { if (!identity.isLoggedIn()) { log.debug("Access denied - not logged in"); redirectToLoginPage(context, viewRoot); return; } else { log.debug("Access denied - not authorized"); redirectToAccessDeniedView(context, viewRoot); return; } } else { log.debug("Access granted"); } }
/** * Authenticate jpa. * * @throws ClientException the client exception */ protected void authenticateJPA() throws ClientException { User user = userDAO.getUserByLogin(credentials.getUsername()); boolean hasNoError = true; hasNoError = authorizeUser(user); String password = null; if (hasNoError) { if (credentials != null && credentials.getCredential() instanceof PasswordCredential) { password = ((PasswordCredential) credentials.getCredential()).getValue(); } if (password == null) { messages.error(new YoutestitMSG("error.login.password.require")); hasNoError = false; } } if (hasNoError) { final String cryptedPassword = Sha1Encryption.getInstance().encryptToSha1(password); if (user.getPassword().equals(cryptedPassword)) { loginEventSrc.fire(user); setUser(new SimpleUser(user.getLogin())); identity.getUser(); } else { messages.error(new YoutestitMSG("error.login.password.wrong")); hasNoError = false; } } if (hasNoError) { setStatus(AuthenticationStatus.SUCCESS); } else { setStatus(AuthenticationStatus.FAILURE); } }
private void processDigestAuth( HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException, ServletException { Context ctx = new SessionContext(new ServletRequestSessionMap(request)); Identity identity = (Identity) ctx.get(Identity.class); if (identity == null) { throw new ServletException( "Identity not found - please ensure that the Identity component is created on startup."); } Credentials credentials = (Credentials) ctx.get(Credentials.class); boolean requireAuth = false; boolean nonceExpired = false; String header = request.getHeader("Authorization"); if (header != null && header.startsWith("Digest ")) { String section212response = header.substring(7); String[] headerEntries = section212response.split(","); Map<String, String> headerMap = new HashMap<String, String>(); for (String entry : headerEntries) { String[] vals = split(entry, "="); headerMap.put(vals[0].trim(), vals[1].replace("\"", "").trim()); } DigestRequest digestRequest = new DigestRequest(); digestRequest.setHttpMethod(request.getMethod()); digestRequest.setSystemRealm(realm); digestRequest.setRealm(headerMap.get("realm")); digestRequest.setKey(key); digestRequest.setNonce(headerMap.get("nonce")); digestRequest.setUri(headerMap.get("uri")); digestRequest.setClientDigest(headerMap.get("response")); digestRequest.setQop(headerMap.get("qop")); digestRequest.setNonceCount(headerMap.get("nc")); digestRequest.setClientNonce(headerMap.get("cnonce")); try { digestRequest.validate(); request.getSession().setAttribute(DigestRequest.DIGEST_REQUEST, digestRequest); authenticate(request, headerMap.get("username")); } catch (DigestValidationException ex) { log.warn( String.format( "Digest validation failed, header [%s]: %s", section212response, ex.getMessage())); requireAuth = true; if (ex.isNonceExpired()) nonceExpired = true; } catch (Exception ex) { log.warn("Error authenticating: " + ex.getMessage()); requireAuth = true; } } if (!identity.isLoggedIn() && !credentials.isSet()) { requireAuth = true; } try { if (!requireAuth) { chain.doFilter(request, response); return; } } catch (NotLoggedInException ex) { requireAuth = true; } if ((requireAuth && !identity.isLoggedIn())) { long expiryTime = System.currentTimeMillis() + (nonceValiditySeconds * 1000); String signatureValue = DigestUtils.md5Hex(expiryTime + ":" + key); String nonceValue = expiryTime + ":" + signatureValue; String nonceValueBase64 = Base64.encodeBytes(nonceValue.getBytes()); // qop is quality of protection, as defined by RFC 2617. // we do not use opaque due to IE violation of RFC 2617 in not // representing opaque on subsequent requests in same session. String authenticateHeader = "Digest realm=\"" + realm + "\", " + "qop=\"auth\", nonce=\"" + nonceValueBase64 + "\""; if (nonceExpired) authenticateHeader = authenticateHeader + ", stale=\"true\""; response.addHeader("WWW-Authenticate", authenticateHeader); response.sendError(HttpServletResponse.SC_UNAUTHORIZED); } }
/** * Role-based Authorization check: This method can be accessed if user has following permissions: * 1. The user has a Analyst role and this role has permission to access the category which the * asset belongs to. Or. 2. The user has a package.developer role or higher (i.e., package.admin) * and this role has permission to access the package which the asset belongs to. */ @WebRemote @Restrict("#{identity.loggedIn}") public void changeState(String uuid, String newState) { AssetItem asset = getRulesRepository().loadAssetByUUID(uuid); // Verify if the user has permission to access the asset through // package based permission. // If failed, then verify if the user has permission to access the // asset through category // based permission if (Contexts.isSessionContextActive()) { boolean passed = false; try { Identity.instance() .checkPermission( new PackageUUIDType(asset.getPackage().getUUID()), RoleTypes.PACKAGE_DEVELOPER); } catch (RuntimeException e) { if (asset.getCategories().size() == 0) { Identity.instance().checkPermission(new CategoryPathType(null), RoleTypes.ANALYST); } else { RuntimeException exception = null; for (CategoryItem cat : asset.getCategories()) { try { Identity.instance() .checkPermission(new CategoryPathType(cat.getName()), RoleTypes.ANALYST); passed = true; } catch (RuntimeException re) { exception = re; } } if (!passed) { throw exception; } } } } log.info( "USER:"******" CHANGING ASSET STATUS. Asset name, uuid: " + "[" + asset.getName() + ", " + asset.getUUID() + "]" + " to [" + newState + "]"); String oldState = asset.getStateDescription(); asset.updateState(newState); push("statusChange", oldState); push("statusChange", newState); addToDiscussionForAsset(asset.getUUID(), oldState + " -> " + newState); getRulesRepository().save(); }
@TransactionAttribute public String agregarPedido() { Date now = Calendar.getInstance().getTime(); System.out.println("INGRESo a Guardar _________"); String salida = null; boolean ning = false; for (ExamenLabClinico ex : listaExamenLab) { if (ex.isSelect()) { ning = true; break; } } try { if (!ning) { // save(getInstance()); FacesMessage msg = new FacesMessage(FacesMessage.SEVERITY_WARN, "Debe seleccionar minimo un examen", null); FacesContext.getCurrentInstance().addMessage("", msg); // return null; } else { // this.listaPedidoExamenLabC = pickListExamenesLab.getTarget(); pedido.setFichaOdontologica(fichaOdontolog); pedido.setPaciente(fichaOdontolog.getFichaMedica().getPaciente()); pedido.setEstado("Nuevo"); pedido.setResponsableEmision(profileS.getProfileByIdentityKey(identity.getUser().getKey())); pedido.setFechaPedido(now); create(pedido); save(pedido); update(); // System.out.println("Guardo Con exito 0_________"); ResultadoExamenLabClinico resultadoExa; List<Parametros> pl = null; // for (ExamenLabClinico ex : this.listaExamenLab) { if (ex.isSelect()) { resultadoExa = new ResultadoExamenLabClinico(); resultadoExa.setExamenLab(ex); resultadoExa.setPedidoExamenLab(pedido); pl = examenLabService.getParametrosPorExamen(ex); resultadoExa.agregarValoresResultados(pl); save(resultadoExa); // update(); } } FacesMessage msg = new FacesMessage( "Se agrego nuevo Pedido de Examenes: " + getInstance().getId() + " con éxito"); FacesContext.getCurrentInstance().addMessage("", msg); pedido = new PedidoExamenLaboratorio(); // hc = hcs.buscarPorFichaMedica(fms.getFichaMedicaPorId(fichaMedicaId)); RequestContext.getCurrentInstance().update(":form:tabOpc:tablaPedidos :form:growl"); RequestContext.getCurrentInstance().execute("pedidoDlg.hide();"); salida = "/pages/depSalud/odontologia/consultaOdontologica.xhtml?faces-redirect=true" + "&fichaMedicaId=" + getFichaMedicaId() + "&consultaOdontId=" + getInstance().getId() + "&backView=" + getBackView(); } } catch (Exception e) { e.printStackTrace(); FacesMessage msg = new FacesMessage("Error al guardar: " + getInstance().getId()); FacesContext.getCurrentInstance().addMessage("", msg); } return salida; }
private void authenticate(HttpServletRequest request, final String username) throws ServletException, IOException, LoginException { Identity identity = Identity.instance(); identity.getCredentials().setUsername(username); identity.authenticate(); }
@Test public void testLoginComponent() throws Exception { Identity identity = Identity.instance(); assertFalse(identity.isLoggedIn()); identity.setUsername("gavin"); identity.setPassword("foobar"); identity.login(); User user = (User) Component.getInstance("user"); assertEquals("Gavin King", user.getName()); assertEquals("gavin", user.getUsername()); assertEquals("foobar", user.getPassword()); assertTrue(identity.isLoggedIn()); identity.logout(); assertFalse(identity.isLoggedIn()); identity.setUsername("gavin"); identity.setPassword("tiger"); identity.login(); assertFalse(identity.isLoggedIn()); }
@BeforeClass void beforeClass() { Identity.setSecurityEnabled(false); }
private void doWork(HttpServletRequest request, HttpServletResponse response) throws IOException { if (!Identity.instance().isLoggedIn()) { response.sendError(HttpServletResponse.SC_FORBIDDEN); return; } Enumeration<?> e = request.getParameterNames(); while (e.hasMoreElements()) { log.info("parameter: #0", e.nextElement()); } EntityManager em = (EntityManager) Component.getInstance("entityManager"); if (em != null) { Long tfId = saveParseLong(request.getParameter(PARAM_TFID)); log.info("trying to serve up serialized version of trialform with id #0", tfId); try { if (tfId != null) { Transaction.instance().begin(); TrialForm tf = em.find(TrialForm.class, tfId); if (tf == null) { log.warn("requested trialform was not found (id: #0)", tfId); response.sendError(HttpServletResponse.SC_NOT_FOUND); Transaction.instance().commit(); return; } Identity.instance().checkPermission(tf.getTrial(), SpicsPermissions.EXPORT_TRIAL_FORMS); String filename = ((tf.getName() == null || "".equals(tf.getName())) ? "formular" : tf.getName() + ".zip"); response.setContentType("application/zip"); response.setHeader("Content-Disposition", "attachment;filename=\"" + filename + "\""); /* * the following three header elements are needed in order * for the downloads to work properly under IE (at least * version 7) */ response.addHeader("Pragma", "public"); response.addDateHeader("Expires", 0); response.addHeader("Cache-Control", "must-revalidate, post-check=0, pre-check=0"); response.setStatus(HttpServletResponse.SC_OK); ServletOutputStream os = response.getOutputStream(); IXMLImportExport xmlExport = new XMLImportExport(); xmlExport.writeTrialFormToZip(tf, os); Transaction.instance().commit(); os.flush(); } else { // insufficient parameters specified log.warn("insufficient parameters specified!"); response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); } } catch (AuthorizationException e2) { log.warn("AuthorizationException #0", e2.getMessage()); response.sendError(HttpServletResponse.SC_FORBIDDEN); return; } catch (Exception e1) { e1.printStackTrace(); response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); } } else { log.error("injected entitymanager was null, could not proceed"); response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); } }